diff --git a/include/BlackExecOps.cc b/include/BlackExecOps.cc new file mode 100644 index 00000000..ee7bf116 --- /dev/null +++ b/include/BlackExecOps.cc @@ -0,0 +1,192 @@ + +/*************************************************************************** + * NcrackOps.cc -- The NcrackOps class contains global options, mostly * + * based on user-provided command-line settings. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "NcrackOps.h" +#include "utils.h" + +NcrackOps o; + +NcrackOps:: +NcrackOps() { + + datadir = NULL; + save_file = NULL; + stats_interval = 0.0; /* unset */ + log_errors = false; + append_output = false; + passwords_first = false; + pairwise = false; + global_options = false; + list_only = false; + userlist_src = 0; + passlist_src = 0; + nmap_input_normal = false; + nmap_input_xml = false; + debugging = 0; + verbose = 0; + nsock_loglevel = NSOCK_LOG_ERROR; + timing_level = 3; + connection_limit = -1; + numhosts_scanned = 0; + memset(logfd, 0, sizeof(FILE *) * LOG_NUM_FILES); + ncrack_stdout = stdout; + saved_signal = -1; + saved_argc = 0; + saved_argv = NULL; + setaf(AF_INET); + gettimeofday(&start_time, NULL); + proxychain = NULL; + socks4a = false; + resume = false; + finish = 0; + stealthy_linear = false; +} + +NcrackOps:: +~NcrackOps() { + + if (datadir) + free(datadir); + +} + + +/* Number of milliseconds since getStartTime(). The current time is an + * optional argument to avoid an extra gettimeofday() call. */ +long long NcrackOps:: +TimeSinceStartMS(struct timeval *now) { + struct timeval tv; + if (!now) + gettimeofday(&tv, NULL); + else tv = *now; + + return timeval_msec_subtract(tv, start_time); +} diff --git a/include/BlackExecOps.h b/include/BlackExecOps.h new file mode 100644 index 00000000..ad342dcc --- /dev/null +++ b/include/BlackExecOps.h @@ -0,0 +1,227 @@ + +/*************************************************************************** + * NcrackOps.h -- The NcrackOps class contains global options, mostly * + * based on user-provided command-line settings. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef NCRACK_OPS_H +#define NCRACK_OPS_H 1 + +#include "ncrack.h" +#include "output.h" +#include +using namespace std; + +/* Each service has an associated saved_info struct that holds everything + * needed to continue the session. + */ +struct saved_info { + uint32_t user_index; + uint32_t pass_index; + vector credentials_found; + + saved_info() { + user_index = 0; + pass_index = 0; + } +}; + +class NcrackOps { + public: + NcrackOps(); + ~NcrackOps(); + + void setaf(int af) { addressfamily = af; } + int af() { return addressfamily; } + + /* The time this obj. was instantiated */ + const struct timeval *getStartTime() { return &start_time; } + + /* Number of milliseconds since getStartTime(). The current time is an + * optional argument to avoid an extra gettimeofday() call. */ + long long TimeSinceStartMS(struct timeval *now=NULL); + + /* The requested auto stats printing interval, or 0.0 if unset. */ + float stats_interval; + bool log_errors; /* write errors to log files */ + bool append_output; /* append output to log files */ + + int userlist_src;/* 0 -> unassigned (default), + 1 -> username list from command line (--user option) + 2 -> username list from file (-U option) + */ + int passlist_src;/* 0 -> unassigned (default), + 1 -> password list from command line (--pass option) + 2 -> username list from file (-P option) + */ + bool nmap_input_normal; /* true if host input from Nmap's -oN output */ + bool nmap_input_xml; /* true if host input from Nmap's -oX output */ + /* iterate password list for each username instead of opposite */ + bool passwords_first; + /* choose a username and a password from the username and password lists + * correspondingly in pairs */ + bool pairwise; + bool global_options; /* true if -g has been specified */ + bool list_only; /* only list hosts and exit */ + int timing_level; /* timing template number: T(0-5) */ + int debugging; /* valid for range 0-10 */ + int finish; /* 0 -> disabled + * 1 -> quit each service after one credential is found + * 2 -> quit after any credential is found on any + * service + */ + nsock_loglevel_t nsock_loglevel; + int verbose; + int numhosts_scanned; + long connection_limit;/* global maximum total connections */ + FILE *logfd[LOG_NUM_FILES]; + FILE *ncrack_stdout; /* Ncrack standard output */ + char *datadir; + + nsock_proxychain proxychain; /* only assigned when --proxy is valid */ + bool socks4a; /* only true when first proxy is socks4a */ + int saved_signal; /* save caught signal here, -1 for no signal */ + char **saved_argv; /* pointer to current argv array */ + int saved_argc; /* saved argument count */ + /* This associative container holds the unique id of each service and the + * corresponding saved_info struct which holds all the necessary + * data to continue the session from where it had been previously stopped. + */ + bool resume; + map resume_map; + + char *save_file; + + bool stealthy_linear; /* true if stealty linear mode is enabled */ + + private: + struct timeval start_time; + int addressfamily; /* Address family: AF_INET or AF_INET6 */ +}; + +#endif diff --git a/include/BlackExecOutputTable.cc b/include/BlackExecOutputTable.cc new file mode 100644 index 00000000..2769fd5a --- /dev/null +++ b/include/BlackExecOutputTable.cc @@ -0,0 +1,328 @@ + +/*************************************************************************** + * NcrackOutputTable.cc -- A relatively simple class for organizing Ncrack * + * output into an orderly table for display to the user. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +/* $Id: NcrackOutputTable.cc 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifdef WIN32 +#include "Ncrack_winconfig.h" +#endif + +#include "NcrackOutputTable.h" +#include "utils.h" + +#include + +NcrackOutputTable::NcrackOutputTable(int nrows, int ncols) { + numRows = nrows; + numColumns = ncols; + assert(numRows > 0); + assert(numColumns > 0); + table = (struct NcrackOutputTableCell *) safe_zalloc(sizeof(struct NcrackOutputTableCell) * nrows * ncols); + maxColLen = (int *) safe_zalloc(sizeof(*maxColLen) * ncols); + itemsInRow = (int *) safe_zalloc(sizeof(*itemsInRow) * nrows); + tableout = NULL; + tableoutsz = 0; +} + +NcrackOutputTable::~NcrackOutputTable() { + unsigned int col, row; + struct NcrackOutputTableCell *cell; + + for(row = 0; row < numRows; row++) { + for(col = 0; col < numColumns; col++) { + cell = getCellAddy(row, col); + if (cell->weAllocated) { + assert(cell->str); + free(cell->str); + } + } + } + + free(table); + free(maxColLen); + free(itemsInRow); + if (tableout) free(tableout); +} + +void NcrackOutputTable::addItem(unsigned int row, unsigned int column, bool fullrow, + bool copy, const char *item, int itemlen) { + struct NcrackOutputTableCell *cell; + int mc = maxColLen[column]; + + addItem(row, column, copy, item, itemlen); + + if(fullrow) { + maxColLen[column] = mc; + cell = getCellAddy(row, column); + cell->fullrow = fullrow; + } + return; +} + +void NcrackOutputTable::addItem(unsigned int row, unsigned int column, bool copy, const char *item, + int itemlen) { + struct NcrackOutputTableCell *cell; + + assert(row < numRows); + assert(column < numColumns); + + if (itemlen < 0) + itemlen = strlen(item); + + if (itemlen == 0) + return; + + cell = getCellAddy(row, column); + assert(cell->str == NULL); // I'll worry about replacing members if I ever need it + itemsInRow[row]++; + + cell->strlength = itemlen; + + if (copy) { + cell->str = (char *) safe_malloc(itemlen + 1); + memcpy(cell->str, item, itemlen); + cell->str[itemlen] = '\0'; + } else { + cell->str = (char *) item; + } + cell->weAllocated = copy; + + if (maxColLen[column] < itemlen) + maxColLen[column] = itemlen; + + return; +} + +void NcrackOutputTable::addItemFormatted(unsigned int row, + unsigned int column, + bool fullrow, + const char *fmt, ...) { + struct NcrackOutputTableCell *cell; + int mc = maxColLen[column]; + unsigned int res; + va_list ap; + va_start(ap,fmt); + char buf[4096]; + res = Vsnprintf(buf, sizeof(buf), fmt, ap); + va_end(ap); + + if (res > sizeof(buf)) + fatal("NcrackOutputTable only supports adding up to 4096 to a cell via %s.", __func__); + + addItem(row, column, fullrow, true, buf, res); + + if(fullrow) { + maxColLen[column] = mc; + cell = getCellAddy(row, column); + cell->fullrow = fullrow; + } +} + +/* True if every column in nrow is empty */ +bool NcrackOutputTable::emptyRow(unsigned int nrow) { + NcrackOutputTableCell *cell; + unsigned int col; + bool isEmpty = true; + + assert(nrow < numRows); + + for(col = 0 ; col < numColumns; col++) { + cell = getCellAddy(nrow, col); + if(cell->strlength > 0) { + isEmpty = false; + break; + } + } + return isEmpty; +} + + // This function sticks the entire table into a character buffer. + // Note that the buffer is likely to be reused if you call the + // function again, and it will also be invalidated if you free the + // table. If size is not NULL, it will be filled with the size of + // the ASCII table in bytes (not including the terminating NUL) + // All blank rows are removed from the returned string +char *NcrackOutputTable::printableTable(int *size) { + unsigned int col, row; + int p = 0; /* The offset into tableout */ + int clen = 0; + int i; + struct NcrackOutputTableCell *cell; + int validthisrow; + + if (tableoutsz == 0) { + tableoutsz = 512; /* Start us off with half a k */ + tableout = (char *) safe_malloc(tableoutsz); + } + + for(row = 0; row < numRows; row++) { + validthisrow = 0; + + if(emptyRow(row)) + continue; + + cell = getCellAddy(row, 0); + if(cell->fullrow && cell->strlength > 0) { + /* Full rows are easy, just make sure we have the space + \n\0 */ + if (cell->strlength + p + 2 > tableoutsz) { + tableoutsz = (cell->strlength + p + 2) * 2; + tableout = (char *) safe_realloc(tableout, tableoutsz); + } + memcpy(tableout + p, cell->str, cell->strlength); + p += cell->strlength; + } else { + for(col = 0; col < numColumns; col++) { + cell = getCellAddy(row, col); + clen = maxColLen[col]; + /* Cells get padded with an extra space + \n\0 */ + if (clen + p + 3 > tableoutsz) { + tableoutsz = (cell->strlength + p + 2) * 2; + tableout = (char *) safe_realloc(tableout, tableoutsz); + } + if (cell->strlength > 0) { + memcpy(tableout + p, cell->str, cell->strlength); + p += cell->strlength; + validthisrow++; + } + // No point leaving trailing spaces ... + if (validthisrow < itemsInRow[row]) { + for(i=cell->strlength; i <= clen; i++) // one extra because of space between columns + *(tableout + p++) = ' '; + } + } + } + *(tableout + p++) = '\n'; + } + *(tableout + p) = '\0'; + + if (size) *size = p; + return tableout; +} diff --git a/include/BlackExecOutputTable.h b/include/BlackExecOutputTable.h new file mode 100644 index 00000000..bdadf95c --- /dev/null +++ b/include/BlackExecOutputTable.h @@ -0,0 +1,208 @@ + +/*************************************************************************** + * NcrackOutputTable.h -- A relatively simple class for organizing Ncrack * + * output into an orderly table for display to the user. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: NcrackOutputTable.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef NCRACKOUTPUTTABLE_H +#define NCRACKOUTPUTTABLE_H + +#include "ncrack.h" + +#ifndef __attribute__ +#define __attribute__(args) +#endif + +/********************** DEFINES/ENUMS ***********************************/ + +/********************** STRUCTURES ***********************************/ + +/********************** CLASSES ***********************************/ + +struct NcrackOutputTableCell { + char *str; + int strlength; + bool weAllocated; // If we allocated str, we must free it. + bool fullrow; +}; + +class NcrackOutputTable { + public: + // Create a table of the given dimensions. Any completely + // blank rows will be removed when printableTable() is called. + // If the number of table rows is unknown then the highest + // number of possible rows should be specified. + NcrackOutputTable(int nrows, int ncols); + ~NcrackOutputTable(); + + // Copy specifies whether we must make a copy of item. Otherwise we'll just save the + // ptr (and you better not free it until this table is destroyed ). Skip the itemlen parameter if you + // don't know (and the function will use strlen). + void addItem(unsigned int row, unsigned int column, bool copy, const char *item, int itemlen = -1); + // Same as above but if fullrow is true, 'item' spans across all columns. The spanning starts from + // the column argument (ie. 0 will be the first column) + void addItem(unsigned int row, unsigned int column, bool fullrow, bool copy, const char *item, int itemlen = -1); + + // Like addItem except this version takes a printf-style format string followed by varargs + void addItemFormatted(unsigned int row, unsigned int column, bool fullrow, const char *fmt, ...) + __attribute__ ((format (printf, 4, 5))); + + // This function sticks the entire table into a character buffer. + // Note that the buffer is likely to be reused if you call the + // function again, and it will also be invalidated if you free the + // table. If size is not NULL, it will be filled with the size of + // the ASCII table in bytes (not including the terminating NUL) + // All blank rows will be removed from the returned string + char *printableTable(int *size); + + private: + + bool emptyRow(unsigned int nrow); + // The table, squished into 1D. Access a member via getCellAddy + struct NcrackOutputTableCell *table; + struct NcrackOutputTableCell *getCellAddy(unsigned int row, unsigned int col) { + assert(row < numRows); assert(col < numColumns); + return table + row * numColumns + col; + } + int *maxColLen; // An array that gives the maximum length of any member of each column + // (excluding terminator) + // Array that tells the number of valid (> 0 length) items in each row + int *itemsInRow; + unsigned int numRows; + unsigned int numColumns; + char *tableout; // If printableTable() is called, we return this + int tableoutsz; // Amount of space ALLOCATED for tableout. Includes space allocated for NUL. +}; + + +/********************** PROTOTYPES ***********************************/ + + +#endif /* NcrackOUTPUTTABLE_H */ + diff --git a/include/Buf.cc b/include/Buf.cc new file mode 100644 index 00000000..6de77633 --- /dev/null +++ b/include/Buf.cc @@ -0,0 +1,388 @@ + +/*************************************************************************** + * Buf.cc -- The Buf class is reponsible for I/O buffer manipulation * + * and is based on the buffer code used in OpenSSH. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "Buf.h" +#include "NcrackOps.h" + +extern NcrackOps o; + +Buf::Buf() +{ + const u_int len = DEFAULT_BUF_SIZE; + + alloc = 0; + buf = (u_char *)safe_malloc(len); + alloc = len; + offset = 0; + end = 0; +} + + +/* Frees any memory used for the buffer. */ +Buf::~Buf() +{ + if (alloc > 0) { + free(buf); + buf = NULL; + } +} + + +/* + * Clears any data from the buffer, making it empty. This does not actually + * zero the memory. + */ +void +Buf::clear(void) +{ + offset = 0; + end = 0; +} + + +/* + * Similar to way snprintf works, but data get saved inside the buffer. + * Warning: data won't get null terminated + * the len argument is the real length of the _actual_ data + */ +void +Buf::snprintf(u_int len, const void *fmt, ...) +{ + + void *p; + va_list ap; + + /* Since vsnprintf always null terminates the data, we + * allocate one extra byte for the trailing '\0' and then + * drop it by decreasing 'end' by 1 + */ + p = append_space(len + 1); + + va_start(ap, fmt); + vsnprintf((char *)p, len + 1, (char *)fmt, ap); + va_end(ap); + end--; + + //memcpy(p, data, len); + +} + + + +/* Appends data to the buffer, expanding it if necessary. */ +void +Buf::append(const void *data, u_int len) +{ + void *p; + p = append_space(len); + memcpy(p, data, len); +} + + + +/* + * Appends space to the buffer, expanding the buffer if necessary. This does + * not actually copy the data into the buffer, but instead returns a pointer + * to the allocated region. + */ +void * +Buf::append_space(u_int len) +{ + u_int newlen; + void *p; + + if (len > BUFFER_MAX_CHUNK) + fatal("%s: len %u not supported", __func__, len); + + /* If the buffer is empty, start using it from the beginning. */ + if (offset == end) { + offset = 0; + end = 0; + } +restart: + /* If there is enough space to store all data, store it now. */ + if (end + len < alloc) { + p = buf + end; + end += len; + return p; + } + + /* Compact data back to the start of the buffer if necessary */ + if (compact()) + goto restart; + + /* Increase the size of the buffer and retry. */ + newlen = roundup(alloc + len, BUFFER_ALLOCSZ); + if (newlen > BUFFER_MAX_LEN) + fatal("%s: alloc %u not supported", __func__, newlen); + buf = (u_char *)safe_realloc(buf, newlen); + alloc = newlen; + goto restart; + /* NOTREACHED */ +} + + +/* + * Check whether an allocation of 'len' will fit in the buffer + * This must follow the same math as buffer_append_space + */ +int +Buf::check_alloc(u_int len) +{ + if (offset == end) { + offset = 0; + end = 0; + } + restart: + if (end + len < alloc) + return (1); + if (compact()) + goto restart; + if (roundup(alloc + len, BUFFER_ALLOCSZ) <= BUFFER_MAX_LEN) + return (1); + return (0); +} + + +/* Returns the number of bytes of data in the buffer. */ +u_int +Buf::get_len(void) +{ + return end - offset; +} + + +/* Gets data from the beginning of the buffer. */ +int +Buf::get_data(void *dst, u_int len) +{ + if (len > end - offset) { + if (o.debugging > 9) { + error("%s: trying to get more bytes %d than in buffer %d", + __func__, len, end - offset); + } + return (-1); + } + + /* If dst is NULL then don't copy anything */ + if (dst) { + memcpy(dst, buf + offset, len); + } + + offset += len; + return (0); +} + + +int +Buf::compact(void) +{ + /* + * If the buffer is quite empty, but all data is at the end, move the + * data to the beginning. + */ + if (offset > MIN(alloc, BUFFER_MAX_CHUNK)) { + memmove(buf, buf + offset, end - offset); + end -= offset; + offset = 0; + return (1); + } + return (0); +} + + +/* Returns a pointer to the first used byte in the buffer. */ +void * +Buf::get_dataptr(void) +{ + return buf + offset; +} + + +/* Dumps the contents of the buffer to stderr. */ +void +Buf::data_dump(void) +{ + u_int i; + u_char *ucp = buf; + + for (i = offset; i < end; i++) { + fprintf(stderr, "%02x", ucp[i]); + if ((i-offset)%16==15) + fprintf(stderr, "\r\n"); + else if ((i-offset)%2==1) + fprintf(stderr, " "); + } + fprintf(stderr, "\r\n"); +} + + + +/* Consumes the given number of bytes from the beginning of the buffer. */ + +#if 0 +int +buffer_consume_ret(Buffer *buffer, u_int bytes) +{ + if (bytes > buffer->end - buffer->offset) { + error("buffer_consume_ret: trying to get more bytes than in buffer"); + return (-1); + } + buffer->offset += bytes; + return (0); +} + +void +buffer_consume(Buffer *buffer, u_int bytes) +{ + if (buffer_consume_ret(buffer, bytes) == -1) + fatal("buffer_consume: buffer error"); +} + +/* Consumes the given number of bytes from the end of the buffer. */ + +int +buffer_consume_end_ret(Buffer *buffer, u_int bytes) +{ + if (bytes > buffer->end - buffer->offset) + return (-1); + buffer->end -= bytes; + return (0); +} + +void +buffer_consume_end(Buffer *buffer, u_int bytes) +{ + if (buffer_consume_end_ret(buffer, bytes) == -1) + fatal("buffer_consume_end: trying to get more bytes than in buffer"); +} + +#endif + diff --git a/include/Buf.h b/include/Buf.h new file mode 100644 index 00000000..b409868a --- /dev/null +++ b/include/Buf.h @@ -0,0 +1,201 @@ + +/*************************************************************************** + * Buf.h -- The Buf class is reponsible for I/O buffer manipulation * + * and is based on the buffer code used in OpenSSH. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef BUF_H +#define BUF_H + +#include "utils.h" + +#define BUFFER_MAX_CHUNK 0x100000 +#define BUFFER_MAX_LEN 0xa00000 +#define BUFFER_ALLOCSZ 0x008000 +#define DEFAULT_BUF_SIZE 4096 + +class Buf { + + public: + + Buf(); + ~Buf(); + + /* Appends data to the buffer, expanding it if necessary. */ + void append(const void *data, u_int len); + + /* + * Appends space to the buffer, expanding the buffer if necessary. This does + * not actually copy the data into the buffer, but instead returns a pointer + * to the allocated region. + */ + void *append_space(u_int len); + + /* + * Similar to way snprintf works, but data get saved inside the buffer. + * Warning: data won't get null terminated + * the len argument is the real length of the _actual_ data + */ + void snprintf(u_int len, const void *fmt, ...); + + /* + * Check whether an allocation of 'len' will fit in the buffer + * This must follow the same math as buffer_append_space + */ + int check_alloc(u_int len); + + /* Returns the number of bytes of data in the buffer. */ + u_int get_len(void); + + /* Gets data from the beginning of the buffer. */ + int get_data(void *dst, u_int len); + + /* Returns a pointer to the first used byte in the buffer. */ + void *get_dataptr(void); + + /* + * Clears any data from the buffer, making it empty. This does not actually + * zero the memory. + */ + void clear(void); + + /* Dumps the contents of the buffer to stderr. */ + void data_dump(void); + + private: + + int compact(void); + + u_char *buf; /* Buffer for data */ + u_int alloc; /* Number of bytes allocated for data. */ + u_int offset; /* Offset of first byte containing data. */ + u_int end; /* Offset of last byte containing data. */ +}; + + +#endif diff --git a/include/Connection.cc b/include/Connection.cc new file mode 100644 index 00000000..e9d40e7c --- /dev/null +++ b/include/Connection.cc @@ -0,0 +1,189 @@ + +/*************************************************************************** + * Connection.cc -- The "Connection" class holds information specifically * + * pertaining to connection probes. Objects of this class must always * + * belong to a certain "Service" object. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + + +#include "Service.h" + +#if HAVE_OPENSSL + #include +#endif + +/* A connection must *always* belong to one specific Service */ +Connection:: +Connection(Service *serv) +{ + state = 0; + service = serv; + peer_might_close = false; + finished_normally = false; + check_closed = false; + peer_alive = false; + auth_complete = false; + from_pool = false; + closed = false; + auth_success = false; + force_close = false; + login_attempts = 0; + misc_info = NULL; + close_reason = -1; + inbuf = NULL; + outbuf = NULL; + login_attempts = 0; + ssl_session = NULL; + ops_free = NULL; +} + +Connection:: +~Connection() +{ + if (inbuf) + delete inbuf; + if (outbuf) + delete outbuf; + + /* This has to be called BEFORE freeing misc_info */ + if (*ops_free) + ops_free(this); + + if (misc_info) { + free(misc_info); + misc_info = NULL; + } + +#if HAVE_OPENSSL + if (ssl_session) + SSL_SESSION_free((SSL_SESSION*)ssl_session); + ssl_session = NULL; +#endif +} + + diff --git a/include/Connection.h b/include/Connection.h new file mode 100644 index 00000000..eef1bfa7 --- /dev/null +++ b/include/Connection.h @@ -0,0 +1,211 @@ + +/*************************************************************************** + * Connection.h -- The "Connection" class holds information specifically * + * pertaining to connection probes. Objects of this class must always * + * belong to a certain "Service" object. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + + +class Service; + +/* + * Active connection taking place for authenticating service. + * Each connection may try to authenticatate more than once before closing, + * depending on the service. For UDP 1 connection = 1 authentication session. + */ +class Connection +{ + public: + Connection(Service *serv); + ~Connection(); + + int time_started; + int time_elapsed; + + char *user; + char *pass; + + /* + * True when we peer might close connection at the near moment. + * Consider the case, when some services after reaching the maximum + * authentication limit per connecton, just drop the connection without + * specifically telling you that you failed at the last authentication + * attempt. Thus, we use this, to be able to count the correct number of + * maximum attempts the peer lets us do (stored in 'supported_attempts' + * inside the Service class). A module should probably set it to true + * after writing the password on the wire and before issuing the next + * read call. Also if you use it, don't forget to set it to false, in the + * first state of your module, because we might need it to differentiate + * between normal server FINs and FINs/RSTs sent in the middle of an + * authentication due to strange network conditions. + */ + bool peer_might_close; + + /* True if we have received a server reply, that indicated that it didn't + * close the connection prematurely. This may used in cases, when the + * server may close the connection after the maximum allowed auth attempts + * are reached, but will also print a relative message saying we failed. + */ + bool finished_normally; /* XXX not currently used anywhere */ + + bool check_closed; /* true -> check if peer closed connection on us */ + bool peer_alive; /* true -> if peer is certain to be alive currently */ + bool auth_complete; /* true -> login pair tested */ + bool from_pool; /* true -> login pair was extracted from pair_pool */ + bool closed; /* true -> connection was closed */ + bool auth_success; /* true -> we found a valid pair!!! */ + bool force_close; /* true -> forcefully close the connection */ + + void *misc_info; /* additional state information that might be needed */ + + /* function pointer to module-specific free operation that deallocates + * all internal struct members of misc_info + */ + void (* ops_free)(Connection *); + + int close_reason; + + int state; /* module state-machine's current state */ + + Buf *inbuf; /* buffer for inbound data */ + Buf *outbuf; /* buffer for outbound data */ + + unsigned long login_attempts; /* login attempts up until now */ + nsock_iod niod; /* I/O descriptor for this connection */ + + /* This stores our SSL session id, which will help speed up subsequent + * SSL connections. It's overwritten each time. void* is used so we don't + * need to #ifdef HAVE_OPENSSL all over. We'll cast later as needed. + */ + void *ssl_session; + + Service *service; /* service it belongs to */ +}; + +enum close_reasons { READ_EOF, READ_TIMEOUT, CON_ERR, CON_TIMEOUT, MODULE_ERR }; + diff --git a/include/DomainExec/Utils/BlackExecOps.cc b/include/DomainExec/Utils/BlackExecOps.cc new file mode 100644 index 00000000..ee7bf116 --- /dev/null +++ b/include/DomainExec/Utils/BlackExecOps.cc @@ -0,0 +1,192 @@ + +/*************************************************************************** + * NcrackOps.cc -- The NcrackOps class contains global options, mostly * + * based on user-provided command-line settings. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "NcrackOps.h" +#include "utils.h" + +NcrackOps o; + +NcrackOps:: +NcrackOps() { + + datadir = NULL; + save_file = NULL; + stats_interval = 0.0; /* unset */ + log_errors = false; + append_output = false; + passwords_first = false; + pairwise = false; + global_options = false; + list_only = false; + userlist_src = 0; + passlist_src = 0; + nmap_input_normal = false; + nmap_input_xml = false; + debugging = 0; + verbose = 0; + nsock_loglevel = NSOCK_LOG_ERROR; + timing_level = 3; + connection_limit = -1; + numhosts_scanned = 0; + memset(logfd, 0, sizeof(FILE *) * LOG_NUM_FILES); + ncrack_stdout = stdout; + saved_signal = -1; + saved_argc = 0; + saved_argv = NULL; + setaf(AF_INET); + gettimeofday(&start_time, NULL); + proxychain = NULL; + socks4a = false; + resume = false; + finish = 0; + stealthy_linear = false; +} + +NcrackOps:: +~NcrackOps() { + + if (datadir) + free(datadir); + +} + + +/* Number of milliseconds since getStartTime(). The current time is an + * optional argument to avoid an extra gettimeofday() call. */ +long long NcrackOps:: +TimeSinceStartMS(struct timeval *now) { + struct timeval tv; + if (!now) + gettimeofday(&tv, NULL); + else tv = *now; + + return timeval_msec_subtract(tv, start_time); +} diff --git a/include/DomainExec/Utils/BlackExecOps.h b/include/DomainExec/Utils/BlackExecOps.h new file mode 100644 index 00000000..ad342dcc --- /dev/null +++ b/include/DomainExec/Utils/BlackExecOps.h @@ -0,0 +1,227 @@ + +/*************************************************************************** + * NcrackOps.h -- The NcrackOps class contains global options, mostly * + * based on user-provided command-line settings. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef NCRACK_OPS_H +#define NCRACK_OPS_H 1 + +#include "ncrack.h" +#include "output.h" +#include +using namespace std; + +/* Each service has an associated saved_info struct that holds everything + * needed to continue the session. + */ +struct saved_info { + uint32_t user_index; + uint32_t pass_index; + vector credentials_found; + + saved_info() { + user_index = 0; + pass_index = 0; + } +}; + +class NcrackOps { + public: + NcrackOps(); + ~NcrackOps(); + + void setaf(int af) { addressfamily = af; } + int af() { return addressfamily; } + + /* The time this obj. was instantiated */ + const struct timeval *getStartTime() { return &start_time; } + + /* Number of milliseconds since getStartTime(). The current time is an + * optional argument to avoid an extra gettimeofday() call. */ + long long TimeSinceStartMS(struct timeval *now=NULL); + + /* The requested auto stats printing interval, or 0.0 if unset. */ + float stats_interval; + bool log_errors; /* write errors to log files */ + bool append_output; /* append output to log files */ + + int userlist_src;/* 0 -> unassigned (default), + 1 -> username list from command line (--user option) + 2 -> username list from file (-U option) + */ + int passlist_src;/* 0 -> unassigned (default), + 1 -> password list from command line (--pass option) + 2 -> username list from file (-P option) + */ + bool nmap_input_normal; /* true if host input from Nmap's -oN output */ + bool nmap_input_xml; /* true if host input from Nmap's -oX output */ + /* iterate password list for each username instead of opposite */ + bool passwords_first; + /* choose a username and a password from the username and password lists + * correspondingly in pairs */ + bool pairwise; + bool global_options; /* true if -g has been specified */ + bool list_only; /* only list hosts and exit */ + int timing_level; /* timing template number: T(0-5) */ + int debugging; /* valid for range 0-10 */ + int finish; /* 0 -> disabled + * 1 -> quit each service after one credential is found + * 2 -> quit after any credential is found on any + * service + */ + nsock_loglevel_t nsock_loglevel; + int verbose; + int numhosts_scanned; + long connection_limit;/* global maximum total connections */ + FILE *logfd[LOG_NUM_FILES]; + FILE *ncrack_stdout; /* Ncrack standard output */ + char *datadir; + + nsock_proxychain proxychain; /* only assigned when --proxy is valid */ + bool socks4a; /* only true when first proxy is socks4a */ + int saved_signal; /* save caught signal here, -1 for no signal */ + char **saved_argv; /* pointer to current argv array */ + int saved_argc; /* saved argument count */ + /* This associative container holds the unique id of each service and the + * corresponding saved_info struct which holds all the necessary + * data to continue the session from where it had been previously stopped. + */ + bool resume; + map resume_map; + + char *save_file; + + bool stealthy_linear; /* true if stealty linear mode is enabled */ + + private: + struct timeval start_time; + int addressfamily; /* Address family: AF_INET or AF_INET6 */ +}; + +#endif diff --git a/include/DomainExec/Utils/BlackExecOutputTable.cc b/include/DomainExec/Utils/BlackExecOutputTable.cc new file mode 100644 index 00000000..2769fd5a --- /dev/null +++ b/include/DomainExec/Utils/BlackExecOutputTable.cc @@ -0,0 +1,328 @@ + +/*************************************************************************** + * NcrackOutputTable.cc -- A relatively simple class for organizing Ncrack * + * output into an orderly table for display to the user. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +/* $Id: NcrackOutputTable.cc 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifdef WIN32 +#include "Ncrack_winconfig.h" +#endif + +#include "NcrackOutputTable.h" +#include "utils.h" + +#include + +NcrackOutputTable::NcrackOutputTable(int nrows, int ncols) { + numRows = nrows; + numColumns = ncols; + assert(numRows > 0); + assert(numColumns > 0); + table = (struct NcrackOutputTableCell *) safe_zalloc(sizeof(struct NcrackOutputTableCell) * nrows * ncols); + maxColLen = (int *) safe_zalloc(sizeof(*maxColLen) * ncols); + itemsInRow = (int *) safe_zalloc(sizeof(*itemsInRow) * nrows); + tableout = NULL; + tableoutsz = 0; +} + +NcrackOutputTable::~NcrackOutputTable() { + unsigned int col, row; + struct NcrackOutputTableCell *cell; + + for(row = 0; row < numRows; row++) { + for(col = 0; col < numColumns; col++) { + cell = getCellAddy(row, col); + if (cell->weAllocated) { + assert(cell->str); + free(cell->str); + } + } + } + + free(table); + free(maxColLen); + free(itemsInRow); + if (tableout) free(tableout); +} + +void NcrackOutputTable::addItem(unsigned int row, unsigned int column, bool fullrow, + bool copy, const char *item, int itemlen) { + struct NcrackOutputTableCell *cell; + int mc = maxColLen[column]; + + addItem(row, column, copy, item, itemlen); + + if(fullrow) { + maxColLen[column] = mc; + cell = getCellAddy(row, column); + cell->fullrow = fullrow; + } + return; +} + +void NcrackOutputTable::addItem(unsigned int row, unsigned int column, bool copy, const char *item, + int itemlen) { + struct NcrackOutputTableCell *cell; + + assert(row < numRows); + assert(column < numColumns); + + if (itemlen < 0) + itemlen = strlen(item); + + if (itemlen == 0) + return; + + cell = getCellAddy(row, column); + assert(cell->str == NULL); // I'll worry about replacing members if I ever need it + itemsInRow[row]++; + + cell->strlength = itemlen; + + if (copy) { + cell->str = (char *) safe_malloc(itemlen + 1); + memcpy(cell->str, item, itemlen); + cell->str[itemlen] = '\0'; + } else { + cell->str = (char *) item; + } + cell->weAllocated = copy; + + if (maxColLen[column] < itemlen) + maxColLen[column] = itemlen; + + return; +} + +void NcrackOutputTable::addItemFormatted(unsigned int row, + unsigned int column, + bool fullrow, + const char *fmt, ...) { + struct NcrackOutputTableCell *cell; + int mc = maxColLen[column]; + unsigned int res; + va_list ap; + va_start(ap,fmt); + char buf[4096]; + res = Vsnprintf(buf, sizeof(buf), fmt, ap); + va_end(ap); + + if (res > sizeof(buf)) + fatal("NcrackOutputTable only supports adding up to 4096 to a cell via %s.", __func__); + + addItem(row, column, fullrow, true, buf, res); + + if(fullrow) { + maxColLen[column] = mc; + cell = getCellAddy(row, column); + cell->fullrow = fullrow; + } +} + +/* True if every column in nrow is empty */ +bool NcrackOutputTable::emptyRow(unsigned int nrow) { + NcrackOutputTableCell *cell; + unsigned int col; + bool isEmpty = true; + + assert(nrow < numRows); + + for(col = 0 ; col < numColumns; col++) { + cell = getCellAddy(nrow, col); + if(cell->strlength > 0) { + isEmpty = false; + break; + } + } + return isEmpty; +} + + // This function sticks the entire table into a character buffer. + // Note that the buffer is likely to be reused if you call the + // function again, and it will also be invalidated if you free the + // table. If size is not NULL, it will be filled with the size of + // the ASCII table in bytes (not including the terminating NUL) + // All blank rows are removed from the returned string +char *NcrackOutputTable::printableTable(int *size) { + unsigned int col, row; + int p = 0; /* The offset into tableout */ + int clen = 0; + int i; + struct NcrackOutputTableCell *cell; + int validthisrow; + + if (tableoutsz == 0) { + tableoutsz = 512; /* Start us off with half a k */ + tableout = (char *) safe_malloc(tableoutsz); + } + + for(row = 0; row < numRows; row++) { + validthisrow = 0; + + if(emptyRow(row)) + continue; + + cell = getCellAddy(row, 0); + if(cell->fullrow && cell->strlength > 0) { + /* Full rows are easy, just make sure we have the space + \n\0 */ + if (cell->strlength + p + 2 > tableoutsz) { + tableoutsz = (cell->strlength + p + 2) * 2; + tableout = (char *) safe_realloc(tableout, tableoutsz); + } + memcpy(tableout + p, cell->str, cell->strlength); + p += cell->strlength; + } else { + for(col = 0; col < numColumns; col++) { + cell = getCellAddy(row, col); + clen = maxColLen[col]; + /* Cells get padded with an extra space + \n\0 */ + if (clen + p + 3 > tableoutsz) { + tableoutsz = (cell->strlength + p + 2) * 2; + tableout = (char *) safe_realloc(tableout, tableoutsz); + } + if (cell->strlength > 0) { + memcpy(tableout + p, cell->str, cell->strlength); + p += cell->strlength; + validthisrow++; + } + // No point leaving trailing spaces ... + if (validthisrow < itemsInRow[row]) { + for(i=cell->strlength; i <= clen; i++) // one extra because of space between columns + *(tableout + p++) = ' '; + } + } + } + *(tableout + p++) = '\n'; + } + *(tableout + p) = '\0'; + + if (size) *size = p; + return tableout; +} diff --git a/include/DomainExec/Utils/BlackExecOutputTable.h b/include/DomainExec/Utils/BlackExecOutputTable.h new file mode 100644 index 00000000..bdadf95c --- /dev/null +++ b/include/DomainExec/Utils/BlackExecOutputTable.h @@ -0,0 +1,208 @@ + +/*************************************************************************** + * NcrackOutputTable.h -- A relatively simple class for organizing Ncrack * + * output into an orderly table for display to the user. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: NcrackOutputTable.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef NCRACKOUTPUTTABLE_H +#define NCRACKOUTPUTTABLE_H + +#include "ncrack.h" + +#ifndef __attribute__ +#define __attribute__(args) +#endif + +/********************** DEFINES/ENUMS ***********************************/ + +/********************** STRUCTURES ***********************************/ + +/********************** CLASSES ***********************************/ + +struct NcrackOutputTableCell { + char *str; + int strlength; + bool weAllocated; // If we allocated str, we must free it. + bool fullrow; +}; + +class NcrackOutputTable { + public: + // Create a table of the given dimensions. Any completely + // blank rows will be removed when printableTable() is called. + // If the number of table rows is unknown then the highest + // number of possible rows should be specified. + NcrackOutputTable(int nrows, int ncols); + ~NcrackOutputTable(); + + // Copy specifies whether we must make a copy of item. Otherwise we'll just save the + // ptr (and you better not free it until this table is destroyed ). Skip the itemlen parameter if you + // don't know (and the function will use strlen). + void addItem(unsigned int row, unsigned int column, bool copy, const char *item, int itemlen = -1); + // Same as above but if fullrow is true, 'item' spans across all columns. The spanning starts from + // the column argument (ie. 0 will be the first column) + void addItem(unsigned int row, unsigned int column, bool fullrow, bool copy, const char *item, int itemlen = -1); + + // Like addItem except this version takes a printf-style format string followed by varargs + void addItemFormatted(unsigned int row, unsigned int column, bool fullrow, const char *fmt, ...) + __attribute__ ((format (printf, 4, 5))); + + // This function sticks the entire table into a character buffer. + // Note that the buffer is likely to be reused if you call the + // function again, and it will also be invalidated if you free the + // table. If size is not NULL, it will be filled with the size of + // the ASCII table in bytes (not including the terminating NUL) + // All blank rows will be removed from the returned string + char *printableTable(int *size); + + private: + + bool emptyRow(unsigned int nrow); + // The table, squished into 1D. Access a member via getCellAddy + struct NcrackOutputTableCell *table; + struct NcrackOutputTableCell *getCellAddy(unsigned int row, unsigned int col) { + assert(row < numRows); assert(col < numColumns); + return table + row * numColumns + col; + } + int *maxColLen; // An array that gives the maximum length of any member of each column + // (excluding terminator) + // Array that tells the number of valid (> 0 length) items in each row + int *itemsInRow; + unsigned int numRows; + unsigned int numColumns; + char *tableout; // If printableTable() is called, we return this + int tableoutsz; // Amount of space ALLOCATED for tableout. Includes space allocated for NUL. +}; + + +/********************** PROTOTYPES ***********************************/ + + +#endif /* NcrackOUTPUTTABLE_H */ + diff --git a/include/DomainExec/Utils/Buf.cc b/include/DomainExec/Utils/Buf.cc new file mode 100644 index 00000000..6de77633 --- /dev/null +++ b/include/DomainExec/Utils/Buf.cc @@ -0,0 +1,388 @@ + +/*************************************************************************** + * Buf.cc -- The Buf class is reponsible for I/O buffer manipulation * + * and is based on the buffer code used in OpenSSH. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "Buf.h" +#include "NcrackOps.h" + +extern NcrackOps o; + +Buf::Buf() +{ + const u_int len = DEFAULT_BUF_SIZE; + + alloc = 0; + buf = (u_char *)safe_malloc(len); + alloc = len; + offset = 0; + end = 0; +} + + +/* Frees any memory used for the buffer. */ +Buf::~Buf() +{ + if (alloc > 0) { + free(buf); + buf = NULL; + } +} + + +/* + * Clears any data from the buffer, making it empty. This does not actually + * zero the memory. + */ +void +Buf::clear(void) +{ + offset = 0; + end = 0; +} + + +/* + * Similar to way snprintf works, but data get saved inside the buffer. + * Warning: data won't get null terminated + * the len argument is the real length of the _actual_ data + */ +void +Buf::snprintf(u_int len, const void *fmt, ...) +{ + + void *p; + va_list ap; + + /* Since vsnprintf always null terminates the data, we + * allocate one extra byte for the trailing '\0' and then + * drop it by decreasing 'end' by 1 + */ + p = append_space(len + 1); + + va_start(ap, fmt); + vsnprintf((char *)p, len + 1, (char *)fmt, ap); + va_end(ap); + end--; + + //memcpy(p, data, len); + +} + + + +/* Appends data to the buffer, expanding it if necessary. */ +void +Buf::append(const void *data, u_int len) +{ + void *p; + p = append_space(len); + memcpy(p, data, len); +} + + + +/* + * Appends space to the buffer, expanding the buffer if necessary. This does + * not actually copy the data into the buffer, but instead returns a pointer + * to the allocated region. + */ +void * +Buf::append_space(u_int len) +{ + u_int newlen; + void *p; + + if (len > BUFFER_MAX_CHUNK) + fatal("%s: len %u not supported", __func__, len); + + /* If the buffer is empty, start using it from the beginning. */ + if (offset == end) { + offset = 0; + end = 0; + } +restart: + /* If there is enough space to store all data, store it now. */ + if (end + len < alloc) { + p = buf + end; + end += len; + return p; + } + + /* Compact data back to the start of the buffer if necessary */ + if (compact()) + goto restart; + + /* Increase the size of the buffer and retry. */ + newlen = roundup(alloc + len, BUFFER_ALLOCSZ); + if (newlen > BUFFER_MAX_LEN) + fatal("%s: alloc %u not supported", __func__, newlen); + buf = (u_char *)safe_realloc(buf, newlen); + alloc = newlen; + goto restart; + /* NOTREACHED */ +} + + +/* + * Check whether an allocation of 'len' will fit in the buffer + * This must follow the same math as buffer_append_space + */ +int +Buf::check_alloc(u_int len) +{ + if (offset == end) { + offset = 0; + end = 0; + } + restart: + if (end + len < alloc) + return (1); + if (compact()) + goto restart; + if (roundup(alloc + len, BUFFER_ALLOCSZ) <= BUFFER_MAX_LEN) + return (1); + return (0); +} + + +/* Returns the number of bytes of data in the buffer. */ +u_int +Buf::get_len(void) +{ + return end - offset; +} + + +/* Gets data from the beginning of the buffer. */ +int +Buf::get_data(void *dst, u_int len) +{ + if (len > end - offset) { + if (o.debugging > 9) { + error("%s: trying to get more bytes %d than in buffer %d", + __func__, len, end - offset); + } + return (-1); + } + + /* If dst is NULL then don't copy anything */ + if (dst) { + memcpy(dst, buf + offset, len); + } + + offset += len; + return (0); +} + + +int +Buf::compact(void) +{ + /* + * If the buffer is quite empty, but all data is at the end, move the + * data to the beginning. + */ + if (offset > MIN(alloc, BUFFER_MAX_CHUNK)) { + memmove(buf, buf + offset, end - offset); + end -= offset; + offset = 0; + return (1); + } + return (0); +} + + +/* Returns a pointer to the first used byte in the buffer. */ +void * +Buf::get_dataptr(void) +{ + return buf + offset; +} + + +/* Dumps the contents of the buffer to stderr. */ +void +Buf::data_dump(void) +{ + u_int i; + u_char *ucp = buf; + + for (i = offset; i < end; i++) { + fprintf(stderr, "%02x", ucp[i]); + if ((i-offset)%16==15) + fprintf(stderr, "\r\n"); + else if ((i-offset)%2==1) + fprintf(stderr, " "); + } + fprintf(stderr, "\r\n"); +} + + + +/* Consumes the given number of bytes from the beginning of the buffer. */ + +#if 0 +int +buffer_consume_ret(Buffer *buffer, u_int bytes) +{ + if (bytes > buffer->end - buffer->offset) { + error("buffer_consume_ret: trying to get more bytes than in buffer"); + return (-1); + } + buffer->offset += bytes; + return (0); +} + +void +buffer_consume(Buffer *buffer, u_int bytes) +{ + if (buffer_consume_ret(buffer, bytes) == -1) + fatal("buffer_consume: buffer error"); +} + +/* Consumes the given number of bytes from the end of the buffer. */ + +int +buffer_consume_end_ret(Buffer *buffer, u_int bytes) +{ + if (bytes > buffer->end - buffer->offset) + return (-1); + buffer->end -= bytes; + return (0); +} + +void +buffer_consume_end(Buffer *buffer, u_int bytes) +{ + if (buffer_consume_end_ret(buffer, bytes) == -1) + fatal("buffer_consume_end: trying to get more bytes than in buffer"); +} + +#endif + diff --git a/include/DomainExec/Utils/Buf.h b/include/DomainExec/Utils/Buf.h new file mode 100644 index 00000000..b409868a --- /dev/null +++ b/include/DomainExec/Utils/Buf.h @@ -0,0 +1,201 @@ + +/*************************************************************************** + * Buf.h -- The Buf class is reponsible for I/O buffer manipulation * + * and is based on the buffer code used in OpenSSH. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef BUF_H +#define BUF_H + +#include "utils.h" + +#define BUFFER_MAX_CHUNK 0x100000 +#define BUFFER_MAX_LEN 0xa00000 +#define BUFFER_ALLOCSZ 0x008000 +#define DEFAULT_BUF_SIZE 4096 + +class Buf { + + public: + + Buf(); + ~Buf(); + + /* Appends data to the buffer, expanding it if necessary. */ + void append(const void *data, u_int len); + + /* + * Appends space to the buffer, expanding the buffer if necessary. This does + * not actually copy the data into the buffer, but instead returns a pointer + * to the allocated region. + */ + void *append_space(u_int len); + + /* + * Similar to way snprintf works, but data get saved inside the buffer. + * Warning: data won't get null terminated + * the len argument is the real length of the _actual_ data + */ + void snprintf(u_int len, const void *fmt, ...); + + /* + * Check whether an allocation of 'len' will fit in the buffer + * This must follow the same math as buffer_append_space + */ + int check_alloc(u_int len); + + /* Returns the number of bytes of data in the buffer. */ + u_int get_len(void); + + /* Gets data from the beginning of the buffer. */ + int get_data(void *dst, u_int len); + + /* Returns a pointer to the first used byte in the buffer. */ + void *get_dataptr(void); + + /* + * Clears any data from the buffer, making it empty. This does not actually + * zero the memory. + */ + void clear(void); + + /* Dumps the contents of the buffer to stderr. */ + void data_dump(void); + + private: + + int compact(void); + + u_char *buf; /* Buffer for data */ + u_int alloc; /* Number of bytes allocated for data. */ + u_int offset; /* Offset of first byte containing data. */ + u_int end; /* Offset of last byte containing data. */ +}; + + +#endif diff --git a/include/DomainExec/Utils/Connection.cc b/include/DomainExec/Utils/Connection.cc new file mode 100644 index 00000000..e9d40e7c --- /dev/null +++ b/include/DomainExec/Utils/Connection.cc @@ -0,0 +1,189 @@ + +/*************************************************************************** + * Connection.cc -- The "Connection" class holds information specifically * + * pertaining to connection probes. Objects of this class must always * + * belong to a certain "Service" object. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + + +#include "Service.h" + +#if HAVE_OPENSSL + #include +#endif + +/* A connection must *always* belong to one specific Service */ +Connection:: +Connection(Service *serv) +{ + state = 0; + service = serv; + peer_might_close = false; + finished_normally = false; + check_closed = false; + peer_alive = false; + auth_complete = false; + from_pool = false; + closed = false; + auth_success = false; + force_close = false; + login_attempts = 0; + misc_info = NULL; + close_reason = -1; + inbuf = NULL; + outbuf = NULL; + login_attempts = 0; + ssl_session = NULL; + ops_free = NULL; +} + +Connection:: +~Connection() +{ + if (inbuf) + delete inbuf; + if (outbuf) + delete outbuf; + + /* This has to be called BEFORE freeing misc_info */ + if (*ops_free) + ops_free(this); + + if (misc_info) { + free(misc_info); + misc_info = NULL; + } + +#if HAVE_OPENSSL + if (ssl_session) + SSL_SESSION_free((SSL_SESSION*)ssl_session); + ssl_session = NULL; +#endif +} + + diff --git a/include/DomainExec/Utils/Connection.h b/include/DomainExec/Utils/Connection.h new file mode 100644 index 00000000..eef1bfa7 --- /dev/null +++ b/include/DomainExec/Utils/Connection.h @@ -0,0 +1,211 @@ + +/*************************************************************************** + * Connection.h -- The "Connection" class holds information specifically * + * pertaining to connection probes. Objects of this class must always * + * belong to a certain "Service" object. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + + +class Service; + +/* + * Active connection taking place for authenticating service. + * Each connection may try to authenticatate more than once before closing, + * depending on the service. For UDP 1 connection = 1 authentication session. + */ +class Connection +{ + public: + Connection(Service *serv); + ~Connection(); + + int time_started; + int time_elapsed; + + char *user; + char *pass; + + /* + * True when we peer might close connection at the near moment. + * Consider the case, when some services after reaching the maximum + * authentication limit per connecton, just drop the connection without + * specifically telling you that you failed at the last authentication + * attempt. Thus, we use this, to be able to count the correct number of + * maximum attempts the peer lets us do (stored in 'supported_attempts' + * inside the Service class). A module should probably set it to true + * after writing the password on the wire and before issuing the next + * read call. Also if you use it, don't forget to set it to false, in the + * first state of your module, because we might need it to differentiate + * between normal server FINs and FINs/RSTs sent in the middle of an + * authentication due to strange network conditions. + */ + bool peer_might_close; + + /* True if we have received a server reply, that indicated that it didn't + * close the connection prematurely. This may used in cases, when the + * server may close the connection after the maximum allowed auth attempts + * are reached, but will also print a relative message saying we failed. + */ + bool finished_normally; /* XXX not currently used anywhere */ + + bool check_closed; /* true -> check if peer closed connection on us */ + bool peer_alive; /* true -> if peer is certain to be alive currently */ + bool auth_complete; /* true -> login pair tested */ + bool from_pool; /* true -> login pair was extracted from pair_pool */ + bool closed; /* true -> connection was closed */ + bool auth_success; /* true -> we found a valid pair!!! */ + bool force_close; /* true -> forcefully close the connection */ + + void *misc_info; /* additional state information that might be needed */ + + /* function pointer to module-specific free operation that deallocates + * all internal struct members of misc_info + */ + void (* ops_free)(Connection *); + + int close_reason; + + int state; /* module state-machine's current state */ + + Buf *inbuf; /* buffer for inbound data */ + Buf *outbuf; /* buffer for outbound data */ + + unsigned long login_attempts; /* login attempts up until now */ + nsock_iod niod; /* I/O descriptor for this connection */ + + /* This stores our SSL session id, which will help speed up subsequent + * SSL connections. It's overwritten each time. void* is used so we don't + * need to #ifdef HAVE_OPENSSL all over. We'll cast later as needed. + */ + void *ssl_session; + + Service *service; /* service it belongs to */ +}; + +enum close_reasons { READ_EOF, READ_TIMEOUT, CON_ERR, CON_TIMEOUT, MODULE_ERR }; + diff --git a/include/DomainExec/Utils/Service.cc b/include/DomainExec/Utils/Service.cc new file mode 100644 index 00000000..bbd49aff --- /dev/null +++ b/include/DomainExec/Utils/Service.cc @@ -0,0 +1,685 @@ + +/*************************************************************************** + * Service.cc -- The "Service" class encapsulates every bit of information * + * about the associated target's (Target class) service. Service-specific * + * options, statistical and timing information as well as functions for * + * handling username/password list iteration all belong to this class. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "Service.h" +#include "NcrackOps.h" + +extern NcrackOps o; + + +Service:: +Service() +{ + static unsigned long id = 0; + name = NULL; + target = NULL; + proto = IPPROTO_TCP; + portno = 0; + + uid = id++; + + loginlist_fini = false; + list_active = true; + list_full = false; + list_wait = false; + list_pairfini = false; + list_finishing = false; + list_finished = false; + just_started = true; + more_rounds = false; + skip_username = false; + + end.orly = false; + end.reason = NULL; + + failed_connections = 0; + total_attempts = 0; + finished_attempts = 0; + supported_attempts = 0; + active_connections = 0; + + min_connection_limit = -1; + max_connection_limit = -1; + ideal_parallelism = 1; /* we start with 1 connection exactly */ + auth_tries = -1; + connection_delay = -1; + connection_retries = -1; + timeout = -1; + path = Strndup("/", 2); /* path is '/' by default */ + + db = Strndup("admin", 5); /* databse is 'admin' by default */ + domain = Strndup("Workstation", 11); /* domain is 'Workstation' by default */ + + ssl = false; + + module_data = NULL; + memset(&last, 0, sizeof(last)); + UserArray = NULL; + PassArray = NULL; + hostinfo = NULL; + memset(&last_auth_rate, 0, sizeof(last_auth_rate)); + + htn.msecs_used = 0; + htn.toclock_running = false; + htn.host_start = htn.host_end = 0; + + linear_state = LINEAR_INIT; +} + +/* copy constructor */ +Service:: +Service(const Service& ref) +{ + name = strdup(ref.name); + proto = ref.proto; + portno = ref.portno; + + uid = ref.uid; + + min_connection_limit = ref.min_connection_limit; + max_connection_limit = ref.max_connection_limit; + auth_tries = ref.auth_tries; + connection_delay = ref.connection_delay; + connection_retries = ref.connection_retries; + timeout = ref.timeout; + ssl = ref.ssl; + //if (path) + // free(path); + path = Strndup(ref.path, strlen(ref.path)); + + db = Strndup(ref.db, strlen(ref.db)); + + domain = Strndup(ref.domain, strlen(ref.domain)); + + ideal_parallelism = 1; /* we start with 1 connection exactly */ + + ssl = ref.ssl; + UserArray = ref.UserArray; + PassArray = ref.PassArray; + uservi = UserArray->begin(); + passvi = PassArray->begin(); + + failed_connections = 0; + total_attempts = 0; + finished_attempts = 0; + supported_attempts = 0; + active_connections = 0; + + loginlist_fini = false; + passlist_fini = false; + userlist_fini = false; + list_active = true; + list_full = false; + list_wait = false; + list_pairfini = false; + list_finishing = false; + list_finished = false; + just_started = true; + more_rounds = false; + skip_username = false; + + end.orly = false; + end.reason = NULL; + + module_data = NULL; + hostinfo = NULL; + memset(&last, 0, sizeof(last)); + memset(&last_auth_rate, 0, sizeof(last_auth_rate)); + + htn.msecs_used = 0; + htn.toclock_running = false; + htn.host_start = htn.host_end = 0; + + linear_state = ref.linear_state; +} + +Service:: +~Service() +{ + if (name) + free(name); + if (module_data) + free(module_data); + if (hostinfo) + free(hostinfo); + if (end.reason) + free(end.reason); +} + +const char *Service:: +HostInfo(void) +{ + if (!hostinfo) + hostinfo = (char *) safe_malloc(MAX_HOSTINFO_LEN); + + if (!target) + fatal("%s: tried to print hostinfo with uninitialized Target\n", __func__); + + Snprintf(hostinfo, MAX_HOSTINFO_LEN, "%s://%s:%hu", name, + target->NameIP(), portno); + return hostinfo; +} + + +/* Add discovered credential to private list */ +void Service:: +addCredential(char *user, char *pass) +{ + loginpair tmp; + tmp.user = user; + tmp.pass = pass; + credentials_found.push_back(tmp); +} + +uint32_t Service:: +getUserlistIndex(void) +{ + return std::distance(UserArray->begin(), uservi); +} + +void Service:: +setUserlistIndex(uint32_t index) +{ + uservi = UserArray->begin() + index; +} + +uint32_t Service:: +getPasslistIndex(void) +{ + return std::distance(PassArray->begin(), passvi); +} + +void Service:: +setPasslistIndex(uint32_t index) +{ + passvi = PassArray->begin() + index; +} + + +/* + * returns -1 for end of login list and empty pool + * 0 for successful retrieval through lists + * 1 for successful retrieval through pool + */ +int Service:: +getNextPair(char **user, char **pass) +{ + if (!UserArray) + fatal("%s: uninitialized UserArray\n", __func__); + + if (!PassArray) + fatal("%s: uninitialized PassArray\n", __func__); + + loginpair tmp; + + /* If the login pair pool is not empty, then give priority to these + * pairs and extract the first one you find. */ + if (!pair_pool.empty()) { + + list ::iterator pairli = pair_pool.begin(); + tmp = pair_pool.front(); + *user = tmp.user; + *pass = tmp.pass; + pair_pool.erase(pairli); + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Pool: extract '%s' '%s'\n", HostInfo(), + tmp.user, tmp.pass); + return 1; + } + + if (loginlist_fini) + return -1; + + if (!strcmp(name, "redis")) { + if (passvi == PassArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Password list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + *user = *uservi; + *pass = *passvi; + passvi++; + return 0; + } + + if (!strcmp(name, "mongodb")) { + if (skip_username == true) { + uservi--; + if (o.debugging > 5) + log_write(LOG_STDOUT, "%s skipping username!!!! %s\n", HostInfo(), *(uservi)); + uservi = UserArray->erase(uservi); + if (uservi == UserArray->end()) { + uservi = UserArray->begin(); + passvi++; + if (passvi == PassArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Password list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + } + //printf("next user: %s\n", *uservi); + skip_username = false; + } + } + + if (!strcmp(name, "ssh")) { + + /* catches bug where ssh module crashed when user had specified correct username and + * password in the first attempt + */ + if (just_started == false && PassArray->size() == 1 && UserArray->size() == 1) { + uservi = UserArray->end(); + passvi = PassArray->end(); + loginlist_fini = true; + return -1; + } + + /* special case for ssh */ + if (just_started == true) { + + /* keep using same username for first timing probe */ + if (passvi == PassArray->end()) { + passvi = PassArray->begin(); + uservi++; + if (uservi == UserArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Username list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + } + *user = *uservi; + *pass = *passvi; + passvi++; + + return 0; + } + } + + if (o.pairwise && strcmp(name, "mongodb")) { + + if (uservi == UserArray->end() && passvi == PassArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Password list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + if (uservi == UserArray->end()) { + uservi = UserArray->begin(); + userlist_fini = true; + } + if (passvi == PassArray->end()) { + passvi = PassArray->begin(); + passlist_fini = true; + } + if (userlist_fini == true && passlist_fini == true) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Password list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + *pass = *passvi; + *user = *uservi; + uservi++; + passvi++; + + } else if (o.passwords_first && strcmp(name, "mongodb")) { + /* Iteration of password list for each username. */ + /* If password list finished one iteration then reset the password pointer + * to show at the beginning and get next username from username list. */ + if (passvi == PassArray->end()) { + passvi = PassArray->begin(); + uservi++; + if (uservi == UserArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Username list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + } + *user = *uservi; + *pass = *passvi; + passvi++; + + } else if (!o.passwords_first || !strcmp(name, "mongodb")) { + /* Iteration of username list for each password (default). */ + /* If username list finished one iteration then reset the username pointer + * to show at the beginning and get password from password list. */ + if (uservi == UserArray->end()) { + uservi = UserArray->begin(); + passvi++; + if (passvi == PassArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Password list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + } + *pass = *passvi; + *user = *uservi; + uservi++; + } + + + return 0; +} + + +void Service:: +removeFromPool(char *user, char *pass) +{ + loginpair tmp; + list ::iterator li; + + if (!user || !pass) + return; + + tmp.user = user; + tmp.pass = pass; + + for (li = mirror_pair_pool.begin(); li != mirror_pair_pool.end(); li++) { + if ((tmp.user == li->user) && (tmp.pass == li->pass)) + break; + } + if (li != mirror_pair_pool.end()) { + if (o.debugging > 8) { + if (!strcmp(name, "redis")) + log_write(LOG_STDOUT, "%s Pool: Removed '%s' \n", HostInfo(), tmp.pass); + else + log_write(LOG_STDOUT, "%s Pool: Removed %s %s\n", HostInfo(), + tmp.user, tmp.pass); + } + mirror_pair_pool.erase(li); + } +} + + + +void Service:: +appendToPool(char *user, char *pass) +{ + loginpair tmp; + list ::iterator li; + + if (!user) + fatal("%s: tried to append NULL user into pair pool", __func__); + if (!pass) + fatal("%s: tried to append NULL password into pair pool", __func__); + + tmp.user = user; + tmp.pass = pass; + pair_pool.push_back(tmp); + + if (o.debugging > 8) { + if (!strcmp(name, "redis")) + log_write(LOG_STDOUT, "%s Pool: Append '%s' \n", HostInfo(), tmp.pass); + else + log_write(LOG_STDOUT, "%s Pool: Append '%s' '%s' \n", HostInfo(), + tmp.user, tmp.pass); + } + + /* + * Try and see if login pair was already in our mirror pool. Only if + * it doesn't already exist, then append it to the list. + */ + for (li = mirror_pair_pool.begin(); li != mirror_pair_pool.end(); li++) { + if ((tmp.user == li->user) && (tmp.pass == li->pass)) + break; + } + if (li == mirror_pair_pool.end()) + mirror_pair_pool.push_back(tmp); +} + + +bool Service:: +isMirrorPoolEmpty(void) +{ + return mirror_pair_pool.empty(); +} + + +bool Service:: +isPoolEmpty(void) +{ + return pair_pool.empty(); +} + + +double Service:: +getPercDone(void) +{ + double ret = 0.0; + vector ::iterator usertmp = uservi; + vector ::iterator passtmp = passvi; + + if (!o.passwords_first) { + if (passtmp != PassArray->begin()) + passtmp--; + if (uservi == UserArray->end()) { + ret = distance(PassArray->begin(), passtmp) * UserArray->size(); + } else { + if (usertmp != UserArray->begin()) + usertmp--; + ret = distance(PassArray->begin(), passtmp) * UserArray->size() + + distance(UserArray->begin(), usertmp); + } + } else { + if (usertmp != UserArray->begin()) + usertmp--; + if (passvi == PassArray->end()) { + ret = distance(UserArray->begin(), usertmp) * PassArray->size(); + } else { + if (passtmp != PassArray->begin()) + passtmp--; + ret = distance(UserArray->begin(), usertmp) * PassArray->size() + + distance(PassArray->begin(), passtmp); + } + } + + if (ret) { + ret /= (double) (UserArray->size() * PassArray->size()); + if (ret >= 0.9999) + ret = 0.9999; + } else + ret = 0.0; + + return ret; +} + + +/* + * Starts the timeout clock for the host running (e.g. you are + * beginning a scan). If you do not have the current time handy, + * you can pass in NULL. When done, call stopTimeOutClock (it will + * also automatically be stopped of timedOut() returns true) + */ +void Service:: +startTimeOutClock(const struct timeval *now) { + assert(htn.toclock_running == false); + htn.toclock_running = true; + if (now) htn.toclock_start = *now; + else gettimeofday(&htn.toclock_start, NULL); + if (!htn.host_start) htn.host_start = htn.toclock_start.tv_sec; +} + + +/* The complement to startTimeOutClock. */ +void Service:: +stopTimeOutClock(const struct timeval *now) { + struct timeval tv; + assert(htn.toclock_running == true); + htn.toclock_running = false; + if (now) tv = *now; + else gettimeofday(&tv, NULL); + htn.msecs_used += timeval_msec_subtract(tv, htn.toclock_start); + htn.host_end = tv.tv_sec; +} + +/* + * Returns whether the host is timedout. If the timeoutclock is + * running, counts elapsed time for that. Pass NULL if you don't have the + * current time handy. You might as well also pass NULL if the + * clock is not running, as the func won't need the time. + */ +bool Service:: +timedOut(const struct timeval *now) { + unsigned long used = htn.msecs_used; + struct timeval tv; + + if (!timeout) + return false; + if (htn.toclock_running) { + if (now) + tv = *now; + else + gettimeofday(&tv, NULL); + + used += timeval_msec_subtract(tv, htn.toclock_start); + } + + return (used > (unsigned long)timeout)? true : false; +} + +void Service:: +setLinearState(size_t state) { + + linear_state = state; +} + + +size_t Service:: +getLinearState(void) { + + return linear_state; +} diff --git a/include/DomainExec/Utils/Service.h b/include/DomainExec/Utils/Service.h new file mode 100644 index 00000000..cb16f699 --- /dev/null +++ b/include/DomainExec/Utils/Service.h @@ -0,0 +1,393 @@ + +/*************************************************************************** + * Service.h -- The "Service" class encapsulates every bit of information * + * about the associated target's (Target class) service. Service-specific * + * options, statistical and timing information as well as functions for * + * handling username/password list iteration all belong to this class. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef SERVICE_H +#define SERVICE_H + +#include "ncrack.h" +#include "utils.h" +#include "Target.h" +#include "Buf.h" +#include "timing.h" +#include "Connection.h" +#include + + +#define BUFSIZE 256 +#define MAX_HOSTINFO_LEN 1024 + + + +typedef struct loginpair +{ + char *user; + char *pass; +} loginpair; + + +struct end_reason +{ + bool orly; /* did it end? */ + char *reason; /* why did it end */ +}; + + +struct host_timeout_nfo { + unsigned long msecs_used; /* How many msecs has this Target used? */ + bool toclock_running; /* Is the clock running right now? */ + struct timeval toclock_start; /* When did the clock start? */ + time_t host_start, host_end; /* The absolute start and end for this host */ +}; + +enum linear_states { LINEAR_INIT, LINEAR_ACTIVE, LINEAR_DONE }; + +class Service +{ + public: + Service(); + ~Service(); + + /* ********************* Functions ******************* */ + + Service(const Service&); /* copy constructor */ + const char *HostInfo(void); + + double getPercDone(void); + + /* Add discovered credential to 'credentials_found' */ + void addCredential(char *user, char *pass); + + int getNextPair(char **login, char **pass); + void appendToPool(char *login, char *pass); + void removeFromPool(char *login, char *pass); + bool isMirrorPoolEmpty(void); + bool isPoolEmpty(void); + + void setListActive(void) { list_active = true; }; + void unsetListActive(void) { list_active = false; }; + bool getListActive(void) { return list_active; }; + + void setListWait(void) { list_wait = true; }; + void unsetListWait(void) { list_wait = false; }; + bool getListWait(void) { return list_wait; }; + + void setListPairfini(void) { list_pairfini = true; }; + void unsetListPairfini(void) { list_pairfini = false; }; + bool getListPairfini(void) { return list_pairfini; }; + + void setListFull(void) { list_full = true; }; + void unsetListFull(void) { list_full = false; }; + bool getListFull(void) { return list_full; }; + + void setListFinishing(void) { list_finishing = true; }; + void unsetListFinishing(void) { list_finishing = false; }; + bool getListFinishing(void) { return list_finishing; }; + + void setListFinished(void) { list_finished = true; }; + bool getListFinished(void) { return list_finished; }; + + uint32_t getUserlistIndex(void); + void setUserlistIndex(uint32_t index); + uint32_t getPasslistIndex(void); + void setPasslistIndex(uint32_t index); + + void setLinearState(size_t state); + size_t getLinearState(void); + + + /* ********************* Members ********************* */ + + uint32_t uid; /* uniquely identifies service */ + char *name; + Target *target; /* service belongs to this host */ + u8 proto; + u16 portno; + + struct end_reason end; /* reason that this service ended */ + + /* list which holds discovered credentials if any */ + vector credentials_found; + + bool loginlist_fini;/* true if login list has been iterated through */ + bool userlist_fini; + bool passlist_fini; + + vector *UserArray; + vector *PassArray; + + /* true -> reconnaissance/timing probe */ + bool just_started; + + /* True if more connections needed for timing probe - usually modules like + * HTTP might need this, because they need to also check other variables + * like keep-alive values and authentication schemes (in separate + * connections) + */ + bool more_rounds; + + /* Will skip current username and move on to the next one if true. + * Currently used for MongoDB user-enum vulnerability in SCRAM_SHA1 auth. + */ + bool skip_username; + + unsigned int failed_connections; + long active_connections; + struct timeval last; /* time of last activated connection */ + + /* + * How many attempts the service supports per connection before + * closing on us. This is used as a valuable piece of information + * for many timing checks, and is gathered during the first connection + * (since that probably is the most reliable one, because in the beginning + * we haven't opened up too many connections yet) + */ + unsigned long supported_attempts; + + /* total auth attempts, including failed ones */ + unsigned long total_attempts; + + /* auth attempts that have finished up to the point of completing + * all authentication steps and getting the results */ + unsigned long finished_attempts; + + /* timing options that override global ones */ + + /* minimum number of concurrent parallel connections */ + long min_connection_limit; + /* maximum number of concurrent parallel connections */ + long max_connection_limit; + /* ideal number of concurrent parallel connections */ + long ideal_parallelism; + /* authentication attempts per connections */ + long auth_tries; + /* number of milliseconds to wait between each connection */ + long connection_delay; + /* number of connection retries after connection failure */ + long connection_retries; + /* maximum cracking time regardless of success so far */ + long long timeout; + + /* misc options */ + bool ssl; /* true -> SSL enabled over this service */ + char *path; /* used for HTTP or other modules that need a path-name */ + + char *db; /* used for MongoDB or other modules that need a database name */ + + char *domain; /* used for modules like WinRM that need a domain */ + + void *module_data; /* service/module-specific data */ + + RateMeter auth_rate_meter; + struct last_auth_rate { + double rate; + struct timeval time; + } last_auth_rate; + + list connections; + + /* + * Starts the timeout clock for the host running (e.g. you are + * beginning a scan). If you do not have the current time handy, + * you can pass in NULL. When done, call stopTimeOutClock (it will + * also automatically be stopped if timedOut() returns true) + */ + void startTimeOutClock(const struct timeval *now); + + /* The complement to startTimeOutClock. */ + void stopTimeOutClock(const struct timeval *now); + + /* Is the timeout clock currently running? */ + bool timeOutClockRunning() { return htn.toclock_running; } + + /* + * Returns whether the host is timedout. If the timeoutclock is + * running, counts elapsed time for that. Pass NULL if you don't have the + * current time handy. You might as well also pass NULL if the + * clock is not running, as the func won't need the time. + */ + bool timedOut(const struct timeval *now); + + /* Return time_t for the start and end time of this host */ + time_t StartTime() { return htn.host_start; } + + time_t EndTime() { return htn.host_end; } + + private: + + /* + * hostinfo in form "://:" + * e.g ftp://scanme.nmap.org:21 - Will be returned by HostInfo() + */ + char *hostinfo; + + /* + * Login pair pool that holds pairs that didn't manage to be authenticated + * due to an error (the host timed out, the connection was forcefully closed + * etc). If this pool has elements, then the next returned pair from + * NextPair() will come from this pool. NextPair() will remove the + * element from the list. + */ + list pair_pool; + + /* + * Mirror login pair pool, that holds pairs from login pair pool but which + * aren't removed from the list at the time they are used. + * By this way we can determine, if we are currently using pairs from the + * pair_pool by checking if the mirror_pair_pool is non-empty. + */ + list mirror_pair_pool; + + vector ::iterator uservi; + vector ::iterator passvi; + + bool list_active; /* service is now on 'services_active' list */ + bool list_wait; /* service appended to 'services_wait' list */ + bool list_pairfini; /* service appended to 'services_pairfini' list */ + bool list_full; /* service appended to 'services_full' list */ + bool list_finishing;/* service appended to 'services_finishing' list */ + bool list_finished; /* service is now on 'services_finished' list */ + + + /* + * LINEAR_INIT: service hasn't started connection yet + * LINEAR_ACTIVE: service has active connection + * LINEAR_DONE: service has finished connection + */ + size_t linear_state; + + struct host_timeout_nfo htn; + +}; + + +#endif diff --git a/include/DomainExec/Utils/ServiceGroup.cc b/include/DomainExec/Utils/ServiceGroup.cc new file mode 100644 index 00000000..af2c8f51 --- /dev/null +++ b/include/DomainExec/Utils/ServiceGroup.cc @@ -0,0 +1,438 @@ + +/*************************************************************************** + * ServiceGroup.cc -- The "ServiceGroup" class holds lists for all * + * services that are under active cracking or have been stalled for one * + * reason or another. Information and options that apply to all services * + * as a whole are also kept here. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ServiceGroup.h" +#include "NcrackOps.h" + +extern NcrackOps o; + + +ServiceGroup:: +ServiceGroup() +{ + /* members initialization */ + total_services = 0; + active_connections = 0; + connections_total = 0; + connections_timedout = 0; + connections_closed = 0; + credentials_found = 0; + SPM = new ScanProgressMeter(); +} + + +ServiceGroup:: +~ServiceGroup() +{ + // free stuff + delete SPM; +} + + +/* + * Find and set minimum connection delay from all unfinished services + */ +void ServiceGroup:: +findMinDelay(void) +{ + list delays; + list::iterator li; + + for (li = services_all.begin(); li != services_all.end(); li++) { + /* Append to temporary list only the unfinished services */ + if (!(*li)->getListFinished()) + delays.push_back((*li)->connection_delay); + } + + delays.sort(); + min_connection_delay = delays.front(); + delays.clear(); +} + + +/* + * Pushes service into one of the ServiceGroup lists. A Service might belong: + * a) to 'services_active' OR + * b) to 'services_finished' OR + * c) to any other combination of the rest of the lists + * A service might belong to more than one of the lists in case c) when + * for example it needs to wait both for the 'connection_delay' and the + * 'connection_limit'. + */ +list ::iterator ServiceGroup:: +pushServiceToList(Service *serv, list *dst) +{ + list ::iterator li = services_active.end(); + list ::iterator templi; + const char *dstname = NULL; + + assert(dst); + assert(serv); + + /* Check that destination list is valid and that service doesn't already + * belong to it. */ + if (!set_servlist(serv, dst) || !(dstname = list2name(dst))) + return li; + + /* + * If service belonged to 'services_active' then we also have to remove it + * from there. In any other case, we just copy the service to the list + * indicated by 'dst'. + */ + if (serv->getListActive()) { + for (li = services_active.begin(); li != services_active.end(); li++) { + if (((*li)->portno == serv->portno) && (!strcmp((*li)->name, serv->name)) + && (!(strcmp((*li)->target->NameIP(), serv->target->NameIP())))) + break; + } + if (li == services_active.end()) + fatal("%s: %s service not found in 'services_active' as indicated by " + "'getListActive()'!\n", __func__, serv->HostInfo()); + + serv->unsetListActive(); + li = services_active.erase(li); + } + + /* + * Now append service to destination list. The service can still be in other + * lists too. However, if we move it to 'services_finished', then no other + * action can happen on it. We also can never move a service to + * 'services_active' by this way. The service must stop being in any other + * list before finally being moved back to 'services_active' and this only + * happens through 'popServiceFromList()'. + */ + + if (dst == &services_active) { + if (o.debugging > 8) + error("%s cannot be pushed into 'services_active'. This is not allowed!\n", + serv->HostInfo()); + } + + dst->push_back(serv); + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s pushed to list %s\n", serv->HostInfo(), dstname); + + // TODO: probably we should also remove from any other list too, if service + // is finished. + + free((char *)dstname); + prev_modified = li; + return li; +} + + +/* + * Pops service from one of the ServiceGroup lists. This is the only way for a + * service to return back to 'services_active' and this happens if and only if + * it stops belonging to any other list (except 'services_finished' from which + * you are not allowed to remove a service once it moves there) + */ +list ::iterator ServiceGroup:: +popServiceFromList(Service *serv, list *src) +{ + list ::iterator li = services_finished.end(); + const char *srcname = NULL; + + assert(src); + assert(serv); + + if (src == &services_active) { + if (o.debugging > 8) + error("%s cannot be popped from 'services_active'. This is not allowed!\n", + serv->HostInfo()); + } + + /* unset corresponding boolean for service's list - If operation is invalid + * then return immediately (with null iterator) */ + if (!unset_servlist(serv, src) || !(srcname = list2name(src))) + return li; + + for (li = src->begin(); li != src->end(); li++) { + if (((*li)->portno == serv->portno) && (!strcmp((*li)->name, serv->name)) + && (!(strcmp((*li)->target->NameIP(), serv->target->NameIP())))) + break; + } + if (li == src->end()) + fatal("%s: %s service was not found in %s and thus cannot be popped!\n", + __func__, serv->HostInfo(), srcname); + + /* + * If service now doesn't belong to any other list other than + * 'services_active' then we can move them back there! + */ + if (!serv->getListWait() && !serv->getListPairfini() && + !serv->getListFull() && !serv->getListFinishing() && + !serv->getListFinished()) { + serv->setListActive(); + services_active.push_back(serv); + } + + li = src->erase(li); + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s popped from list %s\n", + serv->HostInfo(), srcname); + + + free((char *)srcname); + prev_modified = li; + return li; +} + + +/* + * Returns list's equivalent name. e.g for 'services_finished' it will return + * a "FINISHED" string. We prefer capitals for debugging purposes. Caller must + * free the string after it finishes using it. + */ +const char *ServiceGroup:: +list2name(list *list) +{ + const char *name = NULL; + + if (list == &services_active) + name = Strndup("ACTIVE", sizeof("ACTIVE") - 1); + else if (list == &services_wait) + name = Strndup("WAIT", sizeof("WAIT") - 1); + else if (list == &services_pairfini) + name = Strndup("PAIRFINI", sizeof("PAIRFINI") - 1); + else if (list == &services_full) + name = Strndup("FULL", sizeof("FULL") - 1); + else if (list == &services_finishing) + name = Strndup("FINISHING", sizeof("FINISHING") - 1); + else if (list == &services_finished) + name = Strndup("FINISHED", sizeof("FINISHED") - 1); + else + error("%s Invalid list specified!\n", __func__); + + return name; +} + + +/* + * Set service's corresponding boolean indicating that it now + * belongs to the particular list. If service is already on the list or an + * invalid list is specified, then the operation is invalid. + * Returns true if operation is valid and false for invalid. + */ +bool ServiceGroup:: +set_servlist(Service *serv, list *list) +{ + if (list == &services_active && !serv->getListActive()) + serv->setListActive(); + else if (list == &services_wait && !serv->getListWait()) + serv->setListWait(); + else if (list == &services_pairfini && !serv->getListPairfini()) + serv->setListPairfini(); + else if (list == &services_full && !serv->getListFull()) + serv->setListFull(); + else if (list == &services_finishing && !serv->getListFinishing()) + serv->setListFinishing(); + else if (list == &services_finished && !serv->getListFinished()) { + serv->setListFinished(); + serv->stopTimeOutClock(nsock_gettimeofday()); + } + else + return false; + + return true; +} + + +/* + * Unset service's corresponding boolean indicating that it stops + * belonging to the particular list. + * Returns true if operation is valid. + */ +bool ServiceGroup:: +unset_servlist(Service *serv, list *list) +{ + if (list == &services_active) + serv->unsetListActive(); + else if (list == &services_wait) + serv->unsetListWait(); + else if (list == &services_pairfini) + serv->unsetListPairfini(); + else if (list == &services_full) + serv->unsetListFull(); + else if (list == &services_finishing) + serv->unsetListFinishing(); + else if (list == &services_finished) { + if (o.debugging > 8) + error("%s cannot remove from 'services_finished'.This is not allowed!\n", + __func__); + return false; + } else { + error("%s destination list invalid!\n", __func__); + return false; + } + return true; +} + + +double ServiceGroup:: +getCompletionFraction(void) +{ + double total = 0; + unsigned int services_left = 0; + + list ::iterator li; + + for (li = services_all.begin(); li != services_all.end(); li++) { + if ((*li)->getListFinished()) + continue; + services_left++; + total += (*li)->getPercDone(); + } + + if (total) + total /= (double)services_left; + else + total = 0; + return total; +} + + +/* + * Return true if there is still a pending connection from the rest of the services + */ +bool ServiceGroup:: +checkLinearPending(void) +{ + list ::iterator li; + for (li = services_all.begin(); li != services_all.end(); li++) { + if ((*li)->getLinearState() == LINEAR_INIT || (*li)->getLinearState() == LINEAR_ACTIVE) + return true; + } + + return false; +} diff --git a/include/DomainExec/Utils/ServiceGroup.h b/include/DomainExec/Utils/ServiceGroup.h new file mode 100644 index 00000000..15f54864 --- /dev/null +++ b/include/DomainExec/Utils/ServiceGroup.h @@ -0,0 +1,270 @@ + +/*************************************************************************** + * ServiceGroup.h -- The "ServiceGroup" class holds lists for all * + * services that are under active cracking or have been stalled for one * + * reason or another. Information and options that apply to all services * + * as a whole are also kept here. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef SERVICE_GROUP_H +#define SERVICE_GROUP_H + +#include "ncrack.h" +#include "Service.h" +#include + + +class ServiceGroup { + public: + ServiceGroup(); + ~ServiceGroup(); + + /* ********************* Functions ******************* */ + + /* Find and set minimum connection delay from all services */ + void findMinDelay(void); + + /* + * Pushes service into one of the ServiceGroup lists. + * A Service might belong: + * a) to 'services_active' OR + * b) to 'services_finished' OR + * c) to any other combination of the rest of the lists + * A service might belong to more than one of the lists in case c) when + * for example it needs to wait both for the 'connection_delay' and the + * 'connection_limit'. + */ + list ::iterator pushServiceToList(Service *serv, + list *dst); + + /* + * Pops service from one of the ServiceGroup lists. This is the only way + * for a service to return back to 'services_active' and this happens if + * and only if it stops belonging to any other list (except + * 'services_finished' from which you are not allowed to remove a service + * once it moves there). + */ + list ::iterator popServiceFromList(Service *serv, + list *src); + + double getCompletionFraction(void); + + bool checkLinearPending(void); + + /* ********************* Members ********************* */ + + /* All Services. This includes all active and inactive services. + * This list is useful for iterating through all services in one + * global place instead of searching for each one of them in + * separate lists. This list is *never* touched except at creation. + */ + list services_all; + + /* Services finished (successfully or not) */ + list services_finished; + + /* + * Service has its credential list finished, the pool is empty + * but there are pending connections still active + */ + list services_finishing; + + /* + * Services that temporarily cannot initiate another + * connection due to timing constraints (connection limit) + */ + list services_full; + + /* + * Services that have to wait a time of 'connection_delay' + * until initiating another connection + */ + list services_wait; + + + /* + * Services that have to wait until our pair pool has at least one element + * to grab a login pair from, since the main credential list (username or + * password depending on the mode of iteration) has already finished being + * iterated through. + */ + list services_pairfini; + + /* Services that can initiate more connections */ + list services_active; + + /* how many services we need to crack in total */ + unsigned long total_services; + + long min_connection_delay;/* minimum connection delay from all services */ + long active_connections; /* total number of active connections */ + long connection_limit; /* maximum total number of active connections */ + + /* how many connections have been initiated */ + unsigned long connections_total; + unsigned long connections_timedout; /* how many connections have failed */ + + /* how many connections prematurely closed */ + unsigned long connections_closed; + + /* total credentials found */ + unsigned long credentials_found; + + int num_hosts_timedout; /* # of hosts timed out during (or before) scan */ + list ::iterator last_accessed; /* last element accessed */ + list ::iterator prev_modified; /* prev element modified */ + + RateMeter auth_rate_meter; + ScanProgressMeter *SPM; + + private: + + /* + * Returns list's equivalent name. e.g for services_finished it will return + * a "FINISHED" string. We prefer capitals for debugging purposes. Caller + * must free the string after it finishes using it. + */ + const char *list2name(list *list); + + /* + * Set service's corresponding boolean indicating that it now + * belongs to the particular list. + * Returns true if operation is valid. + */ + bool set_servlist(Service *serv, list *list); + + /* + * Unset service's corresponding boolean indicating that it stops + * belonging to the particular list. + * Returns true if operation is valid. + */ + bool unset_servlist(Service *serv, list *list); + +}; + +#endif diff --git a/include/DomainExec/Utils/Target.cc b/include/DomainExec/Utils/Target.cc new file mode 100644 index 00000000..8a5f241a --- /dev/null +++ b/include/DomainExec/Utils/Target.cc @@ -0,0 +1,309 @@ + +/*************************************************************************** + * Target.cc -- The Target class is a stripped version of the equivalent * + * class of Nmap. It holds information and functions mainly pertaining to * + * hostnames and IP addresses of the targets. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: Target.cc 12955 2009-04-15 00:37:03Z fyodor $ */ + +#include "NcrackOps.h" +#include "Target.h" +#include "nbase.h" +#include "utils.h" + +extern NcrackOps o; +using namespace std; + + +Target::Target() { + Initialize(); +} + +void Target::Initialize() { + hostname = NULL; + targetname = NULL; + memset(&targetsock, 0, sizeof(targetsock)); + targetsocklen = 0; + targetipstring[0] = '\0'; + nameIPBuf = NULL; +} + + +void Target::Recycle() { + FreeInternal(); + Initialize(); +} + +Target::~Target() { + FreeInternal(); +} + +void Target::FreeInternal() { + /* Free the DNS name if we resolved one */ + if (hostname) + free(hostname); + + if (targetname) + free(targetname); + + if (nameIPBuf) { + free(nameIPBuf); + nameIPBuf = NULL; + } + +} + +/* Creates a "presentation" formatted string out of the IPv4/IPv6 address. + Called when the IP changes */ +void Target::GenerateIPString() { + struct sockaddr_in *sin = (struct sockaddr_in *) &targetsock; +#if HAVE_IPV6 + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) &targetsock; +#endif + + if (inet_ntop(sin->sin_family, (sin->sin_family == AF_INET)? + (char *) &sin->sin_addr : +#if HAVE_IPV6 + (char *) &sin6->sin6_addr, +#else + (char *) NULL, +#endif + targetipstring, sizeof(targetipstring)) == NULL) { + fatal("Failed to convert target address to presentation format!?! " + "Error: %s", strerror(socket_errno())); + } +} + +/* Fills a sockaddr_storage with the AF_INET or AF_INET6 address + information of the target. This is a preferred way to get the + address since it is portable for IPv6 hosts. Returns 0 for + success. ss_len must be provided. It is not examined, but is set + to the size of the sockaddr copied in. */ +int Target::TargetSockAddr(struct sockaddr_storage *ss, size_t *ss_len) { + assert(ss); + assert(ss_len); + if (targetsocklen <= 0) + return 1; + assert(targetsocklen <= sizeof(*ss)); + memcpy(ss, &targetsock, targetsocklen); + *ss_len = targetsocklen; + return 0; +} + +/* Note that it is OK to pass in a sockaddr_in or sockaddr_in6 casted + to sockaddr_storage */ +void Target::setTargetSockAddr(struct sockaddr_storage *ss, size_t ss_len) { + + assert(ss_len > 0 && ss_len <= sizeof(*ss)); + if (targetsocklen > 0) { + /* We had an old target sock, so we better blow away the hostname as + this one may be new. */ + setHostName(NULL); + setTargetName(NULL); + } + memcpy(&targetsock, ss, ss_len); + targetsocklen = ss_len; + GenerateIPString(); + // /* The ports array needs to know a name too */ + //ports.setIdStr(targetipstr()); +} + +// Returns IPv4 host address or {0} if unavailable. +struct in_addr Target::v4host() { + const struct in_addr *addy = v4hostip(); + struct in_addr in; + if (addy) + return *addy; + in.s_addr = 0; + return in; +} + +// Returns IPv4 host address or NULL if unavailable. +const struct in_addr *Target::v4hostip() const { + struct sockaddr_in *sin = (struct sockaddr_in *) &targetsock; + if (sin->sin_family == AF_INET) + return &(sin->sin_addr); + return NULL; +} + + + +/* You can set to NULL to erase a name or if it failed to resolve -- or + just don't call this if it fails to resolve */ +void Target::setHostName(char *name) { + char *p; + if (hostname) { + free(hostname); + hostname = NULL; + } + if (name) { + p = hostname = strdup(name); + while (*p) { + // I think only a-z A-Z 0-9 . and - are allowed, but I'll be a little more + // generous. + if (!isalnum(*p) && !strchr(".-+=:_~*", *p)) { + //log_write(LOG_STDOUT, "Illegal character(s) in hostname -- " + //"replacing with '*'\n"); + *p = '*'; + } + p++; + } + } +} + +void Target::setTargetName(const char *name) { + if (targetname) { + free(targetname); + targetname = NULL; + } + if (name) + targetname = strdup(name); +} + +/* Generates a printable string consisting of the host's IP + address and hostname (if available). Eg "www.insecure.org + (64.71.184.53)" or "fe80::202:e3ff:fe14:1102". The name is + written into the buffer provided, which is also returned. Results + that do not fit in buflen will be truncated. */ +const char *Target::NameIP(char *buf, size_t buflen) { + assert(buf); + assert(buflen > 8); + if (hostname) + Snprintf(buf, buflen, "%s (%s)", hostname, targetipstring); + else + Strncpy(buf, targetipstring, buflen); + return buf; +} + +/* This next version returns a static buffer -- so no concurrency */ +const char *Target::NameIP() { + if (!nameIPBuf) + nameIPBuf = (char *) safe_malloc(MAXHOSTNAMELEN + INET6_ADDRSTRLEN); + return NameIP(nameIPBuf, MAXHOSTNAMELEN + INET6_ADDRSTRLEN); +} + diff --git a/include/DomainExec/Utils/Target.h b/include/DomainExec/Utils/Target.h new file mode 100644 index 00000000..b05f2011 --- /dev/null +++ b/include/DomainExec/Utils/Target.h @@ -0,0 +1,215 @@ + +/*************************************************************************** + * Target.h -- The Target class is a stripped version of the equivalent * + * class of Nmap. It holds information and functions mainly pertaining to * + * hostnames and IP addresses of the targets. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: Target.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef TARGET_H +#define TARGET_H + +#include "ncrack.h" + +#ifndef INET6_ADDRSTRLEN +#define INET6_ADDRSTRLEN 46 +#endif + +#include +using namespace std; + + +class Target { + public: /* For now ... a lot of the data members should be made private */ + Target(); + ~Target(); + /* Recycles the object by freeing internal objects and reinitializing + to default state */ + void Recycle(); + /* Fills a sockaddr_storage with the AF_INET or AF_INET6 address + information of the target. This is a preferred way to get the + address since it is portable for IPv6 hosts. Returns 0 for + success. ss_len must be provided. It is not examined, but is set + to the size of the sockaddr copied in. */ + int TargetSockAddr(struct sockaddr_storage *ss, size_t *ss_len); + /* Note that it is OK to pass in a sockaddr_in or sockaddr_in6 casted + to sockaddr_storage */ + void setTargetSockAddr(struct sockaddr_storage *ss, size_t ss_len); + // Returns IPv4 target host address or {0} if unavailable. + struct in_addr v4host(); + const struct in_addr *v4hostip() const; + /* The IPv4 or IPv6 literal string for the target host */ + const char *targetipstr() { return targetipstring; } + /* Give the name from the last setHostName() call, which should be + the name obtained from reverse-resolution (PTR query) of the IP (v4 + or v6). If the name has not been set, or was set to NULL, an empty + string ("") is returned to make printing easier. */ + const char *HostName() { return hostname? hostname : ""; } + /* You can set to NULL to erase a name or if it failed to resolve -- or + just don't call this if it fails to resolve. The hostname is blown + away when you setTargetSockAddr(), so make sure you do these in proper + order + */ + void setHostName(char *name); + /* Generates a printable string consisting of the host's IP + address and hostname (if available). Eg "www.insecure.org + (64.71.184.53)" or "fe80::202:e3ff:fe14:1102". The name is + written into the buffer provided, which is also returned. Results + that do not fit in buflen will be truncated. */ + const char *NameIP(char *buf, size_t buflen); + /* This next version returns a STATIC buffer -- so no concurrency */ + const char *NameIP(); + + /* Give the name from the last setTargetName() call, which is the + name of the target given on the command line if it's a named + host. */ + const char *TargetName() { return targetname; } + /* You can set to NULL to erase a name. The targetname is blown + away when you setTargetSockAddr(), so make sure you do these in proper + order + */ + void setTargetName(const char *name); + + char *hostname; // Null if unable to resolve or unset + /* The name of the target host given on the commmand line if it is a + * named host */ + char *targetname; + + private: + void Initialize(); + void FreeInternal(); // Free memory allocated inside this object + // Creates a "presentation" formatted string out of the IPv4/IPv6 address + void GenerateIPString(); + struct sockaddr_storage targetsock; + size_t targetsocklen; + char targetipstring[INET6_ADDRSTRLEN]; + char *nameIPBuf; /* for the NameIP(void) function to return */ + +}; + +#endif /* TARGET_H */ diff --git a/include/DomainExec/Utils/TargetGroup.cc b/include/DomainExec/Utils/TargetGroup.cc new file mode 100644 index 00000000..36c8b7da --- /dev/null +++ b/include/DomainExec/Utils/TargetGroup.cc @@ -0,0 +1,553 @@ + +/*************************************************************************** + * TargetGroup.cc -- The "TargetGroup" class holds a group of IP addresses,* + * such as those from a '/16' or '10.*.*.*' specification. It is a * + * stripped version of the equivalent class of Nmap. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: TargetGroup.cc 12955 2009-04-15 00:37:03Z fyodor $ */ + +#include "NcrackOps.h" +#include "TargetGroup.h" +#include "utils.h" + +extern NcrackOps o; + + +TargetGroup::TargetGroup() { + Initialize(); +} + +// Bring back (or start with) original state +void TargetGroup::Initialize() { + targets_type = TYPE_NONE; + memset(addresses, 0, sizeof(addresses)); + memset(current, 0, sizeof(current)); + memset(last, 0, sizeof(last)); + ipsleft = 0; +} + +/* take the object back to the beginning without (mdmcl) + * reinitalizing the data structures */ +int TargetGroup::rewind() { + + /* For netmasks we must set the current address to the + * starting address and calculate the ips by distance */ + if (targets_type == IPV4_NETMASK) { + currentaddr = startaddr; + if (startaddr.s_addr <= endaddr.s_addr) { + ipsleft = ((unsigned long long) (endaddr.s_addr - startaddr.s_addr)) + 1; + return 0; + } + else + assert(0); + } + /* For ranges, we easily set current to zero and calculate + * the ips by the number of values in the columns */ + else if (targets_type == IPV4_RANGES) { + memset((char *)current, 0, sizeof(current)); + ipsleft = (unsigned long long) (last[0] + 1) * + (unsigned long long) (last[1] + 1) * + (unsigned long long) (last[2] + 1) * + (unsigned long long) (last[3] + 1); + return 0; + } +#if HAVE_IPV6 + /* For IPV6 there is only one address, this function doesn't + * make much sence for IPv6 does it? */ + else if (targets_type == IPV6_ADDRESS) { + ipsleft = 1; + return 0; + } +#endif + + /* If we got this far there must be an error, wrong type */ + return -1; +} + + + +/* Initializes (or reinitializes) the object with a new expression, such + as 192.168.0.0/16 , 10.1.0-5.1-254 , or fe80::202:e3ff:fe14:1102 . + Returns 0 for success */ +int TargetGroup::parse_expr(const char * const target_expr, int af) { + + int i=0,j=0,k=0; + int start, end; + char *r,*s, *target_net; + char *addy[5]; + char *hostexp = strdup(target_expr); + struct hostent *target; + namedhost = 0; + + + + if (targets_type != TYPE_NONE) + Initialize(); + ipsleft = 0; + + if (af == AF_INET) { + + /* separate service specification from host */ + if ((s = strchr(hostexp, '[')) || (s = strstr(hostexp, "::")) || (s = strstr(hostexp, "://"))) + *s = '\0'; + + s = NULL; + + if (strchr(hostexp, ':')) + fatal("Invalid host expression: %s -- colons only allowed in IPv6 addresses, and then you need the -6 switch", hostexp); + + + /*struct in_addr current_in;*/ + addy[0] = addy[1] = addy[2] = addy[3] = addy[4] = NULL; + addy[0] = r = hostexp; + /* First we break the expression up into the four parts of the IP address + + the optional '/mask' */ + target_net = hostexp; + s = strchr(hostexp, '/'); /* Find the slash if there is one */ + if (s) { + *s = '\0'; /* Make sure target_net is terminated before the /## */ + s++; /* Point s at the netmask */ + } + netmask = ( s ) ? atoi(s) : 32; + if ((int) netmask < 0 || netmask > 32) { + error("Illegal netmask value (%d), must be /0 - /32 . Assuming /32 (one host)", netmask); + netmask = 32; + } + for(i=0; *(hostexp + i); i++) + if (isupper((int) *(hostexp +i)) || islower((int) *(hostexp +i))) { + namedhost = 1; + break; + } + if (netmask != 32 || namedhost) { + targets_type = IPV4_NETMASK; + if (!inet_pton(AF_INET, target_net, &(startaddr))) { + if ((target = gethostbyname(target_net))) { + int count=0; + + memcpy(&(startaddr), target->h_addr_list[0], sizeof(struct in_addr)); + + while (target->h_addr_list[count]) count++; + + if (count > 1) + error("Warning: Hostname %s resolves to %d IPs. Using %s.", + target_net, count, inet_ntoa(*((struct in_addr *)target->h_addr_list[0]))); + } else { + error("Failed to resolve given hostname/IP: %s. " + "Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges", target_net); + free(hostexp); + return 1; + } + } + if (netmask) { + unsigned long longtmp = ntohl(startaddr.s_addr); + startaddr.s_addr = longtmp & (unsigned long) (0 - (1<<(32 - netmask))); + endaddr.s_addr = longtmp | (unsigned long) ((1<<(32 - netmask)) - 1); + } else { + /* The above calculations don't work for a /0 netmask, though at first + * glance it appears that they would + */ + startaddr.s_addr = 0; + endaddr.s_addr = 0xffffffff; + } + currentaddr = startaddr; + if (startaddr.s_addr <= endaddr.s_addr) { + ipsleft = ((unsigned long long) (endaddr.s_addr - startaddr.s_addr)) + 1; + free(hostexp); + return 0; + } + error("Host specification invalid"); + free(hostexp); + return 1; + } + else { + targets_type = IPV4_RANGES; + i = 0; + + while(*++r) { + if (*r == '.' && ++i < 4) { + *r = '\0'; + addy[i] = r + 1; + } + else if (*r != '*' && *r != ',' && *r != '-' && !isdigit((int)*r)) + fatal("Invalid character in host specification. Note in particular that square brackets [] are no longer allowed. " + "They were redundant and can simply be removed."); + } + if (i != 3) fatal("Invalid target host specification: %s", target_expr); + + for (i = 0; i < 4; i++) { + j=0; + do { + s = strchr(addy[i],','); + if (s) + *s = '\0'; + if (*addy[i] == '*') { + start = 0; + end = 255; + } else if (*addy[i] == '-') { + start = 0; + if (*(addy[i] + 1) == '\0') + end = 255; + else + end = atoi(addy[i]+ 1); + } else { + start = end = atoi(addy[i]); + if ((r = strchr(addy[i],'-')) && *(r+1) ) + end = atoi(r + 1); + else if (r && !*(r+1)) + end = 255; + } + + if (start < 0 || start > end || start > 255 || end > 255) + fatal("Your host specifications are illegal!"); + if (j + (end - start) > 255) + fatal("Your host specifications are illegal!"); + + for (k = start; k <= end; k++) + addresses[i][j++] = k; + + last[i] = j - 1; + if (s) + addy[i] = s + 1; + } while (s); + } + } + memset((char *)current, 0, sizeof(current)); + ipsleft = (unsigned long long) (last[0] + 1) * + (unsigned long long) (last[1] + 1) * + (unsigned long long) (last[2] + 1) * + (unsigned long long) (last[3] + 1); + } + else { +#if HAVE_IPV6 + int rc = 0; + assert(af == AF_INET6); + if (strchr(hostexp, '/')) { + fatal("Invalid host expression: %s -- slash not allowed. IPv6 addresses can currently only be specified individually", hostexp); + } + targets_type = IPV6_ADDRESS; + struct addrinfo hints; + struct addrinfo *result = NULL; + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_INET6; + rc = getaddrinfo(hostexp, NULL, &hints, &result); + if (rc != 0 || result == NULL) { + error("Failed to resolve given IPv6 hostname/IP: %s. Note that you can't use '/mask' or '[1-4,7,100-]' style ranges for IPv6. Error code %d: %s", hostexp, rc, gai_strerror(rc)); + free(hostexp); + if (result) freeaddrinfo(result); + return 1; + } + assert(result->ai_addrlen == sizeof(struct sockaddr_in6)); + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) result->ai_addr; + memcpy(&ip6, sin6, sizeof(struct sockaddr_in6)); + ipsleft = 1; + freeaddrinfo(result); +#else // HAVE_IPV6 + fatal("IPv6 not supported on your platform"); +#endif // HAVE_IPV6 + } + + free(hostexp); + return 0; +} + +/* For ranges, skip all hosts in an octet, (mdmcl) + * get_next_host should be used for skipping the last octet :-) + * returns: number of hosts skipped */ +int TargetGroup::skip_range(_octet_nums octet) { + unsigned long hosts_skipped = 0, /* number of hosts skipped */ + oct = 0; /* octect number */ + int i = 0; /* simple lcv */ + + /* This function is only supported for RANGES! */ + if (targets_type != IPV4_RANGES) + return -1; + + switch (octet) { + case FIRST_OCTET: + oct = 0; + hosts_skipped = (unsigned long)(last[1] + 1) * (unsigned long)(last[2] + 1) * (unsigned long)(last[3] + 1); + break; + case SECOND_OCTET: + oct = 1; + hosts_skipped = (unsigned long)(last[2] + 1) * (unsigned long)(last[3] + 1); + break; + case THIRD_OCTET: + oct = 2; + hosts_skipped = (last[3] + 1); + break; + default: /* Hmm, how'd you do that */ + return -1; + } + + /* catch if we try to take more than are left */ + assert(ipsleft + 1>= hosts_skipped); + + /* increment the next octect that we can above us */ + for (i = oct; i >= 0; i--) { + if (current[i] < last[i]) { + current[i]++; + break; + } + else + current[i] = 0; + } + + /* reset all the ones below us to zero */ + for (i = oct+1; i <= 3; i++) { + current[i] = 0; + } + + /* we actually don't skip the current, it was accounted for + * by get_next_host */ + ipsleft -= hosts_skipped - 1; + + return hosts_skipped; +} + +/* Grab the next host from this expression (if any) and updates its internal + state to reflect that the IP was given out. Returns 0 and + fills in ss if successful. ss must point to a pre-allocated + sockaddr_storage structure */ +int TargetGroup::get_next_host(struct sockaddr_storage *ss, size_t *sslen) { + + int octet; + struct sockaddr_in *sin = (struct sockaddr_in *) ss; + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) ss; +//startover: /* to handle nmap --resume where I have already + // scanned many of the IPs */ + assert(ss); + assert(sslen); + + + if (ipsleft == 0) + return -1; + + if (targets_type == IPV4_NETMASK) { + memset(sin, 0, sizeof(struct sockaddr_in)); + sin->sin_family = AF_INET; + *sslen = sizeof(struct sockaddr_in); +#if HAVE_SOCKADDR_SA_LEN + sin->sin_len = *sslen; +#endif + + if (currentaddr.s_addr <= endaddr.s_addr) { + sin->sin_addr.s_addr = htonl(currentaddr.s_addr++); + } else { + error("Bogus target structure passed to %s", __func__); + ipsleft = 0; + return -1; + } + } + else if (targets_type == IPV4_RANGES) { + memset(sin, 0, sizeof(struct sockaddr_in)); + sin->sin_family = AF_INET; + *sslen = sizeof(struct sockaddr_in); + +#if HAVE_SOCKADDR_SA_LEN + sin->sin_len = *sslen; +#endif + + /* Set the IP to the current value of everything */ + sin->sin_addr.s_addr = htonl(addresses[0][current[0]] << 24 | + addresses[1][current[1]] << 16 | + addresses[2][current[2]] << 8 | + addresses[3][current[3]]); + + /* Now we nudge up to the next IP */ + for(octet = 3; octet >= 0; octet--) { + if (current[octet] < last[octet]) { + /* OK, this is the column I have room to nudge upwards */ + current[octet]++; + break; + } else { + /* This octet is finished so I reset it to the beginning */ + current[octet] = 0; + } + } + if (octet == -1) { + /* It didn't find anything to bump up, I must have taken the last IP */ + assert(ipsleft == 1); + /* So I set current to last with the very final octet up one ... */ + /* Note that this may make current[3] == 256 */ + current[0] = last[0]; current[1] = last[1]; + current[2] = last[2]; current[3] = last[3] + 1; + } else { + assert(ipsleft > 1); /* There must be at least one more IP left */ + } + } else { + assert(targets_type == IPV6_ADDRESS); + assert(ipsleft == 1); +#if HAVE_IPV6 + *sslen = sizeof(struct sockaddr_in6); + memset(sin6, 0, *sslen); + sin6->sin6_family = AF_INET6; +#ifdef SIN_LEN + sin6->sin6_len = *sslen; +#endif /* SIN_LEN */ + memcpy(sin6->sin6_addr.s6_addr, ip6.sin6_addr.s6_addr, 16); + sin6->sin6_scope_id = ip6.sin6_scope_id; +#else + fatal("IPV6 not supported on this platform"); +#endif // HAVE_IPV6 + } + ipsleft--; + + return 0; +} + +/* Returns the last given host, so that it will be given again next + time get_next_host is called. Obviously, you should only call + this if you have fetched at least 1 host since parse_expr() was + called */ +int TargetGroup::return_last_host() { + int octet; + + ipsleft++; + if (targets_type == IPV4_NETMASK) { + assert(currentaddr.s_addr > startaddr.s_addr); + currentaddr.s_addr--; + } else if (targets_type == IPV4_RANGES) { + for(octet = 3; octet >= 0; octet--) { + if (current[octet] > 0) { + /* OK, this is the column I have room to nudge downwards */ + current[octet]--; + break; + } else { + /* This octet is already at the beginning, so I set it to the end */ + current[octet] = last[octet]; + } + } + assert(octet != -1); + } else { + assert(targets_type == IPV6_ADDRESS); + assert(ipsleft == 1); + } + return 0; +} + + diff --git a/include/DomainExec/Utils/TargetGroup.h b/include/DomainExec/Utils/TargetGroup.h new file mode 100644 index 00000000..7a45c79f --- /dev/null +++ b/include/DomainExec/Utils/TargetGroup.h @@ -0,0 +1,207 @@ + +/*************************************************************************** + * TargetGroup.h -- The "TargetGroup" class holds a group of IP addresses, * + * such as those from a '/16' or '10.*.*.*' specification. It is a * + * stripped version of the equivalent class of Nmap. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: TargetGroup.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef TARGETGROUP_H +#define TARGETGROUP_H + +#include "ncrack.h" +#include "Target.h" +#include "global_structures.h" + +#include + +class TargetGroup { + public: + /* used by get_target_types */ + enum _targets_types { TYPE_NONE, IPV4_NETMASK, IPV4_RANGES, IPV6_ADDRESS }; + /* used as input to skip range */ + enum _octet_nums { FIRST_OCTET, SECOND_OCTET, THIRD_OCTET }; + TargetGroup(); + + /* Initializes (or reinitializes) the object with a new expression, + such as 192.168.0.0/16 , 10.1.0-5.1-254 , or + fe80::202:e3ff:fe14:1102 . The af parameter is AF_INET or + AF_INET6 Returns 0 for success */ + int parse_expr(const char * const target_expr, int af); + /* Reset the object without reinitializing it */ + int rewind(); + /* Grab the next host from this expression (if any). Returns 0 and + fills in ss if successful. ss must point to a pre-allocated + sockaddr_storage structure */ + int get_next_host(struct sockaddr_storage *ss, size_t *sslen); + /* Returns the last given host, so that it will be given again next + time get_next_host is called. Obviously, you should only call + this if you have fetched at least 1 host since parse_expr() was + called */ + int return_last_host(); + /* return the target type */ + char get_targets_type() {return targets_type;}; + /* get the netmask */ + int get_mask() {return netmask;}; + /* is the current expression a named host */ + int get_namedhost() {return namedhost;}; + /* Skip an octet in the range array */ + int skip_range(_octet_nums octet); + + vector services; + + private: + enum _targets_types targets_type; + void Initialize(); + +#if HAVE_IPV6 + struct sockaddr_in6 ip6; +#endif + + /* These 4 are used for the '/mask' style of specifying target + net (IPV4_NETMASK) */ + u32 netmask; + struct in_addr startaddr; + struct in_addr currentaddr; + struct in_addr endaddr; + + // These three are for the '138.[1-7,16,91-95,200-].12.1' style (IPV4_RANGES) + u8 addresses[4][256]; + unsigned int current[4]; + u8 last[4]; + +/* Number of IPs left in this structure -- set to 0 if + the fields are not valid */ + unsigned long long ipsleft; + + // is the current target expression a named host + int namedhost; +}; + + +#endif /* TARGETGROUP_H */ diff --git a/include/DomainExec/Utils/blackmarlinexec-services b/include/DomainExec/Utils/blackmarlinexec-services new file mode 100644 index 00000000..103ba9e2 --- /dev/null +++ b/include/DomainExec/Utils/blackmarlinexec-services @@ -0,0 +1,48 @@ +# Ncrack available services +# Use this file to add additional supported services in the format specified: +# / +# where protocol = either tcp or udp + +ftp 21/tcp +ssh 22/tcp +telnet 23/tcp +http 80/tcp +wordpress 80/tcp +wp 80/tcp +webform 80/tcp +web 80/tcp +joomla 80/tcp +dicom 104/tcp +pop3 110/tcp +imap 143/tcp +microsoft-ds 445/tcp +netbios-ssn 445/tcp +smb 445/tcp +smb2 445/tcp +smb 139/tcp +https 443/tcp +owa 443/tcp +wordpress-tls 443/tcp +wp-tls 443/tcp +webform 443/tcp +web-tls 443/tcp +sip 5060/tcp +pop3s 995/tcp +mssql 1433/tcp +mqtt 1883/tcp +mysql 3306/tcp +ms-wbt-server 3389/tcp +rdp 3389/tcp +psql 5432/tcp +vnc 5801/tcp +vnc 5900/tcp +vnc 5901/tcp +vnc 6001/tcp +redis 6379/tcp +winrm 5985/tcp +winrm 5986/tcp +couchbase 8091/tcp +cassandra 9160/tcp +cassandra 9042/tcp +mongodb 27017/tcp +cvs 2401/tcp diff --git a/include/DomainExec/Utils/crypto.cc b/include/DomainExec/Utils/crypto.cc new file mode 100644 index 00000000..620156d0 --- /dev/null +++ b/include/DomainExec/Utils/crypto.cc @@ -0,0 +1,964 @@ + +/*************************************************************************** + * crypto.cc -- crypto functions like LM, NTLM etc reside here * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "crypto.h" + +#if HAVE_OPENSSL + +#include +#include +#include +#include +#include +#include +#ifndef WIN32 + #include +#endif +#include "ncrack_error.h" +#include "utils.h" + + +static void password_to_key(const uint8_t password[7], uint8_t key[8]) +{ + /* make room for parity bits */ + key[0] = (password[0] >> 0); + key[1] = ((password[0]) << 7) | (password[1] >> 1); + key[2] = ((password[1]) << 6) | (password[2] >> 2); + key[3] = ((password[2]) << 5) | (password[3] >> 3); + key[4] = ((password[3]) << 4) | (password[4] >> 4); + key[5] = ((password[4]) << 3) | (password[5] >> 5); + key[6] = ((password[5]) << 2) | (password[6] >> 6); + key[7] = ((password[6]) << 1); +} + + +static void +des(const uint8_t password[7], const uint8_t data[8], uint8_t result[]) +{ + DES_cblock key; + DES_key_schedule schedule; + + password_to_key(password, key); + + DES_set_odd_parity(&key); + DES_set_key_unchecked(&key, &schedule); + DES_ecb_encrypt((DES_cblock*)data, (DES_cblock*)result, &schedule, DES_ENCRYPT); +} + + + +/* Generate the Lanman v1 hash (LMv1). The generated hash is incredibly easy to + * reverse, because the input is padded or truncated to 14 characters, then + * split into two 7-character strings. Each of these strings are used as a key + * to encrypt the string, "KGS!@#$%" in DES. Because the keys are no longer + * than 7-characters long, it's pretty trivial to bruteforce them. + */ +void +lm_create_hash(const char *password, uint8_t result[16]) +{ + size_t i; + uint8_t password1[7]; + uint8_t password2[7]; + uint8_t kgs[] = "KGS!@#$%"; + uint8_t hash1[8]; + uint8_t hash2[8]; + + /* Initialize passwords to NULLs. */ + memset(password1, 0, 7); + memset(password2, 0, 7); + + /* Copy passwords over, convert to uppercase, they're automatically padded with NULLs. */ + for (i = 0; i < 7; i++) { + if (i < strlen(password)) + password1[i] = toupper(password[i]); + if (i + 7 < strlen(password)) + password2[i] = toupper(password[i + 7]); + } + + /* Do the encryption. */ + des(password1, kgs, hash1); + des(password2, kgs, hash2); + + /* Copy the result to the return parameter. */ + memcpy(result + 0, hash1, 8); + memcpy(result + 8, hash2, 8); +} + + +/* Create the Lanman response to send back to the server. To do this, the + * Lanman password is padded to 21 characters and split into three + * 7-character strings. Each of those strings is used as a key to encrypt + * the server challenge. The three encrypted strings are concatenated and + * returned. + */ +void +lm_create_response(const uint8_t lanman[16], const uint8_t challenge[8], uint8_t result[24]) +{ + size_t i; + + uint8_t password1[7]; + uint8_t password2[7]; + uint8_t password3[7]; + + uint8_t hash1[8]; + uint8_t hash2[8]; + uint8_t hash3[8]; + + /* Initialize passwords. */ + memset(password1, 0, 7); + memset(password2, 0, 7); + memset(password3, 0, 7); + + /* Copy data over. */ + for (i = 0; i < 7; i++) { + password1[i] = lanman[i]; + password2[i] = lanman[i + 7]; + password3[i] = (i + 14 < 16) ? lanman[i + 14] : 0; + } + + /* do the encryption. */ + des(password1, challenge, hash1); + des(password2, challenge, hash2); + des(password3, challenge, hash3); + + /* Copy the result to the return parameter. */ + memcpy(result + 0, hash1, 8); + memcpy(result + 8, hash2, 8); + memcpy(result + 16, hash3, 8); +} + + + +/* Generate the NTLMv1 hash. This hash is quite a bit better than LMv1, and is + * far easier to generate. Basically, it's the MD4 of the Unicode password. + */ +void +ntlm_create_hash(const char *password, uint8_t result[16]) +{ + char *unicode = unicode_alloc(password); + MD4_CTX ntlm; + + if(!unicode) + fatal("%s non unicode", __func__); + + MD4_Init(&ntlm); + MD4_Update(&ntlm, unicode, strlen(password) * 2); + MD4_Final(result, &ntlm); + free(unicode); +} + + + +/* Create the NTLM response to send back to the server. This is actually done + * the exact same way as the Lanman hash, so we call the Lanman function. + */ +void +ntlm_create_response(const uint8_t ntlm[16], const uint8_t challenge[8], + uint8_t result[24]) +{ + lm_create_response(ntlm, challenge, result); +} + + + +/* Create the NTLMv2 hash, which is based on the NTLMv1 hash (for easy + * upgrading), the username, and the domain. Essentially, the NTLM hash + * is used as a HMAC-MD5 key, which is used to hash the unicode domain + * concatenated with the unicode username. + */ +void +ntlmv2_create_hash(const uint8_t ntlm[16], const char *username, + const char *domain, uint8_t hash[16]) +{ + /* Convert username to unicode. */ + size_t username_length = strlen(username); + size_t domain_length = strlen(domain); + char *combined; + uint8_t *combined_unicode; + + /* Probably shouldn't do this, but this is all prototype so eh? */ + if (username_length > 256 || domain_length > 256) + fatal("username or domain too long."); + + /* Combine the username and domain into one string. */ + combined = (char *)safe_malloc(username_length + domain_length + 1); + memset(combined, 0, username_length + domain_length + 1); + + memcpy(combined, username, username_length); + memcpy(combined + username_length, domain, domain_length); + + /* Convert to Unicode. */ + combined_unicode = (uint8_t*)unicode_alloc_upper(combined); + if (!combined_unicode) + fatal("Out of memory"); + + /* Perform the Hmac-MD5. */ + HMAC(EVP_md5(), ntlm, 16, combined_unicode, (username_length + domain_length) * 2, hash, NULL); + + free(combined_unicode); + free(combined); +} + + + +/* Create the LMv2 response, which can be sent back to the server. This is + * identical to the NTLMv2 function, except that it uses an 8-byte client + * challenge. The reason for LMv2 is a long and twisted story. Well, + * not really. The reason is basically that the v1 hashes are always 24-bytes, + * and some servers expect 24 bytes, but the NTLMv2 hash is more than 24 bytes. + * So, the only way to keep pass-through compatibility was to have a v2-hash + * that was guaranteed to be 24 bytes. So LMv1 was born: it has a 16-byte hash + * followed by the 8-byte client challenge, for a total of 24 bytes. + */ +void +lmv2_create_response(const uint8_t ntlm[16], const char *username, + const char *domain, const uint8_t challenge[8], uint8_t *result, + uint8_t *result_size) +{ + ntlmv2_create_response(ntlm, username, domain, challenge, result, result_size); +} + + + +/* Create the NTLMv2 response, which can be sent back to the server. This is + * done by using the HMAC-MD5 algorithm with the NTLMv2 hash as a key, and + * the server challenge concatenated with the client challenge for the data. + * The resulting hash is concatenated with the client challenge and returned. + */ +void +ntlmv2_create_response(const uint8_t ntlm[16], const char *username, + const char *domain, const uint8_t challenge[8], uint8_t *result, + uint8_t *result_size) +{ + size_t i; + uint8_t v2hash[16]; + uint8_t *data; + + uint8_t blip[8]; + uint8_t *blob = NULL; + uint8_t blob_length = 0; + + + /* Create the 'blip'. TODO: Do I care if this is random? */ + for (i = 0; i < 8; i++) + blip[i] = i; + + if (*result_size < 24) + { + /* Result can't be less than 24 bytes. */ + fatal("Result size is too low!"); + } else if (*result_size == 24) { + /* If they're looking for 24 bytes, then it's just the raw blob. */ + blob = (uint8_t *)safe_malloc(8); + memcpy(blob, blip, 8); + blob_length = 8; + } else { + blob = (uint8_t *)safe_malloc(24); + for (i = 0; i < 24; i++) + blob[i] = i; + blob_length = 24; + } + + /* Allocate room enough for the server challenge and the client blob. */ + data = (uint8_t *)safe_malloc(8 + blob_length); + + /* Copy the challenge into the memory. */ + memcpy(data, challenge, 8); + /* Copy the blob into the memory. */ + memcpy(data + 8, blob, blob_length); + + /* Get the v2 hash. */ + ntlmv2_create_hash(ntlm, username, domain, v2hash); + + /* Generate the v2 response. */ + HMAC(EVP_md5(), v2hash, 16, data, 8 + blob_length, result, NULL); + + /* Copy the blob onto the end of the v2 response. */ + memcpy(result + 16, blob, blob_length); + + /* Store the result size. */ + *result_size = blob_length + 16; + + /* Finally, free up some memory. */ + free(data); + free(blob); +} + + + +/* + * Uses the RSA algorithm to encrypt the input into the output. + */ +void rsa_encrypt(uint8_t *input, uint8_t *output, int length, + uint8_t *mod_bin, uint32_t mod_size, uint8_t *exp_bin) +{ + uint8_t input_temp[256]; + BIGNUM *val1 = BN_new(), *val2 = BN_new(), *bn_mod = BN_new(), *bn_exp = BN_new(); + + BN_CTX *bn_ctx = BN_CTX_new(); + memcpy(input_temp, input, length); + mem_reverse(input_temp, length); + mem_reverse(mod_bin, mod_size); + mem_reverse(exp_bin, 4); + BN_bin2bn(input_temp, length, val1); + BN_bin2bn(exp_bin, 4, bn_exp); + BN_bin2bn(mod_bin, mod_size, bn_mod); + BN_mod_exp(val2, val1, bn_exp, bn_mod, bn_ctx); + int output_length = BN_bn2bin(val2, output); + mem_reverse(output, output_length); + if (output_length < (int) mod_size) + memset(output + output_length, 0, mod_size - output_length); + + BN_CTX_free(bn_ctx); + BN_clear_free(val1); + BN_free(val2); + BN_free(bn_mod); + BN_free(bn_exp); + +} + + +/* + * Uses MD5 and SHA1 hash functions, using 3 salts to compute a message + * digest (saved into 'output') + */ +void +hash48(uint8_t *output, uint8_t *input, uint8_t salt, uint8_t *sha_salt1, + uint8_t *sha_salt2) +{ + SHA_CTX sha1_ctx; + MD5_CTX md5_ctx; + u_char padding[4]; + u_char sig[20]; + + for (int i = 0; i < 3; i++) { + memset(padding, salt + i, i +1); + + SHA1_Init(&sha1_ctx); + MD5_Init(&md5_ctx); + + SHA1_Update(&sha1_ctx, padding, i + 1); + SHA1_Update(&sha1_ctx, input, 48); + SHA1_Update(&sha1_ctx, sha_salt1, 32); + SHA1_Update(&sha1_ctx, sha_salt2, 32); + SHA1_Final(sig, &sha1_ctx); + + MD5_Update(&md5_ctx, input, 48); + MD5_Update(&md5_ctx, sig, 20); + MD5_Final(&output[i*16], &md5_ctx); + } + +} + +/* + * MD5 crypt 'input' into 'output' by using 2 salts + */ +void +hash16(uint8_t *output, uint8_t *input, uint8_t *md5_salt1, uint8_t *md5_salt2) +{ + MD5_CTX md5_ctx; + MD5_Init(&md5_ctx); + MD5_Update(&md5_ctx, input, 16); + MD5_Update(&md5_ctx, md5_salt1, 32); + MD5_Update(&md5_ctx, md5_salt2, 32); + MD5_Final(output, &md5_ctx); +} + + +#endif /* HAVE_OPENSSL */ + + +/* + * This is D3DES (V5.09) by Richard Outerbridge with the double and + * triple-length support removed for use in VNC. Also the bytebit[] array + * has been reversed so that the most significant bit in each byte of the + * key is ignored, not the least significant. + * + * These changes are: + * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* D3DES (V5.09) - + * + * A portable, public domain, version of the Data Encryption Standard. + * + * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. + * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation + * code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis + * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, + * for humouring me on. + * + * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. + * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. + */ + +static void scrunch(unsigned char *, unsigned long *); +static void unscrun(unsigned long *, unsigned char *); +static void desfunc(unsigned long *, unsigned long *); +static void cookey(unsigned long *); + +static unsigned long KnL[32] = { 0L }; +//static unsigned long KnR[32] = { 0L }; +//static unsigned long Kn3[32] = { 0L }; +/*static unsigned char Df_Key[24] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; +*/ + +static unsigned short bytebit[8] = { + 01, 02, 04, 010, 020, 040, 0100, 0200 }; + +static unsigned long bigbyte[24] = { + 0x800000L, 0x400000L, 0x200000L, 0x100000L, + 0x80000L, 0x40000L, 0x20000L, 0x10000L, + 0x8000L, 0x4000L, 0x2000L, 0x1000L, + 0x800L, 0x400L, 0x200L, 0x100L, + 0x80L, 0x40L, 0x20L, 0x10L, + 0x8L, 0x4L, 0x2L, 0x1L }; + +/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */ + +static unsigned char pc1[56] = { + 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, + 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, + 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, + 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 }; + +static unsigned char totrot[16] = { + 1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 }; + +static unsigned char pc2[48] = { + 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, + 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, + 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, + 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 }; + +//void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ +//unsigned char *key; +//int edf; +void deskey( /* Thanks to James Gillogly & Phil Karn! */ +unsigned char *key, +int edf +) +{ + register int i, j, l, m, n; + unsigned char pc1m[56], pcr[56]; + unsigned long kn[32]; + + for ( j = 0; j < 56; j++ ) { + l = pc1[j]; + m = l & 07; + pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1 : 0; + } + for( i = 0; i < 16; i++ ) { + if( edf == DE1 ) m = (15 - i) << 1; + else m = i << 1; + n = m + 1; + kn[m] = kn[n] = 0L; + for( j = 0; j < 28; j++ ) { + l = j + totrot[i]; + if( l < 28 ) pcr[j] = pc1m[l]; + else pcr[j] = pc1m[l - 28]; + } + for( j = 28; j < 56; j++ ) { + l = j + totrot[i]; + if( l < 56 ) pcr[j] = pc1m[l]; + else pcr[j] = pc1m[l - 28]; + } + for( j = 0; j < 24; j++ ) { + if( pcr[pc2[j]] ) kn[m] |= bigbyte[j]; + if( pcr[pc2[j+24]] ) kn[n] |= bigbyte[j]; + } + } + cookey(kn); + return; + } + +//static void cookey(raw1) +//register unsigned long *raw1; +static void cookey( +register unsigned long *raw1 +) +{ + register unsigned long *cook, *raw0; + unsigned long dough[32]; + register int i; + + cook = dough; + for( i = 0; i < 16; i++, raw1++ ) { + raw0 = raw1++; + *cook = (*raw0 & 0x00fc0000L) << 6; + *cook |= (*raw0 & 0x00000fc0L) << 10; + *cook |= (*raw1 & 0x00fc0000L) >> 10; + *cook++ |= (*raw1 & 0x00000fc0L) >> 6; + *cook = (*raw0 & 0x0003f000L) << 12; + *cook |= (*raw0 & 0x0000003fL) << 16; + *cook |= (*raw1 & 0x0003f000L) >> 4; + *cook++ |= (*raw1 & 0x0000003fL); + } + usekey(dough); + return; + } + +//void cpkey(into) +//register unsigned long *into; +void cpkey( +register unsigned long *into +) +{ + register unsigned long *from, *endp; + + from = KnL, endp = &KnL[32]; + while( from < endp ) *into++ = *from++; + return; + } + +//void usekey(from) +//register unsigned long *from; +void usekey( +register unsigned long *from +) +{ + register unsigned long *to, *endp; + + to = KnL, endp = &KnL[32]; + while( to < endp ) *to++ = *from++; + return; + } + +//void des(inblock, outblock) +//unsigned char *inblock, *outblock; +void des( +unsigned char *inblock, unsigned char *outblock +) +{ + unsigned long work[2]; + + scrunch(inblock, work); + desfunc(work, KnL); + unscrun(work, outblock); + return; + } + +//static void scrunch(outof, into) +//register unsigned char *outof; +//register unsigned long *into; +static void scrunch( +register unsigned char *outof, +register unsigned long *into +) +{ + *into = (*outof++ & 0xffL) << 24; + *into |= (*outof++ & 0xffL) << 16; + *into |= (*outof++ & 0xffL) << 8; + *into++ |= (*outof++ & 0xffL); + *into = (*outof++ & 0xffL) << 24; + *into |= (*outof++ & 0xffL) << 16; + *into |= (*outof++ & 0xffL) << 8; + *into |= (*outof & 0xffL); + return; + } + +//static void unscrun(outof, into) +//register unsigned long *outof; +//register unsigned char *into; +static void unscrun( +register unsigned long *outof, +register unsigned char *into +) +{ + *into++ = (*outof >> 24) & 0xffL; + *into++ = (*outof >> 16) & 0xffL; + *into++ = (*outof >> 8) & 0xffL; + *into++ = *outof++ & 0xffL; + *into++ = (*outof >> 24) & 0xffL; + *into++ = (*outof >> 16) & 0xffL; + *into++ = (*outof >> 8) & 0xffL; + *into = *outof & 0xffL; + return; + } + +static unsigned long SP1[64] = { + 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, + 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, + 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, + 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, + 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, + 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, + 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, + 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, + 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, + 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, + 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, + 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, + 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, + 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L }; + +static unsigned long SP2[64] = { + 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, + 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, + 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, + 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, + 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, + 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, + 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, + 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, + 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, + 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, + 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, + 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, + 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, + 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, + 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, + 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L }; + +static unsigned long SP3[64] = { + 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, + 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, + 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, + 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, + 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, + 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, + 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, + 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, + 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, + 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, + 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, + 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, + 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, + 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, + 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, + 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L }; + +static unsigned long SP4[64] = { + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, + 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, + 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, + 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, + 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, + 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, + 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, + 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, + 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L }; + +static unsigned long SP5[64] = { + 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, + 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, + 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, + 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, + 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, + 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, + 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, + 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, + 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, + 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, + 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, + 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, + 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, + 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, + 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, + 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L }; + +static unsigned long SP6[64] = { + 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, + 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, + 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, + 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, + 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, + 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, + 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, + 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, + 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, + 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, + 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, + 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, + 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, + 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L }; + +static unsigned long SP7[64] = { + 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, + 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, + 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, + 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, + 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, + 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, + 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, + 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, + 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, + 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, + 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, + 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, + 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, + 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, + 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, + 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L }; + +static unsigned long SP8[64] = { + 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, + 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, + 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, + 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, + 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, + 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, + 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, + 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, + 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, + 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, + 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, + 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, + 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, + 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, + 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, + 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L }; + +//static void desfunc(block, keys) +//register unsigned long *block, *keys; +static void desfunc( +register unsigned long *block, register unsigned long *keys +) +{ + register unsigned long fval, work, right, leftt; + register int round; + + leftt = block[0]; + right = block[1]; + work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL; + right ^= work; + leftt ^= (work << 4); + work = ((leftt >> 16) ^ right) & 0x0000ffffL; + right ^= work; + leftt ^= (work << 16); + work = ((right >> 2) ^ leftt) & 0x33333333L; + leftt ^= work; + right ^= (work << 2); + work = ((right >> 8) ^ leftt) & 0x00ff00ffL; + leftt ^= work; + right ^= (work << 8); + right = ((right << 1) | ((right >> 31) & 1L)) & 0xffffffffL; + work = (leftt ^ right) & 0xaaaaaaaaL; + leftt ^= work; + right ^= work; + leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL; + + for( round = 0; round < 8; round++ ) { + work = (right << 28) | (right >> 4); + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = right ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + leftt ^= fval; + work = (leftt << 28) | (leftt >> 4); + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = leftt ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + right ^= fval; + } + + right = (right << 31) | (right >> 1); + work = (leftt ^ right) & 0xaaaaaaaaL; + leftt ^= work; + right ^= work; + leftt = (leftt << 31) | (leftt >> 1); + work = ((leftt >> 8) ^ right) & 0x00ff00ffL; + right ^= work; + leftt ^= (work << 8); + work = ((leftt >> 2) ^ right) & 0x33333333L; + right ^= work; + leftt ^= (work << 2); + work = ((right >> 16) ^ leftt) & 0x0000ffffL; + leftt ^= work; + right ^= (work << 16); + work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL; + leftt ^= work; + right ^= (work << 4); + *block++ = right; + *block = leftt; + return; + } + +/* Validation sets: + * + * Single-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef + * Plain : 0123 4567 89ab cde7 + * Cipher : c957 4425 6a5e d31d + * + * Double-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 + * Plain : 0123 4567 89ab cde7 + * Cipher : 7f1d 0a77 826b 8aff + * + * Double-length key, double-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 + * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff + * Cipher : 27a0 8440 406a df60 278f 47cf 42d6 15d7 + * + * Triple-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 + * Plain : 0123 4567 89ab cde7 + * Cipher : de0b 7c06 ae5e 0ed5 + * + * Triple-length key, double-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 + * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff + * Cipher : ad0d 1b30 ac17 cf07 0ed1 1c63 81e4 4de5 + * + * d3des V5.0a rwo 9208.07 18:44 Graven Imagery + **********************************************************************/ + diff --git a/include/DomainExec/Utils/crypto.h b/include/DomainExec/Utils/crypto.h new file mode 100644 index 00000000..c8b6fb9a --- /dev/null +++ b/include/DomainExec/Utils/crypto.h @@ -0,0 +1,276 @@ + +/*************************************************************************** + * crypto.h -- crypto functions like LM, NTLM etc reside here * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#ifndef CRYPTO_H +#define CRYPTO_H + +#ifdef WIN32 + #include "winfix.h" +#endif + + +/* Generate the Lanman v1 hash (LMv1). The generated hash is incredibly easy to + * reverse, because the input is padded or truncated to 14 characters, then + * split into two 7-character strings. Each of these strings are used as a key + * to encrypt the string, "KGS!@#$%" in DES. Because the keys are no longer + * than 7-characters long, it's pretty trivial to bruteforce them. + */ +void lm_create_hash(const char *password, uint8_t result[16]); + + +/* Create the Lanman response to send back to the server. To do this, the + * Lanman password is padded to 21 characters and split into three + * 7-character strings. Each of those strings is used as a key to encrypt + * the server challenge. The three encrypted strings are concatenated and + * returned. + */ +void lm_create_response(const uint8_t lanman[16], const uint8_t challenge[8], + uint8_t result[24]); + + +/* Generate the NTLMv1 hash. This hash is quite a bit better than LMv1, and is + * far easier to generate. Basically, it's the MD4 of the Unicode password. + */ +void ntlm_create_hash(const char *password, uint8_t result[16]); + + +/* Create the NTLM response to send back to the server. This is actually done + * the exact same way as the Lanman hash, so we call the Lanman function. + */ +void ntlm_create_response(const uint8_t ntlm[16], const uint8_t challenge[8], + uint8_t result[24]); + + +/* Create the LMv2 response, which can be sent back to the server. This is + * identical to the NTLMv2 function, except that it uses an 8-byte client + * challenge. The reason for LMv2 is a long and twisted story. Well, + * not really. The reason is basically that the v1 hashes are always 24-bytes, + * and some servers expect 24 bytes, but the NTLMv2 hash is more than 24 bytes. + * So, the only way to keep pass-through compatibility was to have a v2-hash + * that was guaranteed to be 24 bytes. So LMv1 was born: it has a 16-byte hash + * followed by the 8-byte client challenge, for a total of 24 bytes. + */ +void lmv2_create_response(const uint8_t ntlm[16], const char *username, + const char *domain, const uint8_t challenge[8], uint8_t *result, + uint8_t *result_size); + + +/* Create the NTLMv2 hash, which is based on the NTLMv1 hash (for easy + * upgrading), the username, and the domain. Essentially, the NTLM hash + * is used as a HMAC-MD5 key, which is used to hash the unicode domain + * concatenated with the unicode username. + */ +void ntlmv2_create_hash(const uint8_t ntlm[16], const char *username, + const char *domain, uint8_t hash[16]); + + +/* Create the NTLMv2 response, which can be sent back to the server. This is + * done by using the HMAC-MD5 algorithm with the NTLMv2 hash as a key, and + * the server challenge concatenated with the client challenge for the data. + * The resulting hash is concatenated with the client challenge and returned. + */ +void ntlmv2_create_response(const uint8_t ntlm[16], const char *username, + const char *domain, const uint8_t challenge[8], uint8_t *result, + uint8_t *result_size); + + +/* + * Uses the RSA algorithm to encrypt the input into the output. + */ +void rsa_encrypt(uint8_t *input, uint8_t *output, int length, + uint8_t *mod_bin, uint32_t mod_size, uint8_t *exp_bin); + + +/* + * Uses MD5 and SHA1 hash functions, using 3 salts to compute a message + * digest (saved into 'output') + */ +void hash48(uint8_t *output, uint8_t *input, uint8_t salt, uint8_t *sha_salt1, + uint8_t *sha_salt2); + +/* + * MD5 crypt 'input' into 'output' by using 2 salts + */ +void hash16(uint8_t *output, uint8_t *input, uint8_t *md5_salt1, + uint8_t *md5_salt2); + + +/* + * This is D3DES (V5.09) by Richard Outerbridge with the double and + * triple-length support removed for use in VNC. + * + * These changes are: + * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* d3des.h - + * + * Headers and defines for d3des.c + * Graven Imagery, 1992. + * + * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge + * (GEnie : OUTER; CIS : [71755,204]) + */ + +#define EN0 0 /* MODE == encrypt */ +#define DE1 1 /* MODE == decrypt */ + +extern void deskey(unsigned char *, int); +/* hexkey[8] MODE + * Sets the internal key register according to the hexadecimal + * key contained in the 8 bytes of hexkey, according to the DES, + * for encryption or decryption according to MODE. + */ + +extern void usekey(unsigned long *); +/* cookedkey[32] + * Loads the internal key register with the data in cookedkey. + */ + +extern void cpkey(unsigned long *); +/* cookedkey[32] + * Copies the contents of the internal key register into the storage + * located at &cookedkey[0]. + */ + +extern void des(unsigned char *, unsigned char *); +/* from[8] to[8] + * Encrypts/Decrypts (according to the key currently loaded in the + * internal key register) one block of eight bytes at address 'from' + * into the block at address 'to'. They can be the same. + */ + +/* d3des.h V5.09 rwo 9208.04 15:06 Graven Imagery + ********************************************************************/ + +#endif diff --git a/include/DomainExec/Utils/global_structures.h b/include/DomainExec/Utils/global_structures.h new file mode 100644 index 00000000..dc99dab4 --- /dev/null +++ b/include/DomainExec/Utils/global_structures.h @@ -0,0 +1,180 @@ + +/*************************************************************************** + * global_structures.h -- Common structure definitions used by Ncrack * + * components. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef GLOBAL_STRUCTURES_H +#define GLOBAL_STRUCTURES_H + +#include "nsock.h" +#include "nbase.h" + +#include +using namespace std; + +typedef struct service_lookup { + char *name; + u8 proto; + u16 portno; +} sevice_lookup; + + +typedef struct timing_options { + long min_connection_limit;/* minimum number of parallel connections */ + long max_connection_limit;/* maximum number of parallel connections */ + long auth_tries; /* authentication attempts per connection */ + /* number of milliseconds to wait between each connection */ + long connection_delay; + /* number of connection retries after connection failure */ + long connection_retries; + /* maximum cracking time regardless of success so far */ + long long timeout; + +} timing_options; + + +typedef struct misc_options { + bool ssl; /* use ssl */ + char *path; /* path used in http */ + char *db; /* database used in modules such as MongoDB */ + char *domain; /* domain used in domain account bruteforcing */ +} misc_options; + + +typedef struct global_service { + bool registered; /* true if user has specified this service */ + service_lookup lookup; /* name, port number and protocol */ + timing_options timing; /* timing options */ + misc_options misc; /* miscellaneous options */ + vector module_options; /* service-specific options */ +} global_service; + + + +#endif diff --git a/include/DomainExec/Utils/http.cc b/include/DomainExec/Utils/http.cc new file mode 100644 index 00000000..a5f50cfa --- /dev/null +++ b/include/DomainExec/Utils/http.cc @@ -0,0 +1,1631 @@ +/*************************************************************************** + * http.c -- HTTP network interaction, parsing, and construction. * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include + +#include "http.h" +#include "errno.h" + +/* Limit the size of in-memory data structures to avoid certain denial of + service attacks (those trying to consume all available memory). */ +static const int MAX_REQUEST_LINE_LENGTH = 1024; +static const int MAX_STATUS_LINE_LENGTH = 1024; +static const int MAX_HEADER_LENGTH = 1024 * 10; + + + +/* The URI functions have a test program in test/test-uri.c. Run the test after + making any changes and add tests for any new functions. */ + +void uri_init(struct uri *uri) +{ + uri->scheme = NULL; + uri->host = NULL; + uri->port = -1; + uri->path = NULL; +} + +void uri_free(struct uri *uri) +{ + free(uri->scheme); + free(uri->host); + free(uri->path); +} + +static int hex_digit_value(char digit) +{ + const char *DIGITS = "0123456789abcdef"; + const char *p; + + if ((unsigned char) digit == '\0') + return -1; + p = strchr(DIGITS, tolower((int) (unsigned char) digit)); + if (p == NULL) + return -1; + + return p - DIGITS; +} + +/* Case-insensitive string comparison. */ +static int str_cmp_i(const char *a, const char *b) +{ + while (*a != '\0' && *b != '\0') { + int ca, cb; + + ca = tolower((int) (unsigned char) *a); + cb = tolower((int) (unsigned char) *b); + if (ca != cb) + return ca - cb; + a++; + b++; + } + + if (*a == '\0' && *b == '\0') + return 0; + else if (*a == '\0') + return -1; + else + return 1; +} + +static int str_equal_i(const char *a, const char *b) +{ + return str_cmp_i(a, b) == 0; +} + +static int lowercase(char *s) +{ + char *p; + + for (p = s; *p != '\0'; p++) + *p = tolower((int) (unsigned char) *p); + + return p - s; +} + +/* In-place percent decoding. */ +static int percent_decode(char *s) +{ + char *p, *q; + + /* Skip to the first '%'. If there are no percent escapes, this lets us + return without doing any copying. */ + q = s; + while (*q != '\0' && *q != '%') + q++; + + p = q; + while (*q != '\0') { + if (*q == '%') { + int c, d; + + q++; + c = hex_digit_value(*q); + if (c == -1) + return -1; + q++; + d = hex_digit_value(*q); + if (d == -1) + return -1; + + *p++ = c * 16 + d; + q++; + } else { + *p++ = *q++; + } + } + *p = '\0'; + + return p - s; +} + +/* Use these functions because isalpha and isdigit can change their meaning + based on the locale. */ +static int is_alpha_char(int c) +{ + return c != '\0' && strchr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c) != NULL; +} + +static int is_digit_char(int c) +{ + return c != '\0' && strchr("0123456789", c) != NULL; +} + +/* Get the default port for the given URI scheme, or -1 if unrecognized. */ +static int scheme_default_port(const char *scheme) +{ + if (str_equal_i(scheme, "http")) + return 80; + + return -1; +} + +/* Parse a URI string into a struct URI. Any parts of the URI that are absent + will become NULL entries in the structure, except for the port which will be + -1. Returns NULL on error. See RFC 3986, section 3 for syntax. */ +struct uri *uri_parse(struct uri *uri, const char *uri_s) +{ + const char *p, *q; + + uri_init(uri); + + /* Scheme, section 3.1. */ + p = uri_s; + if (!is_alpha_char(*p)) + goto fail; + for (q = p; is_alpha_char(*q) || is_digit_char(*q) || *q == '+' || *q == '-' || *q == '.'; q++) + ; + if (*q != ':') + goto fail; + uri->scheme = mkstr(p, q); + /* "An implementation should accept uppercase letters as equivalent to + lowercase in scheme names (e.g., allow "HTTP" as well as "http") for the + sake of robustness..." */ + lowercase(uri->scheme); + + /* Authority, section 3.2. */ + p = q + 1; + if (*p == '/' && *(p + 1) == '/') { + char *authority = NULL; + + p += 2; + for (q = p; !(*q == '/' || *q == '?' || *q == '#' || *q == '\0'); q++) + ; + authority = mkstr(p, q); + if (uri_parse_authority(uri, authority) == NULL) { + free(authority); + goto fail; + } + free(authority); + + p = q; + } + if (uri->port == -1) + uri->port = scheme_default_port(uri->scheme); + + /* Path, section 3.3. We include the query and fragment in the path. The + path is also not percent-decoded because we just pass it on to the origin + server. */ + q = strchr(p, '\0'); + uri->path = mkstr(p, q); + + return uri; + +fail: + uri_free(uri); + return NULL; +} + +/* Parse the authority part of a URI. userinfo (user name and password) are not + supported and will cause an error if present. See RFC 3986, section 3.2. + Returns NULL on error. */ +struct uri *uri_parse_authority(struct uri *uri, const char *authority) +{ + const char *portsep; + const char *host_start, *host_end; + char *tail; + + /* We do not support "user:pass@" userinfo. The proxy has no use for it. */ + if (strchr(authority, '@') != NULL) + return NULL; + + /* Find the beginning and end of the host. */ + host_start = authority; + if (*host_start == '[') { + /* IPv6 address in brackets. */ + host_start++; + host_end = strchr(host_start, ']'); + if (host_end == NULL) + return NULL; + portsep = host_end + 1; + if (!(*portsep == ':' || *portsep == '\0')) + return NULL; + } else { + portsep = strrchr(authority, ':'); + if (portsep == NULL) + portsep = strchr(authority, '\0'); + host_end = portsep; + } + + /* Get the port number. */ + if (*portsep == ':' && *(portsep + 1) != '\0') { + long n; + + errno = 0; + n = parse_long(portsep + 1, &tail); + if (errno != 0 || *tail != '\0' || tail == portsep + 1 || n < 1 || n > 65535) + return NULL; + uri->port = n; + } else { + uri->port = -1; + } + + /* Get the host. */ + uri->host = mkstr(host_start, host_end); + if (percent_decode(uri->host) < 0) { + free(uri->host); + uri->host = NULL; + return NULL; + } + + return uri; +} + +static void http_header_node_free(struct http_header *node) +{ + free(node->name); + free(node->value); + free(node); +} + +void http_header_free(struct http_header *header) +{ + struct http_header *p, *next; + + for (p = header; p != NULL; p = next) { + next = p->next; + http_header_node_free(p); + } +} + +/* RFC 2616, section 2.2; see LWS. */ +static int is_space_char(int c) +{ + return c == ' ' || c == '\t'; +} + +/* RFC 2616, section 2.2. */ +static int is_ctl_char(int c) +{ + return (c >= 0 && c <= 31) || c == 127; +} + +/* RFC 2616, section 2.2. */ +static int is_sep_char(int c) +{ + return c != '\0' && strchr("()<>@,;:\\\"/[]?={} \t", c) != NULL; +} + +/* RFC 2616, section 2.2. */ +static int is_token_char(char c) +{ + return !iscntrl((int) (unsigned char) c) && !is_sep_char((int) (unsigned char) c); +} + +static int is_crlf(const char *s) +{ + return *s == '\n' || (*s == '\r' && *(s + 1) == '\n'); +} + +static const char *skip_crlf(const char *s) +{ + if (*s == '\n') + return s + 1; + else if (*s == '\r' && *(s + 1) == '\n') + return s + 2; + + return NULL; +} + +static int field_name_equal(const char *a, const char *b) +{ + return str_equal_i(a, b); +} + +/* Get the value of every header with the given name, separated by commas. If + you only want the first value for header fields that should not be + concatenated in this way, use http_header_get_first. The returned string + must be freed. */ +char *http_header_get(const struct http_header *header, const char *name) +{ + const struct http_header *p; + char *buf = NULL; + size_t size = 0, offset = 0; + int count; + + count = 0; + for (p = header; p != NULL; p = p->next) { + /* RFC 2616, section 4.2: "Multiple message-header fields with the same + field-name MAY be present in a message if and only if the entire + field-value for that header field is defined as a comma-separated + list [i.e., #(values)]. It MUST be possible to combine the multiple + header fields into one "field-name: field-value" pair, without + changing the semantics of the message, by appending each subsequent + field-value to the first, each separated by a comma." */ + if (field_name_equal(p->name, name)) { + if (count > 0) + strbuf_append_str(&buf, &size, &offset, ", "); + strbuf_append_str(&buf, &size, &offset, p->value); + count++; + } + } + + return buf; +} + +const struct http_header *http_header_next(const struct http_header *header, + const struct http_header *p, const char *name) +{ + if (p == NULL) + p = header; + else + p = p->next; + + for (; p != NULL; p = p->next) { + if (field_name_equal(p->name, name)) + return p; + } + + return NULL; +} + +/* Get the value of the first header with the given name. The returned string + must be freed. */ +char *http_header_get_first(const struct http_header *header, const char *name) +{ + const struct http_header *p; + + p = http_header_next(header, NULL, name); + if (p != NULL) + return strdup(p->value); + + return NULL; +} + +struct http_header *http_header_set(struct http_header *header, const char *name, const char *value) +{ + struct http_header *node, **prev; + + header = http_header_remove(header, name); + + node = (struct http_header *) safe_malloc(sizeof(*node)); + node->name = strdup(name); + node->value = strdup(value); + node->next = NULL; + + /* Link it to the end of the list. */ + for (prev = &header; *prev != NULL; prev = &(*prev)->next) + ; + *prev = node; + + return header; +} + +/* Read a token from a space-separated string. This only recognizes space as a + separator, so the string must already have had LWS normalized. + http_header_parse does this normalization. */ +static const char *read_token(const char *s, char **token) +{ + const char *t; + + while (*s == ' ') + s++; + t = s; + while (is_token_char(*t)) + t++; + if (s == t) + return NULL; + + *token = mkstr(s, t); + + return t; +} + +static const char *read_quoted_string(const char *s, char **quoted_string) +{ + char *buf = NULL; + size_t size = 0, offset = 0; + const char *t; + + while (is_space_char(*s)) + s++; + if (*s != '"') + return NULL; + s++; + t = s; + while (*s != '"') { + /* Get a block of normal characters. */ + while (*t != '"' && *t != '\\') { + /* This is qdtext, which is TEXT except for CTL. */ + if (is_ctl_char(*t)) { + free(buf); + return NULL; + } + t++; + } + strbuf_append(&buf, &size, &offset, s, t - s); + /* Now possibly handle an escape. */ + if (*t == '\\') { + t++; + /* You can only escape a CHAR, octets 0-127. But we disallow 0. */ + if (*t <= 0) { + free(buf); + return NULL; + } + strbuf_append(&buf, &size, &offset, t, 1); + t++; + } + s = t; + } + s++; + + *quoted_string = buf; + return s; +} + +static const char *read_token_or_quoted_string(const char *s, char **token) +{ + while (is_space_char(*s)) + s++; + if (*s == '"') + return read_quoted_string(s, token); + else + return read_token(s, token); +} + +static const char *read_token_list(const char *s, char **tokens[], size_t *n) +{ + char *token; + + *tokens = NULL; + *n = 0; + + for (;;) { + s = read_token(s, &token); + if (s == NULL) { + size_t i; + + for (i = 0; i < *n; i++) + free((*tokens)[i]); + free(*tokens); + + return NULL; + } + + *tokens = (char **) safe_realloc(*tokens, (*n + 1) * sizeof((*tokens)[0])); + (*tokens)[(*n)++] = token; + if (*s != ',') + break; + s++; + } + + return s; +} + +struct http_header *http_header_remove(struct http_header *header, const char *name) +{ + struct http_header *p, *next, **prev; + + prev = &header; + for (p = header; p != NULL; p = next) { + next = p->next; + if (field_name_equal(p->name, name)) { + *prev = next; + http_header_node_free(p); + continue; + } + prev = &p->next; + } + + return header; +} + +/* Removes hop-by-hop headers listed in section 13.5.1 of RFC 2616, and + additionally removes any headers listed in the Connection header as described + in section 14.10. */ +int http_header_remove_hop_by_hop(struct http_header **header) +{ + static const char *HOP_BY_HOP_HEADERS[] = { + "Connection", + "Keep-Alive", + "Proxy-Authenticate", + "Proxy-Authorization", + "TE", + "Trailers", + "Transfer-Encoding", + "Upgrade", + }; + char *connection; + char **connection_tokens; + size_t num_connection_tokens; + unsigned int i; + + connection = http_header_get(*header, "Connection"); + if (connection != NULL) { + const char *p; + + p = read_token_list(connection, &connection_tokens, &num_connection_tokens); + if (p == NULL) { + free(connection); + return 400; + } + if (*p != '\0') { + free(connection); + for (i = 0; i < num_connection_tokens; i++) + free(connection_tokens[i]); + free(connection_tokens); + return 400; + } + free(connection); + } else { + connection_tokens = NULL; + num_connection_tokens = 0; + } + + for (i = 0; i < sizeof(HOP_BY_HOP_HEADERS) / sizeof(HOP_BY_HOP_HEADERS[0]); i++) + *header = http_header_remove(*header, HOP_BY_HOP_HEADERS[i]); + for (i = 0; i < num_connection_tokens; i++) + *header = http_header_remove(*header, connection_tokens[i]); + + for (i = 0; i < num_connection_tokens; i++) + free(connection_tokens[i]); + free(connection_tokens); + + return 0; +} + +char *http_header_to_string(const struct http_header *header, size_t *n) +{ + const struct http_header *p; + char *buf = NULL; + size_t size = 0, offset = 0; + + strbuf_append_str(&buf, &size, &offset, ""); + + for (p = header; p != NULL; p = p->next) + strbuf_sprintf(&buf, &size, &offset, "%s: %s\r\n", p->name, p->value); + + if (n != NULL) + *n = offset; + + return buf; +} + +void http_request_init(struct http_request *request) +{ + request->method = NULL; + uri_init(&request->uri); + request->version = HTTP_UNKNOWN; + request->header = NULL; + request->content_length_set = 0; + request->content_length = 0; + request->bytes_transferred = 0; +} + +void http_request_free(struct http_request *request) +{ + free(request->method); + uri_free(&request->uri); + http_header_free(request->header); +} + +char *http_request_to_string(const struct http_request *request, size_t *n) +{ + const char *path; + char *buf = NULL; + size_t size = 0, offset = 0; + + /* RFC 2616, section 5.1.2: "the absolute path cannot be empty; if none is + present in the original URI, it MUST be given as "/" (the server + root)." */ + path = request->uri.path; + if (path[0] == '\0') + path = "/"; + + if (request->version == HTTP_09) { + /* HTTP/0.9 doesn't have headers. See + http://www.w3.org/Protocols/HTTP/AsImplemented.html. */ + strbuf_sprintf(&buf, &size, &offset, "%s %s\r\n", request->method, path); + } else { + const char *version; + char *header_str; + + if (request->version == HTTP_10) + version = " HTTP/1.0"; + else + version = " HTTP/1.1"; + + header_str = http_header_to_string(request->header, NULL); + strbuf_sprintf(&buf, &size, &offset, "%s %s%s\r\n%s\r\n", + request->method, path, version, header_str); + free(header_str); + } + + if (n != NULL) + *n = offset; + + return buf; +} + +void http_response_init(struct http_response *response) +{ + response->version = HTTP_UNKNOWN; + response->code = 0; + response->phrase = NULL; + response->header = NULL; + response->content_length_set = 0; + response->content_length = 0; + response->bytes_transferred = 0; +} + +void http_response_free(struct http_response *response) +{ + free(response->phrase); + http_header_free(response->header); +} + +char *http_response_to_string(const struct http_response *response, size_t *n) +{ + char *buf = NULL; + size_t size = 0, offset = 0; + + if (response->version == HTTP_09) { + /* HTTP/0.9 doesn't have a Status-Line or headers. See + http://www.w3.org/Protocols/HTTP/AsImplemented.html. */ + return strdup(""); + } else { + const char *version; + char *header_str; + + if (response->version == HTTP_10) + version = "HTTP/1.0"; + else + version = "HTTP/1.1"; + + header_str = http_header_to_string(response->header, NULL); + strbuf_sprintf(&buf, &size, &offset, "%s %d %s\r\n%s\r\n", + version, response->code, response->phrase, header_str); + free(header_str); + } + + if (n != NULL) + *n = offset; + + return buf; +} + + + + + + + + + + +int http_read_header(char *buf, int buflen, char **result) +{ + char *line = NULL; + char *header; + size_t n = 0; + size_t count; + int blank; + header = NULL; + char *p = buf; + int remaining_len = buflen; + size_t status_len = 0; + + http_read_status_line(buf, buflen, NULL, &status_len); + + p += status_len; + + do { + + + line = (char *) memchr(p, '\n', remaining_len); + line = line + 1; + + if (line == NULL) { + free(header); + if (n >= MAX_HEADER_LENGTH) + /* Request Entity Too Large. */ + return 413; + else + return 400; + } + + remaining_len = buflen - (line - p); + count = (line - p); + + blank = is_crlf(line); + + if (n + count >= MAX_HEADER_LENGTH) { + free(header); + /* Request Entity Too Large. */ + return 413; + } + + header = (char *) safe_realloc(header, n + count + 1); + memcpy(header + n, p, count); + n += count; + p = line; + + } while (!blank); + header[n] = '\0'; + + *result = header; + + return 0; +} + + + +static const char *skip_lws(const char *s) +{ + for (;;) { + while (is_space_char(*s)) + s++; + + if (*s == '\n' && is_space_char(*(s + 1))) + s += 1; + else if (*s == '\r' && *(s + 1) == '\n' && is_space_char(*(s + 2))) + s += 2; + else + break; + } + + return s; +} + +/* See section 4.2 of RFC 2616 for header format. */ +int http_parse_header(struct http_header **result, const char *header) +{ + const char *p, *q; + size_t value_len, value_offset; + struct http_header *node, **prev; + + *result = NULL; + prev = result; + + p = header; + while (*p != '\0' && !is_crlf(p)) { + /* Get the field name. */ + q = p; + while (*q != '\0' && is_token_char(*q)) + q++; + if (*q != ':') { + http_header_free(*result); + return 400; + } + + node = (struct http_header *) safe_malloc(sizeof(*node)); + node->name = mkstr(p, q); + node->value = NULL; + node->next = NULL; + value_len = 0; + value_offset = 0; + + /* Copy the header field value until we hit a CRLF. */ + p = q + 1; + p = skip_lws(p); + for (;;) { + q = p; + while (*q != '\0' && !is_space_char(*q) && !is_crlf(q)) { + /* Section 2.2 of RFC 2616 disallows control characters. */ + if (iscntrl((int) (unsigned char) *q)) { + http_header_node_free(node); + return 400; + } + q++; + } + strbuf_append(&node->value, &value_len, &value_offset, p, q - p); + p = skip_lws(q); + if (is_crlf(p)) + break; + /* Replace LWS with a single space. */ + strbuf_append_str(&node->value, &value_len, &value_offset, " "); + } + *prev = node; + prev = &node->next; + + p = skip_crlf(p); + } + + return 0; +} + +static int http_header_get_content_length(const struct http_header *header, int *content_length_set, unsigned long *content_length) +{ + char *content_length_s; + char *tail; + int code; + + content_length_s = http_header_get_first(header, "Content-Length"); + if (content_length_s == NULL) { + *content_length_set = 0; + *content_length = 0; + return 0; + } + + code = 0; + + errno = 0; + *content_length_set = 1; + *content_length = parse_long(content_length_s, (char **) &tail); + if (errno != 0 || *tail != '\0' || tail == content_length_s) + code = 400; + free(content_length_s); + + return code; +} + +/* Parse a header and fill in any relevant fields in the request structure. */ +int http_request_parse_header(struct http_request *request, const char *header) +{ + int code; + + code = http_parse_header(&request->header, header); + if (code != 0) + return code; + code = http_header_get_content_length(request->header, &request->content_length_set, &request->content_length); + if (code != 0) + return code; + + return 0; +} + +/* Parse a header and fill in any relevant fields in the response structure. */ +int http_response_parse_header(struct http_response *response, const char *header) +{ + int code; + + code = http_parse_header(&response->header, header); + if (code != 0) + return code; + code = http_header_get_content_length(response->header, &response->content_length_set, &response->content_length); + if (code != 0) + return code; + + return 0; +} + + +/* Returns the character pointer after the HTTP version, or s if there was a + parse error. */ +static const char *parse_http_version(const char *s, enum http_version *version) +{ + const char *PREFIX = "HTTP/"; + const char *p, *q; + long major, minor; + + *version = HTTP_UNKNOWN; + + p = s; + if (memcmp(p, PREFIX, strlen(PREFIX)) != 0) + return s; + p += strlen(PREFIX); + + /* Major version. */ + errno = 0; + major = parse_long(p, (char **) &q); + if (errno != 0 || q == p) + return s; + + p = q; + if (*p != '.') + return s; + p++; + + /* Minor version. */ + errno = 0; + minor = parse_long(p, (char **) &q); + if (errno != 0 || q == p) + return s; + + if (major == 1 && minor == 0) + *version = HTTP_10; + else if (major == 1 && minor == 1) + *version = HTTP_11; + + return q; +} + + + + + +int http_parse_request_line(const char *line, struct http_request *request) +{ + const char *p, *q; + struct uri *uri; + char *uri_s; + + http_request_init(request); + + p = line; + while (*p == ' ') + p++; + + /* Method (CONNECT, GET, etc.). */ + q = p; + while (is_token_char(*q)) + q++; + if (p == q) + goto badreq; + request->method = mkstr(p, q); + + /* URI. */ + p = q; + while (*p == ' ') + p++; + q = p; + while (*q != '\0' && *q != ' ') + q++; + if (p == q) + goto badreq; + uri_s = mkstr(p, q); + + /* RFC 2616, section 5.1.1: The method is case-sensitive. + RFC 2616, section 5.1.2: + Request-URI = "*" | absoluteURI | abs_path | authority + The absoluteURI form is REQUIRED when the request is being made to a + proxy... The authority form is only used by the CONNECT method. */ + if (strcmp(request->method, "CONNECT") == 0) { + uri = uri_parse_authority(&request->uri, uri_s); + } else { + uri = uri_parse(&request->uri, uri_s); + } + free(uri_s); + if (uri == NULL) + /* The URI parsing failed. */ + goto badreq; + + /* Version number. */ + p = q; + while (*p == ' ') + p++; + if (*p == '\0') { + /* No HTTP/X.X version number indicates version 0.9. */ + request->version = HTTP_09; + } else { + q = parse_http_version(p, &request->version); + if (p == q) + goto badreq; + } + + return 0; + +badreq: + http_request_free(request); + return 400; +} + + +int http_read_status_line(char *buf, int buflen, char **line, size_t *line_length) +{ + size_t count = 0; + + /* RFC 2616, section 6.1: "The first line of a Response message is the + Status-Line... No CR or LF is allowed except in the final CRLF sequence." + Contrast that with Request-Line, which allows leading blank lines. */ + // *line = socket_buffer_readline(buf, &n, MAX_STATUS_LINE_LENGTH); + + + char *newline = (char *) memchr(buf, '\n', buflen); + + if (newline == NULL) + return 400; + + count = newline + 1 - buf; + + if (count >= MAX_STATUS_LINE_LENGTH) { + /* Line exceeds our maximum length. */ + //free(line); + return 413; + } + + //line = (char *) safe_realloc(line, n + count + 1); + //memcpy(line + n, buf, count); + *line_length = count; + +#if 0 + // these checks are redundant now: + if (newline == NULL) { + if (count >= MAX_STATUS_LINE_LENGTH) + /* Request Entity Too Large. */ + return 413; + else + return 400; + } +#endif + + return 0; +} + + +/* Returns 0 on success and nonzero on failure. */ +int http_parse_status_line(const char *line, struct http_response *response) +{ + const char *p, *q; + + http_response_init(response); + + /* Version. */ + p = parse_http_version(line, &response->version); + if (p == line) + return -1; + while (*p == ' ') + p++; + + /* Status code. */ + errno = 0; + response->code = parse_long(p, (char **) &q); + if (errno != 0 || q == p) + return -1; + p = q; + + /* Reason phrase. */ + while (*p == ' ') + p++; + q = p; + while (!is_crlf(q)) + q++; + /* We expect that the CRLF ends the string. */ + if (*skip_crlf(q) != '\0') + return -1; + response->phrase = mkstr(p, q); + + return 0; +} + +/* This is a convenience wrapper around http_parse_status_line that only returns + the status code. Returns the status code on success or -1 on failure. */ +int http_parse_status_line_code(const char *line) +{ + struct http_response resp; + int code; + + if (http_parse_status_line(line, &resp) != 0) + return -1; + code = resp.code; + http_response_free(&resp); + + return code; +} + +static const char *http_read_challenge(const char *s, struct http_challenge *challenge) +{ + const char *p; + char *scheme; + + http_challenge_init(challenge); + + scheme = NULL; + s = read_token(s, &scheme); + if (s == NULL) + goto bail; + if (str_equal_i(scheme, "Basic")) { + challenge->scheme = AUTH_BASIC; + } else if (str_equal_i(scheme, "Digest")) { + challenge->scheme = AUTH_DIGEST; + } else { + challenge->scheme = AUTH_UNKNOWN; + } + free(scheme); + scheme = NULL; + + /* RFC 2617, section 1.2, requires at least one auth-param: + challenge = auth-scheme 1*SP 1#auth-param + But there are some schemes (NTLM and Negotiate) that can be without + auth-params, so we allow that here. A comma indicates the end of this + challenge and the beginning of the next (see the comment in the loop + below). */ + while (is_space_char(*s)) + s++; + if (*s == ',') { + s++; + while (is_space_char(*s)) + s++; + if (*s == '\0') + goto bail; + return s; + } + + while (*s != '\0') { + char *name, *value; + + p = read_token(s, &name); + if (p == NULL) + goto bail; + while (is_space_char(*p)) + p++; + /* It's possible that we've hit the end of one challenge and the + beginning of another. Section 14.33 says that the header value can be + 1#challenge, in other words several challenges separated by commas. + Because the auth-params are also separated by commas, the only way we + can tell is if we find a token not followed by an equals sign. */ + if (*p != '=') + break; + p++; + while (is_space_char(*p)) + p++; + p = read_token_or_quoted_string(p, &value); + if (p == NULL) { + free(name); + goto bail; + } + if (str_equal_i(name, "realm")) + challenge->realm = strdup(value); + else if (challenge->scheme == AUTH_DIGEST) { + if (str_equal_i(name, "nonce")) { + if (challenge->digest.nonce != NULL) + goto bail; + challenge->digest.nonce = strdup(value); + } else if (str_equal_i(name, "opaque")) { + if (challenge->digest.opaque != NULL) + goto bail; + challenge->digest.opaque = strdup(value); + } else if (str_equal_i(name, "algorithm")) { + if (str_equal_i(value, "MD5")) + challenge->digest.algorithm = ALGORITHM_MD5; + else + challenge->digest.algorithm = ALGORITHM_UNKNOWN; + } else if (str_equal_i(name, "qop")) { + char **tokens; + size_t n; + size_t i; + const char *tmp; + + tmp = read_token_list(value, &tokens, &n); + if (tmp == NULL) { + free(name); + free(value); + goto bail; + } + for (i = 0; i < n; i++) { + if (str_equal_i(tokens[i], "auth")) + challenge->digest.qop |= QOP_AUTH; + else if (str_equal_i(tokens[i], "auth-int")) + challenge->digest.qop |= QOP_AUTH_INT; + } + for (i = 0; i < n; i++) + free(tokens[i]); + free(tokens); + if (*tmp != '\0') { + free(name); + free(value); + goto bail; + } + } + } + free(name); + free(value); + while (is_space_char(*p)) + p++; + if (*p == ',') { + p++; + while (is_space_char(*p)) + p++; + if (*p == '\0') + goto bail; + } + s = p; + } + + return s; + +bail: + if (scheme != NULL) + free(scheme); + http_challenge_free(challenge); + + return NULL; +} + +static const char *http_read_credentials(const char *s, + struct http_credentials *credentials) +{ + const char *p; + char *scheme; + + credentials->scheme = AUTH_UNKNOWN; + + s = read_token(s, &scheme); + if (s == NULL) + return NULL; + if (str_equal_i(scheme, "Basic")) { + http_credentials_init_basic(credentials); + } else if (str_equal_i(scheme, "Digest")) { + http_credentials_init_digest(credentials); + } else { + free(scheme); + return NULL; + } + free(scheme); + + while (is_space_char(*s)) + s++; + if (credentials->scheme == AUTH_BASIC) { + p = s; + /* Read base64. */ + while (is_alpha_char(*p) || is_digit_char(*p) || *p == '+' || *p == '/' || *p == '=') + p++; + credentials->u.basic = mkstr(s, p); + while (is_space_char(*p)) + p++; + s = p; + } else if (credentials->scheme == AUTH_DIGEST) { + char *name, *value; + + while (*s != '\0') { + p = read_token(s, &name); + if (p == NULL) + goto bail; + while (is_space_char(*p)) + p++; + /* It's not legal to combine multiple Authorization or + Proxy-Authorization values. The productions are + "Authorization" ":" credentials (section 14.8) + "Proxy-Authorization" ":" credentials (section 14.34) + Contrast this with WWW-Authenticate and Proxy-Authenticate and + their handling in http_read_challenge. */ + if (*p != '=') + goto bail; + p++; + while (is_space_char(*p)) + p++; + p = read_token_or_quoted_string(p, &value); + if (p == NULL) { + free(name); + goto bail; + } + if (str_equal_i(name, "username")) { + if (credentials->u.digest.username != NULL) + goto bail; + credentials->u.digest.username = strdup(value); + } else if (str_equal_i(name, "realm")) { + if (credentials->u.digest.realm != NULL) + goto bail; + credentials->u.digest.realm = strdup(value); + } else if (str_equal_i(name, "nonce")) { + if (credentials->u.digest.nonce != NULL) + goto bail; + credentials->u.digest.nonce = strdup(value); + } else if (str_equal_i(name, "uri")) { + if (credentials->u.digest.uri != NULL) + goto bail; + credentials->u.digest.uri = strdup(value); + } else if (str_equal_i(name, "response")) { + if (credentials->u.digest.response != NULL) + goto bail; + credentials->u.digest.response = strdup(value); + } else if (str_equal_i(name, "algorithm")) { + if (str_equal_i(value, "MD5")) + credentials->u.digest.algorithm = ALGORITHM_MD5; + else + credentials->u.digest.algorithm = ALGORITHM_MD5; + } else if (str_equal_i(name, "qop")) { + if (str_equal_i(value, "auth")) + credentials->u.digest.qop = QOP_AUTH; + else if (str_equal_i(value, "auth-int")) + credentials->u.digest.qop = QOP_AUTH_INT; + else + credentials->u.digest.qop = QOP_NONE; + } else if (str_equal_i(name, "cnonce")) { + if (credentials->u.digest.cnonce != NULL) + goto bail; + credentials->u.digest.cnonce = strdup(value); + } else if (str_equal_i(name, "nc")) { + if (credentials->u.digest.nc != NULL) + goto bail; + credentials->u.digest.nc = strdup(value); + } + free(name); + free(value); + while (is_space_char(*p)) + p++; + if (*p == ',') { + p++; + while (is_space_char(*p)) + p++; + if (*p == '\0') + goto bail; + } + s = p; + } + } + + return s; + +bail: + http_credentials_free(credentials); + + return NULL; +} + +/* Is scheme a preferred over scheme b? We prefer Digest to Basic when Digest is + supported. */ +static int auth_scheme_is_better(enum http_auth_scheme a, + enum http_auth_scheme b) +{ +//#if HAVE_HTTP_DIGEST + if (b == AUTH_DIGEST) + return 0; + if (b == AUTH_BASIC) + return a == AUTH_DIGEST; + if (b == AUTH_UNKNOWN) + return a == AUTH_BASIC || a == AUTH_DIGEST; +//#else + if (b == AUTH_BASIC) + return 0; + if (b == AUTH_UNKNOWN) + return a == AUTH_BASIC; +//#endif + + return 0; +} + +struct http_challenge *http_header_get_proxy_challenge(const struct http_header *header, struct http_challenge *challenge) +{ + const struct http_header *p; + + http_challenge_init(challenge); + + p = NULL; + while ((p = http_header_next(header, p, "Proxy-Authenticate")) != NULL) { + const char *tmp; + + tmp = p->value; + while (*tmp != '\0') { + struct http_challenge tmp_info; + + tmp = http_read_challenge(tmp, &tmp_info); + if (tmp == NULL) { + http_challenge_free(challenge); + return NULL; + } + if (auth_scheme_is_better(tmp_info.scheme, challenge->scheme)) { + http_challenge_free(challenge); + *challenge = tmp_info; + } else { + http_challenge_free(&tmp_info); + } + } + } + + return challenge; +} + +struct http_credentials *http_header_get_proxy_credentials(const struct http_header *header, struct http_credentials *credentials) +{ + const struct http_header *p; + + credentials->scheme = AUTH_UNKNOWN; + + p = NULL; + while ((p = http_header_next(header, p, "Proxy-Authorization")) != NULL) { + const char *tmp; + + tmp = p->value; + while (*tmp != '\0') { + struct http_credentials tmp_info; + + tmp = http_read_credentials(tmp, &tmp_info); + if (tmp == NULL) { + http_credentials_free(credentials); + return NULL; + } + if (auth_scheme_is_better(tmp_info.scheme, credentials->scheme)) { + http_credentials_free(credentials); + *credentials = tmp_info; + } else { + http_credentials_free(&tmp_info); + } + } + } + + return credentials; +} + +void http_challenge_init(struct http_challenge *challenge) +{ + challenge->scheme = AUTH_UNKNOWN; + challenge->realm = NULL; + challenge->digest.nonce = NULL; + challenge->digest.opaque = NULL; + challenge->digest.algorithm = ALGORITHM_MD5; + challenge->digest.qop = 0; +} + +void http_challenge_free(struct http_challenge *challenge) +{ + free(challenge->realm); + if (challenge->scheme == AUTH_DIGEST) { + free(challenge->digest.nonce); + free(challenge->digest.opaque); + } +} + +void http_credentials_init_basic(struct http_credentials *credentials) +{ + credentials->scheme = AUTH_BASIC; + credentials->u.basic = NULL; +} + +void http_credentials_init_digest(struct http_credentials *credentials) +{ + credentials->scheme = AUTH_DIGEST; + credentials->u.digest.username = NULL; + credentials->u.digest.realm = NULL; + credentials->u.digest.nonce = NULL; + credentials->u.digest.uri = NULL; + credentials->u.digest.response = NULL; + credentials->u.digest.algorithm = ALGORITHM_MD5; + credentials->u.digest.qop = QOP_NONE; + credentials->u.digest.nc = NULL; + credentials->u.digest.cnonce = NULL; +} + +void http_credentials_free(struct http_credentials *credentials) +{ + if (credentials->scheme == AUTH_BASIC) { + free(credentials->u.basic); + } else if (credentials->scheme == AUTH_DIGEST) { + free(credentials->u.digest.username); + free(credentials->u.digest.realm); + free(credentials->u.digest.nonce); + free(credentials->u.digest.uri); + free(credentials->u.digest.response); + free(credentials->u.digest.nc); + free(credentials->u.digest.cnonce); + } +} + + +struct http_challenge *http_header_get_challenge(const struct http_header *header, struct http_challenge *challenge) +{ + const struct http_header *p; + + http_challenge_init(challenge); + + p = NULL; + while ((p = http_header_next(header, p, "WWW-Authenticate")) != NULL) { + const char *tmp; + + tmp = p->value; + while (*tmp != '\0') { + struct http_challenge tmp_info; + + tmp = http_read_challenge(tmp, &tmp_info); + if (tmp == NULL) { + http_challenge_free(challenge); + return NULL; + } + if (auth_scheme_is_better(tmp_info.scheme, challenge->scheme)) { + http_challenge_free(challenge); + *challenge = tmp_info; + } else { + http_challenge_free(&tmp_info); + } + } + } + + return challenge; +} + diff --git a/include/DomainExec/Utils/http.h b/include/DomainExec/Utils/http.h new file mode 100644 index 00000000..f49e757e --- /dev/null +++ b/include/DomainExec/Utils/http.h @@ -0,0 +1,279 @@ +/*************************************************************************** + * http.h * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef _HTTP_H +#define _HTTP_H + +#include "utils.h" + +#include +#include + + + +/* A broken-down URI as defined in RFC 3986, except that the query and fragment + parts are included in the path. */ +struct uri { + char *scheme; + char *host; + int port; + char *path; +}; + +void uri_init(struct uri *uri); + +void uri_free(struct uri *uri); + +struct uri *uri_parse(struct uri *uri, const char *uri_s); + +struct uri *uri_parse_authority(struct uri *uri, const char *authority); + +enum http_version { + HTTP_09, + HTTP_10, + HTTP_11, + HTTP_UNKNOWN, +}; + +struct http_header { + char *name; + char *value; + struct http_header *next; +}; + +struct http_request { + char *method; + struct uri uri; + enum http_version version; + struct http_header *header; + int content_length_set; + unsigned long content_length; + unsigned long bytes_transferred; +}; + +struct http_response { + enum http_version version; + int code; + char *phrase; + struct http_header *header; + int content_length_set; + unsigned long content_length; + unsigned long bytes_transferred; +}; + +int http_read_header(char *buf, int buflen, char **result); + + +void http_header_free(struct http_header *header); +char *http_header_get(const struct http_header *header, const char *name); +const struct http_header *http_header_next(const struct http_header *header, const struct http_header *p, const char *name); +char *http_header_get_first(const struct http_header *header, const char *name); +struct http_header *http_header_set(struct http_header *header, const char *name, const char *value); +struct http_header *http_header_remove(struct http_header *header, const char *name); +int http_header_remove_hop_by_hop(struct http_header **header); +char *http_header_to_string(const struct http_header *header, size_t *n); + +void http_request_init(struct http_request *request); +void http_request_free(struct http_request *request); +char *http_request_to_string(const struct http_request *request, size_t *n); + +void http_response_init(struct http_response *response); +void http_response_free(struct http_response *response); +char *http_response_to_string(const struct http_response *response, size_t *n); + +int http_parse_header(struct http_header **result, const char *header); +int http_request_parse_header(struct http_request *request, const char *header); +int http_response_parse_header(struct http_response *response, const char *header); + +int http_parse_request_line(const char *line, struct http_request *request); + +int http_read_status_line(char *buf, int buflen, char **line, size_t *line_length); +int http_parse_status_line(const char *line, struct http_response *response); +int http_parse_status_line_code(const char *line); + +enum http_auth_scheme { AUTH_UNKNOWN, AUTH_BASIC, AUTH_DIGEST }; +enum http_digest_algorithm { ALGORITHM_MD5, ALGORITHM_UNKNOWN }; +enum http_digest_qop { QOP_NONE = 0, QOP_AUTH = 1 << 0, QOP_AUTH_INT = 1 << 1 }; + +struct http_challenge { + enum http_auth_scheme scheme; + char *realm; + struct { + char *nonce; + char *opaque; + enum http_digest_algorithm algorithm; + /* A bit mask of supported qop values ("auth", "auth-int", etc.). */ + unsigned char qop; + } digest; +}; + +struct http_credentials { + enum http_auth_scheme scheme; + union { + char *basic; + struct { + char *username; + char *realm; + char *nonce; + char *uri; + char *response; + enum http_digest_algorithm algorithm; + enum http_digest_qop qop; + char *nc; + char *cnonce; + } digest; + } u; +}; + +void http_challenge_init(struct http_challenge *challenge); +void http_challenge_free(struct http_challenge *challenge); +struct http_challenge *http_header_get_proxy_challenge(const struct http_header *header, struct http_challenge *challenge); +struct http_challenge *http_header_get_challenge(const struct http_header *header, struct http_challenge *challenge); + +void http_credentials_init_basic(struct http_credentials *credentials); +void http_credentials_init_digest(struct http_credentials *credentials); +void http_credentials_free(struct http_credentials *credentials); +struct http_credentials *http_header_get_proxy_credentials(const struct http_header *header, struct http_credentials *credentials); + +#if HAVE_OPENSSL +/* Initialize the server secret used in generating nonces. */ +int http_digest_init_secret(void); +int http_digest_nonce_time(const char *nonce, struct timeval *tv); +/* Return a Proxy-Authenticate header. */ +char *http_digest_proxy_authenticate(const char *realm, int stale); +/* Return a Proxy-Authorization header answering the given challenge. */ +char *http_digest_proxy_authorization(const struct http_challenge *challenge, + const char *username, const char *password, + const char *method, const char *uri); +int http_digest_check_credentials(const char *username, const char *realm, + const char *password, const char *method, + const struct http_credentials *credentials); +#endif + +#endif diff --git a/include/DomainExec/Utils/http_digest.cc b/include/DomainExec/Utils/http_digest.cc new file mode 100644 index 00000000..7a58fa65 --- /dev/null +++ b/include/DomainExec/Utils/http_digest.cc @@ -0,0 +1,441 @@ +/*************************************************************************** + * http_digest.cc -- HTTP Digest authentication handling. * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +/* Nonces returned by make_nonce have the form + timestamp-MD5(secret:timestamp) + using representative values, this may look like + 1263929285.015273-a8e75fae174fc0e6a5df47bf9900beb6 + Sending a timestamp in the clear allows us to compute how long ago the nonce + was issued without local state. Including microseconds reduces the chance + that the same nonce will be issued for two different requests. When a nonce + is received from a client, the time is extracted and then the nonce is + recalculated locally to make sure they match. This is similar to the strategy + recommended in section 3.2.1 of RFC 2617. +*/ + + +#include "http.h" + +#ifndef WIN32 +#include +#endif + +#if HAVE_OPENSSL + #include + #include + +/* What's a good length for this? I think it exists only to prevent us from + hashing known plaintext from the server. */ +#define CNONCE_LENGTH 8 + +#define SECRET_LENGTH 16 + +static unsigned char secret[SECRET_LENGTH]; +static int secret_initialized = 0; + +static int append_quoted_string(char **buf, size_t *size, size_t *offset, const char *s) +{ + const char *t; + + strbuf_append_str(buf, size, offset, "\""); + for (;;) { + t = s; + while (!((*t >= 0 && *t <= 31) || *t == 127 || *t == '\\')) + t++; + strbuf_append(buf, size, offset, s, t - s); + if (*t == '\0') + break; + strbuf_sprintf(buf, size, offset, "\\%c", *t); + s = t + 1; + } + strbuf_append_str(buf, size, offset, "\""); + + return *size; +} + +/* n is the size of src. dest must have at least n * 2 + 1 allocated bytes. */ +static char *enhex(char *dest, const unsigned char *src, size_t n) +{ + unsigned int i; + + for (i = 0; i < n; i++) + Snprintf(dest + i * 2, 3, "%02x", src[i]); + + return dest; +} + +/* Initialize the server secret used in generating nonces. Return -1 on + failure. */ +int http_digest_init_secret(void) +{ + if (!RAND_status()) + return -1; + if (RAND_bytes(secret, sizeof(secret)) != 1) + return -1; + secret_initialized = 1; + + return 0; +} + +static char *make_nonce(const struct timeval *tv) +{ + char *buf = NULL; + size_t size = 0, offset = 0; + MD5_CTX md5; + unsigned char hashbuf[MD5_DIGEST_LENGTH]; + char hash_hex[MD5_DIGEST_LENGTH * 2 + 1]; + char time_buf[32]; + + /* Crash if someone forgot to call http_digest_init_secret. */ + if (!secret_initialized) + return NULL; + // bye("Server secret not initialized for Digest authentication. Call http_digest_init_secret."); + + Snprintf(time_buf, sizeof(time_buf), "%lu.%06lu", + (long unsigned) tv->tv_sec, (long unsigned) tv->tv_usec); + + MD5_Init(&md5); + MD5_Update(&md5, secret, sizeof(secret)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, time_buf, strlen(time_buf)); + MD5_Final(hashbuf, &md5); + enhex(hash_hex, hashbuf, sizeof(hashbuf)); + + strbuf_sprintf(&buf, &size, &offset, "%s-%s", time_buf, hash_hex); + + return buf; +} + +/* Arguments are assumed to be non-NULL, with the exception of nc and cnonce, + which may be garbage only if qop == QOP_NONE. */ +static void make_response(char buf[MD5_DIGEST_LENGTH * 2 + 1], + const char *username, const char *realm, const char *password, + const char *method, const char *uri, const char *nonce, + enum http_digest_qop qop, const char *nc, const char *cnonce) +{ + char HA1_hex[MD5_DIGEST_LENGTH * 2 + 1], HA2_hex[MD5_DIGEST_LENGTH * 2 + 1]; + unsigned char hashbuf[MD5_DIGEST_LENGTH]; + MD5_CTX md5; + + /* Calculate H(A1). */ + MD5_Init(&md5); + MD5_Update(&md5, username, strlen(username)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, realm, strlen(realm)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, password, strlen(password)); + MD5_Final(hashbuf, &md5); + enhex(HA1_hex, hashbuf, sizeof(hashbuf)); + + /* Calculate H(A2). */ + MD5_Init(&md5); + MD5_Update(&md5, method, strlen(method)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, uri, strlen(uri)); + MD5_Final(hashbuf, &md5); + enhex(HA2_hex, hashbuf, sizeof(hashbuf)); + + /* Calculate response. */ + MD5_Init(&md5); + MD5_Update(&md5, HA1_hex, strlen(HA1_hex)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, nonce, strlen(nonce)); + if (qop == QOP_AUTH) { + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, nc, strlen(nc)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, cnonce, strlen(cnonce)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, "auth", strlen("auth")); + } + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, HA2_hex, strlen(HA2_hex)); + MD5_Final(hashbuf, &md5); + + enhex(buf, hashbuf, sizeof(hashbuf)); +} + +/* Extract the issuance time from a nonce (without checking other aspects of + validity. If the time can't be extracted, returns -1, 0 otherwise. */ +int http_digest_nonce_time(const char *nonce, struct timeval *tv) +{ + unsigned long sec, usec; + + if (sscanf(nonce, "%lu.%lu", &sec, &usec) != 2) + return -1; + + tv->tv_sec = sec; + tv->tv_usec = usec; + + return 0; +} + +char *http_digest_proxy_authenticate(const char *realm, int stale) +{ + char *buf = NULL; + size_t size = 0, offset = 0; + struct timeval tv; + char *nonce; + + if (gettimeofday(&tv, NULL) == -1) + return NULL; + + strbuf_append_str(&buf, &size, &offset, "Digest realm="); + append_quoted_string(&buf, &size, &offset, realm); + + nonce = make_nonce(&tv); + strbuf_append_str(&buf, &size, &offset, ", nonce="); + append_quoted_string(&buf, &size, &offset, nonce); + free(nonce); + strbuf_append_str(&buf, &size, &offset, ", qop=\"auth\""); + + if (stale) + strbuf_append_str(&buf, &size, &offset, ", stale=true"); + + return buf; +} + +char *http_digest_proxy_authorization(const struct http_challenge *challenge, + const char *username, const char *password, + const char *method, const char *uri) +{ + /* For now we authenticate successfully at most once, so we don't need a + varying client nonce count. */ + static const u32 nc = 0x00000001; + + char response_hex[MD5_DIGEST_LENGTH * 2 + 1]; + unsigned char cnonce[CNONCE_LENGTH]; + char cnonce_buf[CNONCE_LENGTH * 2 + 1]; + char nc_buf[8 + 1]; + char *buf = NULL; + size_t size = 0, offset = 0; + enum http_digest_qop qop; + + if (challenge->scheme != AUTH_DIGEST || challenge->realm == NULL + || challenge->digest.nonce == NULL + || challenge->digest.algorithm != ALGORITHM_MD5) + return NULL; + + if (challenge->digest.qop & QOP_AUTH) { + Snprintf(nc_buf, sizeof(nc_buf), "%08x", nc); + if (!RAND_status()) + return NULL; + if (RAND_bytes(cnonce, sizeof(cnonce)) != 1) + return NULL; + enhex(cnonce_buf, cnonce, sizeof(cnonce)); + qop = QOP_AUTH; + } else { + qop = QOP_NONE; + } + + strbuf_append_str(&buf, &size, &offset, " Digest"); + strbuf_append_str(&buf, &size, &offset, " username="); + append_quoted_string(&buf, &size, &offset, username); + strbuf_append_str(&buf, &size, &offset, ", realm="); + append_quoted_string(&buf, &size, &offset, challenge->realm); + strbuf_append_str(&buf, &size, &offset, ", nonce="); + append_quoted_string(&buf, &size, &offset, challenge->digest.nonce); + strbuf_append_str(&buf, &size, &offset, ", uri="); + append_quoted_string(&buf, &size, &offset, uri); + + if (qop == QOP_AUTH) { + strbuf_append_str(&buf, &size, &offset, ", qop=auth"); + strbuf_append_str(&buf, &size, &offset, ", cnonce="); + append_quoted_string(&buf, &size, &offset, cnonce_buf); + strbuf_sprintf(&buf, &size, &offset, ", nc=%s", nc_buf); + } + + make_response(response_hex, username, challenge->realm, password, + method, uri, challenge->digest.nonce, qop, nc_buf, cnonce_buf); + strbuf_append_str(&buf, &size, &offset, ", response="); + append_quoted_string(&buf, &size, &offset, response_hex); + + if (challenge->digest.opaque != NULL) { + strbuf_append_str(&buf, &size, &offset, ", opaque="); + append_quoted_string(&buf, &size, &offset, challenge->digest.opaque); + } + + strbuf_append_str(&buf, &size, &offset, ", algorithm=MD5"); + + strbuf_append_str(&buf, &size, &offset, "\r\n"); + + return buf; +} + +/* Check that a nonce is one that we issued, and that the response is what is + expected. This doesn't do any checking against the lifetime of the nonce. */ +int http_digest_check_credentials(const char *username, const char *realm, + const char *password, const char *method, + const struct http_credentials *credentials) +{ + char response_hex[MD5_DIGEST_LENGTH * 2 + 1]; + struct timeval tv; + char *nonce; + + if (credentials->scheme != AUTH_DIGEST + || credentials->u.digest.username == NULL + || credentials->u.digest.realm == NULL + || credentials->u.digest.nonce == NULL + || credentials->u.digest.uri == NULL + || credentials->u.digest.response == NULL) { + return 0; + } + if (credentials->u.digest.qop != QOP_NONE && credentials->u.digest.qop != QOP_AUTH) + return 0; + if (credentials->u.digest.qop == QOP_AUTH + && (credentials->u.digest.nc == NULL + || credentials->u.digest.cnonce == NULL)) { + return 0; + } + + if (strcmp(username, credentials->u.digest.username) != 0) + return 0; + if (strcmp(realm, credentials->u.digest.realm) != 0) + return 0; + + if (http_digest_nonce_time(credentials->u.digest.nonce, &tv) == -1) + return 0; + + nonce = make_nonce(&tv); + if (strcmp(nonce, credentials->u.digest.nonce) != 0) { + /* We could not have handed out this nonce. */ + free(nonce); + return 0; + } + free(nonce); + + make_response(response_hex, credentials->u.digest.username, realm, + password, method, credentials->u.digest.uri, + credentials->u.digest.nonce, credentials->u.digest.qop, + credentials->u.digest.nc, credentials->u.digest.cnonce); + + return strcmp(response_hex, credentials->u.digest.response) == 0; +} + +#endif diff --git a/include/DomainExec/Utils/ncrack.cc b/include/DomainExec/Utils/ncrack.cc new file mode 100644 index 00000000..0e7eeecc --- /dev/null +++ b/include/DomainExec/Utils/ncrack.cc @@ -0,0 +1,2686 @@ + +/*************************************************************************** + * ncrack.cc -- ncrack's core engine along with all nsock callback * + * handlers reside in here. Simple options' (not host or service-options * + * specification handling) parsing also happens in main() here. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "NcrackOps.h" +#include "utils.h" +#include "services.h" +#include "targets.h" +#include "TargetGroup.h" +#include "ServiceGroup.h" +#include "nsock.h" +#include "global_structures.h" +#include "NcrackOutputTable.h" +#include "modules.h" +#include "ncrack_error.h" +#include "output.h" +#include "ncrack_tty.h" +#include "ncrack_input.h" +#include "ncrack_resume.h" +#include "xml.h" +#include +#include + +#if HAVE_SIGNAL + #include +#endif + +#if HAVE_OPENSSL + #include +#endif + +#ifdef WIN32 + #include "winfix.h" +#endif + +#define DEFAULT_CONNECT_TIMEOUT 5000 +/* includes connect() + ssl negotiation */ +#define DEFAULT_CONNECT_SSL_TIMEOUT 8000 +#define DEFAULT_USERNAME_FILE "default.usr" +#define DEFAULT_PASSWORD_FILE "default.pwd" + +/* (in milliseconds) every such interval we poll for interactive user input */ +#define KEYPRESSED_INTERVAL 500 + +/* (in milliseconds) every such interval check for pending signals */ +#define SIGNAL_CHECK_INTERVAL 1000 + +#define SERVICE_TIMEDOUT "Service timed-out as specified by user option." + +extern NcrackOps o; +using namespace std; + +/* global lookup table for available services */ +vector ServicesTable; +/* global login and pass array */ +vector UserArray; +vector PassArray; +struct tm local_time; + +/* schedule additional connections */ +static void ncrack_probes(nsock_pool nsp, ServiceGroup *SG); +/* ncrack initialization */ +static int ncrack(ServiceGroup *SG); +/* Poll for interactive user input every time this timer is called. */ +static void status_timer_handler(nsock_pool nsp, nsock_event nse, + void *mydata); +static void signal_timer_handler(nsock_pool nsp, nsock_event nse, + void *mydata); + +/* module name demultiplexor */ +static void call_module(nsock_pool nsp, Connection* con); + +static void parse_login_list(char *const arg, int mode); +static void load_login_file(const char *filename, int mode); +enum mode { USER, PASS }; + + +static void print_usage(void); +static void lookup_init(const char *const filename); +static int file_readable(const char *pathname); +static int ncrack_fetchfile(char *filename_returned, int bufferlen, + const char *file, int useroption = 0); +static char *grab_next_host_spec(FILE *inputfd, int argc, char **argv); +static void startTimeOutClocks(ServiceGroup *SG); +static void sigcatch(int signo); +static void sigcheck(ServiceGroup *SG); +static int ncrack_main(int argc, char **argv); + + +static void +print_usage(void) +{ + log_write(LOG_STDOUT, "%s %s ( %s )\n" + "Usage: ncrack [Options] {target and service specification}\n" + "TARGET SPECIFICATION:\n" + " Can pass hostnames, IP addresses, networks, etc.\n" + " Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; " + "10.0.0-255.1-254\n" + " -iX : Input from Nmap's -oX XML output format\n" + " -iN : Input from Nmap's -oN Normal output format\n" + " -iL : Input from list of hosts/networks\n" + " --exclude : Exclude hosts/networks\n" + " --excludefile : Exclude list from file\n" + "SERVICE SPECIFICATION:\n" + " Can pass target specific services in ://target (standard) " + "notation or\n" + " using -p which will be applied to all hosts in non-standard " + "notation.\n" + " Service arguments can be specified to be host-specific, type of " + "service-specific\n" + " (-m) or global (-g). Ex: ssh://10.0.0.10,at=10,cl=30 -m ssh:at=50 " + "-g cd=3000\n" + " Ex2: ncrack -p ssh,ftp:3500,25 10.0.0.10 scanme.nmap.org " + "google.com:80,ssl\n" + " -p : services will be applied to all non-standard " + "notation hosts\n" + " -m :: options will be applied to all services " + "of this type\n" + " -g : options will be applied to every service globally\n" + " Misc options:\n" + " ssl: enable SSL over this service\n" + " path : used in modules like HTTP ('=' needs escaping if " + "used)\n" + " db : used in modules like MongoDB to specify the database\n" + " domain : used in modules like WinRM to specify the domain\n" + "TIMING AND PERFORMANCE:\n" + " Options which take */ + xml_newline(); + + if ((*li)->end.reason != NULL && !strncmp((*li)->end.reason, SERVICE_TIMEDOUT, sizeof(SERVICE_TIMEDOUT))) + save_state = true; + + if ((*li)->credentials_found.size() != 0) + print_service_output(*li); + + xml_end_tag(); /* */ + xml_newline(); + } + + /* Print final output information */ + print_final_output(SG); + log_flush_all(); + + /* If any service timed out, then save a .restore file */ + if (save_state) + ncrack_save(SG); + + /* Free all of the Targets */ + while(!Targets.empty()) { + currenths = Targets.back(); + delete currenths; + Targets.pop_back(); + } + delete SG; + + log_write(LOG_STDOUT, "\nNcrack finished.\n"); + exit(EXIT_SUCCESS); +} + + +/* Start the timeout clocks of any targets that aren't already timedout */ +static void +startTimeOutClocks(ServiceGroup *SG) +{ + struct timeval tv; + list::iterator li; + + gettimeofday(&tv, NULL); + for (li = SG->services_all.begin(); li != SG->services_all.end(); li++) { + if (!(*li)->timedOut(NULL)) + (*li)->startTimeOutClock(&tv); + } +} + + +/* + * It handles module endings + */ +void +ncrack_module_end(nsock_pool nsp, void *mydata) +{ + Connection *con = (Connection *) mydata; + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + Service *serv = con->service; + nsock_iod nsi = con->niod; + struct timeval now; + int pair_ret; + const char *hostinfo = serv->HostInfo(); + + con->login_attempts++; + con->auth_complete = true; + serv->total_attempts++; + serv->finished_attempts++; + + /* First check if the module reported that it can no longer continue to + * crack the assigned service, in which case we should place it in the + * finished services. + */ + if (serv->end.orly) { + if (o.debugging) { + if (serv->end.reason) { + chomp(serv->end.reason); + log_write(LOG_STDOUT, "%s will no longer be cracked because module " + "reported that:\n %s\n", hostinfo, serv->end.reason); + } else { + log_write(LOG_STDOUT, "%s will no longer be cracked. No reason was " + "reported from module.\n", hostinfo); + } + } + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + } + + if (con->auth_success) { + serv->addCredential(con->user, con->pass); + SG->credentials_found++; + + if (o.verbose) + log_write(LOG_PLAIN, "Discovered credentials on %s '%s' '%s'\n", + hostinfo, con->user, con->pass); + + /* Quit cracking service if '-f' has been specified. */ + if (o.finish == 1) { + + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + + } else if (o.finish > 1) { + /* Quit cracking every service if '-f -f' or greater has been + * specified. + */ + list ::iterator li; + for (li = SG->services_all.begin(); li != SG->services_all.end(); li++) { + SG->pushServiceToList(*li, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + } + /* Now quit nsock_loop */ + nsock_loop_quit(nsp); + return ncrack_connection_end(nsp, con); + } + + } else { + if (!serv->more_rounds) { + if (o.debugging > 6) { + if (!strcmp(serv->name, "redis")) + log_write(LOG_STDOUT, "%s (EID %li) Login failed: '%s'\n", + hostinfo, nsock_iod_id(con->niod), con->pass); + else + log_write(LOG_STDOUT, "%s (EID %li) Login failed: '%s' '%s'\n", + hostinfo, nsock_iod_id(con->niod), con->user, con->pass); + } + } else { + serv->appendToPool(con->user, con->pass); + } + } + + if (serv->just_started && !serv->more_rounds + && con->close_reason != MODULE_ERR) { + serv->supported_attempts++; + serv->auth_rate_meter.update(1, NULL); + } + + gettimeofday(&now, NULL); + if (!serv->just_started && !serv->more_rounds + && timeval_msec_subtract(now, serv->last_auth_rate.time) >= 500) { + double current_rate = serv->auth_rate_meter.getCurrentRate(); + if (o.debugging) + log_write(LOG_STDOUT, "%s last: %.2f current %.2f parallelism %ld\n", + hostinfo, serv->last_auth_rate.rate, current_rate, + serv->ideal_parallelism); + if (current_rate < serv->last_auth_rate.rate + 3) { + if (serv->ideal_parallelism + 3 < serv->max_connection_limit) + serv->ideal_parallelism += 3; + else + serv->ideal_parallelism = serv->max_connection_limit; + if (o.debugging) + log_write(LOG_STDOUT, "%s Increasing connection limit to: %ld\n", + hostinfo, serv->ideal_parallelism); + } + serv->last_auth_rate.time = now; + serv->last_auth_rate.rate = current_rate; + } + + /* If login pair was extracted from pool, permanently remove it from it. */ + if (con->from_pool && !serv->isMirrorPoolEmpty()) { + serv->removeFromPool(con->user, con->pass); + con->from_pool = false; + } + + if (serv->isMirrorPoolEmpty() && !serv->active_connections + && serv->getListFinishing()) { + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + } + + /* + * Check if we had previously surpassed imposed connection limit so that + * we remove service from 'services_full' list + */ + if (serv->getListFull() + && serv->active_connections < serv->ideal_parallelism) + SG->popServiceFromList(serv, &SG->services_full); + + /* Initiate new connections if service gets active again */ + if (serv->getListActive()) + ncrack_probes(nsp, SG); + + /* If module itself reported an error in the connection, then mark the flag + * auth_complete as false. + */ + if (con->close_reason == MODULE_ERR) + con->auth_complete = false; + + /* If module instructed to close the connection by force, then do so + * here. + */ + if (con->force_close) + return ncrack_connection_end(nsp, con); + + /* + * If we need to check whether peer is alive or not we do the following: + * Since there is no portable way to check if the peer has closed the + * connection or not (hence we are in CLOSE_WAIT state), issue a read call + * with a very small timeout and check if nsock timed out (host hasn't closed + * connection yet) or returned an EOF (host sent FIN making active close) + * Note, however that the connection might have already indicated that the + * peer is alive (for example telnetd sends the next login prompt along with + * the authentication results, denoting that it immediately expects another + * authentication attempt), so in that case we need to get the next login + * pair only and make no additional check. + */ + if (con->peer_alive) { + if ((!serv->auth_tries + || con->login_attempts < (unsigned long)serv->auth_tries) + && (pair_ret = serv->getNextPair(&con->user, &con->pass)) != -1) { + if (pair_ret == 1) + con->from_pool = true; + nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + } else + return ncrack_connection_end(nsp, con); + } else { + /* + * We need to check if host is alive only on first timing + * probe. Thereafter we can use the 'supported_attempts'. + */ + if (serv->just_started && serv->more_rounds) { + ncrack_connection_end(nsp, con); + } else if (serv->just_started) { + con->check_closed = true; + nsock_read(nsp, nsi, ncrack_read_handler, 10, con); + } else if ((!serv->auth_tries + || con->login_attempts < (unsigned long)serv->auth_tries) + && con->login_attempts < serv->supported_attempts + && (pair_ret = serv->getNextPair(&con->user, &con->pass)) != -1) { + if (pair_ret == 1) + con->from_pool = true; + + + call_module(nsp, con); + } else { + /* We end the connection if: + * (we are not the first timing probe) AND + * (we are either at the server's imposed authentication limit OR + * we are at the user's imposed authentication limit) + */ + ncrack_connection_end(nsp, con); + } + } + return; +} + + +void +ncrack_connection_end(nsock_pool nsp, void *mydata) +{ + Connection *con = (Connection *) mydata; + Service *serv = con->service; + nsock_iod nsi = con->niod; + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + list ::iterator li; + const char *hostinfo = serv->HostInfo(); + unsigned long eid = nsock_iod_id(con->niod); + + + if (con->close_reason == CON_ERR) + SG->connections_timedout++; + + if (con->close_reason == READ_TIMEOUT) { + + if (!con->auth_complete) { + serv->appendToPool(con->user, con->pass); + } + + if (serv->getListPairfini()) + SG->popServiceFromList(serv, &SG->services_pairfini); + if (o.debugging) + error("%s (EID %li) nsock READ timeout!", hostinfo, eid); + + } else if (con->close_reason == READ_EOF || con->close_reason == MODULE_ERR) { + /* + * Check if we are on the point where peer might close at any moment + * (usually we set 'peer_might_close' after writing the password on the + * network and before issuing the next read call), so that this connection + * ending was actually expected. + */ + if (con->peer_might_close) { + /* If we are the first special timing probe, then increment the number of + * server-allowed authentication attempts per connection. + */ + if (serv->just_started) + serv->supported_attempts++; + + serv->total_attempts++; + serv->finished_attempts++; + + if (o.debugging > 6) + log_write(LOG_STDOUT, "%s (EID %li) Failed '%s' '%s'\n", hostinfo, eid, + con->user, con->pass); + + } else if (serv->more_rounds) { + /* We are still checking timing of the host, so don't do anything yet. */ + + } else if (!con->auth_complete) { + serv->appendToPool(con->user, con->pass); + if (serv->getListPairfini()) + SG->popServiceFromList(serv, &SG->services_pairfini); + + /* Now this is strange: peer closed on us in the middle of + * authentication. This shouldn't happen, unless extreme network + * conditions are happening! + */ + if (!serv->just_started + && con->login_attempts < serv->supported_attempts) { + if (o.debugging > 3) + error("%s (EID %li) closed on us in the middle of authentication!", hostinfo, eid); + SG->connections_closed++; + } + } + if (o.debugging > 5) + error("%s (EID %li) Connection closed by peer", hostinfo, eid); + } + con->close_reason = -1; + + + /* + * If we are not the first timing probe and the authentication wasn't + * completed (we double check that by seeing if we are inside the supported + * -by the server- threshold of authentication attempts per connection), then + * we take drastic action and drop the connection limit. + */ + if (!serv->just_started && !serv->more_rounds && !con->auth_complete + && !con->peer_might_close + && con->login_attempts < serv->supported_attempts) { + serv->total_attempts++; + // TODO:perhaps here we might want to differentiate between the two errors: + // timeout and premature close, giving a unique drop value to each + if (serv->ideal_parallelism - 5 >= serv->min_connection_limit) + serv->ideal_parallelism -= 5; + else + serv->ideal_parallelism = serv->min_connection_limit; + + if (o.debugging) + log_write(LOG_STDOUT, "%s (EID %li) Dropping connection limit due to connection " + "error to: %ld\n", hostinfo, eid, serv->ideal_parallelism); + } + + + /* + * If that was our first connection, then calculate initial ideal_parallelism + * (which was 1 previously) based on the box of min_connection_limit, + * max_connection_limit and a default desired parallelism for each timing + * template. + */ + if (serv->just_started == true && !serv->more_rounds) { + serv->just_started = false; + long desired_par = 1; + if (o.timing_level == 0) + desired_par = 1; + else if (o.timing_level == 1) + desired_par = 1; + else if (o.timing_level == 2) + desired_par = 4; + else if (o.timing_level == 3) + desired_par = 10; + else if (o.timing_level == 4) + desired_par = 30; + else if (o.timing_level == 5) + desired_par = 50; + + serv->ideal_parallelism = box(serv->min_connection_limit, + serv->max_connection_limit, desired_par); + } + + + for (li = serv->connections.begin(); li != serv->connections.end(); li++) { + if ((*li)->niod == nsi) + break; + } + if (li == serv->connections.end()) /* this shouldn't happen */ + fatal("%s: invalid niod!", __func__); + + SG->auth_rate_meter.update(con->login_attempts, NULL); + + nsock_iod_delete(nsi, NSOCK_PENDING_SILENT); + serv->connections.erase(li); + delete con; + + serv->active_connections--; + SG->active_connections--; + + + /* + * Check if we had previously surpassed imposed connection limit so that + * we remove service from 'services_full' list + */ + if (serv->getListFull() + && serv->active_connections < serv->ideal_parallelism) + SG->popServiceFromList(serv, &SG->services_full); + + + /* + * If linear stealthy mode is enabled, then mark the corresponding state as DONE + * since the connection just ended. If all connections from all services are done, + * then the next active connection can start. + */ + if (serv->getLinearState() == LINEAR_ACTIVE) { + serv->setLinearState(LINEAR_DONE); + serv->ideal_parallelism = 1; + } + + + /* + * If service was on 'services_finishing' (credential list finished, pool + * empty but still pending connections) then: + * - if new pairs arrived into pool, remove from 'services_finishing' + * - else if no more connections are pending, move to 'services_finished' + */ + if (serv->getListFinishing()) { + if (!serv->isMirrorPoolEmpty()) + SG->popServiceFromList(serv, &SG->services_finishing); + else if (!serv->active_connections) { + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + } + } + + if (o.debugging) + log_write(LOG_STDOUT, "%s (EID %li) Attempts: total %lu completed %lu supported %lu " + "--- rate %.2f \n", hostinfo, eid, serv->total_attempts, + serv->finished_attempts, serv->supported_attempts, + SG->auth_rate_meter.getCurrentRate()); + + /* Check if service finished for good. */ + if (serv->loginlist_fini && serv->isMirrorPoolEmpty() + && !serv->active_connections && !serv->getListFinished()) { + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + } + + + /* see if we can initiate some more connections */ + if (serv->getListActive()) + return ncrack_probes(nsp, SG); + + return; +} + + +void +ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + enum nse_status status = nse_status(nse); + enum nse_type type = nse_type(nse); + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + Connection *con = (Connection *) mydata; + Service *serv = con->service; + int pair_ret; + int nbytes; + int err; + char *str; + const char *hostinfo = serv->HostInfo(); + unsigned long eid = nsock_iod_id(con->niod); + + assert(type == NSE_TYPE_READ); + + + /* If service has already finished (probably due to the -f option), then + * cancel this event and return immediately. The same happens with the rest + * of the event handlers. + */ + if (serv->getListFinished()) { + nsock_event_cancel(nsp, nse_id(nse), 0); + return; + } + + if (serv->timedOut(NULL)) { + serv->end.reason = Strndup(SERVICE_TIMEDOUT, sizeof(SERVICE_TIMEDOUT)); + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + + } else if (status == NSE_STATUS_SUCCESS) { + + str = nse_readbuf(nse, &nbytes); + + if (con->inbuf == NULL) + con->inbuf = new Buf(); + + con->inbuf->append(str, nbytes); + + return call_module(nsp, con); + + } else if (status == NSE_STATUS_TIMEOUT) { + + /* First check if we are just making sure the host hasn't closed + * on us, and so we are still in ESTABLISHED state, instead of + * CLOSE_WAIT - we do this by issuing a read call with a tiny timeout. + * If we are still connected, then we can go on checking if we can make + * another authentication attempt in this particular connection. + */ + if (con->check_closed) { + /* Make another authentication attempt only if: + * 1. we hanen't surpassed the authentication limit per connection for + * this service + * 2. we still have enough login pairs from the pool + */ + if ((!serv->auth_tries + || con->login_attempts < (unsigned long)serv->auth_tries) + && (pair_ret = serv->getNextPair(&con->user, &con->pass)) != -1) { + if (pair_ret == 1) + con->from_pool = true; + return call_module(nsp, con); + } else { + con->close_reason = READ_EOF; + } + } else { + /* This is a normal timeout */ + con->close_reason = READ_TIMEOUT; + } + + } else if (status == NSE_STATUS_EOF) { + con->close_reason = READ_EOF; + + } else if (status == NSE_STATUS_ERROR || status == NSE_STATUS_PROXYERROR) { + + err = nse_errorcode(nse); + if (o.debugging > 2) + error("%s (EID %li) nsock READ error #%d (%s)", hostinfo, eid, err, strerror(err)); + serv->appendToPool(con->user, con->pass); + if (serv->getListPairfini()) + SG->popServiceFromList(serv, &SG->services_pairfini); + + } else if (status == NSE_STATUS_KILL) { + if (o.debugging > 2) + error("%s (EID %li) nsock READ nse_status_kill", hostinfo, eid); + + } else + if (o.debugging > 2) + error("%s (EID %li) WARNING: nsock READ unexpected status %d", hostinfo, + eid, (int) status); + + return ncrack_connection_end(nsp, con); +} + + + + +void +ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + enum nse_status status = nse_status(nse); + Connection *con = (Connection *) mydata; + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + Service *serv = con->service; + const char *hostinfo = serv->HostInfo(); + int err; + unsigned long eid = nsock_iod_id(con->niod); + + if (serv->getListFinished()) { + nsock_event_cancel(nsp, nse_id(nse), 0); + return; + } + + if (serv->timedOut(NULL)) { + serv->end.reason = Strndup(SERVICE_TIMEDOUT, sizeof(SERVICE_TIMEDOUT)); + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + + } else if (status == NSE_STATUS_SUCCESS) + call_module(nsp, con); + else if (status == NSE_STATUS_ERROR || status == NSE_STATUS_PROXYERROR) { + err = nse_errorcode(nse); + if (o.debugging > 2) + error("%s (EID %li) nsock WRITE error #%d (%s)", hostinfo, eid, err, strerror(err)); + } else if (status == NSE_STATUS_KILL) { + error("%s (EID %li) nsock WRITE nse_status_kill\n", hostinfo, eid); + } else + error("%s (EID %li) WARNING: nsock WRITE unexpected status %d", + hostinfo, eid, (int) (status)); + + return; +} + + +void +ncrack_timer_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + enum nse_status status = nse_status(nse); + Connection *con = (Connection *) mydata; + Service *serv = con->service; + const char *hostinfo = serv->HostInfo(); + + if (serv->getListFinished()) { + nsock_event_cancel(nsp, nse_id(nse), 0); + return; + } + + if (status == NSE_STATUS_SUCCESS) { + call_module(nsp, con); + } + else + error("%s nsock Timer handler error!", hostinfo); + + return; +} + + + + +void +ncrack_connect_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + nsock_iod nsi = nse_iod(nse); + enum nse_status status = nse_status(nse); + enum nse_type type = nse_type(nse); + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + Connection *con = (Connection *) mydata; + Service *serv = con->service; + const char *hostinfo = serv->HostInfo(); + int err; + unsigned long eid = nsock_iod_id(con->niod); + + assert(type == NSE_TYPE_CONNECT || type == NSE_TYPE_CONNECT_SSL); + + if (serv->getListFinished()) { + nsock_event_cancel(nsp, nse_id(nse), 0); + return; + } + + if (serv->timedOut(NULL)) { + serv->end.reason = Strndup(SERVICE_TIMEDOUT, sizeof(SERVICE_TIMEDOUT)); + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + + } else if (status == NSE_STATUS_SUCCESS) { + + serv->failed_connections = 0; + +#if HAVE_OPENSSL + // Snag our SSL_SESSION from the nsi for use in subsequent connections. + if (nsock_iod_check_ssl(nsi)) { + if (con->ssl_session) { + if (con->ssl_session == (SSL_SESSION *)(nsock_iod_get_ssl_session(nsi, 0))) { + //nada + } else { + SSL_SESSION_free((SSL_SESSION*)con->ssl_session); + con->ssl_session = (SSL_SESSION *)(nsock_iod_get_ssl_session(nsi, 1)); + } + } else { + con->ssl_session = (SSL_SESSION *)(nsock_iod_get_ssl_session(nsi, 1)); + } + } +#endif + + return call_module(nsp, con); + + } else if (status == NSE_STATUS_TIMEOUT || status == NSE_STATUS_ERROR + || status == NSE_STATUS_PROXYERROR) { + + /* This is not good. connect() really shouldn't generally be timing out. */ + if (o.debugging > 2) { + err = nse_errorcode(nse); + error("%s (EID %li) nsock CONNECT response with status %s error: %s", hostinfo, + eid, nse_status2str(status), strerror(err)); + } + serv->failed_connections++; + serv->appendToPool(con->user, con->pass); + + if (serv->failed_connections > serv->connection_retries) { + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished. Too many failed attemps. \n", hostinfo); + } + /* Failure of connecting on first attempt means we should probably drop + * the service for good. */ + if (serv->just_started) { + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + } + if (serv->getListPairfini()) + SG->popServiceFromList(serv, &SG->services_pairfini); + + con->close_reason = CON_ERR; + + } else if (status == NSE_STATUS_KILL) { + + if (o.debugging) + error("%s (EID %li) nsock CONNECT nse_status_kill", hostinfo, eid); + serv->appendToPool(con->user, con->pass); + if (serv->getListPairfini()) + SG->popServiceFromList(serv, &SG->services_pairfini); + + } else + error("%s (EID %li) WARNING: nsock CONNECT unexpected status %d", + hostinfo, eid, (int) status); + + return ncrack_connection_end(nsp, con); +} + + +/* + * Poll for interactive user input every time this timer is called. + */ +static void +status_timer_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + int key_ret; + enum nse_status status = nse_status(nse); + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + mydata = NULL; /* nothing in there */ + + key_ret = keyWasPressed(); + if (key_ret == KEYPRESS_STATUS) + printStatusMessage(SG); + else if (key_ret == KEYPRESS_CREDS) + print_creds(SG); + + if (status != NSE_STATUS_SUCCESS) { + /* Don't reschedule timer again, since nsp seems to have been + * deleted (NSE_STATUS_KILL sent) and we are done. */ + if (status == NSE_STATUS_KILL) + return; + else + error("Nsock status timer handler error: %s\n", nse_status2str(status)); + } + + /* Reschedule timer for the next polling. */ + nsock_timer_create(nsp, status_timer_handler, KEYPRESSED_INTERVAL, NULL); + +} + +static void +signal_timer_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + enum nse_status status = nse_status(nse); + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + mydata = NULL; /* nothing in there */ + + if (status != NSE_STATUS_SUCCESS) { + /* Don't reschedule timer again, since nsp seems to have been + * deleted (NSE_STATUS_KILL sent) and we are done. */ + if (status == NSE_STATUS_KILL) { + sigcheck(SG); + return; + } + else + error("Nsock status timer handler error: %s\n", nse_status2str(status)); + } + + /* Reschedule timer for the next polling. */ + nsock_timer_create(nsp, signal_timer_handler, SIGNAL_CHECK_INTERVAL, NULL); + + /* Check for pending signals */ + sigcheck(SG); +} + + +static void +ncrack_probes(nsock_pool nsp, ServiceGroup *SG) +{ + Service *serv; + Connection *con; + struct sockaddr_storage ss; + size_t ss_len; + list ::iterator li; + struct timeval now; + int pair_ret; + char *login, *pass; + const char *hostinfo; + size_t i = 0; + + + /* First check for every service if connection_delay time has already + * passed since its last connection and move them back to 'services_active' + * list if it has. + */ + gettimeofday(&now, NULL); + for (li = SG->services_wait.begin(); li != SG->services_wait.end(); li++) { + if (timeval_msec_subtract(now, (*li)->last) + >= (long long)(*li)->connection_delay) { + li = SG->popServiceFromList(*li, &SG->services_wait); + } + } + + if (SG->last_accessed == SG->services_active.end()) { + li = SG->services_active.begin(); + } else { + li = SG->last_accessed++; + } + + + + while (SG->active_connections < SG->connection_limit + && SG->services_finished.size() != SG->total_services + && SG->services_active.size() != 0) { + + serv = *li; + hostinfo = serv->HostInfo(); + + if (serv->timedOut(NULL)) { + serv->end.reason = Strndup(SERVICE_TIMEDOUT, sizeof(SERVICE_TIMEDOUT)); + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + goto next; + } + + /* + * If the service's last connection was earlier than 'connection_delay' + * milliseconds ago, then temporarily move service to 'services_wait' list + */ + gettimeofday(&now, NULL); + if (timeval_msec_subtract(now, serv->last) + < (long long)serv->connection_delay) { + li = SG->pushServiceToList(serv, &SG->services_wait); + goto next; + } + + + /* If the service's active connections surpass its imposed connection limit + * then don't initiate any more connections for it and also move service in + * the services_full list so that it won't be reaccessed in this loop. + */ + if (serv->active_connections >= serv->ideal_parallelism) { + li = SG->pushServiceToList(serv, &SG->services_full); + goto next; + } + + + /* + * To mark a service as completely finished, first make sure: + * a) that the username list has finished being iterated through once + * b) that the mirror pair pool, which holds temporary login pairs which + * are currently being used, is empty + * c) that no pending connections are left + * d) that the service hasn't already finished + */ + if (serv->loginlist_fini && serv->isMirrorPoolEmpty() + && !serv->getListFinished()) { + if (!serv->active_connections) { + li = SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + goto next; + } else { + li = SG->pushServiceToList(serv, &SG->services_finishing); + goto next; + } + } + + /* + * If the username list iteration has finished, then don't initiate another + * connection until our pair_pool has at least one element to grab another + * pair from. + */ + if (serv->loginlist_fini && serv->isPoolEmpty() + && !serv->isMirrorPoolEmpty()) { + li = SG->pushServiceToList(serv, &SG->services_pairfini); + goto next; + } + + if ((pair_ret = serv->getNextPair(&login, &pass)) == -1) + goto next; + + + /* + * If service belongs to list linear, then we have to wait until all others have + * first iterated. + */ + if ((serv->getLinearState() != LINEAR_INIT) + && (serv->getLinearState() == LINEAR_ACTIVE || SG->checkLinearPending() == true)) { + goto next; + } + + /* Schedule 1 connection for this service */ + con = new Connection(serv); + SG->connections_total++; + + if (o.stealthy_linear) { + serv->setLinearState(LINEAR_ACTIVE); + } + + if (pair_ret == 1) + con->from_pool = true; + con->user = login; + con->pass = pass; + + if ((con->niod = nsock_iod_new(nsp, serv)) == NULL) { + fatal("Failed to allocate Nsock I/O descriptor in %s()", __func__); + } + + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s (EID %li) Initiating new Connection\n", hostinfo, nsock_iod_id(con->niod)); + + gettimeofday(&now, NULL); + serv->last = now; + serv->connections.push_back(con); + serv->active_connections++; + SG->active_connections++; + + serv->target->TargetSockAddr(&ss, &ss_len); + if (serv->proto == IPPROTO_TCP) { + if (!serv->ssl) { + if (o.proxychain && o.socks4a) { + if (!serv->target->targetname) + fatal("Socks4a requires a hostname. Use socks4 for IPv4."); + nsock_connect_tcp_socks4a(nsp, con->niod, ncrack_connect_handler, + DEFAULT_CONNECT_TIMEOUT, con, serv->target->targetname, + serv->portno); + } else { + nsock_connect_tcp(nsp, con->niod, ncrack_connect_handler, + DEFAULT_CONNECT_TIMEOUT, con, + (struct sockaddr *)&ss, ss_len, + serv->portno); + } + } else { + nsock_connect_ssl(nsp, con->niod, ncrack_connect_handler, + DEFAULT_CONNECT_SSL_TIMEOUT, con, + (struct sockaddr *) &ss, ss_len, serv->proto, + serv->portno, con->ssl_session); + } + } else { + assert(serv->proto == IPPROTO_UDP); + nsock_connect_udp(nsp, con->niod, ncrack_connect_handler, + serv, (struct sockaddr *) &ss, ss_len, + serv->portno); + } + +next: + + /* + * this will take care of the case where the state of the services_active list + * has been modified in the meantime by any pushToList or popFromList without + * saving the state to the current li iterator thus showing to a non-valid + * service + */ + if (SG->prev_modified != li) { + li = SG->services_active.end(); + } + + SG->last_accessed = li; + if (li == SG->services_active.end() || ++li == SG->services_active.end()) { + li = SG->services_active.begin(); + } + + + i++; + if (o.stealthy_linear && i == SG->services_all.size()) + return; + + } + + return; +} + + + +static int +ncrack(ServiceGroup *SG) +{ + /* nsock variables */ + struct timeval now; + enum nsock_loopstatus loopret; + list ::iterator li; + nsock_pool nsp; + int nsock_timeout = 3000; + int err; + + /* create nsock p00l */ + if (!(nsp = nsock_pool_new(SG))) + fatal("Can't create nsock pool."); + + if (o.proxychain) { + if (nsock_pool_set_proxychain(nsp, o.proxychain) == -1) + fatal("Unable to set proxychain for nsock pool"); + } + + gettimeofday(&now, NULL); + nsock_set_loglevel(o.nsock_loglevel); + +#if HAVE_OPENSSL + /* We don't care about connection security, so cast Haste */ + nsock_pool_ssl_init(nsp, NSOCK_SSL_MAX_SPEED); +#endif + + SG->findMinDelay(); + /* We have to set the nsock_loop timeout to the minimum of the connection + * delay, since we have to check every that time period for potential new + * connection initiations. If the minimum connection delay is 0 however, we + * don't need to do it, since that would make nsock_loop return immediately + * and consume a lot of CPU. + */ + if (SG->min_connection_delay != 0) + nsock_timeout = SG->min_connection_delay; + + /* Initiate time-out clocks */ + startTimeOutClocks(SG); + + /* initiate all authentication rate meters */ + SG->auth_rate_meter.start(); + for (li = SG->services_all.begin(); li != SG->services_all.end(); li++) + (*li)->auth_rate_meter.start(); + + /* + * Since nsock can delay between each event due to the targets being really + * slow, we need a way to make sure that we always poll for interactive user + * input regardless of the above case. Thus we schedule a special timer event + * that happens every KEYPRESSED_INTERVAL milliseconds and which reschedules + * itself every time its handler is called. + */ + nsock_timer_create(nsp, status_timer_handler, KEYPRESSED_INTERVAL, NULL); + + /* + * We do the same for checking pending signals every SIGNAL_CHECK_INTERVAL + */ + nsock_timer_create(nsp, signal_timer_handler, SIGNAL_CHECK_INTERVAL, NULL); + + ncrack_probes(nsp, SG); + + /* nsock loop */ + do { + + loopret = nsock_loop(nsp, nsock_timeout); + + if (loopret == NSOCK_LOOP_ERROR) { + err = nsock_pool_get_error(nsp); + fatal("Unexpected nsock_loop error. Error code %d (%s)", + err, strerror(err)); + } + + ncrack_probes(nsp, SG); + + } while (SG->services_finished.size() != SG->total_services); + + nsock_pool_delete(nsp); + + if (o.debugging > 4) + log_write(LOG_STDOUT, "nsock_loop returned %d\n", loopret); + + return 0; +} + diff --git a/include/DomainExec/Utils/ncrack.h b/include/DomainExec/Utils/ncrack.h new file mode 100644 index 00000000..545b7e86 --- /dev/null +++ b/include/DomainExec/Utils/ncrack.h @@ -0,0 +1,279 @@ + +/*************************************************************************** + * ncrack.h -- ncrack's core engine along with all nsock callback * + * handlers reside in here. Simple options' (not host or service-options * + * specification handling) parsing also happens in main() here. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef NCRACK_H +#define NCRACK_H 1 + +#ifndef NCRACK_VERSION +/* Edit this definition only within the quotes, because it is read from this + file by the makefiles. */ +#define NCRACK_VERSION "0.8" +#define NCRACK_NUM_VERSION "0.8.0.0" +#endif + +#define NCRACK_XMLOUTPUTVERSION "1.00" + + +#define NCRACK_NAME "Ncrack" +#define NCRACK_URL "http://ncrack.org" + +#ifdef WIN32 +#include "mswin32\winclude.h" +#endif + +#ifdef HAVE_CONFIG_H +#include "ncrack_config.h" +#else +#ifdef WIN32 +#include "ncrack_winconfig.h" +#endif /* WIN32 */ +#endif /* HAVE_CONFIG_H */ + +#include + //#include + +#if HAVE_UNISTD_H +#include +#endif + +#ifdef STDC_HEADERS +#include +#else + void *malloc(); + void *realloc(); +#endif + +#if STDC_HEADERS || HAVE_STRING_H +#include +#if !STDC_HEADERS && HAVE_MEMORY_H +#include +#endif +#endif +#if HAVE_STRINGS_H +#include +#endif + +#ifdef HAVE_BSTRING_H +#include +#endif + +#include +#include + +#ifndef WIN32 /* from nmapNT -- seems to work */ +#include +#endif /* !WIN32 */ + +#ifdef HAVE_SYS_PARAM_H +#include /* Defines MAXHOSTNAMELEN on BSD*/ +#endif + + + +#include + +#if HAVE_RPC_TYPES_H +#include +#endif + +#if HAVE_SYS_SOCKET_H +#include +#endif + +#include + +#if HAVE_NETINET_IN_H +#include +#endif + +#include + +#if HAVE_NETDB_H +#include +#endif + +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif + +#include +#include + +#ifdef HAVE_PWD_H +#include +#endif + + + +#if HAVE_ARPA_INET_H +#include +#endif + + /* Keep assert() defined for security reasons */ +#undef NDEBUG + +#include +#include + +#if HAVE_SYS_RESOURCE_H +#include +#endif + + +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 64 +#endif + + +#define MAXLINE 255 + +#include "global_structures.h" + +/* callback handlers */ +void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +void ncrack_connect_handler(nsock_pool nsp, nsock_event nse, void *mydata); +void ncrack_timer_handler(nsock_pool nsp, nsock_event nse, void *mydata); + +/* module ending handler */ +void ncrack_module_end(nsock_pool nsp, void *mydata); +void ncrack_connection_end(nsock_pool nsp, void *mydata); + + +#endif diff --git a/include/DomainExec/Utils/ncrack_config.h.in b/include/DomainExec/Utils/ncrack_config.h.in new file mode 100644 index 00000000..0b5eea34 --- /dev/null +++ b/include/DomainExec/Utils/ncrack_config.h.in @@ -0,0 +1,100 @@ +/* ncrack_config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +#undef AC_APPLE_UNIVERSAL_BUILD + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* OpenSSL is available */ +#undef HAVE_OPENSSL + +/* Define to 1 if you have the header file. */ +#undef HAVE_PWD_H + +/* Define to 1 if you have the `signal' function. */ +#undef HAVE_SIGNAL + +/* struct sockaddr has sa_len member */ +#undef HAVE_SOCKADDR_SA_LEN + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the `strerror' function. */ +#undef HAVE_STRERROR + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SOCKIO_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_TERMIOS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* struct in_addr is a whacky huge structure */ +#undef IN_ADDR_DEEPSTRUCT + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +# undef WORDS_BIGENDIAN +# endif +#endif + +/* Use __FILE__ since __FUNCTION__ is not available */ +#undef __func__ + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +#undef inline +#endif + +/* Type of 6th argument to recvfrom() */ +#undef recvfrom6_t diff --git a/include/DomainExec/Utils/ncrack_error.cc b/include/DomainExec/Utils/ncrack_error.cc new file mode 100644 index 00000000..c81ef048 --- /dev/null +++ b/include/DomainExec/Utils/ncrack_error.cc @@ -0,0 +1,241 @@ + +/*************************************************************************** + * ncrack_error.cc -- Some simple error handling routines. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack_error.h" +#include "output.h" +#include "NcrackOps.h" + +extern NcrackOps o; + +#ifdef WIN32 +#include +#endif /* WIN32 */ + + +void fatal(const char *fmt, ...) { + va_list ap; + va_start(ap, fmt); + log_vwrite(LOG_STDERR, fmt, ap); + va_end(ap); + if (o.log_errors) { + va_start(ap, fmt); + log_vwrite(LOG_NORMAL, fmt, ap); + va_end(ap); + } + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, "\nQUITTING!\n"); + exit(1); +} + +void error(const char *fmt, ...) { + va_list ap; + + va_start(ap, fmt); + log_vwrite(LOG_STDERR, fmt, ap); + va_end(ap); + + if (o.log_errors) { + va_start(ap, fmt); + log_vwrite(LOG_NORMAL, fmt, ap); + va_end(ap); + } + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, "\n"); + return; +} + +void pfatal(const char *err, ...) { +#ifdef WIN32 + int lasterror =0; + char *errstr = NULL; +#endif + va_list ap; + + va_start(ap, err); + log_vwrite(LOG_STDERR, err, ap); + va_end(ap); + + if (o.log_errors) { + va_start(ap, err); + log_vwrite(LOG_NORMAL, err, ap); + va_end(ap); + } + +#ifdef WIN32 + lasterror = GetLastError(); + FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM, + NULL, lasterror, MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), + (LPTSTR) &errstr, 0, NULL); + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, ": %s (%d)\n", + errstr, lasterror); + HeapFree(GetProcessHeap(), 0, errstr); +#else + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, ": %s (%d)\n", + strerror(errno), errno); +#endif /* WIN32 perror() compatability switch */ + if (o.log_errors) log_flush(LOG_NORMAL); + fflush(stderr); + exit(1); +} + +/* This function is the Ncrack version of perror. It is just copy and + pasted from pfatal(), except the exit has been replaced with a + return. */ +void gh_perror(const char *err, ...) { +#ifdef WIN32 + int lasterror =0; + char *errstr = NULL; +#endif + va_list ap; + + va_start(ap, err); + log_vwrite(LOG_STDERR, err, ap); + va_end(ap); + + if (o.log_errors) { + va_start(ap, err); + log_vwrite(LOG_NORMAL, err, ap); + va_end(ap); + } + +#ifdef WIN32 + lasterror = GetLastError(); + FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM, + NULL, lasterror, MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), + (LPTSTR) &errstr, 0, NULL); + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, ": %s (%d)\n", + errstr, lasterror); + HeapFree(GetProcessHeap(), 0, errstr); +#else + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, ": %s (%d)\n", + strerror(errno), errno); +#endif /* WIN32 perror() compatability switch */ + if (o.log_errors) log_flush(LOG_NORMAL); + fflush(stderr); + return; +} diff --git a/include/DomainExec/Utils/ncrack_error.h b/include/DomainExec/Utils/ncrack_error.h new file mode 100644 index 00000000..bc8aace2 --- /dev/null +++ b/include/DomainExec/Utils/ncrack_error.h @@ -0,0 +1,177 @@ + +/*************************************************************************** + * ncrack_error.h -- Some simple error handling routines. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: nmap_error.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef NCRACK_ERROR_H +#define NCRACK_ERROR_H + +#ifdef WIN32 +#include "mswin32\winclude.h" +#endif + +#ifdef HAVE_CONFIG_H +#include "ncrack_config.h" +#else +#ifdef WIN32 +#include "ncrack_winconfig.h" +#endif /* WIN32 */ +#endif /* HAVE_CONFIG_H */ + +#include + +#ifdef STDC_HEADERS +#include +#endif + +#include +#include + +#if HAVE_UNISTD_H +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +void fatal(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); +void error(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); +void pfatal(const char *err, ...) + __attribute__ ((format (printf, 1, 2))); +void gh_perror(const char *err, ...) + __attribute__ ((format (printf, 1, 2))); + +#ifdef __cplusplus +} +#endif + +#endif /* NCRACK_ERROR_H */ diff --git a/include/DomainExec/Utils/ncrack_input.cc b/include/DomainExec/Utils/ncrack_input.cc new file mode 100644 index 00000000..5de18384 --- /dev/null +++ b/include/DomainExec/Utils/ncrack_input.cc @@ -0,0 +1,619 @@ + +/*************************************************************************** + * ncrack_input.cc -- Functions for parsing input from Nmap. Support for * + * Nmap's -oX and -oN output formats. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "utils.h" +#include "ncrack_input.h" +#include "services.h" + + +/* + * Responsible for parsing an Nmap XML output file (with the -oX option). + * Returns 0 for success and host_spec is set with a host-service specification + * in the form ://:. + * Returns -1 upon failure - which is usually when the EOF is reached. + * This function has to be called as many times as needed until it + * returns -1 to signify the end of parsing. + */ +int +xml_input(FILE *inputfd, char *host_spec) +{ + static bool begin = true; + int ch; + char buf[4096]; + static char ip[16]; + char portnum[7]; + char service_name[64]; + char cpe[4]; + char *dynamic_service_name; + + /* check if file is indeed in Nmap's XML output format */ + if (begin) { + + /* First check if this is an XML file */ + if (!fgets(buf, 15, inputfd)) + fatal("-iX XML checking fgets failure!\n"); + if (strncmp(buf, " section searching fgets failure!\n"); + + if (!strncmp(buf, "addres", 6)) { + /* Now get the rest of the line which is in the following format: + *
*/ + unsigned int i = 0; + while ((ch = getc(inputfd)) != EOF) { + if (ch == '>') + break; + if (i < sizeof(buf) / sizeof(char) - 1) + buf[i++] = (char) ch; + else + fatal("-iX possible buffer overflow!\n"); + } + if (i < 12) + fatal("-iX corrupted Nmap XML output file!\n"); + i--; + char *addr = NULL; + if (!(addr = memsearch(buf, "addr=", i))) + fatal("-iX corrupted Nmap XML output file!\n"); + /* Now point to the actual address string */ + addr += sizeof("addr="); + + /* Now find where the IP ends by finding the ending double quote */ + i = 0; + while (addr[i] != '"') + i++; + i++; + if (i > sizeof(ip)) + i = sizeof(ip); + Strncpy(ip, addr, i); + + } else if (!strncmp(buf, "runsta", 6)) { + /* We reached the end, so that's all folks. Get out. */ + return -1; + } + + } else { + /* Search for open ports, since we already have an address */ + + if (!fgets(buf, 7, inputfd)) + fatal("-iX section searching fgets failure!\n"); + + if (!strncmp(buf, "ports>", 6)) { + /* Now, depending on Nmap invokation we can have an extra section of + * "extraports" which we ignore */ + if (!fgets(buf, 12, inputfd)) + fatal("-iX section searching fgets failure!\n"); + if (!strncmp(buf, "" in a new line, so use that */ + while ((ch = getc(inputfd)) != EOF) { + if (ch == '<') { + if (!fgets(buf, 12, inputfd)) + fatal("-iX extraports fgets failure!\n"); + if (!strncmp(buf, "/extraports", 11)) + break; + } + } + } + } + if (memsearch(buf, "port ", strlen(buf))) { + /* We are inside a + */ + memset(buf, 0, sizeof(buf)); + + unsigned int port_section_length = 0; + unsigned int subsection = 0; + /* Since the ') { + subsection++; + if (subsection > 3) + break; + } + + /* Scanning with -A produces sections at the end of the port + * section in Nmap's XML output so if you find a cpe section, + * go to next port + */ + cpe[i++] = (char) ch; + if (i == 3) + i = 0; + if (!strncmp(cpe, "cpe", 3)) { + //printf("cpe\n"); + break; + } + + if (port_section_length < sizeof(buf) / sizeof(char) - 1) + buf[port_section_length++] = (char) ch; + else + fatal("-iX possible buffer overflow inside port parsing\n"); + } + if (port_section_length < 40) + fatal("-iX corrupted Nmap XML output file: too little length in " + " section\n"); + port_section_length--; + + char *p = NULL; + if (!(p = memsearch(buf, "portid=", port_section_length))) + fatal("-iX cannot find portid inside section!\n"); + p += sizeof("portid="); + + /* Now find where the port number ends by finding the double quote */ + unsigned int i = 0; + while (p[i] != '"') + i++; + i++; + if (i > sizeof(portnum)) + i = sizeof(portnum); + + Strncpy(portnum, p, i); + //printf("\nport: %s\n", portnum); + + /* Now make sure this port is in 'state=open' since we won't bother + * grabbing ports that are not open. */ + p = NULL; + if (!(p = memsearch(buf, "state=", port_section_length))) + fatal("-iX cannot find state inside section!\n"); + p += sizeof("state="); + + /* Port is open, so now grab the service name */ + if (!strncmp(p, "open", 4)) { + + p = NULL; + if (!(p = memsearch(buf, "name", port_section_length))) { + //fatal("-iX cannot find service 'name' inside section!\n"); + + /* No service name was found, so assume default association of port */ + dynamic_service_name = port2name(portnum); + Snprintf(host_spec, 1024, "%s://%s:%s", dynamic_service_name, ip, portnum); + if (dynamic_service_name) + free(dynamic_service_name); + + memset(ip, '\0', sizeof(ip)); + return 0; + } + p += sizeof("name="); + + i = 0; + while (p[i] != '"') + i++; + i++; + if (i > sizeof(service_name)) + i = sizeof(service_name); + + Strncpy(service_name, p, i); + //printf("\nservice_name: %s\n", service_name); + + /* Now we get everything we need: IP, service name and port so + * we can return them into host_spec + */ + Snprintf(host_spec, 1024, "%s://%s:%s", service_name, ip, portnum); + return 0; + } + + } else if (!strncmp(buf, "/ports", 6)) { + + /* We reached the end of the section, so we now need a new + * IP address - let the parser know that */ + memset(ip, '\0', sizeof(ip)); + + } else if (!strncmp(buf, "runsta", 6)) { + /* We reached the end, so that's all folks. Get out. */ + return -1; + } + + + } + + } + } + + return -1; +} + + +/* + * Responsible for parsing an Nmap Normal output file (with the -oN option) + * Returns 0 for success and host_spec is set with a host-service + * specification in the form ://:. + * Returns -1 upon failure - which is usually when the EOF is reached. + * This function has to be called as many times as needed until it + * returns -1 to signify the end of parsing. Each invokation will result in a + * different host_spec being set. + */ +int +normal_input(FILE *inputfd, char *host_spec) +{ + static bool begin = true; + int ch; + char buf[256]; + static char ip[16]; + char portnum[7]; + char service_name[64]; + static bool port_parsing = false; + static bool skip_over_newline = false; + char tmp[256]; + size_t i = 0; + + /* check if file is indeed in Nmap's Normal output format */ + if (begin) { + + if (!fgets(buf, 7, inputfd)) + fatal("-iN checking fgets failure!\n"); + if (strncmp(buf, "# Nmap", 6) && strncmp(buf, "Fetchf", 6)) + fatal("-iN file doesn't seem to be a Nmap -oN file!\n"); + + begin = false; + } + + memset(buf, 0, sizeof(buf)); + memset(tmp, 0, sizeof(tmp)); + + /* Ready to search for hosts and open ports */ + if (skip_over_newline) { + skip_over_newline = false; + goto start_over; + } + + while ((ch = getc(inputfd)) != EOF) { + + /* copy each ch to tmp buffer for referencing later */ + if (i < sizeof(tmp)) + tmp[i++] = ch; + + if (ch == '\n') { + +start_over: + /* Now get the open ports and services */ + if (!strncmp(tmp, "PORT", 4)) { + port_parsing = true; + } else { + port_parsing = false; + } + i = 0; /* reset tmp */ + memset(tmp, 0, sizeof(tmp)); + + + /* If you have already got an address from a previous invokation, then + * search only for open ports, else go look for a new IP */ + if (!strncmp(ip, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", sizeof(ip))) { + + /* Search for string "Nmap scan report" */ + if (!fgets(buf, 17, inputfd)) + fatal("-iN \"Nmap scan report\" section fgets failure!\n"); + + if (memsearch(buf, "map scan report", 16)) { + /* Now get the rest of the line which is in the following format: + * 'Nmap scan report for scanme.nmap.org (64.13.134.52):' + * OR + * 'Nmap scan report for 10.0.0.100:' + */ + + unsigned int line_length = 0; + while ((ch = getc(inputfd)) != EOF) { + if (line_length < sizeof(buf) / sizeof(char) - 1) + buf[line_length++] = (char) ch; + else + fatal("-iN possible buffer overflow!\n"); + if (ch == '\n') + break; + } + if (line_length < 10) + fatal("-iN corrupted Nmap -oN output file!\n"); + + if (line_length < sizeof(buf) / sizeof(char) - 1) + buf[line_length] = '\0'; + else + fatal("-iN possible buffer overflow!\n"); + + char *addr = NULL; + if (!(addr = memsearch(buf, "for", line_length))) + fatal("-iX corrupted Nmap -oN output file!\n"); + /* Now point to the actual address string */ + addr += sizeof("for"); + + /* Check if there is a hostname as well as an IP, in which case we + * need to grab the IP only */ + unsigned int i = 0; + char *p = NULL; + if ((p = memsearch(buf, "(", line_length))) { + addr = p + 1; + + while (addr[i] != ')') + i++; + i++; + + } else { + + while (addr[i] != '\n' && i < line_length) + i++; + i++; + } + + if (i > sizeof(ip)) + i = sizeof(ip); + Strncpy(ip, addr, i); + + //printf("ip: %s\n", ip); + + } else if (memsearch(buf, "map done", 16)) { + /* We reached the end of the file, so get out. */ + return -1; + } + + } else { + + + if (port_parsing) { + + memset(buf, '\0', sizeof(buf)); + + /* Now we need to get the port, so parse until you see a '/' which + * signifies the end of the por-number and the beginning of the + * protocol string (e.g tcp, udp) + */ + unsigned int port_length = 0; + while ((ch = getc(inputfd)) != EOF) { + /* If we get an alphanumeric character instead of a number, + * then it means we are on the next host, since we were expecting + * to see a port number. The alphanumeric character will usually + * correspond to the beginning of the "Nmap scan report" line. + */ + if (isalpha(ch)) { + port_parsing = false; + memset(ip, '\0', sizeof(ip)); + goto start_over; + } + if (ch == '/') + break; + if (port_length < sizeof(buf) / sizeof(char) - 1) + buf[port_length++] = (char) ch; + else + fatal("-iN possible buffer overflow!\n"); + + } + + port_length++; + if (port_length > sizeof(portnum) / sizeof(char)) + fatal("-iN port length invalid!\n"); + Strncpy(portnum, buf, port_length); + + //printf("port: %s\n", portnum); + + /* now parse the rest of the line */ + unsigned int line_length = 0; + while ((ch = getc(inputfd)) != EOF) { + if (ch == '\n') { + skip_over_newline = true; + break; + } + if (line_length < sizeof(buf) / sizeof(char) - 1) + buf[line_length++] = (char) ch; + else + fatal("-in possible buffer overflow while parsing port line.\n"); + } + + if (line_length > sizeof(buf) / sizeof(char) - 1) + fatal("-iN port-line length too big!\n"); + buf[line_length] = '\0'; + + /* Make sure port is open */ + char *p = NULL; + if ((p = memsearch(buf, "open", line_length))) { + + p += sizeof("open"); + /* Now find the service name */ + unsigned int i = 0; + while (p[i] == ' ' && i < line_length) + i++; + + p += i; + + i = 0; + while (p[i] != '\n' && p[i] != ' ') + i++; + i++; + if (i > sizeof(service_name)) + i = sizeof(service_name); + + Strncpy(service_name, p, i); + //printf("service_name: %s\n", service_name); + + /* Now we get everything we need: IP, service name and port so + * we can return them into host_spec + */ + Snprintf(host_spec, 1024, "%s://%s:%s", service_name, ip, portnum); + //printf("%s\n", host_spec); + return 0; + + } + + goto start_over; + + } + + } + + } + + + } + + return -1; + +} diff --git a/include/DomainExec/Utils/ncrack_input.h b/include/DomainExec/Utils/ncrack_input.h new file mode 100644 index 00000000..491a514c --- /dev/null +++ b/include/DomainExec/Utils/ncrack_input.h @@ -0,0 +1,157 @@ + +/*************************************************************************** + * ncrack_input.h -- Functions for parsing input from Nmap. Support for * + * Nmap's -oX and -oN output formats. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#ifndef NCRACK_INPUT_H +#define NCRACK_INPUT_H 1 + + +/* + * Responsible for parsing an Nmap XML output file (with the -oX option). + * Returns 0 for success and host_spec is set with a host-service specification + * in the form ://:. + * Returns -1 upon failure - which is usually when the EOF is reached. + * This function has to be called as many times as needed until it + * returns -1 to signify the end of parsing. Each invokation will result in a + * different host_spec being set. + */ +int xml_input(FILE *inputfd, char *host_spec); + +/* + * Responsible for parsing an Nmap Normal output file (with the -oN option) + * Returns 0 for success and host_spec is set with a host-service specification + * in the form ://:. + * Returns -1 upon failure - which is usually when the EOF is reached. + * This function has to be called as many times as needed until it + * returns -1 to signify the end of parsing. Each invokation will result in a + * different host_spec being set. + */ +int normal_input(FILE *inputfd, char *host_spec); + +#endif diff --git a/include/DomainExec/Utils/ncrack_resume.cc b/include/DomainExec/Utils/ncrack_resume.cc new file mode 100644 index 00000000..f27a042d --- /dev/null +++ b/include/DomainExec/Utils/ncrack_resume.cc @@ -0,0 +1,565 @@ + +/*************************************************************************** + * ncrack_resume.cc -- functions that implement the --resume option, which * + * needs to save the current state of Ncrack into a file and then recall * + * it. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack_resume.h" +#include "NcrackOps.h" + +#define BLANK_ENTRY "" + +extern NcrackOps o; + + +/* This function takes a command and the address of an uninitialized + char ** . It parses the command (by separating out whitespace) + into an argv[] style char **, which it sets the argv parameter to. + The function returns the number of items filled up in the array + (argc), or -1 in the case of an error. This function allocates + memory for argv and thus it must be freed -- use argv_parse_free() + for that. If arg_parse returns <1, then argv does not need to be freed. + The returned arrays are always terminated with a NULL pointer */ +int +arg_parse(const char *command, char ***argv) +{ + char **myargv = NULL; + int argc = 0; + char mycommand[4096]; + char *start, *end; + char oldend; + + *argv = NULL; + if (Strncpy(mycommand, command, 4096) == -1) { + return -1; + } + myargv = (char **) safe_malloc((MAX_PARSE_ARGS + 2) * sizeof(char *)); + memset(myargv, 0, (MAX_PARSE_ARGS+2) * sizeof(char *)); + myargv[0] = (char *) 0x123456; /* Integrity checker */ + myargv++; + start = mycommand; + while (start && *start) { + while (*start && isspace((int) (unsigned char) *start)) + start++; + if (*start == '"') { + start++; + end = strchr(start, '"'); + } else if (*start == '\'') { + start++; + end = strchr(start, '\''); + } else if (!*start) { + continue; + } else { + end = start+1; + while (*end && !isspace((int) (unsigned char) *end)) { + end++; + } + } + if (!end) { + arg_parse_free(myargv); + return -1; + } + if (argc >= MAX_PARSE_ARGS) { + arg_parse_free(myargv); + return -1; + } + oldend = *end; + *end = '\0'; + myargv[argc++] = strdup(start); + if (oldend) + start = end + 1; + else start = end; + } + myargv[argc+1] = 0; + *argv = myargv; + return argc; +} + +/* Free an argv allocated inside arg_parse */ +void +arg_parse_free(char **argv) +{ + char **current; + /* Integrity check */ + argv--; + assert(argv[0] == (char *) 0x123456); + current = argv + 1; + while (*current) { + free(*current); + current++; + } + free(argv); +} + + +int +ncrack_save(ServiceGroup *SG) +{ + FILE *outfile = NULL; + int argiter; + uint32_t magic = MAGIC_NUM; /* a bell that doesn't ring */ + list ::iterator li; + vector ::iterator vi; + uint32_t index = 0; + uint32_t credlist_size = 0; + struct passwd *pw; + int res, err; + time_t now; + struct tm local_time; + char path[MAXPATHLEN]; + char filename[MAXPATHLEN]; + bool cmd_user_pass = false; /* boolean used for handling the blank username/password + in the --user or --pass option */ + + + /* First find user home directory to save current session file + * in there (if he hasn't already specified his own filename, in which case + * we don't need to do all this work) + */ + if (!o.save_file) { + +#ifndef WIN32 + /* Unix systems -> use getpwuid of real or effective uid */ + pw = getpwuid(getuid()); + if (!pw && getuid() != geteuid()) + pw = getpwuid(geteuid()); + if (!pw) + fatal("%s: couldn't get current user's home directory to save restoration" + " file", __func__); + + res = Snprintf(path, sizeof(path), "%s/.ncrack", pw->pw_dir); + if (res < 0 || res > (int)sizeof(path)) + fatal("%s: possibly not enough buffer space for home path!\n", __func__); + +#else + /* Windows systems -> use the environmental variables */ + ExpandEnvironmentStrings("%userprofile%", path, sizeof(path)); + strncpy(&path[strlen(path)], "\\.ncrack", sizeof(path) - strlen(path)); + +#endif + + /* Check if /.ncrack directory exists and has proper permissions. + * If it doesn't exist, create it */ + if (access(path, F_OK)) { + /* dir doesn't exist, so mkdir it */ +#ifdef WIN32 + if (mkdir(path)) +#else + if (mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR)) +#endif + fatal("%s: can't create %s in user's home directory!\n", __func__, path); + } else { +#ifdef WIN32 + if (access(path, R_OK | W_OK)) +#else + if (access(path, R_OK | W_OK | X_OK)) +#endif + fatal("%s: %s doesn't have proper permissions!\n", __func__, path); + } + + } + + /* If user has specified a specific filename, then store saved state into + * that, rather than in the normal restore. format */ + if (!o.save_file) { + + /* Now create restoration file name based on the current date and time */ + Strncpy(filename, "restore.", 9); + + now = time(NULL); + err = n_localtime(&now, &local_time); + if (err) { + fatal("n_localtime failed: %s", strerror(err)); + } + + if (strftime(&filename[8], sizeof(filename), "%Y-%m-%d_%H-%M", &local_time) <= 0) + fatal("%s: Unable to properly format time", __func__); + + if (chdir(path) < 0) { + /* check for race condition */ + fatal("%s: unable to chdir to %s", __func__, path); + } + + } else { + + Strncpy(filename, o.save_file, sizeof(filename) - 1); + + } + + if (!(outfile = fopen(filename, "w"))) + fatal("%s: couldn't open file to save current state!\n", __func__); + + + /* First write magic number */ + if (fwrite(&magic, sizeof(magic), 1, outfile) != 1) + fatal("%s: couldn't write magic number to file!\n", __func__); + + /* Store the exact way Ncrack was invoked by writing the argv array */ + for (argiter = 0; argiter < o.saved_argc; argiter++) { + + /* Special handling in case the user has passed a blank password to either + * --user "" or --pass "" (or both). We are going to write a placeholder + * when saving this particular argument, so that the .restore file can be + * properly parsed in this case. + */ + if (cmd_user_pass + && (!strlen(o.saved_argv[argiter]) + || ((strlen(o.saved_argv[argiter]) == 1) + && !strncmp(o.saved_argv[argiter], ",", 1)))) { + /* If --user or --pass option argument is blank or a plain ",", then + * write BLANK_ENTRY magic keyword to indicate this special case */ + if (fwrite(BLANK_ENTRY, strlen(BLANK_ENTRY), 1, outfile) != 1) + fatal("%s: couldn't write %s to file!\n", __func__, BLANK_ENTRY); + cmd_user_pass = false; + } else { + if (fwrite(o.saved_argv[argiter], strlen(o.saved_argv[argiter]), 1, + outfile) != 1) + fatal("%s: couldn't write argv array to file!\n", __func__); + } + if (fwrite(" ", 1, 1, outfile) != 1) + fatal("%s: can't even write space!\n", __func__); + + if (cmd_user_pass) + cmd_user_pass = false; + + if (!strncmp(o.saved_argv[argiter], "--user", strlen(o.saved_argv[argiter])) + || !strncmp(o.saved_argv[argiter], "--pass", strlen(o.saved_argv[argiter]))) + cmd_user_pass = true; /* prepare for next iteration parsing */ + + } + + if (fwrite("\n", 1, 1, outfile) != 1) + fatal("%s: can't write newline!\n", __func__); + + /* Now iterate through all services and write for each of them: + * 1) the unique id + * 2) the username/password lists's iterators + * 3) any credentials found so far + */ + for (li = SG->services_all.begin(); li != SG->services_all.end(); li++) { + + /* First write the unique id */ + if (fwrite(&(*li)->uid, sizeof((*li)->uid), 1, outfile) != 1) + fatal("%s: couldn't write unique id to file!\n", __func__); + + //printf("---------id: %u-----------\n", (*li)->uid); + /* Write the list iterators but first convert them to 'indexes' of the + * vectors they are pointing to. Indexes are uint32_t which helps + * for portability, since it is a standard size of 32 bits everywhere. + */ + + index = (*li)->getUserlistIndex(); + if (fwrite(&index, sizeof(index), 1, outfile) != 1) + fatal("%s: couldn't write userlist index to file!\n", __func__); + + index = (*li)->getPasslistIndex(); + if (fwrite(&index, sizeof(index), 1, outfile) != 1) + fatal("%s: couldn't write passlist index to file!\n", __func__); + + + /* + * Now store any credentials found for this service. First store a 32bit + * number that denotes the number of credentials (pairs of + * username/password) that will follow. + */ + credlist_size = (*li)->credentials_found.size(); + if (fwrite(&credlist_size, sizeof(credlist_size), 1, outfile) != 1) + fatal("%s: couldn't write credential list size to file!\n", __func__); + + for (vi = (*li)->credentials_found.begin(); + vi != (*li)->credentials_found.end(); vi++) { + if (fwrite(vi->user, strlen(vi->user), 1, outfile) != 1) + fatal("%s: couldn't write credential username to file!\n", __func__); + if (fwrite("\0", 1, 1, outfile) != 1) + fatal("%s: couldn't even write \'\\0\' to file!\n", __func__); + if (fwrite(vi->pass, strlen(vi->pass), 1, outfile) != 1) + fatal("%s: couldn't write credential password to file!\n", __func__); + if (fwrite("\0", 1, 1, outfile) != 1) + fatal("%s: couldn't even write \'\\0\' to file!\n", __func__); + } + + } + + log_write(LOG_STDOUT, "Saved current session state at: "); + + if (!o.save_file) { + + log_write(LOG_STDOUT, "%s", path); +#ifdef WIN32 + log_write(LOG_STDOUT, "\\"); +#else + log_write(LOG_STDOUT, "/"); +#endif + + } + log_write(LOG_STDOUT, "%s\n", filename); + + fclose(outfile); + + return 0; +} + + +/* Reads in the special restore file that has everything Ncrack needs to know + * to resume the saved session. The important things it must gather are: + * 1) The command arguments + * 2) The unique id of each service + * 3) The username/password lists's indexes + * 4) Any credentials found so far + */ +int +ncrack_resume(char *fname, int *myargc, char ***myargv) +{ + char *filestr; + int filelen; + uint32_t magic, uid, cred_num; + struct saved_info tmp_info; + vector ::iterator vi; + char ncrack_arg_buffer[1024]; + char buf[1024]; + loginpair tmp_pair; + char *p, *q; /* I love C! Oh yes indeed. */ + + //memset(&tmp_info, 0, sizeof(tmp_info)); + + filestr = mmapfile(fname, &filelen, O_RDONLY); + if (!filestr) { + fatal("Could not mmap() %s read", fname); + } + + if (filelen < 20) { + fatal("Output file %s is too short -- no use resuming", fname); + } + + /* First check magic number */ + p = filestr; + memcpy(&magic, p, sizeof(magic)); + if (magic != MAGIC_NUM) + fatal("Corrupted log file %s . Magic number isn't correct. Are you sure " + "this is a Ncrack restore file?\n", fname); + + /* Now find the ncrack args */ + p += sizeof(magic); + + while (*p && !isspace((int) (unsigned char) *p)) + p++; + if (!*p) + fatal("Unable to parse supposed restore file %s . Sorry", fname); + p++; /* Skip the space between program name and first arg */ + if (*p == '\n' || !*p) + fatal("Unable to parse supposed restore file %s . Sorry", fname); + + q = strchr(p, '\n'); + if (!q || ((unsigned int) (q - p) >= sizeof(ncrack_arg_buffer) - 32)) + fatal("Unable to parse supposed restore file %s .", fname); + + strncpy(ncrack_arg_buffer, "ncrack ", 7); + if ((q-p) + 7 + 1 >= (int) sizeof(ncrack_arg_buffer)) + fatal("0verfl0w"); + memcpy(ncrack_arg_buffer + 7, p, q - p); + ncrack_arg_buffer[7 + q - p] = '\0'; + + *myargc = arg_parse(ncrack_arg_buffer, myargv); + if (*myargc == -1) { + fatal("Unable to parse supposed restore file %s . Sorry", fname); + } + + /* Now if there is a BLANK_ENTRY placeholder in the .restore file, just place + * '\0' over it, so that it seems as if the user had typed --user "" or + * --pass "". + */ + for (int i = 0; i < *myargc; i++) { + if (!strncmp(*(*myargv+i), BLANK_ENTRY, strlen(BLANK_ENTRY))) { + memset(*(*myargv+i), '\0', strlen(BLANK_ENTRY)); + } + } + + q++; + /* Now start reading in the services info. */ + while (q - filestr < filelen) { + + uid = (uint32_t)*q; + q += sizeof(uint32_t); + if (q - filestr >= filelen) + fatal("Corrupted file! Error 1\n"); + + memcpy(&tmp_info.user_index, q, sizeof(uint32_t)); + + q += sizeof(uint32_t); + if (q - filestr >= filelen) + fatal("Corrupted file! Error 2\n"); + + memcpy(&tmp_info.pass_index, q, sizeof(uint32_t)); + q += sizeof(uint32_t); + if (q - filestr >= filelen) + fatal("Corrupted file! Error 3\n"); + + memcpy(&cred_num, q, sizeof(uint32_t)); + q += sizeof(uint32_t); + if (cred_num > 0 && (q - filestr >= filelen)) + fatal("Corrupted file! Error 4\n"); + + uint32_t i; + size_t j; + bool user = true; + for (i = 0; i < cred_num * 2; i++) { + + j = 0; + buf[j++] = *q; + while (*q != '\0' && j < sizeof(buf)) { + q++; + if (q - filestr >= filelen) + fatal("Corrupted file! Error 5\n"); + buf[j++] = *q; + } + + q++; + + if (user) { + user = false; + tmp_pair.user = Strndup(buf, j - 1); + if (q - filestr >= filelen) + fatal("Corrupted file! Error 6\n"); + } else { + user = true; + tmp_pair.pass = Strndup(buf, j - 1); + tmp_info.credentials_found.push_back(tmp_pair); + if ((i != (cred_num * 2) - 1) && (q - filestr >= filelen)) + fatal("Corrupted file! Error 7\n"); + } + + } + + /* Now save the service info inside the map */ + o.resume_map[uid] = tmp_info; + } + + munmap(filestr, filelen); + return 0; +} + diff --git a/include/DomainExec/Utils/ncrack_resume.h b/include/DomainExec/Utils/ncrack_resume.h new file mode 100644 index 00000000..efe8217b --- /dev/null +++ b/include/DomainExec/Utils/ncrack_resume.h @@ -0,0 +1,174 @@ + +/*************************************************************************** + * ncrack_resume.h -- functions that implement the --resume option, which * + * needs to save the current state of Ncrack into a file and then recall * + * it. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#ifndef NCRACK_RESUME +#define NCRACK_RESUME 1 + +#include "ncrack.h" +#include "ncrack_error.h" +#include "utils.h" +#include "ServiceGroup.h" + +#ifdef WIN32 +#include +#endif + + +#define MAGIC_NUM 0xdeadbe11 /* a bell that doesn't ring */ +#define MAX_PARSE_ARGS 254 /* +1 for integrity checking + 1 for null term */ + + +/* This function takes a command and the address of an uninitialized + char ** . It parses the command (by separating out whitespace) + into an argv[] style char **, which it sets the argv parameter to. + The function returns the number of items filled up in the array + (argc), or -1 in the case of an error. This function allocates + memory for argv and thus it must be freed -- use argv_parse_free() + for that. If arg_parse returns <1, then argv does not need to be freed. + The returned arrays are always terminated with a NULL pointer */ +int arg_parse(const char *command, char ***argv); + +/* Free an argv allocated inside arg_parse */ +void arg_parse_free(char **argv); + +int ncrack_save(ServiceGroup *SG); + +/* Reads in the special restore file that has everything Ncrack needs to know + * to resume the saved session. The important things it must gather are: + * 1) The command arguments + * 2) The unique id of each service + * 3) The username/password lists's indexes + * 4) Any credentials found so far + */ +int ncrack_resume(char *fname, int *myargc, char ***myargv); + + +#endif diff --git a/include/DomainExec/Utils/ncrack_tty.cc b/include/DomainExec/Utils/ncrack_tty.cc new file mode 100644 index 00000000..268ddf0f --- /dev/null +++ b/include/DomainExec/Utils/ncrack_tty.cc @@ -0,0 +1,336 @@ +/*************************************************************************** + * ncrack_tty.cc -- Handles runtime interaction with Ncrack, so you can * + * increase verbosity/debugging or obtain a status line upon request. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#ifndef WIN32 +#include "ncrack_config.h" +#endif + +#include +#if HAVE_SYS_STAT_H +#include +#endif +#if HAVE_FCNTL_H +#include +#endif +#if HAVE_TERMIOS_H +#include +#endif +#if HAVE_UNISTD_H +#include +#endif +#include + +#include "ncrack_tty.h" +#include "utils.h" +#include "NcrackOps.h" + +extern NcrackOps o; + +#ifdef WIN32 +#include + +// Microsoft's runtime makes this fairly simple. :) +void tty_init() { return; } +static int tty_getchar() { return _kbhit() ? _getch() : -1; } +static void tty_done() { return; } + +static void tty_flush(void) +{ + static HANDLE stdinput = GetStdHandle(STD_INPUT_HANDLE); + + FlushConsoleInputBuffer(stdinput); +} + +#else +#if !defined(O_NONBLOCK) && defined(O_NDELAY) +#define O_NONBLOCK O_NDELAY +#endif + +#ifdef __CYGWIN32__ +#include +#include +#ifndef __CYGWIN__ +extern int tcgetattr(int fd, struct termios *termios_p); +extern int tcsetattr(int fd, int actions, struct termios *termios_p); +#endif +#endif + +static int tty_fd = 0; +static struct termios saved_ti; + +static int tty_getchar() +{ + int c, numChars; +#ifdef __CYGWIN32__ + fd_set set; + struct timeval tv; +#endif + + if (tty_fd && tcgetpgrp(tty_fd) == getpid()) { + + /* This is so that when the terminal has been disconnected, + * it will be reconnected when possible. If it slows things down, + * just remove it + */ + // tty_init(); + +#ifdef __CYGWIN32__ + FD_ZERO(&set); FD_SET(tty_fd, &set); + tv.tv_sec = 0; tv.tv_usec = 0; + if (select(tty_fd + 1, &set, NULL, NULL, &tv) <= 0) + return -1; +#endif + c = 0; + numChars = read(tty_fd, &c, 1); + if (numChars > 0) return c; + } + + return -1; +} + +static void tty_done() +{ + if (!tty_fd) return; + + tcsetattr(tty_fd, TCSANOW, &saved_ti); + + close(tty_fd); + tty_fd = 0; +} + +static void tty_flush(void) +{ + /* we don't need to test for tty_fd==0 here because + * this isn't called unless we succeeded + */ + + tcflush(tty_fd, TCIFLUSH); +} + +/* + * Initializes the terminal for unbuffered non-blocking input. Also + * registers tty_done() via atexit(). You need to call this before + * you ever call keyWasPressed(). + */ +void tty_init() +{ + struct termios ti; + + if (tty_fd) + return; + + if ((tty_fd = open("/dev/tty", O_RDONLY | O_NONBLOCK)) < 0) return; + +#ifndef __CYGWIN32__ + if (tcgetpgrp(tty_fd) != getpid()) { + close(tty_fd); return; + } +#endif + + tcgetattr(tty_fd, &ti); + saved_ti = ti; + ti.c_lflag &= ~(ICANON | ECHO); + ti.c_cc[VMIN] = 1; + ti.c_cc[VTIME] = 0; + tcsetattr(tty_fd, TCSANOW, &ti); + + atexit(tty_done); +} + +#endif //!win32 + +/* Catches all of the predefined + keypresses and interpret them, and it will also tell you if you + should print anything. A value of KEYPRESS_STATUS being returned means a + nonstandard key has been pressed and the calling method should + print a status message. A value of KEYPRESS_CREDS means that the + credentials found so far should be printed */ +int keyWasPressed() +{ + /* Where we keep the automatic stats printing schedule. */ + static struct timeval stats_time = { 0, 0 }; + int c; + + if ((c = tty_getchar()) >= 0) { + tty_flush(); /* flush input queue */ + + if (c == 'v') { + o.verbose++; + log_write(LOG_STDOUT, "Verbosity Increased to %d.\n", o.verbose); + } else if (c == 'V') { + if (o.verbose > 0) + o.verbose--; + log_write(LOG_STDOUT, "Verbosity Decreased to %d.\n", o.verbose); + } else if (c == 'd') { + o.debugging++; + log_write(LOG_STDOUT, "Debugging Increased to %d.\n", o.debugging); + } else if (c == 'D') { + if (o.debugging > 0) + o.debugging--; + log_write(LOG_STDOUT, "Debugging Decreased to %d.\n", o.debugging); + } else if (c == 'p' || c == 'P') { + return KEYPRESS_CREDS; + } else if (c == '?') { + log_write(LOG_STDOUT, + "Interactive keyboard commands:\n" + "? Display this information\n" + "v/V Increase/decrease verbosity\n" + "d/D Increase/decrease debugging\n" + "p/P Display found credentials\n" + "anything else Print status\n"); + } else { + return KEYPRESS_STATUS; + } + } + + /* Check if we need to print a status update according to the --stats-every + option. */ + if (o.stats_interval != 0.0) { + struct timeval now; + + gettimeofday(&now, NULL); + if (stats_time.tv_sec == 0) { + /* Initialize the scheduled stats time. */ + stats_time = *o.getStartTime(); + TIMEVAL_ADD(stats_time, stats_time, (time_t)(o.stats_interval * 1000000)); + } + + if (TIMEVAL_AFTER(now, stats_time)) { + /* Advance to the next print time. */ + TIMEVAL_ADD(stats_time, stats_time, (time_t)(o.stats_interval * 1000000)); + /* If it's still in the past, catch it up to the present. */ + if (TIMEVAL_AFTER(now, stats_time)) + stats_time = now; + /* Instruct the caller to print status too. */ + return KEYPRESS_STATUS; + } + } + + return 0; +} diff --git a/include/DomainExec/Utils/ncrack_tty.h b/include/DomainExec/Utils/ncrack_tty.h new file mode 100644 index 00000000..9fffaaa6 --- /dev/null +++ b/include/DomainExec/Utils/ncrack_tty.h @@ -0,0 +1,149 @@ +/*************************************************************************** + * ncrack_tty.h -- Handles runtime interaction with Ncrack, so you can * + * increase verbosity/debugging or obtain a status line upon request. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#ifndef NCRACK_TTY +#define NCRACK_TTY 1 + +#define KEYPRESS_STATUS 1 +#define KEYPRESS_CREDS 2 + +/* + * Initializes the terminal for unbuffered non-blocking input. Also + * registers tty_done() via atexit(). You need to call this before + * you ever call keyWasPressed(). + */ +void tty_init(); + +/* Catches all of the predefined keypresses and interpret them, and it + will also tell you if you should print anything. A value of true + being returned means a nonstandard key has been pressed and the + calling method should print a status message */ +int keyWasPressed(); + +#endif diff --git a/include/DomainExec/Utils/ncrack_winconfig.h b/include/DomainExec/Utils/ncrack_winconfig.h new file mode 100644 index 00000000..5d509a8a --- /dev/null +++ b/include/DomainExec/Utils/ncrack_winconfig.h @@ -0,0 +1,17 @@ +#ifndef NCRACK_WINCONFIG_H +#define NCRACK_WINCONFIG_H +/* Without this, Windows will give us all sorts of crap about using functions + like strcpy() even if they are done safely */ +#define _CRT_SECURE_NO_DEPRECATE 1 + +#define NCRACK_NAME "Ncrack" +#define NCRACK_URL "http://ncrack.org" +#define NCRACK_PLATFORM "i686-pc-windows-windows" +#define NCRACKDATADIR "C:\\Program Files\\Ncrack" /* FIXME: I really need to make this dynamic */ + +#define HAVE_OPENSSL 1 +#define HAVE_SIGNAL 1 +/* Apparently __func__ isn't yet supported */ +#define __func__ __FUNCTION__ + +#endif /* NCRACK_WINCONFIG_H */ diff --git a/include/DomainExec/Utils/ntlmssp.cc b/include/DomainExec/Utils/ntlmssp.cc new file mode 100644 index 00000000..84c50818 --- /dev/null +++ b/include/DomainExec/Utils/ntlmssp.cc @@ -0,0 +1,666 @@ +/* -*- mode:c; tab-width:8; c-basic-offset:8; indent-tabs-mode:nil; -*- */ +/*************************************************************************** + * ntlmssp.cc -- ntlmssp auth method * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* + Proudly stolen and adapted from libsmb2 -- https://github.com/sahlberg/libsmb2 + - lazily converted original C code to C++ (mostly casted malloc) + - replaced custom crypto with openssl (hmac md5) + - replaced custom unicode conv to ncrack routine (unicode_alloc) + - replaced custom ntlmv1 routine to ncrack routine (ntlm_create_hash) + + Copyright (C) 2018 by Ronnie Sahlberg + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program; if not, see . +*/ +#include +#include +#include +#include +#include +#include +#ifndef WIN32 +#include +#endif +#include +#include +#include +#include "portable_endian.h" + +#include "ncrack.h" +#include "ntlmssp.h" + +#if HAVE_OPENSSL + +#include +#include +#include + + +#include "crypto.h" // ntlm_create_hash +#include "utils.h" // unicode_alloc + +#define SMB2_KEY_SIZE 16 + +struct auth_data { + unsigned char *buf; + size_t len; + size_t allocated; + + int neg_result; + unsigned char *ntlm_buf; + size_t ntlm_len; + + const char *user; + const char *password; + const char *domain; + const char *workstation; + const char *client_challenge; + + uint8_t exported_session_key[SMB2_KEY_SIZE]; + }; + +#define NEGOTIATE_MESSAGE 0x00000001 +#define CHALLENGE_MESSAGE 0x00000002 +#define AUTHENTICATION_MESSAGE 0x00000003 + +#define NTLMSSP_NEGOTIATE_56 0x80000000 +#define NTLMSSP_NEGOTIATE_128 0x20000000 +#define NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0x00080000 +#define NTLMSSP_TARGET_TYPE_SERVER 0x00020000 +#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000 +#define NTLMSSP_NEGOTIATE_NTLM 0x00000200 +#define NTLMSSP_NEGOTIATE_SIGN 0x00000010 +#define NTLMSSP_REQUEST_TARGET 0x00000004 +#define NTLMSSP_NEGOTIATE_OEM 0x00000002 +#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001 +#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 + +static uint64_t +timeval_to_win(struct timeval *tv) +{ + return ((uint64_t)tv->tv_sec * 10000000) + + 116444736000000000 + tv->tv_usec * 10; +} + +void +ntlmssp_destroy_context(struct auth_data *auth) +{ + free(auth->ntlm_buf); + free(auth->buf); + free(auth); +} + +struct auth_data * +ntlmssp_init_context(const char *user, + const char *password, + const char *domain, + const char *workstation, + const char *client_challenge) +{ + struct auth_data *auth_data = NULL; + + auth_data = (struct auth_data*)malloc(sizeof(struct auth_data)); + if (auth_data == NULL) { + return NULL; + } + memset(auth_data, 0, sizeof(struct auth_data)); + + auth_data->user = user; + auth_data->password = password; + auth_data->domain = domain; + auth_data->workstation = workstation; + auth_data->client_challenge = client_challenge; + + memset(auth_data->exported_session_key, 0, SMB2_KEY_SIZE); + + return auth_data; +} + +static int +encoder(const void *buffer, size_t size, void *ptr) +{ + struct auth_data *auth_data = (struct auth_data*)ptr; + + if (size + auth_data->len > auth_data->allocated) { + unsigned char *tmp = auth_data->buf; + + auth_data->allocated = 2 * ((size + auth_data->allocated + 256) & ~0xff); + auth_data->buf = (unsigned char*)malloc(auth_data->allocated); + if (auth_data->buf == NULL) { + free(tmp); + return -1; + } + memcpy(auth_data->buf, tmp, auth_data->len); + free(tmp); + } + + memcpy(auth_data->buf + auth_data->len, buffer, size); + auth_data->len += size; + + return 0; +} + +static int +ntlm_negotiate_message(struct auth_data *auth_data) +{ + unsigned char ntlm[32]; + uint32_t u32; + + memset(ntlm, 0, 32); + memcpy(ntlm, "NTLMSSP", 8); + + u32 = htole32(NEGOTIATE_MESSAGE); + memcpy(&ntlm[8], &u32, 4); + + u32 = htole32(NTLMSSP_NEGOTIATE_56|NTLMSSP_NEGOTIATE_128| + NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY| + //NTLMSSP_NEGOTIATE_ALWAYS_SIGN| + NTLMSSP_NEGOTIATE_NTLM| + //NTLMSSP_NEGOTIATE_SIGN| + NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_OEM| + NTLMSSP_NEGOTIATE_UNICODE); + memcpy(&ntlm[12], &u32, 4); + + if (encoder(&ntlm[0], 32, auth_data) < 0) { + return -1; + } + + return 0; +} + +static int +ntlm_challenge_message(struct auth_data *auth_data, unsigned char *buf, + int len) +{ + free(auth_data->ntlm_buf); + auth_data->ntlm_len = len; + auth_data->ntlm_buf = (unsigned char*)malloc(auth_data->ntlm_len); + if (auth_data->ntlm_buf == NULL) { + return -1; + } + memcpy(auth_data->ntlm_buf, buf, auth_data->ntlm_len); + + return 0; +} + +static int +NTOWFv2(const char *user, const char *password, const char *domain, + unsigned char ntlmv2_hash[16]) +{ + size_t i, len, userdomain_len; + char *userdomain; + char *ucs2_userdomain = NULL; + unsigned char ntlm_hash[16]; + + ntlm_create_hash(password, ntlm_hash); + + len = strlen(user) + 1; + if (domain) { + len += strlen(domain); + } + userdomain = (char*)malloc(len); + if (userdomain == NULL) { + return -1; + } + + strcpy(userdomain, user); + for (i = strlen(userdomain) - 1; i > 0; i--) { + if (islower(userdomain[i])) { + userdomain[i] = toupper(userdomain[i]); + } + } + if (domain) { + strcat(userdomain, domain); + } + + ucs2_userdomain = unicode_alloc(userdomain); + if (ucs2_userdomain == NULL) { + return -1; + } + + userdomain_len = strlen(userdomain); + HMAC(EVP_md5(), ntlm_hash, 16, + (unsigned char *)ucs2_userdomain, userdomain_len * 2, + ntlmv2_hash, NULL); + free(userdomain); + free(ucs2_userdomain); + + return 0; +} + +/* This is not the same temp as in MS-NLMP. This temp has an additional + * 16 bytes at the start of the buffer. + * Use &auth_data->val[16] if you want the temp from MS-NLMP + */ +static int +encode_temp(struct auth_data *auth_data, uint64_t t, char *client_challenge, + char *server_challenge, char *server_name, int server_name_len) +{ + unsigned char sign[8] = {0x01, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}; + unsigned char zero[8] = {0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}; + + if (encoder(&zero, 8, auth_data) < 0) { + return -1; + } + if (encoder(server_challenge, 8, auth_data) < 0) { + return -1; + } + if (encoder(sign, 8, auth_data) < 0) { + return -1; + } + if (encoder(&t, 8, auth_data) < 0) { + return -1; + } + if (encoder(client_challenge, 8, auth_data) < 0) { + return -1; + } + if (encoder(&zero, 4, auth_data) < 0) { + return -1; + } + if (encoder(server_name, server_name_len, auth_data) < 0) { + return -1; + } + if (encoder(&zero, 4, auth_data) < 0) { + return -1; + } + + return 0; +} + +static int +encode_ntlm_auth(struct auth_data *auth_data, + char *server_challenge) +{ + int ret = -1; + unsigned char lm_buf[16]; + unsigned char *NTChallengeResponse_buf = NULL; + unsigned char ResponseKeyNT[16]; + char *ucs2_domain = NULL; + int domain_len; + char *ucs2_user = NULL; + int user_len; + char *ucs2_workstation = NULL; + int workstation_len; + int NTChallengeResponse_len; + unsigned char NTProofStr[16]; + unsigned char LMStr[16]; + uint64_t t; + struct timeval tv; + char *server_name_buf; + int server_name_len; + uint32_t u32; + uint32_t server_neg_flags; + unsigned char key_exch[SMB2_KEY_SIZE]; + + tv.tv_sec = time(NULL); + tv.tv_usec = 0; + t = timeval_to_win(&tv); + + /* + if (auth_data->password == NULL) { + goto finished; + } + */ + + /* + * Generate Concatenation of(NTProofStr, temp) + */ + if (NTOWFv2(auth_data->user, auth_data->password, + auth_data->domain, ResponseKeyNT) + < 0) { + goto finished; + } + + /* get the server neg flags */ + memcpy(&server_neg_flags, &auth_data->ntlm_buf[20], 4); + server_neg_flags = le32toh(server_neg_flags); + + memcpy(&u32, &auth_data->ntlm_buf[40], 4); + u32 = le32toh(u32); + server_name_len = u32 >> 16; + + memcpy(&u32, &auth_data->ntlm_buf[44], 4); + u32 = le32toh(u32); + server_name_buf = (char *)&auth_data->ntlm_buf[u32]; + + if (encode_temp(auth_data, t, (char *)auth_data->client_challenge, + server_challenge, server_name_buf, + server_name_len) < 0) { + return -1; + } + + HMAC(EVP_md5(), ResponseKeyNT, 16, &auth_data->buf[8], auth_data->len-8, NTProofStr, NULL); + memcpy(auth_data->buf, NTProofStr, 16); + + NTChallengeResponse_buf = auth_data->buf; + NTChallengeResponse_len = auth_data->len; + auth_data->buf = NULL; + auth_data->len = 0; + auth_data->allocated = 0; + + /* get the NTLMv2 Key-Exchange Key + For NTLMv2 - Key Exchange Key is the Session Base Key + */ + HMAC(EVP_md5(), ResponseKeyNT, 16, NTProofStr, 16, key_exch, NULL); + memcpy(auth_data->exported_session_key, key_exch, 16); + + /* + * Generate AUTHENTICATE_MESSAGE + */ + encoder("NTLMSSP", 8, auth_data); + + /* message type */ + u32 = htole32(AUTHENTICATION_MESSAGE); + encoder(&u32, 4, auth_data); + + /* lm challenge response fields */ + memcpy(&lm_buf[0], server_challenge, 8); + memcpy(&lm_buf[8], auth_data->client_challenge, 8); + HMAC(EVP_md5(), ResponseKeyNT, 16, &lm_buf[0], 16, LMStr, NULL); + u32 = htole32(0x00180018); + encoder(&u32, 4, auth_data); + u32 = 0; + encoder(&u32, 4, auth_data); + + /* nt challenge response fields */ + u32 = htole32((NTChallengeResponse_len<<16)| + NTChallengeResponse_len); + encoder(&u32, 4, auth_data); + u32 = 0; + encoder(&u32, 4, auth_data); + + /* domain name fields */ + if (auth_data->domain) { + domain_len = strlen(auth_data->domain); + ucs2_domain = unicode_alloc(auth_data->domain); + if (ucs2_domain == NULL) { + goto finished; + } + u32 = domain_len * 2; + u32 = htole32((u32 << 16) | u32); + encoder(&u32, 4, auth_data); + u32 = 0; + encoder(&u32, 4, auth_data); + } else { + u32 = 0; + encoder(&u32, 4, auth_data); + encoder(&u32, 4, auth_data); + } + + /* user name fields */ + user_len = strlen(auth_data->user); + ucs2_user = unicode_alloc(auth_data->user); + if (ucs2_user == NULL) { + goto finished; + } + u32 = user_len * 2; + u32 = htole32((u32 << 16) | u32); + encoder(&u32, 4, auth_data); + u32 = 0; + encoder(&u32, 4, auth_data); + + /* workstation name fields */ + if (auth_data->workstation) { + workstation_len = strlen(auth_data->workstation); + ucs2_workstation = unicode_alloc(auth_data->workstation); + if (ucs2_workstation == NULL) { + goto finished; + } + u32 = workstation_len * 2; + u32 = htole32((u32 << 16) | u32); + encoder(&u32, 4, auth_data); + u32 = 0; + encoder(&u32, 4, auth_data); + } else { + u32 = 0; + encoder(&u32, 4, auth_data); + encoder(&u32, 4, auth_data); + } + + /* encrypted random session key */ + u32 = 0; + encoder(&u32, 4, auth_data); + encoder(&u32, 4, auth_data); + + /* negotiate flags */ + u32 = htole32(NTLMSSP_NEGOTIATE_56|NTLMSSP_NEGOTIATE_128| + NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY| + //NTLMSSP_NEGOTIATE_ALWAYS_SIGN| + NTLMSSP_NEGOTIATE_NTLM| + //NTLMSSP_NEGOTIATE_SIGN| + NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_OEM| + NTLMSSP_NEGOTIATE_UNICODE); + encoder(&u32, 4, auth_data); + + /* append domain */ + u32 = htole32(auth_data->len); + memcpy(&auth_data->buf[32], &u32, 4); + if (ucs2_domain) { + encoder(ucs2_domain, domain_len * 2, auth_data); + } + + /* append user */ + u32 = htole32(auth_data->len); + memcpy(&auth_data->buf[40], &u32, 4); + encoder(ucs2_user, user_len * 2, auth_data); + + /* append workstation */ + u32 = htole32(auth_data->len); + memcpy(&auth_data->buf[48], &u32, 4); + if (ucs2_workstation) { + encoder(ucs2_workstation, workstation_len * 2, auth_data); + } + + /* append LMChallengeResponse */ + u32 = htole32(auth_data->len); + memcpy(&auth_data->buf[16], &u32, 4); + encoder(LMStr, 16, auth_data); + encoder(auth_data->client_challenge, 8, auth_data); + + /* append NTChallengeResponse */ + u32 = htole32(auth_data->len); + memcpy(&auth_data->buf[24], &u32, 4); + encoder(NTChallengeResponse_buf, NTChallengeResponse_len, auth_data); + + ret = 0; +finished: + free(ucs2_domain); + free(ucs2_user); + free(ucs2_workstation); + free(NTChallengeResponse_buf); + + return ret; +} + +int +ntlmssp_generate_blob(struct auth_data *auth_data, + unsigned char *input_buf, int input_len, + unsigned char **output_buf, uint16_t *output_len) +{ + free(auth_data->buf); + auth_data->buf = NULL; + auth_data->len = 0; + auth_data->allocated = 0; + + if (input_buf == NULL) { + ntlm_negotiate_message(auth_data); + } else { + if (ntlm_challenge_message(auth_data, input_buf, + input_len) < 0) { + return -1; + } + if (encode_ntlm_auth(auth_data, + (char *)&auth_data->ntlm_buf[24]) < 0) { + return -1; + } + } + + *output_buf = auth_data->buf; + *output_len = auth_data->len; + + return 0; +} + +int +ntlmssp_get_session_key(struct auth_data *auth, + uint8_t **key, + uint8_t *key_size) +{ + uint8_t *mkey = NULL; + + if (auth == NULL || key == NULL || key_size == NULL) { + return -1; + } + + mkey = (uint8_t *) malloc(SMB2_KEY_SIZE); + if (mkey == NULL) { + return -1; + } + memcpy(mkey, auth->exported_session_key, SMB2_KEY_SIZE); + + *key = mkey; + *key_size = SMB2_KEY_SIZE; + + return 0; +} + +#endif /* if HAVE_OPENSSL */ diff --git a/include/DomainExec/Utils/ntlmssp.h b/include/DomainExec/Utils/ntlmssp.h new file mode 100644 index 00000000..a6998e37 --- /dev/null +++ b/include/DomainExec/Utils/ntlmssp.h @@ -0,0 +1,23 @@ +#ifndef NTLMSSP_H +#define NTLMSSP_H + +struct auth_data; + +struct auth_data * +ntlmssp_init_context(const char *user, + const char *password, + const char *domain, + const char *workstation, + const char *client_challenge); + +int +ntlmssp_generate_blob(struct auth_data *auth_data, + unsigned char *input_buf, int input_len, + unsigned char **output_buf, uint16_t *output_len); + +void +ntlmssp_destroy_context(struct auth_data *auth); + +int ntlmssp_get_session_key(struct auth_data *auth, uint8_t **key, uint8_t *key_size); + +#endif diff --git a/include/DomainExec/Utils/output.cc b/include/DomainExec/Utils/output.cc new file mode 100644 index 00000000..70e212b8 --- /dev/null +++ b/include/DomainExec/Utils/output.cc @@ -0,0 +1,555 @@ + +/*************************************************************************** + * output.cc -- Handles the Ncrack output system. This currently involves * + * console-style human readable output and XML output * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "output.h" +#include "NcrackOps.h" +#include "ncrack_error.h" +#include "xml.h" + +extern NcrackOps o; +static const char *logtypes[LOG_NUM_FILES]=LOG_NAMES; + + +void +memprint(const char *addr, size_t bytes) +{ + size_t i; + for (i = 0; i < bytes; i++) { + log_write(LOG_STDOUT, "%c", addr[i]); + } + fflush(stdout); +} + + + +/* Write some information (printf style args) to the given log stream(s). + Remember to watch out for format string bugs. */ +void +log_write(int logt, const char *fmt, ...) +{ + va_list ap; + assert(logt > 0); + + if (!fmt || !*fmt) + return; + + for (int l = 1; l <= LOG_MAX; l <<= 1) { + if (logt & l) { + va_start(ap, fmt); + log_vwrite(l, fmt, ap); + va_end(ap); + } + } + return; +} + + + +/* This is the workhorse of the logging functions. Usually it is + called through log_write(), but it can be called directly if you + are dealing with a vfprintf-style va_list. Unlike log_write, YOU + CAN ONLY CALL THIS WITH ONE LOG TYPE (not a bitmask full of them). + In addition, YOU MUST SANDWHICH EACH EXECUTION IF THIS CALL BETWEEN + va_start() AND va_end() calls. */ +void +log_vwrite(int logt, const char *fmt, va_list ap) { + static char *writebuf = NULL; + static int writebuflen = 8192; + int rc = 0; + int len; + int fileidx = 0; + int l; + va_list apcopy; + + + if (!writebuf) + writebuf = (char *) safe_malloc(writebuflen); + + + switch(logt) { + case LOG_STDOUT: + vfprintf(o.ncrack_stdout, fmt, ap); + break; + + case LOG_STDERR: + fflush(stdout); // Otherwise some systems will print stderr out of order + vfprintf(stderr, fmt, ap); + break; + + case LOG_NORMAL: + case LOG_XML: +#ifdef WIN32 + apcopy = ap; +#else + va_copy(apcopy, ap); /* Needed in case we need to do a second vsnprintf */ +#endif + l = logt; + fileidx = 0; + while ((l&1)==0) { fileidx++; l>>=1; } + assert(fileidx < LOG_NUM_FILES); + if (o.logfd[fileidx]) { + len = Vsnprintf(writebuf, writebuflen, fmt, ap); + if (len == 0) { + va_end(apcopy); + return; + } else if (len < 0 || len >= writebuflen) { + /* Didn't have enough space. Expand writebuf and try again */ + if (len >= writebuflen) { + writebuflen = len + 1024; + } else { + /* Windows seems to just give -1 rather than the amount of space we + would need. So lets just gulp up a huge amount in the hope it + will be enough */ + writebuflen *= 150; + } + writebuf = (char *) safe_realloc(writebuf, writebuflen); + len = Vsnprintf(writebuf, writebuflen, fmt, apcopy); + if (len <= 0 || len >= writebuflen) { + fatal("%s: vsnprintf failed. Even after increasing bufferlen " + "to %d, Vsnprintf returned %d (logt == %d). " + "Please email this message to fyodor@insecure.org.", + __func__, writebuflen, len, logt); + } + } + rc = fwrite(writebuf,len,1,o.logfd[fileidx]); + if (rc != 1) { + fatal("Failed to write %d bytes of data to (logt==%d) stream. " + "fwrite returned %d.", len, logt, rc); + } + va_end(apcopy); + } + break; + + default: + fatal("%s(): Passed unknown log type (%d). Note that this function, " + "unlike log_write, can only " + "handle one log type at a time (no bitmasks)", __func__, logt); + } + + return; +} + + +/* Close the given log stream(s) */ +void +log_close(int logt) +{ + int i; + if (logt<0 || logt>LOG_FILE_MASK) return; + for (i=0;logt;logt>>=1,i++) if (o.logfd[i] && (logt&1)) fclose(o.logfd[i]); +} + +/* Flush the given log stream(s). In other words, all buffered output + is written to the log immediately */ +void +log_flush(int logt) { + int i; + + if (logt & LOG_STDOUT) { + fflush(o.ncrack_stdout); + logt -= LOG_STDOUT; + } + + if (logt & LOG_STDERR) { + fflush(stderr); + logt -= LOG_STDERR; + } + + + if (logt<0 || logt>LOG_FILE_MASK) return; + + for (i=0;logt;logt>>=1,i++) + { + if (!o.logfd[i] || !(logt&1)) continue; + fflush(o.logfd[i]); + } + +} + +/* Flush every single log stream -- all buffered output is written to the + corresponding logs immediately */ +void +log_flush_all() { + int fileno; + + for(fileno = 0; fileno < LOG_NUM_FILES; fileno++) { + if (o.logfd[fileno]) fflush(o.logfd[fileno]); + } + fflush(stdout); + fflush(stderr); +} + + +/* Open a log descriptor of the type given to the filename given. If + o.append_output is nonzero, the file will be appended instead of clobbered if + it already exists. If the file does not exist, it will be created */ +int +log_open(int logt, char *filename) +{ + int i=0; + if (logt<=0 || logt>LOG_FILE_MASK) return -1; + while ((logt&1)==0) { i++; logt>>=1; } + if (o.logfd[i]) fatal("Only one %s output filename allowed",logtypes[i]); + if (*filename == '-' && *(filename + 1) == '\0') + { + o.logfd[i]=stdout; + o.ncrack_stdout = fopen(DEVNULL, "w"); + if (!o.ncrack_stdout) + fatal("Could not assign %s to stdout for writing", DEVNULL); + } + else + { + if (o.append_output) + o.logfd[i] = fopen(filename, "a"); + else + o.logfd[i] = fopen(filename, "w"); + if (!o.logfd[i]) + fatal("Failed to open %s output file %s for writing", logtypes[i], + filename); + } + return 1; +} + + +char * +logfilename(const char *str, struct tm *tm) +{ + char *ret, *end, *p; + char tbuf[10]; + int retlen = strlen(str) * 6 + 1; + + ret = (char *) safe_malloc(retlen); + end = ret + retlen; + + for (p = ret; *str; str++) { + if (*str == '%') { + str++; + + if (!*str) + break; + + switch (*str) { + case 'H': + strftime(tbuf, sizeof tbuf, "%H", tm); + break; + case 'M': + strftime(tbuf, sizeof tbuf, "%M", tm); + break; + case 'S': + strftime(tbuf, sizeof tbuf, "%S", tm); + break; + case 'T': + strftime(tbuf, sizeof tbuf, "%H%M%S", tm); + break; + case 'R': + strftime(tbuf, sizeof tbuf, "%H%M", tm); + break; + case 'm': + strftime(tbuf, sizeof tbuf, "%m", tm); + break; + case 'd': + strftime(tbuf, sizeof tbuf, "%d", tm); + break; + case 'y': + strftime(tbuf, sizeof tbuf, "%y", tm); + break; + case 'Y': + strftime(tbuf, sizeof tbuf, "%Y", tm); + break; + case 'D': + strftime(tbuf, sizeof tbuf, "%m%d%y", tm); + break; + default: + *p++ = *str; + continue; + } + + assert(end - p > 1); + Strncpy(p, tbuf, end - p - 1); + p += strlen(tbuf); + } else { + *p++ = *str; + } + } + + *p = 0; + + return (char *) safe_realloc(ret, strlen(ret) + 1); +} + + +static std::string quote(const char *s) { + std::string result(""); + const char *p; + bool space; + + space = false; + for (p = s; *p != '\0'; p++) { + if (isspace(*p)) + space = true; + if (*p == '"' || *p == '\\') + result += "\\"; + result += *p; + } + + if (space) + result = "\"" + result + "\""; + + return result; +} + + +/* Return a std::string containing all n strings separated by whitespace, and + individually quoted if needed. */ +std::string join_quoted(const char * const strings[], unsigned int n) { + std::string result(""); + unsigned int i; + + for (i = 0; i < n; i++) { + if (i > 0) + result += " "; + result += quote(strings[i]); + } + + return result; +} + + +/* prints current status */ +void +printStatusMessage(ServiceGroup *SG) +{ + struct timeval tv; + gettimeofday(&tv, NULL); + long long time = (long long) (o.TimeSinceStartMS(&tv) / 1000.0); + + log_write(LOG_STDOUT, + "Stats: %lld:%02lld:%02lld elapsed; %lu services completed " + "(%lu total)\n", + time/60/60, time/60 % 60, time % 60, + (long unsigned) SG->services_finished.size(), SG->total_services); + log_write(LOG_STDOUT, "Rate: %.2f; Found: %lu; ", + SG->auth_rate_meter.getCurrentRate(), SG->credentials_found); + SG->SPM->printStats(SG->getCompletionFraction(), &tv); + if (SG->credentials_found) + log_write(LOG_STDOUT, "(press 'p' to list discovered credentials)\n"); +} + + +/* Prints all credentials found so far */ +void +print_creds(ServiceGroup *SG) +{ + list ::iterator li; + + for (li = SG->services_all.begin(); li != SG->services_all.end(); li++) { + if ((*li)->credentials_found.size() != 0) + print_service_output(*li); + } +} + + +void +print_service_output(Service *serv) +{ + vector ::iterator vi; + const char *ip = serv->target->NameIP(); + + log_write(LOG_PLAIN, "Discovered credentials for %s on %s ", + serv->name, ip); + if (strncmp(serv->target->HostName(), "", 1)) + log_write(LOG_PLAIN, "(%s) ", serv->target->HostName()); + log_write(LOG_PLAIN, "%hu/%s:\n", serv->portno, proto2str(serv->proto)); + for (vi = serv->credentials_found.begin(); + vi != serv->credentials_found.end(); vi++) { + log_write(LOG_PLAIN, "%s %hu/%s %s: '%s' '%s'\n", + ip, serv->portno, proto2str(serv->proto), serv->name, + vi->user, vi->pass); + xml_open_start_tag("credentials"); + xml_attribute("username", "%s", vi->user); + xml_attribute("password", "%s", vi->pass); + xml_close_start_tag(); + xml_end_tag(); + xml_newline(); + } +} + + +void +print_final_output(ServiceGroup *SG) +{ + time_t now; + char mytime[128]; + long long whole_t = 0, dec_t = 0; + int err; + + /* Workaround for default rounding-up that is done when printing a .2f float. + * Previously with a variable e.g 20999, printf (".2f", var/1000.0) would + * show it as 21.00, something which isn't right. + */ + dec_t = whole_t = o.TimeSinceStartMS(NULL); + if (whole_t) + whole_t /= 1000; + dec_t %= 1000; + if (dec_t) + dec_t /= 10; + + now = time(NULL); + err = n_ctime(mytime, sizeof(mytime), &now); + if (err) { + fatal("n_ctime failed: %s", strerror(err)); + } + chomp(mytime); + + if (o.list_only) + log_write(LOG_STDOUT, "\nNcrack done: %lu %s would be scanned.\n", + SG->total_services, (SG->total_services == 1)? "service" : "services"); + else { + log_write(LOG_STDOUT, "\nNcrack done: %lu %s scanned in %lld.%02lld " + "seconds.\n", SG->total_services, (SG->total_services == 1)? "service" + : "services", whole_t, dec_t); + log_write(LOG_NORMAL, "\n# Ncrack done at %s -- %lu %s scanned in " + "%lld.%02lld seconds.\n", mytime, SG->total_services, + (SG->total_services == 1)? "service" : "services", whole_t, dec_t); + } + + + if (o.verbose) + log_write(LOG_PLAIN, "Probes sent: %lu | timed-out: %lu |" + " prematurely-closed: %lu\n", SG->connections_total, + SG->connections_timedout, SG->connections_closed); + + xml_end_tag(); /* ncrackrun */ + xml_newline(); + log_flush_all(); +} + + diff --git a/include/DomainExec/Utils/output.h b/include/DomainExec/Utils/output.h new file mode 100644 index 00000000..ab47d84d --- /dev/null +++ b/include/DomainExec/Utils/output.h @@ -0,0 +1,213 @@ + +/*************************************************************************** + * output.h -- Handles the Ncrack output system. This currently involves * + * console-style human readable output, XML output and greppable output. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef OUTPUT_H +#define OUTPUT_H + +#include +#include +#include +#include "ServiceGroup.h" + +#define LOG_NUM_FILES 2 /* # of values that actual files(they must come first)*/ +#define LOG_FILE_MASK 3 /* The mask for log typs in the file array */ +#define LOG_NORMAL 1 +#define LOG_XML 2 +#define LOG_STDOUT 1024 +#define LOG_STDERR 2048 +#define LOG_MAX LOG_STDERR /* The maximum log type value */ + +#define LOG_PLAIN LOG_NORMAL|LOG_STDOUT + +#define LOG_NAMES {"normal", "XML"} + +#define MAX_IPPROTOSTRLEN 4 +#define IPPROTO2STR(p) \ + ((p)==IPPROTO_TCP ? "tcp" : \ + (p)==IPPROTO_UDP ? "udp" : \ + (p)==IPPROTO_SCTP ? "sctp" : \ + "n/a") +#define IPPROTO2STR_UC(p) \ + ((p)==IPPROTO_TCP ? "TCP" : \ + (p)==IPPROTO_UDP ? "UDP" : \ + (p)==IPPROTO_SCTP ? "SCTP" : \ + "N/A") + + +void memprint(const char *addr, size_t bytes); + +/* Write some information (printf style args) to the given log stream(s). + Remember to watch out for format string bugs. */ +void log_write(int logt, const char *fmt, ...) + __attribute__ ((format (printf, 2, 3))); + +/* This is the workhorse of the logging functions. Usually it is + called through log_write(), but it can be called directly if you + are dealing with a vfprintf-style va_list. Unlike log_write, YOU + CAN ONLY CALL THIS WITH ONE LOG TYPE (not a bitmask full of them). + In addition, YOU MUST SANDWHICH EACH EXECUTION IF THIS CALL BETWEEN + va_start() AND va_end() calls. */ +void log_vwrite(int logt, const char *fmt, va_list ap); + +/* Close the given log stream(s) */ +void log_close(int logt); + +/* Flush the given log stream(s). In other words, all buffered output + is written to the log immediately */ +void log_flush(int logt); + +/* Flush every single log stream -- all buffered output is written to the + corresponding logs immediately */ +void log_flush_all(); + +/* Open a log descriptor of the type given to the filename given. If + o.append_output is nonzero, the file will be appended instead of clobbered if + it already exists. If the file does not exist, it will be created */ +int log_open(int logt, char *filename); + +char *logfilename(const char *str, struct tm *tm); + +/* Return a std::string containing all n strings separated by whitespace, and + individually quoted if needed. */ +std::string join_quoted(const char * const strings[], unsigned int n); + +/* prints current status */ +void printStatusMessage(ServiceGroup *SG); + +/* Prints all credentials found so far */ +void print_creds(ServiceGroup *SG); + +void print_final_output(ServiceGroup *SG); + +void print_service_output(Service *serv); + + +#endif /* OUTPUT_H */ diff --git a/include/DomainExec/Utils/portable_endian.h b/include/DomainExec/Utils/portable_endian.h new file mode 100644 index 00000000..8434faff --- /dev/null +++ b/include/DomainExec/Utils/portable_endian.h @@ -0,0 +1,207 @@ + + +#ifndef PORTABLE_ENDIAN_H__ +#define PORTABLE_ENDIAN_H__ + +#if (defined(_WIN16) || defined(_WIN32) || defined(_WIN64)) && !defined(__WINDOWS__) + +# define __WINDOWS__ + +#endif + +#if defined(__linux__) || defined(__CYGWIN__) +/* Define necessary macros for the header to expose all fields. */ +# define _BSD_SOURCE +# define __USE_BSD +//# define _DEFAULT_SOURCE +# include +# include +/* See http://linux.die.net/man/3/endian */ +# if !defined(__GLIBC__) || !defined(__GLIBC_MINOR__) || ((__GLIBC__ < 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ < 9))) +# include +# if defined(__BYTE_ORDER) && (__BYTE_ORDER == __LITTLE_ENDIAN) +# if !defined(htobe16) +# define htobe16(x) htons(x) +# endif +# if !defined(htole16) +# define htole16(x) (x) +# endif +# if !defined(be16toh) +# define be16toh(x) ntohs(x) +# endif +# if !defined(le16toh) +# define le16toh(x) (x) +# endif +# if !defined(htobe32) +# define htobe32(x) htonl(x) +# endif +# if !defined(htole32) +# define htole32(x) (x) +# endif +# if !defined(be32toh) +# define be32toh(x) ntohl(x) +# endif +# if !defined(le32toh) +# define le32toh(x) (x) +# endif + +# if !defined(htobe64) +# define htobe64(x) (((uint64_t)htonl(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)htonl(((uint32_t)(x)))) << 32)) +# endif +# if !defined(htole64) +# define htole64(x) (x) +# endif +# if !defined(be64toh) +# define be64toh(x) (((uint64_t)ntohl(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)ntohl(((uint32_t)(x)))) << 32)) +# endif +# if !defined(le64toh) +# define le64toh(x) (x) +# endif + +# elif defined(__BYTE_ORDER) && (__BYTE_ORDER == __BIG_ENDIAN) +# if !defined(htobe16) +# define htobe16(x) (x) +# endif +# if !defined(htole16) +# define htole16(x) ((((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) +# endif +# if !defined(be16toh) +# define be16toh(x) (x) +# endif +# if !defined(le16toh) +# define le16toh(x) ((((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) +# endif + +# if !defined(htobe32) +# define htobe32(x) (x) +# endif +# if !defined(htole32) +# define htole32(x) (((uint32_t)htole16(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)htole16(((uint16_t)(x)))) << 16)) +# endif +# if !defined(be32toh) +# define be32toh(x) (x) +# endif +# if !defined(le32toh) +# define le32toh(x) (((uint32_t)le16toh(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)le16toh(((uint16_t)(x)))) << 16)) +# endif + +# if !defined(htobe64) +# define htobe64(x) (x) +# endif +# if !defined(htole64) +# define htole64(x) (((uint64_t)htole32(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)htole32(((uint32_t)(x)))) << 32)) +# endif +# if !defined(be64toh) +# define be64toh(x) (x) +# endif + +# if !defined(__BYTE_ORDER) +# define le64toh(x) (((uint64_t)le32toh(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)le32toh(((uint32_t)(x)))) << 32)) +# endif +# else +# error Byte Order not supported or not defined. +# endif +# endif + + + + +#elif defined(__APPLE__) + +# include + +# define htobe16(x) OSSwapHostToBigInt16(x) +# define htole16(x) OSSwapHostToLittleInt16(x) +# define be16toh(x) OSSwapBigToHostInt16(x) +# define le16toh(x) OSSwapLittleToHostInt16(x) + +# define htobe32(x) OSSwapHostToBigInt32(x) +# define htole32(x) OSSwapHostToLittleInt32(x) +# define be32toh(x) OSSwapBigToHostInt32(x) +# define le32toh(x) OSSwapLittleToHostInt32(x) + +# define htobe64(x) OSSwapHostToBigInt64(x) +# define htole64(x) OSSwapHostToLittleInt64(x) +# define be64toh(x) OSSwapBigToHostInt64(x) +# define le64toh(x) OSSwapLittleToHostInt64(x) + +# define __BYTE_ORDER BYTE_ORDER +# define __BIG_ENDIAN BIG_ENDIAN +# define __LITTLE_ENDIAN LITTLE_ENDIAN +# define __PDP_ENDIAN PDP_ENDIAN + +#elif defined(__NetBSD__) || defined(__OpenBSD__) + +# include + +#elif defined(__FreeBSD__) || defined(__DragonFly__) + +# include + +# define be16toh(x) betoh16(x) +# define le16toh(x) letoh16(x) + +# define be32toh(x) betoh32(x) +# define le32toh(x) letoh32(x) + +# define be64toh(x) betoh64(x) +# define le64toh(x) letoh64(x) + +#elif defined(__WINDOWS__) + +# include + + +# if BYTE_ORDER == LITTLE_ENDIAN + +# define htobe16(x) htons(x) +# define htole16(x) (x) +# define be16toh(x) ntohs(x) +# define le16toh(x) (x) + +# define htobe32(x) htonl(x) +# define htole32(x) (x) +# define be32toh(x) ntohl(x) +# define le32toh(x) (x) + +# define htobe64(x) htonll(x) +# define htole64(x) (x) +# define be64toh(x) ntohll(x) +# define le64toh(x) (x) + +# elif BYTE_ORDER == BIG_ENDIAN + + /* that would be xbox 360 */ +# define htobe16(x) (x) +# define htole16(x) __builtin_bswap16(x) +# define be16toh(x) (x) +# define le16toh(x) __builtin_bswap16(x) + +# define htobe32(x) (x) +# define htole32(x) __builtin_bswap32(x) +# define be32toh(x) (x) +# define le32toh(x) __builtin_bswap32(x) + +# define htobe64(x) (x) +# define htole64(x) __builtin_bswap64(x) +# define be64toh(x) (x) +# define le64toh(x) __builtin_bswap64(x) + +# else + +# error byte order not supported + +# endif + +# define __BYTE_ORDER BYTE_ORDER +# define __BIG_ENDIAN BIG_ENDIAN +# define __LITTLE_ENDIAN LITTLE_ENDIAN +# define __PDP_ENDIAN PDP_ENDIAN + +#else + +# error platform not supported + +#endif + +#endif diff --git a/include/DomainExec/Utils/services.cc b/include/DomainExec/Utils/services.cc new file mode 100644 index 00000000..39ccf070 --- /dev/null +++ b/include/DomainExec/Utils/services.cc @@ -0,0 +1,801 @@ + +/*************************************************************************** + * services.cc -- parsing functions for command-line service and option * + * specification. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "services.h" +#include "global_structures.h" +#include "Service.h" +#include "utils.h" +#include "NcrackOps.h" +#include + +/* global supported services' lookup table from ncrak-services file */ +extern vector ServicesTable; +extern NcrackOps o; +using namespace std; + +static int check_duplicate_services(vector services, + service_lookup *serv); +static void check_service_option(global_service *temp, char *argname, + char *argval); +static int parse_service_argument(char *const arg, char **argname, + char **argval); +static int check_duplicate_services(vector services, + service_lookup *serv); +static global_service parse_services_options(char *const exp); +static int check_supported_services(service_lookup *serv); +char *port2name(char *portno); + + +/* + * Parse service/host/port/options information from target specification + */ +ts_spec +parse_services_target(char *const exp) +{ + ts_spec temp; + char *s, *h, *p, *o; + size_t host_len; + int num_colons = 0, lbrackets = 0, rbrackets = 0; + + memset(&temp, 0, sizeof(temp)); + + /* Extract the service name */ + if ((s = strstr(exp, "://"))) { + temp.service_name = Strndup(exp, s-exp); + s += sizeof("://") - 1; + } else { + s = exp; /* no service name */ + } + + /* Determine if it's an IPv6 or not */ + for (h = s; *s && *s != ','; ++s) { + if (*s == ':') + ++num_colons; + else if (*s == '[') + ++lbrackets; + else if (*s == ']') + ++rbrackets; + } + if (!(lbrackets == rbrackets && lbrackets <= 1)) + fatal("Invalid number of brackets:%s", exp); + + /* Extract the host */ + if (lbrackets) { /* IPv6, potentially with a port */ + p = strchr(h, ']') + 1; + h++; + host_len = p-h-1; + } else if (num_colons >= 2) { /* IPv6, no port */ + p = strchrnul(h, ','); + host_len = p-h; + } else { /* IPv4 or hostname, potentially with a port */ + p = strchr(h, ':'); + if (!p) + p = strchrnul(h, ','); + host_len = p-h; + } + temp.host_expr = Strndup(h, host_len); + + /* Extract the port */ + o = strchrnul(s, ','); + if (*p == ':') + temp.portno = Strndup(p+1, o-p-1); + + /* Extract the options */ + if (*o == ',') + temp.service_options = strdup(o+1); + + if (!temp.service_name && !temp.portno && temp.service_options) + fatal("You must specify either a service name or a port (or both): %s", + exp); + if (!temp.service_name && temp.portno) { + if (!(temp.service_name = port2name(temp.portno))) + temp.error = true; + } + + return temp; +} + + +/* + * Parsing for -p option + */ +void +parse_services(char *const exp, vector &services) +{ + unsigned int nports; + char *temp, *s; + service_lookup *serv; + + nports = 0; + while (1) { + if (nports == 0) + temp = strtok(exp, ","); + else + temp = strtok(NULL, ","); + + if (temp == NULL) + break; + + serv = (service_lookup *)safe_zalloc(sizeof(service_lookup)); + + if (isdigit(temp[0])) { /* just port number */ + serv->portno = str2port(temp); + } else { /* service name and/or port number */ + if ((s = strchr(temp, ':'))) { /* service name and port number */ + *s = '\0'; + serv->name = strdup(temp); + serv->portno = str2port(++s); + } else /* service name only */ + serv->name = strdup(temp); + } + nports++; + + /* check if service is supported */ + if (check_supported_services(serv)) + continue; + + /* check for duplicate services */ + if (check_duplicate_services(services, serv)) + continue; + + services.push_back(serv); + } +} + + +/* + * Parsing for -m option + */ +void +parse_module_options(char *const exp) +{ + char *name, *options; + global_service temp; + vector ::iterator vi; + + if (!(name = strtok(exp, ":"))) { + error("No service name specified for option: -m %s . Ignoring...", exp); + return; + } + if (!(options = strtok(NULL, ":"))) { + error("No options specified for module: %s . Ignoring...", name); + return; + } + + /* retrieve struct with options specified for this module */ + temp = parse_services_options(options); + + for (vi = ServicesTable.begin(); vi != ServicesTable.end(); vi++) { + if (!strcmp(vi->lookup.name, name)) + break; + } + if (vi == ServicesTable.end()) { + error("Service with name '%s' not supported! Ignoring...", name); + return; + } + + /* apply any options (non-zero) to global ServicesTable */ + if (temp.timing.min_connection_limit) + vi->timing.min_connection_limit = temp.timing.min_connection_limit; + if (temp.timing.max_connection_limit) + vi->timing.max_connection_limit = temp.timing.max_connection_limit; + if (temp.timing.auth_tries) + vi->timing.auth_tries = temp.timing.auth_tries; + if (temp.timing.connection_delay) + vi->timing.connection_delay = temp.timing.connection_delay; + if (temp.timing.connection_retries) + vi->timing.connection_retries = temp.timing.connection_retries; + if (temp.timing.timeout) + vi->timing.timeout = temp.timing.timeout; + if (temp.misc.path) { + vi->misc.path = Strndup(temp.misc.path, strlen(temp.misc.path)+1); + free(temp.misc.path); + } + if (temp.misc.db) { + vi->misc.db = Strndup(temp.misc.db, strlen(temp.misc.db)+1); + free(temp.misc.db); + } + if (temp.misc.domain) { + vi->misc.domain = Strndup(temp.misc.domain, strlen(temp.misc.domain)+1); + free(temp.misc.domain); + } + if (temp.misc.ssl) + vi->misc.ssl = temp.misc.ssl; +} + + + +void +apply_host_options(Service *service, char *const options) +{ + global_service temp; + + /* retrieve struct with options specified for this service */ + temp = parse_services_options(options); + + /* apply any valid options to this service */ + if (temp.timing.min_connection_limit != NOT_ASSIGNED) { + if (temp.timing.min_connection_limit > service->max_connection_limit) + service->max_connection_limit = temp.timing.min_connection_limit; + service->min_connection_limit = temp.timing.min_connection_limit; + } + if (temp.timing.max_connection_limit != NOT_ASSIGNED) { + if (temp.timing.max_connection_limit < service->min_connection_limit) + service->min_connection_limit = temp.timing.max_connection_limit; + service->max_connection_limit = temp.timing.max_connection_limit; + } + if (temp.timing.auth_tries != NOT_ASSIGNED) + service->auth_tries = temp.timing.auth_tries; + if (temp.timing.connection_delay != NOT_ASSIGNED) + service->connection_delay = temp.timing.connection_delay; + if (temp.timing.connection_retries != NOT_ASSIGNED) + service->connection_retries = temp.timing.connection_retries; + if (temp.timing.timeout != NOT_ASSIGNED) + service->timeout = temp.timing.timeout; + if (temp.misc.path) { + if (service->path) + free(service->path); + service->path = Strndup(temp.misc.path, strlen(temp.misc.path)+1); + free(temp.misc.path); + } + if (temp.misc.db) { + if (service->db) + free(service->db); + service->db = Strndup(temp.misc.db, strlen(temp.misc.db)+1); + free(temp.misc.db); + } + if (temp.misc.domain) { + if (service->domain) + free(service->domain); + service->domain = Strndup(temp.misc.domain, strlen(temp.misc.domain)+1); + free(temp.misc.domain); + } + if (temp.misc.ssl) + service->ssl = temp.misc.ssl; + +} + + +int +apply_service_options(Service *service) +{ + vector ::iterator vi; + + for (vi = ServicesTable.begin(); vi != ServicesTable.end(); vi++) { + if (!strcmp(vi->lookup.name, service->name)) + break; + } + if (vi == ServicesTable.end()) { + error("Service with name '%s' not supported! Ignoring...", service->name); + return -1; + } + + if (!service->portno) + service->portno = vi->lookup.portno; + if (vi->timing.min_connection_limit != NOT_ASSIGNED) + service->min_connection_limit = vi->timing.min_connection_limit; + if (vi->timing.max_connection_limit != NOT_ASSIGNED) + service->max_connection_limit = vi->timing.max_connection_limit; + if (vi->timing.auth_tries != NOT_ASSIGNED) + service->auth_tries = vi->timing.auth_tries; + if (vi->timing.connection_delay != NOT_ASSIGNED) + service->connection_delay = vi->timing.connection_delay; + if (vi->timing.connection_retries != NOT_ASSIGNED) + service->connection_retries = vi->timing.connection_retries; + if (vi->timing.timeout != NOT_ASSIGNED) + service->timeout = vi->timing.timeout; + if (vi->misc.path) { + if (service->path) + free(service->path); + service->path = Strndup(vi->misc.path, strlen(vi->misc.path)); + } + if (vi->misc.db) { + if (service->db) + free(service->db); + service->db = Strndup(vi->misc.db, strlen(vi->misc.db)); + } + if (vi->misc.domain) { + if (service->domain) + free(service->domain); + service->domain = Strndup(vi->misc.domain, strlen(vi->misc.domain)); + } + if (vi->misc.ssl) + service->ssl = vi->misc.ssl; + + return 0; +} + + +void +clean_spec(ts_spec *spec) +{ + if (spec->service_name) { + free(spec->service_name); + spec->service_name = NULL; + } + if (spec->host_expr) { + free(spec->host_expr); + spec->host_expr = NULL; + } + if (spec->service_options) { + free(spec->service_options); + spec->service_options = NULL; + } + if (spec->portno) { + free(spec->portno); + spec->portno = NULL; + } +} + + +void +prepare_timing_template(timing_options *timing) +{ + if (!timing) + fatal("%s invalid pointer!", __func__); + + /* Default timeout is 0 - which means no timeout */ + timing->timeout = 0; + + if (o.timing_level == 0) { /* Paranoid */ + timing->min_connection_limit = 1; + timing->max_connection_limit = 1; + timing->auth_tries = 1; + timing->connection_delay = 10000; /* 10 secs */ + timing->connection_retries = 20; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 50; + } else if (o.timing_level == 1) { /* Sneaky */ + timing->min_connection_limit = 1; + timing->max_connection_limit = 2; + timing->auth_tries = 2; + timing->connection_delay = 7500; + timing->connection_retries = 30; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 150; + } else if (o.timing_level == 2) { /* Polite */ + timing->min_connection_limit = 3; + timing->max_connection_limit = 5; + timing->auth_tries = 5; + timing->connection_delay = 5000; + timing->connection_retries = 30; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 500; + } else if (o.timing_level == 4) { /* Aggressive */ + timing->min_connection_limit = 10; + timing->max_connection_limit = 150; + timing->auth_tries = 0; + timing->connection_delay = 0; + timing->connection_retries = 40; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 3000; + } else if (o.timing_level == 5) { /* Insane */ + timing->min_connection_limit = 15; + timing->max_connection_limit = 1000; + timing->auth_tries = 0; + timing->connection_delay = 0; + timing->connection_retries = 50; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 10000; + } else { /* Normal */ + timing->min_connection_limit = 7; + timing->max_connection_limit = 80; + timing->auth_tries = 0; + timing->connection_delay = 0; + timing->connection_retries = 30; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 1500; + } +} + + +void +apply_timing_template(Service *service, timing_options *timing) +{ + service->min_connection_limit = timing->min_connection_limit; + service->max_connection_limit = timing->max_connection_limit; + service->auth_tries = timing->auth_tries; + service->connection_delay = timing->connection_delay; + service->connection_retries = timing->connection_retries; + service->timeout = timing->timeout; +} + + + + +/**** Helper functions ****/ + + +/* + * Checks for duplicate services by looking at port number. + */ +static int +check_duplicate_services(vector services, + service_lookup *serv) +{ + vector ::iterator vi; + + for (vi = services.begin(); vi != services.end(); vi++) { + if ((*vi)->portno == serv->portno) { + error("Ignoring duplicate service: '%s:%hu' . Collides with " + "'%s:%hu'", serv->name, serv->portno, + (*vi)->name, (*vi)->portno); + return -1; + } + } + return 0; +} + + +/* + * Checks if current service is supported by looking at + * the global lookup table ServicesTable. + * If a service name has no port, then a default is assigned. + * If a port has no service name, then the corresponding service + * name is assigned. Returns -1 if service is not supported. + */ +static int +check_supported_services(service_lookup *serv) +{ + vector ::iterator vi; + /* + * If only port is specified make search based on port. + * If only service OR if service:port is specified then + * lookup based on service name. + */ + if (!serv->name && serv->portno) { + for (vi = ServicesTable.begin(); vi != ServicesTable.end(); vi++) { + if (vi->lookup.portno == serv->portno) { + serv->name = strdup(vi->lookup.name); /* assign service name */ + break; + } + } + if (vi == ServicesTable.end()) { + error("Service with default port '%hu' not supported! Ignoring..." + "For non-default ports specify :", + serv->portno); + return -1; + } + } else if (serv->name) { + for (vi = ServicesTable.begin(); vi != ServicesTable.end(); vi++) { + if (!strcmp(vi->lookup.name, serv->name)) { + if (!serv->portno) /* assign default port number */ + serv->portno = vi->lookup.portno; + break; + } + } + if (vi == ServicesTable.end()) { + error("Service with name '%s' not supported! Ignoring...", + serv->name); + return -1; + } + } else + fatal("%s failed due to invalid parsing", __func__); + + serv->proto = vi->lookup.proto; // TODO: check for UDP (duplicate etc) + return 0; +} + + +/* + * Returns service name corresponding to the given port. It will first + * check ServicesTable for the availability of support for the service with + * that default port number. + */ +char * +port2name(char *port) +{ + vector ::iterator vi; + u16 portno; + char *name = NULL; + + if (!port) + fatal("%s NULL port given!", __func__); + + portno = str2port(port); + for (vi = ServicesTable.begin(); vi != ServicesTable.end(); vi++) { + if (vi->lookup.portno == portno) { + name = strdup(vi->lookup.name); + break; + } + } + if (vi == ServicesTable.end()) + error("Service with default port '%hu' not supported! Ignoring...", portno); + return name; +} + + +/* + * Goes through the available options comparing them with 'argname' + * and if it finds a match, it applies its value ('argval') into + * the struct 'temp' + */ +static void +check_service_option(global_service *temp, char *argname, char *argval) +{ + /* Timing options */ + if (!strcmp("cl", argname)) { + long limit = Strtoul(argval, 1); + if (limit < 0) + fatal("Minimum connection limit (cl) '%ld' cannot be a negative number!", + limit); + if (temp->timing.max_connection_limit != NOT_ASSIGNED + && temp->timing.max_connection_limit < limit) + fatal("Minimum connection limit (cl) '%ld' cannot be larger than " + "maximum connection limit (CL) '%ld'!", + limit, temp->timing.max_connection_limit); + temp->timing.min_connection_limit = limit; + } else if (!strcmp("CL", argname)) { + long limit = Strtoul(argval, 1); + if (limit < 0) + fatal("Maximum connection limit (CL) '%ld' cannot be a negative number!", + limit); + if (temp->timing.min_connection_limit != NOT_ASSIGNED + && temp->timing.min_connection_limit > limit) + fatal("Maximum connection limit (CL) '%ld' cannot be smaller than " + "minimum connection limit (cl) '%ld'!", + limit, temp->timing.min_connection_limit); + temp->timing.max_connection_limit = limit; + } else if (!strcmp("at", argname)) { + long tries = Strtoul(argval, 1); + if (tries < 0) + fatal("Authentication tries (at) '%ld' cannot be a negative number!", + tries); + temp->timing.auth_tries = tries; + } else if (!strcmp("cd", argname)) { + if ((temp->timing.connection_delay = tval2msecs(argval)) < 0) + fatal("Connection delay (cd) '%s' cannot be parsed correctly!", + argval); + } else if (!strcmp("cr", argname)) { + long retries = Strtoul(argval, 1); + if (retries < 0) + fatal("Connection retries (cr) '%ld' cannot be a negative number!", + retries); + temp->timing.connection_retries = retries; + } else if (!strcmp("to", argname)) { + if ((temp->timing.timeout = tval2msecs(argval)) < 0) + fatal("Timeout (to) '%s' cannot be parsed correctly!", argval); + /* Miscalleneous options */ + } else if (!strcmp("path", argname)) { + temp->misc.path = Strndup(argval, strlen(argval)); + } else if (!strcmp("ssl", argname)) { + temp->misc.ssl = true; + } else if (!strcmp("db", argname)) { + temp->misc.db = Strndup(argval, strlen(argval)); + } else if (!strcmp("domain", argname)) { + temp->misc.domain = Strndup(argval, strlen(argval)); + } else + error("Unknown service option: %s", argname); +} + + + +static global_service +parse_services_options(char *const exp) +{ + char *arg, *argname, *argval; + global_service temp; + + memset(&temp, 0, sizeof(temp)); + temp.timing.min_connection_limit = NOT_ASSIGNED; + temp.timing.max_connection_limit = NOT_ASSIGNED; + temp.timing.auth_tries = NOT_ASSIGNED; + temp.timing.connection_delay = NOT_ASSIGNED; + temp.timing.connection_retries = NOT_ASSIGNED; + temp.timing.timeout = NOT_ASSIGNED; + + arg = argval = argname = NULL; + + /* check if we have only one option */ + if ((arg = strtok(exp, ","))) { + if (!parse_service_argument(arg, &argname, &argval)) { + check_service_option(&temp, argname, argval); + if (argname) { + free(argname); + argname = NULL; + } + if (argval) { + free(argval); + argval = NULL; + } + } + } + + while ((arg = strtok(NULL, ","))) { + /* Tokenize it on our own since we can't use strtok on 2 different + * strings at the same time and strtok_r is unportable + */ + if (!parse_service_argument(arg, &argname, &argval)) { + check_service_option(&temp, argname, argval); + if (argname) { + free(argname); + argname = NULL; + } + if (argval) { + free(argval); + argval = NULL; + } + } + } + return temp; +} + + + +/* + * Helper parsing function. Will parse 'arg' which should be in form: + * argname=argval and store strings into 'argname' and 'argval'. + * Returns 0 for success. + */ +static int +parse_service_argument(char *const arg, char **argname, char **argval) +{ + size_t i, arg_len, argname_len, argval_len; + + i = 0; + arg_len = strlen(arg); + while (i < arg_len) { + if (arg[i] == '=') + break; + i++; + } + if (i == arg_len) { + /* Special case for ssl */ + if (!strcmp(arg, "ssl")) { + *argname = Strndup(arg, i); + *argval = NULL; + return 0; + } + error("Invalid option argument (missing '='): %s", arg); + return -1; + } + argname_len = i; + *argname = Strndup(arg, argname_len); + + i++; /* arg[i] now points to '=' */ + while (i < arg_len) { + if (arg[i] == '\0') + break; + i++; + } + if (i == argname_len + 1) { + error("No value specified for option %s", *argname); + free(*argname); + argname = NULL; + return -1; + } + /* allocate i - name_len - 1('=') */ + argval_len = i - argname_len - 1; + *argval = Strndup(&arg[i - argval_len], argval_len); + + return 0; +} + diff --git a/include/DomainExec/Utils/services.h b/include/DomainExec/Utils/services.h new file mode 100644 index 00000000..d78188c3 --- /dev/null +++ b/include/DomainExec/Utils/services.h @@ -0,0 +1,163 @@ + +/*************************************************************************** + * services.h -- parsing functions for command-line service and option * + * specification. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef SERVICES_H +#define SERVICES_H 1 + +#include "global_structures.h" +#include "Service.h" +#include +using namespace std; + +#define NOT_ASSIGNED -1 + +/* target-service specification */ +typedef struct ts_spec { + char *service_name; + char *host_expr; + char *service_options; + char *portno; + bool error; +} ts_spec; + + +/* parse service/port information for Ncrack */ +ts_spec parse_services_target(char *const exp); +void parse_module_options(char *const exp); +int apply_service_options(Service *service); +void apply_host_options(Service *service, char *const options); +void parse_services(char *const exp, vector &services); +void prepare_timing_template(timing_options *timing); +void apply_timing_template(Service *service, timing_options *timing); +void clean_spec(ts_spec *spec); +char *port2name(char *portno); + +#endif diff --git a/include/DomainExec/Utils/shtool b/include/DomainExec/Utils/shtool new file mode 100644 index 00000000..aa4a2d4d --- /dev/null +++ b/include/DomainExec/Utils/shtool @@ -0,0 +1,686 @@ +#!/bin/sh +## +## GNU shtool -- The GNU Portable Shell Tool +## Copyright (c) 1994-2008 Ralf S. Engelschall +## +## See http://www.gnu.org/software/shtool/ for more information. +## See ftp://ftp.gnu.org/gnu/shtool/ for latest version. +## +## Version: 2.0.8 (18-Jul-2008) +## Contents: 2/19 available modules +## + +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +## General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +## USA, or contact Ralf S. Engelschall . +## +## NOTICE: Given that you include this file verbatim into your own +## source tree, you are justified in saying that it remains separate +## from your package, and that this way you are simply just using GNU +## shtool. So, in this situation, there is no requirement that your +## package itself is licensed under the GNU General Public License in +## order to take advantage of GNU shtool. +## + +## +## Usage: shtool [] [ [] []] +## +## Available commands: +## install Install a program, script or datafile +## mkdir Make one or more directories +## +## Not available commands (because module was not built-in): +## echo Print string with optional construct expansion +## mdate Pretty-print modification time of a file or dir +## table Pretty-print a field-separated list as a table +## prop Display progress with a running propeller +## move Move files with simultaneous substitution +## mkln Make link with calculation of relative paths +## mkshadow Make a shadow tree through symbolic links +## fixperm Fix file permissions inside a source tree +## rotate Logfile rotation +## tarball Roll distribution tarballs +## subst Apply sed(1) substitution operations +## platform Platform Identification Utility +## arx Extended archive command +## slo Separate linker options by library class +## scpp Sharing C Pre-Processor +## version Maintain a version information file +## path Deal with program paths +## + +# maximum Bourne-Shell compatibility +if [ ".$ZSH_VERSION" != . ] && (emulate sh) >/dev/null 2>&1; then + # reconfigure zsh(1) + emulate sh + NULLCMD=: + alias -g '${1+"$@"}'='"$@"' +elif [ ".$BASH_VERSION" != . ] && (set -o posix) >/dev/null 2>&1; then + # reconfigure bash(1) + set -o posix +fi + +# maximum independence of NLS nuisances +for var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $var=C; export $var) 2>&1`"); then + eval $var=C; export $var + else + unset $var + fi +done + +# initial command line handling +if [ $# -eq 0 ]; then + echo "$0:Error: invalid command line" 1>&2 + echo "$0:Hint: run \`$0 -h' for usage" 1>&2 + exit 1 +fi +if [ ".$1" = ".-h" ] || [ ".$1" = ".--help" ]; then + echo "This is GNU shtool, version 2.0.8 (18-Jul-2008)" + echo 'Copyright (c) 1994-2008 Ralf S. Engelschall ' + echo 'Report bugs to ' + echo '' + echo 'Usage: shtool [] [ [] []]' + echo '' + echo 'Available global :' + echo ' -v, --version display shtool version information' + echo ' -h, --help display shtool usage help page (this one)' + echo ' -d, --debug display shell trace information' + echo ' -r, --recreate recreate this shtool script via shtoolize' + echo '' + echo 'Available [] []:' + echo ' install [-v|--verbose] [-t|--trace] [-d|--mkdir] [-c|--copy]' + echo ' [-C|--compare-copy] [-s|--strip] [-m|--mode ]' + echo ' [-o|--owner ] [-g|--group ] [-e|--exec' + echo ' ] [ ...] ' + echo ' mkdir [-t|--trace] [-f|--force] [-p|--parents] [-m|--mode' + echo ' ] [-o|--owner ] [-g|--group ] ' + echo ' [ ...]' + echo '' + echo 'Not available (because module was not built-in):' + echo ' echo [-n|--newline] [-e|--expand] [ ...]' + echo ' mdate [-n|--newline] [-z|--zero] [-s|--shorten] [-d|--digits]' + echo ' [-f|--field-sep ] [-o|--order ] ' + echo ' table [-F|--field-sep ] [-w|--width ] [-c|--columns' + echo ' ] [-s|--strip ] ...' + echo ' prop [-p|--prefix ]' + echo ' move [-v|--verbose] [-t|--trace] [-e|--expand] [-p|--preserve]' + echo ' ' + echo ' mkln [-t|--trace] [-f|--force] [-s|--symbolic] ' + echo ' [ ...] ' + echo ' mkshadow [-v|--verbose] [-t|--trace] [-a|--all] ' + echo ' fixperm [-v|--verbose] [-t|--trace] [ ...]' + echo ' rotate [-v|--verbose] [-t|--trace] [-f|--force] [-n|--num-files' + echo ' ] [-s|--size ] [-c|--copy] [-r|--remove]' + echo ' [-a|--archive-dir ] [-z|--compress [:]]' + echo ' [-b|--background] [-d|--delay] [-p|--pad ] [-m|--mode' + echo ' ] [-o|--owner ] [-g|--group ] [-M|--migrate' + echo ' ] [-P|--prolog ] [-E|--epilog ] [...]' + echo ' tarball [-t|--trace] [-v|--verbose] [-o|--output ]' + echo ' [-c|--compress ] [-d|--directory ] [-u|--user' + echo ' ] [-g|--group ] [-e|--exclude ]' + echo ' [ ...]' + echo ' subst [-v|--verbose] [-t|--trace] [-n|--nop] [-w|--warning]' + echo ' [-q|--quiet] [-s|--stealth] [-i|--interactive] [-b|--backup' + echo ' ] [-e|--exec ] [-f|--file ] []' + echo ' [...]' + echo ' platform [-F|--format ] [-S|--sep ] [-C|--conc' + echo ' ] [-L|--lower] [-U|--upper] [-v|--verbose]' + echo ' [-c|--concise] [-n|--no-newline] [-t|--type ]' + echo ' [-V|--version] [-h|--help]' + echo ' arx [-t|--trace] [-C|--command ] [' + echo ' ...]' + echo ' slo [-p|--prefix ] -- -L -l [-L -l' + echo ' ...]' + echo ' scpp [-v|--verbose] [-p|--preserve] [-f|--filter ]' + echo ' [-o|--output ] [-t|--template ] [-M|--mark' + echo ' ] [-D|--define ] [-C|--class ]' + echo ' [ ...]' + echo ' version [-l|--language ] [-n|--name ] [-p|--prefix' + echo ' ] [-s|--set ] [-e|--edit] [-i|--increase' + echo ' ] [-d|--display ] ' + echo ' path [-s|--suppress] [-r|--reverse] [-d|--dirname] [-b|--basename]' + echo ' [-m|--magic] [-p|--path ] [ ...]' + echo '' + exit 0 +fi +if [ ".$1" = ".-v" ] || [ ".$1" = ".--version" ]; then + echo "GNU shtool 2.0.8 (18-Jul-2008)" + exit 0 +fi +if [ ".$1" = ".-r" ] || [ ".$1" = ".--recreate" ]; then + shtoolize -oshtool install mkdir + exit 0 +fi +if [ ".$1" = ".-d" ] || [ ".$1" = ".--debug" ]; then + shift + set -x +fi +name=`echo "$0" | sed -e 's;.*/\([^/]*\)$;\1;' -e 's;-sh$;;' -e 's;\.sh$;;'` +case "$name" in + install|mkdir ) + # implicit tool command selection + tool="$name" + ;; + * ) + # explicit tool command selection + tool="$1" + shift + ;; +esac +arg_spec="" +opt_spec="" +gen_tmpfile=no + +## +## DISPATCH INTO SCRIPT PROLOG +## + +case $tool in + install ) + str_tool="install" + str_usage="[-v|--verbose] [-t|--trace] [-d|--mkdir] [-c|--copy] [-C|--compare-copy] [-s|--strip] [-m|--mode ] [-o|--owner ] [-g|--group ] [-e|--exec ] [ ...] " + arg_spec="1+" + opt_spec="v.t.d.c.C.s.m:o:g:e+" + opt_alias="v:verbose,t:trace,d:mkdir,c:copy,C:compare-copy,s:strip,m:mode,o:owner,g:group,e:exec" + opt_v=no + opt_t=no + opt_d=no + opt_c=no + opt_C=no + opt_s=no + opt_m="0755" + opt_o="" + opt_g="" + opt_e="" + ;; + mkdir ) + str_tool="mkdir" + str_usage="[-t|--trace] [-f|--force] [-p|--parents] [-m|--mode ] [-o|--owner ] [-g|--group ] [ ...]" + arg_spec="1+" + opt_spec="t.f.p.m:o:g:" + opt_alias="t:trace,f:force,p:parents,m:mode,o:owner,g:group" + opt_t=no + opt_f=no + opt_p=no + opt_m="" + opt_o="" + opt_g="" + ;; + -* ) + echo "$0:Error: unknown option \`$tool'" 2>&1 + echo "$0:Hint: run \`$0 -h' for usage" 2>&1 + exit 1 + ;; + * ) + echo "$0:Error: unknown command \`$tool'" 2>&1 + echo "$0:Hint: run \`$0 -h' for usage" 2>&1 + exit 1 + ;; +esac + +## +## COMMON UTILITY CODE +## + +# commonly used ASCII values +ASC_TAB=" " +ASC_NL=" +" + +# determine name of tool +if [ ".$tool" != . ]; then + # used inside shtool script + toolcmd="$0 $tool" + toolcmdhelp="shtool $tool" + msgprefix="shtool:$tool" +else + # used as standalone script + toolcmd="$0" + toolcmdhelp="sh $0" + msgprefix="$str_tool" +fi + +# parse argument specification string +eval `echo $arg_spec |\ + sed -e 's/^\([0-9]*\)\([+=]\)/arg_NUMS=\1; arg_MODE=\2/'` + +# parse option specification string +eval `echo h.$opt_spec |\ + sed -e 's/\([a-zA-Z0-9]\)\([.:+]\)/opt_MODE_\1=\2;/g'` + +# parse option alias string +eval `echo h:help,$opt_alias |\ + sed -e 's/-/_/g' -e 's/\([a-zA-Z0-9]\):\([^,]*\),*/opt_ALIAS_\2=\1;/g'` + +# interate over argument line +opt_PREV='' +while [ $# -gt 0 ]; do + # special option stops processing + if [ ".$1" = ".--" ]; then + shift + break + fi + + # determine option and argument + opt_ARG_OK=no + if [ ".$opt_PREV" != . ]; then + # merge previous seen option with argument + opt_OPT="$opt_PREV" + opt_ARG="$1" + opt_ARG_OK=yes + opt_PREV='' + else + # split argument into option and argument + case "$1" in + --[a-zA-Z0-9]*=*) + eval `echo "x$1" |\ + sed -e 's/^x--\([a-zA-Z0-9-]*\)=\(.*\)$/opt_OPT="\1";opt_ARG="\2"/'` + opt_STR=`echo $opt_OPT | sed -e 's/-/_/g'` + eval "opt_OPT=\${opt_ALIAS_${opt_STR}-${opt_OPT}}" + ;; + --[a-zA-Z0-9]*) + opt_OPT=`echo "x$1" | cut -c4-` + opt_STR=`echo $opt_OPT | sed -e 's/-/_/g'` + eval "opt_OPT=\${opt_ALIAS_${opt_STR}-${opt_OPT}}" + opt_ARG='' + ;; + -[a-zA-Z0-9]*) + eval `echo "x$1" |\ + sed -e 's/^x-\([a-zA-Z0-9]\)/opt_OPT="\1";/' \ + -e 's/";\(.*\)$/"; opt_ARG="\1"/'` + ;; + -[a-zA-Z0-9]) + opt_OPT=`echo "x$1" | cut -c3-` + opt_ARG='' + ;; + *) + break + ;; + esac + fi + + # eat up option + shift + + # determine whether option needs an argument + eval "opt_MODE=\$opt_MODE_${opt_OPT}" + if [ ".$opt_ARG" = . ] && [ ".$opt_ARG_OK" != .yes ]; then + if [ ".$opt_MODE" = ".:" ] || [ ".$opt_MODE" = ".+" ]; then + opt_PREV="$opt_OPT" + continue + fi + fi + + # process option + case $opt_MODE in + '.' ) + # boolean option + eval "opt_${opt_OPT}=yes" + ;; + ':' ) + # option with argument (multiple occurances override) + eval "opt_${opt_OPT}=\"\$opt_ARG\"" + ;; + '+' ) + # option with argument (multiple occurances append) + eval "opt_${opt_OPT}=\"\$opt_${opt_OPT}\${ASC_NL}\$opt_ARG\"" + ;; + * ) + echo "$msgprefix:Error: unknown option: \`$opt_OPT'" 1>&2 + echo "$msgprefix:Hint: run \`$toolcmdhelp -h' or \`man shtool' for details" 1>&2 + exit 1 + ;; + esac +done +if [ ".$opt_PREV" != . ]; then + echo "$msgprefix:Error: missing argument to option \`$opt_PREV'" 1>&2 + echo "$msgprefix:Hint: run \`$toolcmdhelp -h' or \`man shtool' for details" 1>&2 + exit 1 +fi + +# process help option +if [ ".$opt_h" = .yes ]; then + echo "Usage: $toolcmdhelp $str_usage" + exit 0 +fi + +# complain about incorrect number of arguments +case $arg_MODE in + '=' ) + if [ $# -ne $arg_NUMS ]; then + echo "$msgprefix:Error: invalid number of arguments (exactly $arg_NUMS expected)" 1>&2 + echo "$msgprefix:Hint: run \`$toolcmd -h' or \`man shtool' for details" 1>&2 + exit 1 + fi + ;; + '+' ) + if [ $# -lt $arg_NUMS ]; then + echo "$msgprefix:Error: invalid number of arguments (at least $arg_NUMS expected)" 1>&2 + echo "$msgprefix:Hint: run \`$toolcmd -h' or \`man shtool' for details" 1>&2 + exit 1 + fi + ;; +esac + +# establish a temporary file on request +if [ ".$gen_tmpfile" = .yes ]; then + # create (explicitly) secure temporary directory + if [ ".$TMPDIR" != . ]; then + tmpdir="$TMPDIR" + elif [ ".$TEMPDIR" != . ]; then + tmpdir="$TEMPDIR" + else + tmpdir="/tmp" + fi + tmpdir="$tmpdir/.shtool.$$" + ( umask 077 + rm -rf "$tmpdir" >/dev/null 2>&1 || true + mkdir "$tmpdir" >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "$msgprefix:Error: failed to create temporary directory \`$tmpdir'" 1>&2 + exit 1 + fi + ) + + # create (implicitly) secure temporary file + tmpfile="$tmpdir/shtool.tmp" + touch "$tmpfile" +fi + +# utility function: map string to lower case +util_lower () { + echo "$1" | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' +} + +# utility function: map string to upper case +util_upper () { + echo "$1" | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' +} + +# cleanup procedure +shtool_exit () { + rc="$1" + if [ ".$gen_tmpfile" = .yes ]; then + rm -rf "$tmpdir" >/dev/null 2>&1 || true + fi + exit $rc +} + +## +## DISPATCH INTO SCRIPT BODY +## + +case $tool in + +install ) + ## + ## install -- Install a program, script or datafile + ## Copyright (c) 1997-2008 Ralf S. Engelschall + ## + + # special case: "shtool install -d [...]" internally + # maps to "shtool mkdir -f -p -m 755 [...]" + if [ "$opt_d" = yes ]; then + cmd="$0 mkdir -f -p -m 755" + if [ ".$opt_o" != . ]; then + cmd="$cmd -o '$opt_o'" + fi + if [ ".$opt_g" != . ]; then + cmd="$cmd -g '$opt_g'" + fi + if [ ".$opt_v" = .yes ]; then + cmd="$cmd -v" + fi + if [ ".$opt_t" = .yes ]; then + cmd="$cmd -t" + fi + for dir in "$@"; do + eval "$cmd $dir" || shtool_exit $? + done + shtool_exit 0 + fi + + # determine source(s) and destination + argc=$# + srcs="" + while [ $# -gt 1 ]; do + srcs="$srcs $1" + shift + done + dstpath="$1" + + # type check for destination + dstisdir=0 + if [ -d $dstpath ]; then + dstpath=`echo "$dstpath" | sed -e 's:/$::'` + dstisdir=1 + fi + + # consistency check for destination + if [ $argc -gt 2 ] && [ $dstisdir = 0 ]; then + echo "$msgprefix:Error: multiple sources require destination to be directory" 1>&2 + shtool_exit 1 + fi + + # iterate over all source(s) + for src in $srcs; do + dst=$dstpath + + # if destination is a directory, append the input filename + if [ $dstisdir = 1 ]; then + dstfile=`echo "$src" | sed -e 's;.*/\([^/]*\)$;\1;'` + dst="$dst/$dstfile" + fi + + # check for correct arguments + if [ ".$src" = ".$dst" ]; then + echo "$msgprefix:Warning: source and destination are the same - skipped" 1>&2 + continue + fi + if [ -d "$src" ]; then + echo "$msgprefix:Warning: source \`$src' is a directory - skipped" 1>&2 + continue + fi + + # make a temp file name in the destination directory + dsttmp=`echo $dst |\ + sed -e 's;[^/]*$;;' -e 's;\(.\)/$;\1;' -e 's;^$;.;' \ + -e "s;\$;/#INST@$$#;"` + + # verbosity + if [ ".$opt_v" = .yes ]; then + echo "$src -> $dst" 1>&2 + fi + + # copy or move the file name to the temp name + # (because we might be not allowed to change the source) + if [ ".$opt_C" = .yes ]; then + opt_c=yes + fi + if [ ".$opt_c" = .yes ]; then + if [ ".$opt_t" = .yes ]; then + echo "cp $src $dsttmp" 1>&2 + fi + cp "$src" "$dsttmp" || shtool_exit $? + else + if [ ".$opt_t" = .yes ]; then + echo "mv $src $dsttmp" 1>&2 + fi + mv "$src" "$dsttmp" || shtool_exit $? + fi + + # adjust the target file + if [ ".$opt_e" != . ]; then + sed='sed' + OIFS="$IFS"; IFS="$ASC_NL"; set -- $opt_e; IFS="$OIFS" + for e + do + sed="$sed -e '$e'" + done + cp "$dsttmp" "$dsttmp.old" + chmod u+w $dsttmp + eval "$sed <$dsttmp.old >$dsttmp" || shtool_exit $? + rm -f $dsttmp.old + fi + if [ ".$opt_s" = .yes ]; then + if [ ".$opt_t" = .yes ]; then + echo "strip $dsttmp" 1>&2 + fi + strip $dsttmp || shtool_exit $? + fi + if [ ".$opt_o" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chown $opt_o $dsttmp" 1>&2 + fi + chown $opt_o $dsttmp || shtool_exit $? + fi + if [ ".$opt_g" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chgrp $opt_g $dsttmp" 1>&2 + fi + chgrp $opt_g $dsttmp || shtool_exit $? + fi + if [ ".$opt_m" != ".-" ]; then + if [ ".$opt_t" = .yes ]; then + echo "chmod $opt_m $dsttmp" 1>&2 + fi + chmod $opt_m $dsttmp || shtool_exit $? + fi + + # determine whether to do a quick install + # (has to be done _after_ the strip was already done) + quick=no + if [ ".$opt_C" = .yes ]; then + if [ -r $dst ]; then + if cmp -s "$src" "$dst"; then + quick=yes + fi + fi + fi + + # finally, install the file to the real destination + if [ $quick = yes ]; then + if [ ".$opt_t" = .yes ]; then + echo "rm -f $dsttmp" 1>&2 + fi + rm -f $dsttmp + else + if [ ".$opt_t" = .yes ]; then + echo "rm -f $dst && mv $dsttmp $dst" 1>&2 + fi + rm -f $dst && mv $dsttmp $dst + fi + done + + shtool_exit 0 + ;; + +mkdir ) + ## + ## mkdir -- Make one or more directories + ## Copyright (c) 1996-2008 Ralf S. Engelschall + ## + + errstatus=0 + for p in ${1+"$@"}; do + # if the directory already exists... + if [ -d "$p" ]; then + if [ ".$opt_f" = .no ] && [ ".$opt_p" = .no ]; then + echo "$msgprefix:Error: directory already exists: $p" 1>&2 + errstatus=1 + break + else + continue + fi + fi + # if the directory has to be created... + if [ ".$opt_p" = .no ]; then + if [ ".$opt_t" = .yes ]; then + echo "mkdir $p" 1>&2 + fi + mkdir $p || errstatus=$? + if [ ".$opt_o" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chown $opt_o $p" 1>&2 + fi + chown $opt_o $p || errstatus=$? + fi + if [ ".$opt_g" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chgrp $opt_g $p" 1>&2 + fi + chgrp $opt_g $p || errstatus=$? + fi + if [ ".$opt_m" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chmod $opt_m $p" 1>&2 + fi + chmod $opt_m $p || errstatus=$? + fi + else + # the smart situation + set fnord `echo ":$p" |\ + sed -e 's/^:\//%/' \ + -e 's/^://' \ + -e 's/\// /g' \ + -e 's/^%/\//'` + shift + pathcomp='' + for d in ${1+"$@"}; do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp="./$pathcomp" ;; + esac + if [ ! -d "$pathcomp" ]; then + if [ ".$opt_t" = .yes ]; then + echo "mkdir $pathcomp" 1>&2 + fi + mkdir $pathcomp || errstatus=$? + if [ ".$opt_o" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chown $opt_o $pathcomp" 1>&2 + fi + chown $opt_o $pathcomp || errstatus=$? + fi + if [ ".$opt_g" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chgrp $opt_g $pathcomp" 1>&2 + fi + chgrp $opt_g $pathcomp || errstatus=$? + fi + if [ ".$opt_m" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chmod $opt_m $pathcomp" 1>&2 + fi + chmod $opt_m $pathcomp || errstatus=$? + fi + fi + pathcomp="$pathcomp/" + done + fi + done + + shtool_exit $errstatus + ;; + +esac + +shtool_exit 0 + diff --git a/include/DomainExec/Utils/targets.cc b/include/DomainExec/Utils/targets.cc new file mode 100644 index 00000000..473044b1 --- /dev/null +++ b/include/DomainExec/Utils/targets.cc @@ -0,0 +1,435 @@ + +/*************************************************************************** + * targets.cc -- Functions related to determining the exact IPs to hit * + * based on CIDR and other input formats and handling the exclude-file * + * option. nexthost function is tailored to Ncrack's needs that avoids * + * using HostGroups. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: targets.cc 12955 2009-04-15 00:37:03Z fyodor $ */ + + +#include "ncrack.h" +#include "targets.h" +#include "TargetGroup.h" +#include "Service.h" +#include "Target.h" +#include "NcrackOps.h" +#include "utils.h" + +extern NcrackOps o; +using namespace std; + +/* Gets the host number (index) of target in the hostbatch array of + pointers. Note that the target MUST EXIST in the array or all + heck will break loose. */ +static inline int gethostnum(Target *hostbatch[], Target *target) { + int i = 0; + do { + if (hostbatch[i] == target) + return i; + } while(++i); + + fatal("fluxx0red"); + return 0; // Unreached +} + + + +/* Is the host passed as Target to be excluded, much of this logic had (mdmcl) + * to be rewritten from wam's original code to allow for the objects */ +static int hostInExclude(struct sockaddr *checksock, size_t checksocklen, + TargetGroup *exclude_group) { + unsigned long tmpTarget; /* ip we examine */ + int i=0; /* a simple index */ + char targets_type; /* what is the address type of the Target Group */ + struct sockaddr_storage ss; + struct sockaddr_in *sin = (struct sockaddr_in *) &ss; + size_t slen; /* needed for funct but not used */ + unsigned long mask = 0; /* our trusty netmask, which we convert to nbo */ + struct sockaddr_in *checkhost; + + if ((TargetGroup *)0 == exclude_group) + return 0; + + assert(checksocklen >= sizeof(struct sockaddr_in)); + checkhost = (struct sockaddr_in *) checksock; + if (checkhost->sin_family != AF_INET) + checkhost = NULL; + + /* First find out what type of addresses are in the target group */ + targets_type = exclude_group[i].get_targets_type(); + + /* Lets go through the targets until we reach our uninitialized placeholder */ + while (exclude_group[i].get_targets_type() != TargetGroup::TYPE_NONE) + { + /* while there are still hosts in the target group */ + while (exclude_group[i].get_next_host(&ss, &slen) == 0) { + tmpTarget = sin->sin_addr.s_addr; + + /* For Netmasks simply compare the network bits and move to the next + * group if it does not compare, we don't care about the individual addrs */ + if (targets_type == TargetGroup::IPV4_NETMASK) { + mask = htonl((unsigned long) (0-1) << (32-exclude_group[i].get_mask())); + if ((tmpTarget & mask) == (checkhost->sin_addr.s_addr & mask)) { + exclude_group[i].rewind(); + return 1; + } + else { + break; + } + } + /* For ranges we need to be a little more slick, if we don't find a match + * we should skip the rest of the addrs in the octet, thank wam for this + * optimization */ + else if (targets_type == TargetGroup::IPV4_RANGES) { + if (tmpTarget == checkhost->sin_addr.s_addr) { + exclude_group[i].rewind(); + return 1; + } + else { /* note these are in network byte order */ + if ((tmpTarget & 0x000000ff) != (checkhost->sin_addr.s_addr & 0x000000ff)) + exclude_group[i].skip_range(TargetGroup::FIRST_OCTET); + else if ((tmpTarget & 0x0000ff00) != (checkhost->sin_addr.s_addr & 0x0000ff00)) + exclude_group[i].skip_range(TargetGroup::SECOND_OCTET); + else if ((tmpTarget & 0x00ff0000) != (checkhost->sin_addr.s_addr & 0x00ff0000)) + exclude_group[i].skip_range(TargetGroup::THIRD_OCTET); + + continue; + } + } +#if HAVE_IPV6 + else if (targets_type == TargetGroup::IPV6_ADDRESS) { + fatal("exclude file not supported for IPV6 -- If it is important to you, send a mail to fyodor@insecure.org so I can gauge support\n"); + } +#endif + } + exclude_group[i++].rewind(); + } + + /* we did not find the host */ + return 0; +} + +/* loads an exclude file into an exclude target list (mdmcl) */ +TargetGroup* load_exclude(FILE *fExclude, char *szExclude) { + int i=0; /* loop counter */ + int iLine=0; /* line count */ + int iListSz=0; /* size of our exclude target list. + * It doubles in size as it gets + * close to filling up + */ + char acBuf[512]; + char *p_acBuf; + TargetGroup *excludelist; /* list of ptrs to excluded targets */ + char *pc; /* the split out exclude expressions */ + char b_file = (char)0; /* flag to indicate if we are using a file */ + + /* If there are no params return now with a NULL list */ + if (((FILE *)0 == fExclude) && ((char *)0 == szExclude)) { + excludelist=NULL; + return excludelist; + } + + if ((FILE *)0 != fExclude) + b_file = (char)1; + + /* Since I don't know of a realloc equiv in C++, we will just count + * the number of elements here. */ + + /* If the input was given to us in a file, count the number of elements + * in the file, and reset the file */ + if (1 == b_file) { + while ((char *)0 != fgets(acBuf,sizeof(acBuf), fExclude)) { + /* the last line can contain no newline, then we have to check for EOF */ + if ((char *)0 == strchr(acBuf, '\n') && !feof(fExclude)) { + fatal("Exclude file line %d was too long to read. Exiting.", iLine); + } + pc=strtok(acBuf, "\t\n "); + while (NULL != pc) { + iListSz++; + pc=strtok(NULL, "\t\n "); + } + } + rewind(fExclude); + } /* If the exclude file was provided via command line, count the elements here */ + else { + p_acBuf=strdup(szExclude); + pc=strtok(p_acBuf, ","); + while (NULL != pc) { + iListSz++; + pc=strtok(NULL, ","); + } + free(p_acBuf); + p_acBuf = NULL; + } + + /* allocate enough TargetGroups to cover our entries, plus one that + * remains uninitialized so we know we reached the end */ + excludelist = new TargetGroup[iListSz + 1]; + + /* don't use a for loop since the counter isn't incremented if the + * exclude entry isn't parsed + */ + i=0; + if (1 == b_file) { + /* If we are parsing a file load the exclude list from that */ + while ((char *)0 != fgets(acBuf, sizeof(acBuf), fExclude)) { + ++iLine; + if ((char *)0 == strchr(acBuf, '\n') && !feof(fExclude)) { + fatal("Exclude file line %d was too long to read. Exiting.", iLine); + } + + pc=strtok(acBuf, "\t\n "); + + while ((char *)0 != pc) { + if(excludelist[i].parse_expr(pc,o.af()) == 0) { + if (o.debugging > 1) + error("Loaded exclude target of: %s", pc); + ++i; + } + pc=strtok(NULL, "\t\n "); + } + } + } + else { + /* If we are parsing command line, load the exclude file from the string */ + p_acBuf=strdup(szExclude); + pc=strtok(p_acBuf, ","); + + while (NULL != pc) { + if(excludelist[i].parse_expr(pc,o.af()) == 0) { + if (o.debugging >1) + error("Loaded exclude target of: %s", pc); + ++i; + } + + /* This is a totally cheezy hack, but since I can't use strtok_r... + * If you can think of a better way to do this, feel free to change. + * As for now, we will reset strtok each time we leave parse_expr */ + { + int hack_i; + char *hack_c = strdup(szExclude); + + pc=strtok(hack_c, ","); + + for (hack_i = 0; hack_i < i; hack_i++) + pc=strtok(NULL, ","); + + free(hack_c); + } + } + } + return excludelist; +} + +/* A debug routine to dump some information to stdout. (mdmcl) + * Invoked if debugging is set to 3 or higher + * I had to make signigicant changes from wam's code. Although wam + * displayed much more detail, alot of this is now hidden inside + * of the Target Group Object. Rather than writing a bunch of methods + * to return private attributes, which would only be used for + * debugging, I went for the method below. + */ +int dumpExclude(TargetGroup *exclude_group) { + int i=0, debug_save=0, type=TargetGroup::TYPE_NONE; + unsigned int mask = 0; + struct sockaddr_storage ss; + struct sockaddr_in *sin = (struct sockaddr_in *) &ss; + size_t slen; + + /* shut off debugging for now, this is a debug routine in itself, + * we don't want to see all the debug messages inside of the object */ + debug_save = o.debugging; + o.debugging = 0; + + while ((type = exclude_group[i].get_targets_type()) != TargetGroup::TYPE_NONE) + { + switch (type) { + case TargetGroup::IPV4_NETMASK: + exclude_group[i].get_next_host(&ss, &slen); + mask = exclude_group[i].get_mask(); + error("exclude host group %d is %s/%d\n", i, inet_ntoa(sin->sin_addr), mask); + break; + + case TargetGroup::IPV4_RANGES: + while (exclude_group[i].get_next_host(&ss, &slen) == 0) + error("exclude host group %d is %s\n", i, inet_ntoa(sin->sin_addr)); + break; + + case TargetGroup::IPV6_ADDRESS: + fatal("IPV6 addresses are not supported in the exclude file\n"); + break; + + default: + fatal("Unknown target type in exclude file.\n"); + } + exclude_group[i++].rewind(); + } + + /* return debugging to what it was */ + o.debugging = debug_save; + return 1; +} + + + +Target * +nexthost(const char *expr, TargetGroup *exclude_group) +{ + struct sockaddr_storage ss; + size_t sslen; + Target *host; + static TargetGroup group; + static bool newexp = true; /* true for new expression */ + + if (newexp) { + group = TargetGroup(); + group.parse_expr(expr, o.af()); + newexp = false; + } + + /* Skip any hosts the user asked to exclude */ + do { + if (group.get_next_host(&ss, &sslen)) { /* no more targets */ + newexp = true; + return NULL; + } + } while (hostInExclude((struct sockaddr *)&ss, sslen, exclude_group)); + + host = new Target(); + host->setTargetSockAddr(&ss, sslen); + + /* put target expression in target if we have a named host without netmask */ + if (group.get_targets_type() == TargetGroup::IPV4_NETMASK && + group.get_namedhost() && !strchr(expr, '/' )) { + host->setTargetName(expr); + } + + return host; +} + diff --git a/include/DomainExec/Utils/targets.h b/include/DomainExec/Utils/targets.h new file mode 100644 index 00000000..9b2681c1 --- /dev/null +++ b/include/DomainExec/Utils/targets.h @@ -0,0 +1,173 @@ + +/*************************************************************************** + * targets.h -- Functions related to determining the exact IPs to hit * + * based on CIDR and other input formats and handling the exclude-file * + * option. nexthost function is tailored to Ncrack's needs that avoids * + * using HostGroups. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +/* $Id: targets.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef TARGETS_H +#define TARGETS_H + +#include "Target.h" +#include "TargetGroup.h" +#include "Service.h" +#include "ncrack.h" + +/* This contains pretty much everything we need ... */ +#if HAVE_SYS_TIME_H +#include +#endif + +#if HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_SYS_PARAM_H +#include /* Defines MAXHOSTNAMELEN on BSD*/ +#endif + + +#include +using namespace std; + +/* creates and returns next host from current expression + * and also takes care of exclusion of user-specified hosts + */ +Target *nexthost(const char *expr, TargetGroup *exclude_group); + +/* loads an exclude file into a excluded target list */ +TargetGroup* load_exclude(FILE *fExclude, char *szExclude); + +/* a debugging routine to dump an exclude list to stdout. */ +int dumpExclude(TargetGroup*exclude_group); + +#endif /* TARGETS_H */ + diff --git a/include/DomainExec/Utils/timing.cc b/include/DomainExec/Utils/timing.cc new file mode 100644 index 00000000..249b8d39 --- /dev/null +++ b/include/DomainExec/Utils/timing.cc @@ -0,0 +1,568 @@ + +/*************************************************************************** + * timing.cc -- Functions related to computing crack timing and keeping * + * track of rates. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: timing.cc 12955 2009-04-15 00:37:03Z fyodor $ */ + +#include "timing.h" +#include "NcrackOps.h" +#include "utils.h" +#include "time.h" + +extern NcrackOps o; + + +/* current_rate_history defines how far back (in seconds) we look when + calculating the current rate. */ +RateMeter::RateMeter(double current_rate_history) { + this->current_rate_history = current_rate_history; + start_tv.tv_sec = 0; + start_tv.tv_usec = 0; + stop_tv.tv_sec = 0; + stop_tv.tv_usec = 0; + last_update_tv.tv_sec = 0; + last_update_tv.tv_usec = 0; + total = 0.0; + current_rate = 0.0; + assert(!isSet(&start_tv)); + assert(!isSet(&stop_tv)); +} + +void RateMeter::start(const struct timeval *now) { + assert(!isSet(&start_tv)); + assert(!isSet(&stop_tv)); + if (now == NULL) + gettimeofday(&start_tv, NULL); + else + start_tv = *now; +} + +void RateMeter::stop(const struct timeval *now) { + assert(isSet(&start_tv)); + assert(!isSet(&stop_tv)); + if (now == NULL) + gettimeofday(&stop_tv, NULL); + else + stop_tv = *now; +} + +/* Update the rates to reflect the given amount added to the total at the time + now. If now is NULL, get the current time with gettimeofday. */ +void RateMeter::update(double amount, const struct timeval *now) { + struct timeval tv; + double diff; + double interval; + double count; + + assert(isSet(&start_tv)); + assert(!isSet(&stop_tv)); + + /* Update the total. */ + total += amount; + + if (now == NULL) { + gettimeofday(&tv, NULL); + now = &tv; + } + if (!isSet(&last_update_tv)) + last_update_tv = start_tv; + + /* Calculate the approximate moving average of how much was recorded in the + last current_rate_history seconds. This average is what is returned as the + "current" rate. */ + + /* How long since the last update? */ + diff = TIMEVAL_SUBTRACT(*now, last_update_tv) / 1000000.0; + + if (diff < -current_rate_history) + /* This happened farther in the past than we care about. */ + return; + + if (diff < 0.0) { + /* If the event happened in the past, just add it into the total and don't + change last_update_tv, as if it had happened at the same time as the most + recent event. */ + now = &last_update_tv; + diff = 0.0; + } + + /* Find out how far back in time to look. We want to look back + current_rate_history seconds, or to when the last update occurred, + whichever is longer. However, we never look past the start. */ + struct timeval tmp; + /* Find the time current_rate_history seconds after the start. That's our + threshold for deciding how far back to look. */ + TIMEVAL_ADD(tmp, start_tv, (time_t) (current_rate_history * 1000000.0)); + if (TIMEVAL_AFTER(*now, tmp)) + interval = MAX(current_rate_history, diff); + else + interval = TIMEVAL_SUBTRACT(*now, start_tv) / 1000000.0; + assert(diff <= interval); + /* If we record an amount in the very same instant that the timer is started, + there's no way to calculate meaningful rates. Ignore it. */ + if (interval == 0.0) + return; + + /* To calculate the approximate average of the rate over the last + interval seconds, we assume that the rate was constant over that interval. + We calculate how much would have been received in that interval, ignoring + the first diff seconds' worth: + (interval - diff) * current_rate. + Then we add how much was received in the most recent diff seconds. Divide + by the width of the interval to get the average. */ + count = (interval - diff) * current_rate + amount; + current_rate = count / interval; + + last_update_tv = *now; +} + +double RateMeter::getOverallRate(const struct timeval *now) const { + double elapsed; + + elapsed = elapsedTime(now); + if (elapsed <= 0.0) + return 0.0; + else + return total / elapsed; +} + +/* Get the "current" rate (actually a moving average of the last + current_rate_history seconds). If update is true (its default value), lower + the rate to account for the time since the last record. */ +double RateMeter::getCurrentRate(const struct timeval *now, bool update) { + if (update) + this->update(0.0, now); + + return current_rate; +} + +double RateMeter::getTotal(void) const { + return total; +} + +/* Get the number of seconds the meter has been running: if it has been stopped, + the amount of time between start and stop, or if it is still running, the + amount of time between start and now. */ +double RateMeter::elapsedTime(const struct timeval *now) const { + struct timeval tv; + const struct timeval *end_tv; + + assert(isSet(&start_tv)); + + if (isSet(&stop_tv)) { + end_tv = &stop_tv; + } else if (now == NULL) { + gettimeofday(&tv, NULL); + end_tv = &tv; + } else { + end_tv = now; + } + + return TIMEVAL_SUBTRACT(*end_tv, start_tv) / 1000000.0; +} + +/* Returns true if tv has been initialized; i.e., its members are not all + zero. */ +bool RateMeter::isSet(const struct timeval *tv) { + return tv->tv_sec != 0 || tv->tv_usec != 0; +} + +PacketRateMeter::PacketRateMeter(double current_rate_history) { + packet_rate_meter = RateMeter(current_rate_history); + byte_rate_meter = RateMeter(current_rate_history); +} + +void PacketRateMeter::start(const struct timeval *now) { + packet_rate_meter.start(now); + byte_rate_meter.start(now); +} + +void PacketRateMeter::stop(const struct timeval *now) { + packet_rate_meter.stop(now); + byte_rate_meter.stop(now); +} + +/* Record one packet of length len. */ +void PacketRateMeter::update(u32 len, const struct timeval *now) { + packet_rate_meter.update(1, now); + byte_rate_meter.update(len, now); +} + +double PacketRateMeter::getOverallPacketRate(const struct timeval *now) const { + return packet_rate_meter.getOverallRate(now); +} + +double PacketRateMeter::getCurrentPacketRate(const struct timeval *now, + bool update) { + return packet_rate_meter.getCurrentRate(now, update); +} + +double PacketRateMeter::getOverallByteRate(const struct timeval *now) const { + return byte_rate_meter.getOverallRate(now); +} + +double PacketRateMeter::getCurrentByteRate(const struct timeval *now, + bool update) { + return byte_rate_meter.getCurrentRate(now, update); +} + +unsigned long long PacketRateMeter::getNumPackets(void) const { + return (unsigned long long) packet_rate_meter.getTotal(); +} + +unsigned long long PacketRateMeter::getNumBytes(void) const { + return (unsigned long long) byte_rate_meter.getTotal(); +} + +ScanProgressMeter::ScanProgressMeter() +{ + gettimeofday(&begin, NULL); + last_print_test = begin; + memset(&last_print, 0, sizeof(last_print)); + memset(&last_est, 0, sizeof(last_est)); + beginOrEndTask(&begin, NULL, true); +} + +ScanProgressMeter::~ScanProgressMeter() { + ; +} + +/* Decides whether a timing report is likely to even be + printed. There are stringent limitations on how often they are + printed, as well as the verbosity level that must exist. So you + might as well check this before spending much time computing + progress info. now can be NULL if caller doesn't have the current + time handy. Just because this function returns true does not mean + that the next printStatsIfNecessary will always print something. + It depends on whether time estimates have changed, which this func + doesn't even know about. */ +bool ScanProgressMeter::mayBePrinted(const struct timeval *now) { + struct timeval tv; + + if (!o.verbose) + return false; + + if (!now) { + gettimeofday(&tv, NULL); + now = (const struct timeval *) &tv; + } + + if (last_print.tv_sec == 0) { + /* We've never printed before -- the rules are less stringent */ + if (difftime(now->tv_sec, begin.tv_sec) > 30) + return true; + else + return false; + } + + if (difftime(now->tv_sec, last_print_test.tv_sec) < 3) + return false; /* No point even checking too often */ + + /* We'd never want to print more than once per 30 seconds */ + if (difftime(now->tv_sec, last_print.tv_sec) < 30) + return false; + + return true; +} + +/* Return an estimate of the time remaining if a process was started at begin + and is perc_done of the way finished. Returns inf if perc_done == 0.0. */ +static double estimate_time_left(double perc_done, + const struct timeval *begin, + const struct timeval *now) { + double time_used_s; + double time_needed_s; + + time_used_s = difftime(now->tv_sec, begin->tv_sec); + time_needed_s = time_used_s / perc_done; + + return time_needed_s - time_used_s; +} + +/* Prints an estimate of when this scan will complete. It only does + so if mayBePrinted() is true, and it seems reasonable to do so + because the estimate has changed significantly. Returns whether + or not a line was printed.*/ +bool ScanProgressMeter::printStatsIfNecessary(double perc_done, + const struct timeval *now) { + struct timeval tvtmp; + double time_left_s; + bool printit = false; + + if (!now) { + gettimeofday(&tvtmp, NULL); + now = (const struct timeval *) &tvtmp; + } + + if (!mayBePrinted(now)) + return false; + + last_print_test = *now; + + if (perc_done <= 0.003) + return false; /* Need more info first */ + + assert(perc_done <= 1.0); + + time_left_s = estimate_time_left(perc_done, &begin, now); + + if (time_left_s < 30) + return false; /* No point in updating when it is virtually finished. */ + + if (last_est.tv_sec == 0) { + /* We don't have an estimate yet (probably means a low completion). */ + printit = true; + } else if (TIMEVAL_AFTER(*now, last_est)) { + /* The last estimate we printed has passed. Print a new one. */ + printit = true; + } else { + /* If the estimate changed by more than 3 minutes, and if that change + represents at least 5% of the total time, print it. */ + double prev_est_total_time_s = difftime(last_est.tv_sec, begin.tv_sec); + double prev_est_time_left_s = difftime(last_est.tv_sec, last_print.tv_sec); + double change_abs_s = ABS(prev_est_time_left_s - time_left_s); + if (o.debugging || (change_abs_s > 15 + && change_abs_s > .05 * prev_est_total_time_s)) + printit = true; + } + + if (printit) { + return printStats(perc_done, now); + } + + return false; +} + + +/* Prints an estimate of when this scan will complete. */ +bool ScanProgressMeter::printStats(double perc_done, + const struct timeval *now) { + struct timeval tvtmp; + double time_left_s; + time_t timet; + struct tm ltime; + int err; + + if (!now) { + gettimeofday(&tvtmp, NULL); + now = (const struct timeval *) &tvtmp; + } + + last_print = *now; + // If we're less than 1% done we probably don't have enough + // data for decent timing estimates. Also with perc_done == 0 + // these elements will be nonsensical. + if (perc_done < 0.01) { + log_write(LOG_STDOUT, "About %.2f%% done\n", + perc_done * 100); + log_flush(LOG_STDOUT); + return true; + } + + /* Add 0.5 to get the effect of rounding in integer calculations. */ + time_left_s = estimate_time_left(perc_done, &begin, now) + 0.5; + + last_est = *now; + last_est.tv_sec += (time_t)time_left_s; + + /* Get the estimated time of day at completion */ + timet = last_est.tv_sec; + err = n_localtime(&timet, <ime); + + if (!err) { + log_write(LOG_STDOUT, "About %.2f%% done; ETC: %02d:%02d " + "(%.f:%02.f:%02.f remaining)\n", + perc_done * 100, ltime.tm_hour, ltime.tm_min, + floor(time_left_s / 60.0 / 60.0), + floor(fmod(time_left_s / 60.0, 60.0)), + floor(fmod(time_left_s, 60.0))); + /*log_write(LOG_XML, "\n", + scantypestr, (unsigned long) now->tv_sec, + perc_done * 100, time_left_s, (unsigned long) last_est.tv_sec); */ + } else { + log_write(LOG_STDERR, "Timing error: n_localtime(%f): %s\n", (double) timet, strerror(err)); + log_write(LOG_STDOUT, "Timing: About %.2f%% done; ETC: Unknown (%.f:%02.f:%02.f remaining)\n", + perc_done * 100, + floor(time_left_s / 60.0 / 60.0), + floor(fmod(time_left_s / 60.0, 60.0)), + floor(fmod(time_left_s, 60.0))); + } + + log_flush(LOG_STDOUT|LOG_XML); + + return true; +} + + + + +/* Indicates that the task is beginning or ending, and that a message should + be generated if appropriate. Returns whether a message was printed. + now may be NULL, if the caller doesn't have the current time handy. + additional_info may be NULL if no additional information is necessary. */ +bool ScanProgressMeter::beginOrEndTask(const struct timeval *now, const char *additional_info, bool beginning) { + struct timeval tvtmp; + //struct tm *tm; + //time_t tv_sec; + + if (!o.verbose) { + return false; + } + + if (!now) { + gettimeofday(&tvtmp, NULL); + now = (const struct timeval *) &tvtmp; + } + + //tv_sec = now->tv_sec; + //tm = localtime(&tv_sec); + + if (beginning) { + // log_write(LOG_STDOUT, "Initiating %s at %02d:%02d", scantypestr, tm->tm_hour, tm->tm_min); + // log_write(LOG_XML, "tv_sec); + if (additional_info) { + log_write(LOG_STDOUT, " (%s)", additional_info); + //log_write(LOG_XML, " extrainfo=\"%s\"", additional_info); + } + log_write(LOG_STDOUT, "\n"); + //log_write(LOG_XML, " />\n"); + } else { + //log_write(LOG_STDOUT, "Completed %s at %02d:%02d, %.2fs elapsed", scantypestr, tm->tm_hour, tm->tm_min, TIMEVAL_MSEC_SUBTRACT(*now, begin) / 1000.0); + // log_write(LOG_XML, "tv_sec); + if (additional_info) { + log_write(LOG_STDOUT, " (%s)", additional_info); + //log_write(LOG_XML, " extrainfo=\"%s\"", additional_info); + } + log_write(LOG_STDOUT, "\n"); + //log_write(LOG_XML, " />\n"); + } + log_flush(LOG_STDOUT|LOG_XML); + + return true; +} diff --git a/include/DomainExec/Utils/timing.h b/include/DomainExec/Utils/timing.h new file mode 100644 index 00000000..227f1987 --- /dev/null +++ b/include/DomainExec/Utils/timing.h @@ -0,0 +1,233 @@ + +/*************************************************************************** + * timing.h -- Functions related to computing crack timing and keeping * + * track of rates. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: timing.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef NCRACK_TIMING_H +#define NCRACK_TIMING_H + +#include "ncrack.h" +#include "global_structures.h" + + +#define DEFAULT_CURRENT_RATE_HISTORY 5.0 + + + +/* This class measures current and lifetime average rates for some quantity. */ +class RateMeter { + public: + RateMeter(double current_rate_history = DEFAULT_CURRENT_RATE_HISTORY); + + void start(const struct timeval *now = NULL); + void stop(const struct timeval *now = NULL); + void update(double amount, const struct timeval *now = NULL); + double getOverallRate(const struct timeval *now = NULL) const; + double getCurrentRate(const struct timeval *now = NULL, bool update = true); + double getTotal(void) const; + double elapsedTime(const struct timeval *now = NULL) const; + + private: + /* How many seconds to look back when calculating the "current" rates. */ + double current_rate_history; + + /* When this meter started recording. */ + struct timeval start_tv; + /* When this meter stopped recording. */ + struct timeval stop_tv; + /* The last time the current sample rates were updated. */ + struct timeval last_update_tv; + + double total; + double current_rate; + + static bool isSet(const struct timeval *tv); +}; + +/* A specialization of RateMeter that measures packet and byte rates. */ +class PacketRateMeter { + public: + PacketRateMeter(double current_rate_history = DEFAULT_CURRENT_RATE_HISTORY); + + void start(const struct timeval *now = NULL); + void stop(const struct timeval *now = NULL); + void update(u32 len, const struct timeval *now = NULL); + double getOverallPacketRate(const struct timeval *now = NULL) const; + double getCurrentPacketRate(const struct timeval *now = NULL, bool update = true); + double getOverallByteRate(const struct timeval *now = NULL) const; + double getCurrentByteRate(const struct timeval *now = NULL, bool update =true); + unsigned long long getNumPackets(void) const; + unsigned long long getNumBytes(void) const; + + private: + RateMeter packet_rate_meter; + RateMeter byte_rate_meter; +}; + +class ScanProgressMeter { + public: + /* A COPY of stypestr is made and saved for when stats are printed */ + ScanProgressMeter(); + ~ScanProgressMeter(); +/* Decides whether a timing report is likely to even be + printed. There are stringent limitations on how often they are + printed, as well as the verbosity level that must exist. So you + might as well check this before spending much time computing + progress info. now can be NULL if caller doesn't have the current + time handy. Just because this function returns true does not mean + that the next printStatsIfNecessary will always print something. + It depends on whether time estimates have changed, which this func + doesn't even know about. */ + bool mayBePrinted(const struct timeval *now); + +/* Prints an estimate of when this scan will complete. It only does + so if mayBePrinted() is true, and it seems reasonable to do so + because the estimate has changed significantly. Returns whether + or not a line was printed.*/ + bool printStatsIfNecessary(double perc_done, const struct timeval *now); + + /* Prints an estimate of when this scan will complete. */ + bool printStats(double perc_done, const struct timeval *now); + + /* Prints that this task is complete. */ + bool endTask(const struct timeval *now, const char *additional_info) { return beginOrEndTask(now, additional_info, false); } + + struct timeval begin; /* When this ScanProgressMeter was instantiated */ + private: + struct timeval last_print_test; /* Last time printStatsIfNecessary was called */ + struct timeval last_print; /* The most recent time the ETC was printed */ + char *scantypestr; + struct timeval last_est; /* The latest PRINTED estimate */ + + bool beginOrEndTask(const struct timeval *now, const char *additional_info, bool beginning); +}; + +#endif /* NMAP_TIMING_H */ + diff --git a/include/DomainExec/Utils/utils.cc b/include/DomainExec/Utils/utils.cc new file mode 100644 index 00000000..85344fa7 --- /dev/null +++ b/include/DomainExec/Utils/utils.cc @@ -0,0 +1,715 @@ + +/*************************************************************************** + * utils.cc -- Various miscellaneous utility functions which defy * + * categorization :) * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + + +#include "utils.h" +#include "Service.h" +#include "NcrackOps.h" + +extern NcrackOps o; + +/* + * Case insensitive memory search - a combination of memmem and strcasestr + * Will search for a particular string 'pneedle' in the first 'bytes' of + * memory starting at 'haystack' + */ +char * +memsearch(const char *haystack, const char *pneedle, size_t bytes) { + char buf[512]; + unsigned int needlelen; + const char *p; + char *needle, *q, *foundto; + size_t i; + + /* Should crash if !pneedle -- this is OK */ + if (!*pneedle) return (char *) haystack; + if (!haystack) return NULL; + + needlelen = (unsigned int) strlen(pneedle); + if (needlelen >= sizeof(buf)) { + needle = (char *) safe_malloc(needlelen + 1); + } else needle = buf; + p = pneedle; q = needle; + while((*q++ = tolower(*p++))) + ; + p = haystack - 1; foundto = needle; + + i = 0; + while(i < bytes) { + ++p; + if(tolower(*p) == *foundto) { + if(!*++foundto) { + /* Yeah, we found it */ + if (needlelen >= sizeof(buf)) + free(needle); + return (char *) (p - needlelen + 1); + } + } else + foundto = needle; + i++; + } + if (needlelen >= sizeof(buf)) + free(needle); + return NULL; +} + + +/* Like the perl equivalent -- It removes the terminating newline from string + IF one exists. It then returns the POSSIBLY MODIFIED string */ +char * +chomp(char *string) { + + int len = strlen(string); + if (len && string[len - 1] == '\n') { + if (len > 1 && string[len - 2] == '\r') + string[len - 2] = '\0'; + else + string[len - 1] = '\0'; + } + return string; +} + + +/* strtoul with error checking: + * fatality should be 0 if error will be handled by caller, or else Strtoul + * will exit + */ +unsigned long int +Strtoul(const char *nptr, int fatality) +{ + unsigned long value; + char *endp = NULL; + + errno = 0; + value = strtoul(nptr, &endp, 0); + if (errno != 0 || *endp != '\0') { + if (fatality) + fatal("Invalid value for number: %s", nptr); + else { + if (o.debugging) + error("Invalid value for number: %s", nptr); + } + } + + return value; +} + +/* + * Return a copy of 'size' characters from 'src' string. + * Will always null terminate by allocating 1 additional char. + */ +char * +Strndup(const char *src, size_t size) +{ + char *ret; + ret = (char *)safe_malloc(size + 1); + strncpy(ret, src, size); + ret[size] = '\0'; + return ret; +} + +/* + * Convert string to port (in host-byte order) + */ +u16 +str2port(char *exp) +{ + unsigned long pvalue; + char *endp = NULL; + + errno = 0; + pvalue = strtoul(exp, &endp, 0); + if (errno != 0 || *endp != '\0') + fatal("Invalid port number: %s", exp); + if (pvalue > 65535) + fatal("Port number too large: %s", exp); + + return (u16)pvalue; +} + + + +/* convert string to protocol number */ +u8 +str2proto(char *str) +{ + if (!strcasecmp(str, "tcp")) + return IPPROTO_TCP; + else if (!strcasecmp(str, "udp")) + return IPPROTO_UDP; + else + return 0; +} + + +/* convert protocol number to string */ +const char * +proto2str(u8 proto) +{ + if (proto == IPPROTO_TCP) + return "tcp"; + else if (proto == IPPROTO_UDP) + return "udp"; + else + return NULL; +} + + +/* + * This is an update from the old macro TIMEVAL_MSEC_SUBTRACT + * which now uses a long long variable which can hold all the intermediate + * operations. This was made after a wrap-around bug was born due to the + * fact that gettimeofday() can return a pretty large number of seconds + * and microseconds today and usually one of the two arguments are timeval + * structs returned by gettimeofday(). Add to that the fact that we are making + * a multiplication with 1000 and the chances of a wrap-around increase. + */ +long long +timeval_msec_subtract(struct timeval x, struct timeval y) +{ + long long ret; + struct timeval result; + + /* Perform the carry for the later subtraction by updating y. */ + if (x.tv_usec < y.tv_usec) { + int nsec = (y.tv_usec - x.tv_usec) / 1000000 + 1; + y.tv_usec -= 1000000 * nsec; + y.tv_sec += nsec; + } + if (x.tv_usec - y.tv_usec > 1000000) { + int nsec = (x.tv_usec - y.tv_usec) / 1000000; + y.tv_usec += 1000000 * nsec; + y.tv_sec -= nsec; + } + + /* Compute the time remaining to wait. + tv_usec is certainly positive. */ + result.tv_sec = x.tv_sec - y.tv_sec; + result.tv_usec = x.tv_usec - y.tv_usec; + + ret = (long long)result.tv_sec * 1000; + ret += (long long)result.tv_usec / 1000; + + return ret; +} + + + +/* Take in plain text and encode into base64. */ +char * +b64enc(const unsigned char *data, int len) +{ + char *dest, *buf; + /* base64 alphabet, taken from rfc3548 */ + const char *b64alpha = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + + /* malloc enough space to do something useful */ + dest = (char*)safe_malloc(4 * len / 3 + 4); + dest[0] = '\0'; + + buf = dest; + + /* Encode three bytes per iteration ala rfc3548. */ + while (len >= 3) { + buf[0] = b64alpha[(data[0] >> 2) & 0x3f]; + buf[1] = b64alpha[((data[0] << 4) & 0x30) | ((data[1] >> 4) & 0xf)]; + buf[2] = b64alpha[((data[1] << 2) & 0x3c) | ((data[2] >> 6) & 0x3)]; + buf[3] = b64alpha[data[2] & 0x3f]; + data += 3; + buf += 4; + len -= 3; + } + + /* Pad the remaining bytes. len is 0, 1, or 2 here. */ + if (len > 0) { + buf[0] = b64alpha[(data[0] >> 2) & 0x3f]; + if (len > 1) { + buf[1] = b64alpha[((data[0] << 4) & 0x30) | ((data[1] >> 4) & 0xf)]; + buf[2] = b64alpha[(data[1] << 2) & 0x3c]; + } else { + buf[1] = b64alpha[(data[0] << 4) & 0x30]; + buf[2] = '='; + } + buf[3] = '='; + buf += 4; + } + + /* + * As mentioned in rfc3548, we need to be careful about + * how we null terminate and handle embedded null-termination. + */ + *buf = '\0'; + + return (dest); +} + +int base64_encode(const char *str, int length, char *b64store) +{ + /* Conversion table. */ + static char tbl[64] = { + 'A','B','C','D','E','F','G','H', + 'I','J','K','L','M','N','O','P', + 'Q','R','S','T','U','V','W','X', + 'Y','Z','a','b','c','d','e','f', + 'g','h','i','j','k','l','m','n', + 'o','p','q','r','s','t','u','v', + 'w','x','y','z','0','1','2','3', + '4','5','6','7','8','9','+','/' + }; + int i; + const unsigned char *s = (const unsigned char *) str; + char *p = b64store; + + /* Transform the 3x8 bits to 4x6 bits, as required by base64. */ + for (i = 0; i < length; i += 3) + { + *p++ = tbl[s[0] >> 2]; + *p++ = tbl[((s[0] & 3) << 4) + (s[1] >> 4)]; + *p++ = tbl[((s[1] & 0xf) << 2) + (s[2] >> 6)]; + *p++ = tbl[s[2] & 0x3f]; + s += 3; + } + + /* Pad the result if necessary... */ + if (i == length + 1) + *(p - 1) = '='; + else if (i == length + 2) + *(p - 1) = *(p - 2) = '='; + + /* ...and zero-terminate it. */ + *p = '\0'; + + return p - b64store; +} + +int +base64_decode(const char *base64, size_t length, char *to) +{ + /* Table of base64 values for first 128 characters. Note that this + assumes ASCII (but so does Wget in other places). */ + static short base64_char_to_value[256] = + { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 62, 63, 62, 62, 63, 52, 53, 54, 55, + 56, 57, 58, 59, 60, 61, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, + 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 0, + 0, 0, 0, 63, 0, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 + }; + size_t i; + unsigned char* p = (unsigned char*) base64; + char *q = to; + int pad = length > 0 && (length % 4 || p[length - 1] == '='); + const size_t L = ((length + 3) / 4 - pad) * 4; + + for (i = 0; i < length; i += 4) { + //unsigned char c; + //unsigned long value; + + int n = base64_char_to_value[p[i]] << 18 | base64_char_to_value[p[i + 1]] << 12 | base64_char_to_value[p[i + 2]] << 6 | base64_char_to_value[p[i + 3]]; + *q++ = n >> 16; + *q++ = n >> 8 & 0xFF; + *q++ = n & 0xFF; + + } + if (pad) { + int n = base64_char_to_value[p[L]] << 18 | base64_char_to_value[p[L + 1]] << 12; + *q++ = n >> 16; + + if (length > L + 2 && p[L + 2] != '=') + { + n |= base64_char_to_value[p[L + 2]] << 6; + *q++ = n >> 8 & 0xFF; + } + } + return q - to; +} + +/* mmap() an entire file into the address space. Returns a pointer + to the beginning of the file. The mmap'ed length is returned + inside the length parameter. If there is a problem, NULL is + returned, the value of length is undefined, and errno is set to + something appropriate. The user is responsible for doing + an munmap(ptr, length) when finished with it. openflags should + be O_RDONLY or O_RDWR, or O_WRONLY + */ +#ifndef WIN32 +char *mmapfile(char *fname, int *length, int openflags) { + struct stat st; + int fd; + char *fileptr; + + if (!length || !fname) { + errno = EINVAL; + return NULL; + } + + *length = -1; + + if (stat(fname, &st) == -1) { + errno = ENOENT; + return NULL; + } + + fd = open(fname, openflags); + if (fd == -1) { + return NULL; + } + + fileptr = (char *)mmap(0, st.st_size, (openflags == O_RDONLY)? PROT_READ : + (openflags == O_RDWR)? (PROT_READ|PROT_WRITE) + : PROT_WRITE, MAP_SHARED, fd, 0); + + close(fd); + +#ifdef MAP_FAILED + if (fileptr == (void *)MAP_FAILED) return NULL; +#else + if (fileptr == (char *) -1) return NULL; +#endif + + *length = st.st_size; + return fileptr; +} +#else /* WIN32 */ +/* FIXME: From the looks of it, this function can only handle one mmaped + file at a time (note how gmap is used).*/ +/* I believe this was written by Ryan Permeh ( ryan@eeye.com) */ + +static HANDLE gmap = NULL; + +char *mmapfile(char *fname, int *length, int openflags) +{ + HANDLE fd; + DWORD mflags, oflags; + char *fileptr; + + if (!length || !fname) { + WSASetLastError(EINVAL); + return NULL; + } + + if (openflags == O_RDONLY) { + oflags = GENERIC_READ; + mflags = PAGE_READONLY; + } + else { + oflags = GENERIC_READ | GENERIC_WRITE; + mflags = PAGE_READWRITE; + } + + fd = CreateFile ( + fname, + oflags, // open flags + 0, // do not share + NULL, // no security + OPEN_EXISTING, // open existing + FILE_ATTRIBUTE_NORMAL, + NULL); // no attr. template + if (!fd) + pfatal ("%s(%u): CreateFile()", __FILE__, __LINE__); + + *length = (int) GetFileSize (fd, NULL); + + gmap = CreateFileMapping (fd, NULL, mflags, 0, 0, NULL); + if (!gmap) + pfatal ("%s(%u): CreateFileMapping(), file '%s', length %d, mflags %08lX", + __FILE__, __LINE__, fname, *length, mflags); + + fileptr = (char*) MapViewOfFile (gmap, oflags == GENERIC_READ ? FILE_MAP_READ : FILE_MAP_WRITE, + 0, 0, 0); + if (!fileptr) + pfatal ("%s(%u): MapViewOfFile()", __FILE__, __LINE__); + + if (o.debugging > 2) + log_write(LOG_PLAIN, "%s(): fd %08lX, gmap %08lX, fileptr %08lX, length %d\n", + __func__, (DWORD)fd, (DWORD)gmap, (DWORD)fileptr, *length); + + CloseHandle (fd); + + return fileptr; +} + + +/* FIXME: This only works if the file was mapped by mmapfile (and only + works if the file is the most recently mapped one */ +int win32_munmap(char *filestr, int filelen) +{ + if (gmap == 0) + fatal("%s: no current mapping !\n", __func__); + + FlushViewOfFile(filestr, filelen); + UnmapViewOfFile(filestr); + CloseHandle(gmap); + gmap = NULL; + return 0; +} + +#endif + + +/* Create a UNICODE string based on an ASCII one. Be sure to free the memory! */ + char * +unicode_alloc(const char *string) +{ + size_t i; + char *unicode; + size_t unicode_length = (strlen(string) + 1) * 2; + + if(unicode_length < strlen(string)) + fatal("%s Overflow.", __func__); + + unicode = (char *)safe_malloc(unicode_length); + + memset(unicode, 0, unicode_length); + for(i = 0; i < strlen(string); i++) + { + unicode[(i * 2)] = string[i]; + } + + return unicode; +} + + +/* Same as unicode_alloc(), except convert the string to uppercase first. */ + char * +unicode_alloc_upper(const char *string) +{ + size_t i; + char *unicode; + size_t unicode_length = (strlen(string) + 1) * 2; + + if(unicode_length < strlen(string)) + fatal("%s Overflow.", __func__); + + unicode = (char *)safe_malloc(unicode_length); + + memset(unicode, 0, unicode_length); + for(i = 0; i < strlen(string); i++) + { + unicode[(i * 2)] = toupper(string[i]); + } + + return unicode; +} + + +/* Reverses the order of the bytes in the memory pointed for the designated + * length. + */ + void +mem_reverse(uint8_t *p, unsigned int len) +{ + unsigned int i, j; + uint8_t temp; + + if (len < 1) + return; + + for (i = 0, j = len - 1; i < j; i++, j--) { + temp = p[i]; + p[i] = p[j]; + p[j] = temp; + } + +} + +/* Ncat's buffering functions */ + +/* Append n bytes starting at s to a malloc-allocated buffer. Reallocates the + buffer and updates the variables to make room if necessary. */ +int strbuf_append(char **buf, size_t *size, size_t *offset, const char *s, size_t n) +{ + //ncat_assert(*offset <= *size); + + if (n >= *size - *offset) { + *size += n + 1; + *buf = (char *) safe_realloc(*buf, *size); + } + + memcpy(*buf + *offset, s, n); + *offset += n; + (*buf)[*offset] = '\0'; + + return n; +} + +/* Append a '\0'-terminated string as with strbuf_append. */ +int strbuf_append_str(char **buf, size_t *size, size_t *offset, const char *s) +{ + return strbuf_append(buf, size, offset, s, strlen(s)); +} + +/* Do a sprintf at the given offset into a malloc-allocated buffer. Reallocates + the buffer and updates the variables to make room if necessary. */ +int strbuf_sprintf(char **buf, size_t *size, size_t *offset, const char *fmt, ...) +{ + va_list va; + int n; + + //ncat_assert(*offset <= *size); + + if (*buf == NULL) { + *size = 1; + *buf = (char *) safe_malloc(*size); + } + + for (;;) { + va_start(va, fmt); + n = Vsnprintf(*buf + *offset, *size - *offset, fmt, va); + va_end(va); + if (n < 0) + *size = MAX(*size, 1) * 2; + else if ((size_t)n >= *size - *offset) + *size += n + 1; + else + break; + *buf = (char *) safe_realloc(*buf, *size); + } + *offset += n; + + return n; +} + + +uint32_t le_to_be32(uint32_t x) +{ + return (((x>>24) & 0x000000ff) | ((x>>8) & 0x0000ff00) | ((x<<8) & 0x00ff0000) | ((x<<24) & 0xff000000)); +} + + +uint16_t le_to_be16(uint16_t x) +{ + return ((x>>8) | (x<<8)); +} + diff --git a/include/DomainExec/Utils/utils.h b/include/DomainExec/Utils/utils.h new file mode 100644 index 00000000..769e1f65 --- /dev/null +++ b/include/DomainExec/Utils/utils.h @@ -0,0 +1,275 @@ + +/*************************************************************************** + * utils.h -- Various miscellaneous utility functions which defy * + * categorization :) * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef UTILS_H +#define UTILS_H 1 + + +#include + +#include +#include + +#ifdef WIN32 +#include "mswin32\winclude.h" +#else +#include +#include "ncrack_config.h" +#endif + + +#if HAVE_UNISTD_H +#include +#endif + +#include "nbase.h" +#include "ncrack_error.h" + +/* Timeval subtraction in microseconds */ +#define TIMEVAL_SUBTRACT(a,b) (((a).tv_sec - (b).tv_sec) * 1000000 + (a).tv_usec - (b).tv_usec) +/* Timeval subtract in milliseconds */ +#define TIMEVAL_MSEC_SUBTRACT(a,b) ((((a).tv_sec - (b).tv_sec) * 1000) + ((a).tv_usec - (b).tv_usec) / 1000) +/* Timeval subtract in seconds; truncate towards zero */ +#define TIMEVAL_SEC_SUBTRACT(a,b) ((a).tv_sec - (b).tv_sec + (((a).tv_usec < (b).tv_usec) ? - 1 : 0)) + +/* assign one timeval to another timeval plus some msecs: a = b + msecs */ +#define TIMEVAL_MSEC_ADD(a, b, msecs) { (a).tv_sec = (b).tv_sec + ((msecs) / 1000); (a).tv_usec = (b).tv_usec + ((msecs) % 1000) * 1000; (a).tv_sec += (a).tv_usec / 1000000; (a).tv_usec %= 1000000; } +#define TIMEVAL_ADD(a, b, usecs) { (a).tv_sec = (b).tv_sec + ((usecs) / 1000000); (a).tv_usec = (b).tv_usec + ((usecs) % 1000000); (a).tv_sec += (a).tv_usec / 1000000; (a).tv_usec %= 1000000; } + +/* Find our if one timeval is before or after another, avoiding the integer + overflow that can result when doing a TIMEVAL_SUBTRACT on two widely spaced + timevals. */ +#define TIMEVAL_BEFORE(a, b) (((a).tv_sec < (b).tv_sec) || ((a).tv_sec == (b).tv_sec && (a).tv_usec < (b).tv_usec)) +#define TIMEVAL_AFTER(a, b) (((a).tv_sec > (b).tv_sec) || ((a).tv_sec == (b).tv_sec && (a).tv_usec > (b).tv_usec)) + +#ifndef roundup + #define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) +#endif + +/* Return num if it is between min and max. Otherwise return min or + max (whichever is closest to num), */ +template T box(T bmin, T bmax, T bnum) { + if (bmin > bmax) + fatal("box(%d, %d, %d) called (min,max,num)", (int) bmin, (int) bmax, (int) bnum); + // assert(bmin <= bmax); + if (bnum >= bmax) + return bmax; + if (bnum <= bmin) + return bmin; + return bnum; +} + + +/* Like the perl equivalent -- It removes the terminating newline from string + IF one exists. It then returns the POSSIBLY MODIFIED string */ +char *chomp(char *string); + +/* + * Case insensitive memory search - a combination of memmem and strcasestr + * Will search for a particular string 'pneedle' in the first 'bytes' of + * memory starting at 'haystack' + */ +char *memsearch(const char *haystack, const char *pneedle, size_t bytes); + + +/* convert string to protocol number */ +u8 str2proto(char *str); + +/* convert protocol number to string */ +const char *proto2str(u8 proto); + +/* strtoul with error checking */ +unsigned long int Strtoul(const char *nptr, int fatality); + +/* + * Return a copy of 'size' characters from 'src' string. + * Will always null terminate by allocating 1 additional char. + */ +char *Strndup(const char *src, size_t size); + +/* Convert string to port (in host-byte order) */ +u16 str2port(char *exp); + +/* + * This is an update from the old macro TIMEVAL_MSEC_SUBTRACT + * which now uses a long long variable which can hold all the intermediate + * operations. This was made after a wrap-around bug was born due to the + * fact that gettimeofday() can return a pretty large number of seconds + * and microseconds today and usually one of the two arguments are timeval + * structs returned by gettimeofday(). Add to that the fact that we are making + * a multiplication with 1000 and the chances of a wrap-around increase. + */ +long long timeval_msec_subtract(struct timeval a, struct timeval b); + +/* Take in plain text and encode into base64. */ +char *b64enc(const unsigned char *data, int len); + + + +#define BASE64_LENGTH(len) (4 * (((len) + 2) / 3)) +int base64_encode(const char *str, int length, char *b64store); + +int base64_decode (const char *base64, size_t length, char *to); +/* mmap() an entire file into the address space. Returns a pointer + to the beginning of the file. The mmap'ed length is returned + inside the length parameter. If there is a problem, NULL is + returned, the value of length is undefined, and errno is set to + something appropriate. The user is responsible for doing + an munmap(ptr, length) when finished with it. openflags should + be O_RDONLY or O_RDWR, or O_WRONLY +*/ +char *mmapfile(char *fname, int *length, int openflags); + +#ifdef WIN32 +int win32_munmap(char *filestr, int filelen); +#endif /* WIN32 */ + + +/* Create a UNICODE string based on an ASCII one. Be sure to free the memory! */ +char *unicode_alloc(const char *string); +/* Same as unicode_alloc(), except convert the string to uppercase first. */ +char *unicode_alloc_upper(const char *string); + +/* Reverses the order of the bytes in the memory pointed for the designated + * length. + */ +void mem_reverse(uint8_t *p, unsigned int len); + +/* Ncat's buffering functions */ +int strbuf_append(char **buf, size_t *size, size_t *offset, const char *s, size_t n); +int strbuf_append_str(char **buf, size_t *size, size_t *offset, const char *s); +int strbuf_sprintf(char **buf, size_t *size, size_t *offset, const char *fmt, ...); + +uint32_t le_to_be32(uint32_t x); +uint16_t le_to_be16(uint16_t x); + + +#endif /* UTILS_H */ diff --git a/include/DomainExec/Utils/xml.cc b/include/DomainExec/Utils/xml.cc new file mode 100644 index 00000000..429bba3c --- /dev/null +++ b/include/DomainExec/Utils/xml.cc @@ -0,0 +1,533 @@ +/*************************************************************************** + * xml.cc -- Simple library to emit XML. * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: xml.cc 15135 2009-08-19 21:05:21Z david $ */ + +/* +This is a simple library for writing XML. It handles two main things: +keeping track of the element stack, and escaping text where necessary. +If you wanted to write this XML: + + + +these are the functions you would call. Each one is followed by the text +it prints enclosed in ||. + +xml_start_document("elem") |\n| +xml_newline(); |\n| +xml_open_start_tag("elem"); || +xml_end_tag(); || + +The typical use is to call xml_open_start_tag, then call xml_attribute a +number of times. That is followed by xml_close_empty_tag, or else +xml_close_start_tag followed by xml_end_tag later on. You can call +xml_start_tag if there are no attributes. Whenever a start tag is opened +with xml_open_start_tag or xml_start_tag, the element name is pushed on +the tag stack. xml_end_tag pops the element stack and closes the element +it finds. + +Here is a summary of all the elementary writing functions. The functions +return 0 on success and -1 on error. The terms "start" and "end" refer +to start and end tags and the start and end of comments. The terms +"open" and "close" refer only to start tags and processing instructions. + +xml_start_comment() || +xml_open_pi("elem") || +xml_open_start_tag("elem") || +xml_close_empty_tag() |/>| +xml_start_tag("elem") || +xml_end_tag() || +xml_attribute("name", "val") | name="val"| +xml_newline() |\n| + +Additional functions are + +xml_write_raw Raw unescaped output. +xml_write_escaped XML-escaped output. +xml_write_escaped_v XML-escaped output, with a va_list. +xml_start_document Writes \n. +xml_depth Returns the size of the element stack. + +The library makes it harder but not impossible to make non-well-formed +XML. For example, you can call xml_start_tag, xml_end_tag, +xml_start_tag, xml_end_tag to create a document with two root elements. +Things like element names aren't checked to be sure they're legal. Text +given to these functions should be ASCII or UTF-8. + +All writing is done with log_write(LOG_XML), so if LOG_XML hasn't been +opened, calling these functions has no effect. +*/ + +#include "output.h" +#include "xml.h" +#include + +#include +#include +#include +#include + +struct xml_writer { + /* Sanity checking: Don't open a new tag while still defining + attributes for another, like " element_stack; +}; + +static struct xml_writer xml; + +char *xml_unescape(const char *str) { + char *result = NULL; + size_t n = 0, len; + const char *p; + int i; + + i = 0; + for (p = str; *p != '\0'; p++) { + const char *repl; + char buf[32]; + + if (*p != '&') { + /* Based on the asumption that ampersand is only used for escaping. */ + buf[0] = *p; + buf[1] = '\0'; + repl = buf; + } else if (strncmp(p, "<", 4) == 0) { + repl = "<"; + p += 3; + } else if (strncmp(p, ">", 4) == 0) { + repl = ">"; + p += 3; + } else if (strncmp(p, "&", 5) == 0) { + repl = "&"; + p += 4; + } else if (strncmp(p, """, 6) == 0) { + repl = "\""; + p += 5; + } else if (strncmp(p, "'", 6) == 0) { + repl = "\'"; + p += 5; + } else if (strncmp(p, "-", 5) == 0) { + repl = "-"; + p += 4; + } else { + /* Escaped control characters and anything outside of ASCII. */ + Strncpy(buf, p + 3, sizeof(buf)); + char *q; + q = strchr(buf, ';'); + if(!q) + buf[0] = '\0'; + else + *q = '\0'; + repl = buf; + } + + len = strlen(repl); + /* Double the size of the result buffer if necessary. */ + if (i == 0 || i + len > n) { + n = (i + len) * 2; + result = (char *) safe_realloc(result, n + 1); + } + memcpy(result + i, repl, len); + i += len; + } + /* Trim to length. (Also does initial allocation when str is empty.) */ + result = (char *) safe_realloc(result, i + 1); + result[i] = '\0'; + + return result; +} + +/* Escape a string for inclusion in XML. This gets <>&, "' for attribute + values, -- for inside comments, and characters with value > 0x7F. It + also gets control characters with value < 0x20 to avoid parser + normalization of \r\n\t in attribute values. If this is not desired + in some cases, we'll have to add a parameter to control this. */ +static char *escape(const char *str) { + /* result is the result buffer; n + 1 is the allocated size. Double the + allocation when space runs out. */ + char *result = NULL; + size_t n = 0, len; + const char *p; + int i; + + i = 0; + for (p = str; *p != '\0'; p++) { + const char *repl; + char buf[32]; + + if (*p == '<') + repl = "<"; + else if (*p == '>') + repl = ">"; + else if (*p == '&') + repl = "&"; + else if (*p == '"') + repl = """; + else if (*p == '\'') + repl = "'"; + else if (*p == '-' && p > str && *(p - 1) == '-') { + /* Escape -- for comments. */ + repl = "-"; + } else if (*p < 0x20 || (unsigned char) *p > 0x7F) { + /* Escape control characters and anything outside of ASCII. We have to + emit UTF-8 and an easy way to do that is to emit ASCII. */ + Snprintf(buf, sizeof(buf), "&#x%x;", (unsigned char) *p); + repl = buf; + } else { + /* Unescaped character. */ + buf[0] = *p; + buf[1] = '\0'; + repl = buf; + } + + len = strlen(repl); + /* Double the size of the result buffer if necessary. */ + if (i == 0 || i + len > n) { + n = (i + len) * 2; + result = (char *) safe_realloc(result, n + 1); + } + memcpy(result + i, repl, len); + i += len; + } + /* Trim to length. (Also does initial allocation when str is empty.) */ + result = (char *) safe_realloc(result, i + 1); + result[i] = '\0'; + + return result; +} + +/* Write data directly to the XML file with no escaping. Make sure you + know what you're doing. */ +int xml_write_raw(const char *fmt, ...) { + va_list va; + char *s; + + va_start(va, fmt); + alloc_vsprintf(&s, fmt, va); + va_end(va); + if (s == NULL) + return -1; + + log_write(LOG_XML, "%s", s); + free(s); + + return 0; +} + +/* Write data directly to the XML file after escaping it. */ +int xml_write_escaped(const char *fmt, ...) { + va_list va; + int n; + + va_start(va, fmt); + n = xml_write_escaped_v(fmt, va); + va_end(va); + + return n; +} + +/* Write data directly to the XML file after escaping it. This version takes a + va_list like vprintf. */ +int xml_write_escaped_v(const char *fmt, va_list va) { + char *s, *esc_s; + + alloc_vsprintf(&s, fmt, va); + if (s == NULL) + return -1; + esc_s = escape(s); + free(s); + if (esc_s == NULL) + return -1; + + log_write(LOG_XML, "%s", esc_s); + free(esc_s); + + return 0; +} + +/* Write the XML declaration: + * and the DOCTYPE declaration: + */ +int xml_start_document(const char *rootnode) { + if (xml_open_pi("xml") < 0) + return -1; + if (xml_attribute("version", "1.0") < 0) + return -1; + /* Practically, Nmap only uses ASCII, but UTF-8 encompasses ASCII and allows + * for future expansion */ + if (xml_attribute("encoding", "UTF-8") < 0) + return -1; + if (xml_close_pi() < 0) + return -1; + if (xml_newline() < 0) + return -1; + + log_write(LOG_XML, "\n", rootnode); + + return 0; +} + +int xml_start_comment() { + log_write(LOG_XML, ""); + + return 0; +} + +int xml_open_pi(const char *name) { + assert(!xml.tag_open); + log_write(LOG_XML, ""); + xml.tag_open = false; + + return 0; +} + +/* Open a start tag, like ""); + xml.tag_open = false; + + return 0; +} + +/* Close an empty-element tag. It should have been opened with + xml_open_start_tag. */ +int xml_close_empty_tag() { + assert(xml.tag_open); + assert(!xml.element_stack.empty()); + xml.element_stack.pop_back(); + log_write(LOG_XML, "/>"); + xml.tag_open = false; + + return 0; +} + +int xml_start_tag(const char *name, const bool write) { + if (xml_open_start_tag(name, write) < 0) + return -1; + if (xml_close_start_tag(write) < 0) + return -1; + + return 0; +} + +/* Write an end tag for the element at the top of the element stack. */ +int xml_end_tag() { + const char *name; + + assert(!xml.tag_open); + assert(!xml.element_stack.empty()); + name = xml.element_stack.back(); + xml.element_stack.pop_back(); + + log_write(LOG_XML, "", name); + + return 0; +} + +/* Write an attribute. The only place this makes sense is between + xml_open_start_tag and either xml_close_start_tag or + xml_close_empty_tag. */ +int xml_attribute(const char *name, const char *fmt, ...) { + va_list va; + char *val, *esc_val; + + assert(xml.tag_open); + + va_start(va, fmt); + alloc_vsprintf(&val, fmt, va); + va_end(va); + if (val == NULL) + return -1; + esc_val = escape(val); + free(val); + if (esc_val == NULL) + return -1; + + log_write(LOG_XML, " %s=\"%s\"", name, esc_val); + free(esc_val); + + return 0; +} + +int xml_newline() { + log_write(LOG_XML, "\n"); + + return 0; +} + +/* Return the size of the element stack. */ +int xml_depth() { + return xml.element_stack.size(); +} + +/* Return true iff a root element has been started. */ +bool xml_tag_open() { + return xml.tag_open; +} + +/* Return true iff a root element has been started. */ +bool xml_root_written() { + return xml.root_written; +} diff --git a/include/DomainExec/Utils/xml.h b/include/DomainExec/Utils/xml.h new file mode 100644 index 00000000..dd0e9165 --- /dev/null +++ b/include/DomainExec/Utils/xml.h @@ -0,0 +1,165 @@ +/*************************************************************************** + * xml.h * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: xml.h 15135 2009-08-19 21:05:21Z david $ */ + +#ifndef _XML_H +#define _XML_H + +#include + +int xml_write_raw(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); +int xml_write_escaped(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); +int xml_write_escaped_v(const char *fmt, va_list va) __attribute__ ((format (printf, 1, 0))); + +int xml_start_document(const char *rootnode); + +int xml_start_comment(); +int xml_end_comment(); + +int xml_open_pi(const char *name); +int xml_close_pi(); + +int xml_open_start_tag(const char *name, const bool write = true); +int xml_close_start_tag(const bool write = true); +int xml_close_empty_tag(); +int xml_start_tag(const char *name, const bool write = true); +int xml_end_tag(); + +int xml_attribute(const char *name, const char *fmt, ...) __attribute__ ((format (printf, 2, 3))); + +int xml_newline(); + +int xml_depth(); +bool xml_tag_open(); +bool xml_root_written(); + + +char *xml_unescape(const char *str); + +#endif + diff --git a/include/DomainExec/macosx/BUNDLING.md b/include/DomainExec/macosx/BUNDLING.md new file mode 100644 index 00000000..77274a68 --- /dev/null +++ b/include/DomainExec/macosx/BUNDLING.md @@ -0,0 +1,106 @@ +# Table of Contents +--- + + * [Jhbuild](#jhbuild) + * Observation + * Possible error + * [gtk-mac-bundler](#bundler) + * [How to use](#howto) + * Prerequisite + * Usage + +## Jhbuild + +In order to set up Jhbuild properly before building Ncrack, follow the tutorial at [https://wiki.gnome.org/Projects/GTK%2B/OSX/Building](https://wiki.gnome.org/Projects/GTK%2B/OSX/Building), but keep reading this file if you encounter any error... + +If you had any error, just type the following command to delete jhbuild, + + $ rm -rf ~/bin/jhbuild ~/.local/bin/jhbuild ~/.local/share/jhbuild ~/.cache/jhbuild ~/.config/jhbuildrc ~/.jhbuildrc ~/.jhbuildrc-custom ~/jhbuild + +And we'll start over together: + +1. First, simply download the following script in your _$HOME_ directory and launch it ([https://git.gnome.org/browse/gtk-osx/plain/gtk-osx-build-setup.sh](https://git.gnome.org/browse/gtk-osx/plain/gtk-osx-build-setup.sh)): + + ~~~~ + $ sh gtk-osx-build-setup.sh + ~~~~ + + And add it to your _$PATH_, so you can run jhbuild without the absolute path: + + ~~~~ + $ export PATH=$HOME/.local/bin:$PATH + ~~~~ + +2. In `~/.jhbuildrc-custom`, make sure that this line is setup properly: + + ~~~~ + setup_sdk(target=_target, sdk_version="native", architectures=["x86_64"]) + ~~~~ + + for an x86_64 architecture. Latest macOS versions do not support i386. + +3. Now do, + + ~~~~ + $ jhbuild bootstrap + ~~~~ + + To install missing dependencies (with **--force** option to force rebuilding).
Go to **Observation** if errors appear... + +4. And, + + ~~~~ + $ jhbuild build meta-gtk-osx-bootstrap + $ jhbuild build meta-gtk-osx-core + ~~~~ + + Go to **Observation** if errors appear... + +
+### Observation + +If anything goes wrong now, it'll probably be a bad link on your python binary, so check that you're using the **GTK one** instead of the original mac one: + +~~~~ +$ jhbuild shell +bash$ which python +~~~~ + +If you can see _gtk_ in the path, everything is fine with Python, else do: + +~~~~ +$ jhbuild build --force python +~~~~ + +And make an alias, to use this version of Python with Jhbuild: + +~~~~ +$ alias jhbuild="PATH=gtk-prefix/bin:$PATH jhbuild" +~~~~ + +Now continue at **step 3** with the --force option at the end of each command, to reinstall everything from scratch with this new python binary. + + +## gtk-mac-bundler + +Now that Jhbuild is properly configured, we need to install **gtk-mac-bundler** in order to render the bundle file: + +~~~~ +$ git clone git://git.gnome.org/gtk-mac-bundler +$ cd gtk-mac-bundler +$ make install +~~~~ + +## How to use +#### Prerequisite: +—`openssl.modules`: + +This is a jhbuild moduleset that can be used to build/update openssl + +#### Usage: + +Now use it like this: + +~~~~ +$ jhbuild -m openssl.modules build ncrack-deps +~~~~ diff --git a/include/DomainExec/macosx/Makefile b/include/DomainExec/macosx/Makefile new file mode 100644 index 00000000..1fb4bde1 --- /dev/null +++ b/include/DomainExec/macosx/Makefile @@ -0,0 +1,147 @@ +# This makefile builds a disk image (.dmg) containing the installer for Ncrack + +NCRACK_VERSION := $(shell grep '^\#[ \t]*define[ \t]\+NCRACK_VERSION' ../ncrack.h | sed -e 's/.*"\(.*\)".*/\1/' -e 'q') +NCRACK_NUM_VERSION := $(shell grep '^\#[ \t]*define[ \t]\+NCRACK_NUM_VERSION' ../ncrack.h | sed -e 's/.*"\(.*\)".*/\1/' -e 'q') +OSX_VERSION=$(shell sw_vers -productVersion | cut -d'.' -f1,2 | tr -d ' ') +OSX_MIN_VERSION = 10.9 + +NAME_VERSION = ncrack-$(NCRACK_VERSION)$(if $(APPENDAGE),-$(APPENDAGE)) + +IMAGE_NAME = $(NAME_VERSION).dmg +PKG_NAME = $(NAME_VERSION).mpkg + +IMAGE_STAGING_DIR = $(NAME_VERSION) + +NCRACK_BUILD_DIR = ncrack-build +NCRACK_STAGING_DIR = Ncrack + +JHBUILD_PREFIX=$(HOME)/gtk/inst +export JHBUILD_PREFIX +PREFIX = /usr/local + +# Extra distribution file names +README_FILE = README.md +COPYING_FILE = COPYING +3RD_P_LIC_FILE = 3rd-party-licenses.txt +LICENSES_FILE = licenses + +EXTRA_DIST = README.md ../COPYING ../docs/3rd-party-licenses.txt ../docs/licenses + +CONFIGURE_ARGS = --prefix="$(PREFIX)" CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" + +# Flags for building universal binaries. See +# http://developer.apple.com/documentation/Porting/Conceptual/PortingUnix/compiling/chapter_4_section_3.html. +UNIVERSAL_CONFIGURE_ARGS = --disable-dependency-tracking +UNIVERSAL_CC = gcc +UNIVERSAL_CXX = g++ +# Setting ARCHFLAGS separately is required. distutils.util.get_platform +# sniffs it to determine whether to return a universal architecture +# ("fat" or "universal") or a single one ("i386" or "ppc"). py2app in +# turn uses the arch value to decide which of its bootstrappers to +# install. +UNIVERSAL_ARCHFLAGS = -arch x86_64 +UNIVERSAL_CPPFLAGS = -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX$(OSX_VERSION).sdk +UNIVERSAL_CFLAGS = $(UNIVERSAL_CPPFLAGS) -mmacosx-version-min=$(OSX_MIN_VERSION) $(UNIVERSAL_ARCHFLAGS) +UNIVERSAL_CXXFLAGS = $(UNIVERSAL_CFLAGS) -stdlib=libc++ +# https://stackoverflow.com/questions/19637164/c-linking-error-after-upgrading-to-mac-os-x-10-9-xcode-5-0-1/19637199#19637199 +UNIVERSAL_LDFLAGS = -stdlib=libc++ -Wl,-syslibroot,/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX$(OSX_VERSION).sdk -mmacosx-version-min=$(OSX_MIN_VERSION) $(UNIVERSAL_ARCHFLAGS) + +CC = $(UNIVERSAL_CC) +CXX = $(UNIVERSAL_CXX) +ARCHFLAGS += $(UNIVERSAL_ARCHFLAGS) +CONFIGURE_ARGS += $(UNIVERSAL_CONFIGURE_ARGS) +CPPFLAGS += $(UNIVERSAL_CPPFLAGS) +CFLAGS += $(UNIVERSAL_CFLAGS) +CXXFLAGS += $(UNIVERSAL_CXXFLAGS) +LDFLAGS += $(UNIVERSAL_LDFLAGS) + + +# Jhbuild static libraries +OPENSSL_STATIC = $(JHBUILD_PREFIX)/lib/libssl.a $(JHBUILD_PREFIX)/lib/libcrypto.a +LIBZ_STATIC = $(JHBUILD_PREFIX)/lib/libz.a + +# These are the positions used by the createdmg.sh and check_test.sh scripts +export ICON_SIZE=88 +export FONT_SIZE=13 +export MPKG_POS_X=110 +export MPKG_POS_Y=170 +export APPS_POS_X=110 +export APPS_POS_Y=310 +export README_POS_X=802 +export README_POS_Y=180 +export COPYING_POS_X=802 +export COPYING_POS_Y=310 +export THIRD_P_POS_X=802 +export THIRD_P_POS_Y=440 +export LICENSES_POS_X=670 +export LICENSES_POS_Y=60 + +$(IMAGE_NAME): tool-checks $(IMAGE_STAGING_DIR)/$(PKG_NAME) + rm -f $@ + # Create the dmg disk image and convert it to read only disk + ./createdmg.sh $(IMAGE_STAGING_DIR) $(README_FILE) $(COPYING_FILE) $(3RD_P_LIC_FILE) $(LICENSES_FILE) + # Check the created disk image for the sizes, backgrounds and icons presence and positions + ./check_test.sh $(README_FILE) $(COPYING_FILE) $(3RD_P_LIC_FILE) $(LICENSES_FILE) + +tool-checks: have-$(CC) have-jhbuild have-gtk-mac-bundler + +have-%: + which $* + +$(IMAGE_STAGING_DIR)/$(PKG_NAME): check-ncrack COPYING.formatted + mkdir -p $(IMAGE_STAGING_DIR) + cp -rf $(EXTRA_DIST) $(IMAGE_STAGING_DIR)/ + # Create packages (.pkg) for all the components to install in the installer (.mpkg) + pkgbuild --root $(NCRACK_STAGING_DIR) --identifier org.insecure.nmap --version $(NCRACK_VERSION) --install-location / ncrack.pkg + + # Produce a .xml with packages information + productbuild --synthesize \ + --package 'ncrack.pkg' \ + distribution.xml + + # Make a new file and add background and title attributes + head -n 2 distribution.xml > finalDist.xml + echo " Ncrack $(NCRACK_VERSION)" >> finalDist.xml + # This line is for adding a background image to the .mpkg + echo " " >> finalDist.xml + tail -n +3 distribution.xml >> finalDist.xml + + # Build the .mpkg according to the final .xml file (and so all the .pkg) + productbuild --distribution finalDist.xml --resources . --package-path . $(NAME_VERSION).mpkg + + mv $(NAME_VERSION).mpkg $(NAME_VERSION)/$(NAME_VERSION).mpkg + rm -rf distribution.xml finalDist.xml ncrack.pkg + +check-%: stage-% + #if (find $* -perm -a+x -type f | xargs otool -L | grep -F "$(JHBUILD_PREFIX)"); then false; else echo "Libs are clean"; fi + +export-%: + rm -rf $* +# Using @BASE discards local changes. + mkdir ncrack-build + cd .. && git archive master | tar -x -C macosx/ncrack-build + +stage-ncrack: export-$(NCRACK_BUILD_DIR) + cd $(NCRACK_BUILD_DIR) && ./configure --with-openssl="$(JHBUILD_PREFIX)" --with-libz="$(JHBUILD_PREFIX)" $(CONFIGURE_ARGS) + # LIB* is libssh2's name for *_LIBS + make -C $(NCRACK_BUILD_DIR) OPENSSL_LIBS="$(OPENSSL_STATIC)" LIBSSL="$(OPENSSL_STATIC)" ZLIB_LIBS="$(LIBZ_STATIC)" LIBZ="$(LIBZ_STATIC)" + rm -rf $(NCRACK_STAGING_DIR) + make -C $(NCRACK_BUILD_DIR) install DESTDIR="`pwd`/$(NCRACK_STAGING_DIR)" OPENSSL_LIBS="$(OPENSSL_STATIC)" ZLIB_LIBS="$(LIBZ_STATIC)" + + +# make-bundle.sh uses these to build its authorization wrapper. +export CC ARCHFLAGS CPPFLAGS CFLAGS CXXFLAGS LDFLAGS + + +COPYING.formatted: +# Use the license formatter from the Windows installer. + ../mswin32/license-format/licformat.sh ../COPYING > $@ + +clean: + rm -rf $(IMAGE_STAGING_DIR) + rm -rf $(NCRACK_BUILD_DIR) + rm -rf $(NCRACK_STAGING_DIR) + rm -f COPYING.formatted + rm -f $(IMAGE_NAME) + +.PHONY: clean export-% stage-% diff --git a/include/DomainExec/macosx/README.md b/include/DomainExec/macosx/README.md new file mode 100644 index 00000000..52cce8e2 --- /dev/null +++ b/include/DomainExec/macosx/README.md @@ -0,0 +1,54 @@ +# Table of Contents +--- + + * [Introduction](#intro) + * [Requirements](#requ) + * [Installation](#install) + * [Files in this directory](#files) + * [Repositories and Troubleshooting](#repo) + +## Introduction + + * **Ncrack** is a free and open source network authentication cracking tool. + +This package contains Ncrack. It is intended to work on Intel Macs running **Mac OS X 10.8 or later**. + +The ncrack command-line binaries will be installed in `/usr/local/bin`, and additional support files will be installed in `/usr/local/share`. + + +## Requirements + +In order to compile, build and run Ncrack on Mac OS, you will requiere the followings: + +1. **Jhbuild** for bundling and dependencies (see the [BUNDLING file](../BUNDLING.md)) +2. **Xcode** for Mac OS 10.8 or later ([https://developer.apple.com/xcode](https://developer.apple.com/xcode/)) +3. **Xcode Command-line Tools** for Mac OS 10.8 or later ([https://developer.apple.com/downloads](https://developer.apple.com/downloads/) — then download the latest version compatible with your OS version) + +## Installation + +Ideally, you should be able to just type: + + ./configure + make + make install + +from `ncrack/` directory (the root folder). + + +## Files in this directory + +* [openssl.modules](openssl.modules): This is a Jhbuild moduleset that can be used to build dependencies (openssl) as required for building Ncrack. Use it like this: + + ~~~~ + $ jhbuild -m openssl.modules build ncrack-deps + ~~~~ + +* [Makefile](Makefile): The Mac OS X Makefile used to build everything specific to this OS. +* [BUNDLING.md](BUNDLING.md): A manual on how to setup and use Jhbuild on Mac OS X. + + + +## Repositories and Troubleshooting + +Ncrack uses a read-only repository on **Github** for issues tracking and pull requests. You can contribute at the following address: [https://github.com/nmap/ncrack](https://github.com/nmap/ncrack). + diff --git a/include/DomainExec/macosx/check_test.sh b/include/DomainExec/macosx/check_test.sh new file mode 100644 index 00000000..3091a652 --- /dev/null +++ b/include/DomainExec/macosx/check_test.sh @@ -0,0 +1,124 @@ +#!/bin/sh + +export version=$(grep '^\#[ \t]*define[ \t]\+NCRACK_VERSION' ../ncrack.h | sed -e 's/.*"\(.*\)".*/\1/' -e 'q') +export title="ncrack-${version}" +export disk="/Volumes/${title}" +export backgroundPictureName="ncrack.png" +export finalDMGName="${title}.dmg" +export applicationName="${title}.mpkg" +RES="True" +NB_FILES=7 + +hdiutil attach ${finalDMGName} + +# Try to list files in the Volume, if we can't, its because its not ready yet +# so we should sleep while its mounted before trying to check if everything is ok +stop=false +while [ "$stop" = false ]; do + test=`ls -l /Volumes/${title}/ | wc -l` + if [ "$test" -eq $NB_FILES ]; then + stop=true + fi + sleep 1 +done + +echo "\nDisk: ${disk}" +echo "Checking positions...\n" + +export MPKG=`echo ' + tell application "Finder" + set f to POSIX file "'${disk}'/'${applicationName}'" as alias + get properties of f + end tell +' | osascript | grep -o 'position:[0-9]*, [0-9]*' | awk -F':' '{ print $2 }'` + +export README=`echo ' + tell application "Finder" + set f to POSIX file "'${disk}'/'$1'" as alias + get properties of f + end tell +' | osascript | grep -o 'position:[0-9]*, [0-9]*' | awk -F':' '{ print $2 }'` + +export COPYING=`echo ' + tell application "Finder" + set f to POSIX file "'${disk}'/'$2'" as alias + get properties of f + end tell +' | osascript | grep -o 'position:[0-9]*, [0-9]*' | awk -F':' '{ print $2 }'` + +export LICENSES_3RD=`echo ' + tell application "Finder" + set f to POSIX file "'${disk}'/'$3'" as alias + get properties of f + end tell +' | osascript | grep -o 'position:[0-9]*, [0-9]*' | awk -F':' '{ print $2 }'` + +export LICENSES=`echo ' + tell application "Finder" + set f to POSIX file "'${disk}'/'$4'" as alias + get properties of f + end tell +' | osascript | grep -o 'position:[0-9]*, [0-9]*' | awk -F':' '{ print $2 }'` + +if [ "$MPKG" = "$MPKG_POS_X, $MPKG_POS_Y" ]; then + echo "${applicationName}: OK" +else + echo "${applicationName}: Wrong" + RES="False" +fi; + +if [ "$README" = "$README_POS_X, $README_POS_Y" ]; then + echo "README.md: OK" +else + echo "README.md: Wrong" + RES="False" +fi; + +if [ "$COPYING" = "$COPYING_POS_X, $COPYING_POS_Y" ]; then + echo "COPYING: OK" +else + echo "COPYING: Wrong" + RES="False" +fi; + +if [ "$LICENSES_3RD" = "$THIRD_P_POS_X, $THIRD_P_POS_Y" ]; then + echo "3rd-party-licenses.txt: OK" +else + echo "3rd-party-licenses.txt: Wrong" + RES="False" +fi; + +if [ "$LICENSES" = "$LICENSES_POS_X, $LICENSES_POS_Y" ]; then + echo "licenses: OK" +else + echo "licenses: Wrong" + RES="False" +fi; + +export BG=`echo ' + tell application "Finder" + set f to POSIX file "'${disk}'/.background/'${backgroundPictureName}'" as alias + if exists file f then + return true + else + return false + end if + end tell +' | osascript` + +if [ "$BG" = "true" ]; then + echo "\nBackground exists: Yes\n" +else + echo "\nBackground exists: No\n" + RES="False" +fi; + +hdiutil detach ${disk} + +if [ "$RES" = "True" ]; then + echo "\nTest passed?: Yes\n" + exit 0 +else + echo "\nTest passed?: No\nThere are some errors that should be corrected\n" + exit 1 +fi; diff --git a/include/DomainExec/macosx/createdmg.sh b/include/DomainExec/macosx/createdmg.sh new file mode 100644 index 00000000..126163b7 --- /dev/null +++ b/include/DomainExec/macosx/createdmg.sh @@ -0,0 +1,75 @@ +#!/bin/sh + +export source=$1 +export version=$(grep '^\#[ \t]*define[ \t]\+NCRACK_VERSION' ../ncrack.h | sed -e 's/.*"\(.*\)".*/\1/' -e 'q') +export title="ncrack-${version}" +export size=50000 +export backgroundPictureName="ncrack.png" +export finalDMGName="${title}.dmg" +export applicationName="${title}.mpkg" +NB_FILES=7 + +rm -rf ${source}/.background/${backgroundPictureName} +rm -rf ${source}/.background/ +rm -rf pack.temp.dmg +rm -rf ${title}.dmg +rm -rf ${source}/Applications + +# Copy the background image to the background of the image disk +mkdir ${source}/.background/ +cp ${backgroundPictureName} ${source}/.background/ +ln -s /Applications ${source}/ + +# Ensure that we have no virtual disk currently mounted +hdiutil detach /Volumes/${title}/ 2> /dev/null + +hdiutil create -srcfolder "${source}" -volname "${title}" -fs HFS+ -fsargs "-c c=64,a=16,e=16" -ov -format UDRW -size ${size}k pack.temp.dmg + +# Mount the disk image and store the device name +export device=$(hdiutil attach -readwrite -noverify -noautoopen "pack.temp.dmg" | egrep '^/dev/' | sed 1q | awk '{print $1}') + +# Try to list files in the Volume, if we can't, its because its not ready yet +# so we should sleep while its mounted before trying to design it with Applescript +stop=false +while [ "$stop" = false ]; do + test=`ls -l /Volumes/${title}/ | wc -l` + if [ "$test" -eq $NB_FILES ]; then + stop=true + fi + sleep 1 +done + +# Applescript: design the virtual disk image we just mounted +# This will fail if there is not a graphical login +echo ' + tell application "Finder" + tell disk "'${title}'" + open + + set current view of container window to icon view + set toolbar visible of container window to false + set statusbar visible of container window to false + set the bounds of container window to {100, 100, 1000, 660} + set theViewOptions to the icon view options of container window + set icon size of theViewOptions to '${ICON_SIZE}' + set text size of theViewOptions to '${FONT_SIZE}' + set arrangement of theViewOptions to not arranged + set background picture of theViewOptions to file ".background:'${backgroundPictureName}'" + + set position of item "'${applicationName}'" of container window to {'${MPKG_POS_X}', '${MPKG_POS_Y}'} + set position of item "Applications" of container window to {'${APPS_POS_X}', '${APPS_POS_Y}'} + set position of item "'$2'" of container window to {'${README_POS_X}', '${README_POS_Y}'} + set position of item "'$3'" of container window to {'${COPYING_POS_X}', '${COPYING_POS_Y}'} + set position of item "'$4'" of container window to {'${THIRD_P_POS_X}', '${THIRD_P_POS_Y}'} + set position of item "'$5'" of container window to {'${LICENSES_POS_X}', '${LICENSES_POS_Y}'} + + update without registering applications + + close + end tell + end tell +' | osascript + +hdiutil detach ${device} +hdiutil convert "pack.temp.dmg" -format UDZO -imagekey zlib-level=9 -o "${finalDMGName}" +rm -f pack.temp.dmg diff --git a/include/DomainExec/macosx/ncrack.pmdoc/01ncrack-contents.xml b/include/DomainExec/macosx/ncrack.pmdoc/01ncrack-contents.xml new file mode 100644 index 00000000..057be1c6 --- /dev/null +++ b/include/DomainExec/macosx/ncrack.pmdoc/01ncrack-contents.xml @@ -0,0 +1,3 @@ + + + diff --git a/include/DomainExec/macosx/ncrack.pmdoc/01ncrack.xml b/include/DomainExec/macosx/ncrack.pmdoc/01ncrack.xml new file mode 100644 index 00000000..ecc63901 --- /dev/null +++ b/include/DomainExec/macosx/ncrack.pmdoc/01ncrack.xml @@ -0,0 +1,25 @@ + + + org.insecure.ncrack.Ncrack.pkg + 1 + + + + Ncrack + / + + + + + parent + installFrom.isRelativeType + + + 01ncrack-contents.xml + /CVS$ + /\.svn$ + /\.cvsignore$ + /\.cvspass$ + /\.DS_Store$ + + diff --git a/include/DomainExec/macosx/ncrack.pmdoc/index.xml b/include/DomainExec/macosx/ncrack.pmdoc/index.xml new file mode 100644 index 00000000..7a91abe1 --- /dev/null +++ b/include/DomainExec/macosx/ncrack.pmdoc/index.xml @@ -0,0 +1,32 @@ + + + Ncrack + org.insecure + + + + + + + + + + + + + + + + README + COPYING.formatted + + + + 01ncrack.xml + properties.customizeOption + properties.title + properties.anywhereDomain + properties.systemDomain + diff --git a/include/DomainExec/macosx/ncrack.png b/include/DomainExec/macosx/ncrack.png new file mode 100644 index 00000000..e90c677c Binary files /dev/null and b/include/DomainExec/macosx/ncrack.png differ diff --git a/include/DomainExec/macosx/openssl.modules b/include/DomainExec/macosx/openssl.modules new file mode 100644 index 00000000..028a9eaf --- /dev/null +++ b/include/DomainExec/macosx/openssl.modules @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/include/DomainExec/macosx/pkg_bg.jpg b/include/DomainExec/macosx/pkg_bg.jpg new file mode 100644 index 00000000..86043507 Binary files /dev/null and b/include/DomainExec/macosx/pkg_bg.jpg differ diff --git a/include/DomainExec/modules/Makefile.in b/include/DomainExec/modules/Makefile.in new file mode 100644 index 00000000..e64acbb7 --- /dev/null +++ b/include/DomainExec/modules/Makefile.in @@ -0,0 +1,22 @@ +CC = @CC@ +CXX = @CXX@ + +SRCS = @MODULES_SRCS@ +OBJS = @MODULES_OBJS@ + +include_dirs := .. ../nsock/include ../nbase ../opensshlib +CPPFLAGS += $(addprefix -I,$(include_dirs)) -DHAVE_CONFIG_H +CXXFLAGS = @CXXFLAGS@ -Wno-attributes + +vpath %.h $(include_dirs) + + +all: $(OBJS) + +.cc.o : + $(CXX) -c $(CPPFLAGS) $(CXXFLAGS) $< -o $@ + +clean : + rm -f $(OBJS) + + diff --git a/include/DomainExec/modules/modules.h b/include/DomainExec/modules/modules.h new file mode 100644 index 00000000..56e9b059 --- /dev/null +++ b/include/DomainExec/modules/modules.h @@ -0,0 +1,164 @@ + +/*************************************************************************** + * modules.h -- header file containing declarations for every module's * + * main handler. To add more protocols to Ncrack, always write the * + * corresponding module's main function's declaration here. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#ifndef MODULES_H +#define MODULES_H 1 + +#include "nsock.h" + +void ncrack_ftp(nsock_pool nsp, Connection *con); +void ncrack_telnet(nsock_pool nsp, Connection *con); +void ncrack_ssh(nsock_pool nsp, Connection *con); +void ncrack_http(nsock_pool nsp, Connection *con); +void ncrack_pop3(nsock_pool nsp, Connection *con); +void ncrack_imap(nsock_pool nsp, Connection *con); +void ncrack_smb(nsock_pool nsp, Connection *con); +void ncrack_smb2(nsock_pool nsp, Connection *con); +void ncrack_rdp(nsock_pool nsp, Connection *con); +void ncrack_vnc(nsock_pool nsp, Connection *con); +void ncrack_sip(nsock_pool nsp, Connection *con); +void ncrack_redis(nsock_pool nsp, Connection *con); +void ncrack_psql(nsock_pool nsp, Connection *con); +void ncrack_mysql(nsock_pool nsp, Connection *con); +void ncrack_winrm(nsock_pool nsp, Connection *con); +void ncrack_owa(nsock_pool nsp, Connection *con); +void ncrack_cassandra(nsock_pool nsp, Connection *con); +void ncrack_mssql(nsock_pool nsp, Connection *con); +void ncrack_mongodb(nsock_pool nsp, Connection *con); +void ncrack_cvs(nsock_pool nsp, Connection *con); +void ncrack_wordpress(nsock_pool nsp, Connection *con); +void ncrack_joomla(nsock_pool nsp, Connection *con); +void ncrack_dicom(nsock_pool nsp, Connection *con); +void ncrack_mqtt(nsock_pool nsp, Connection *con); +void ncrack_webform(nsock_pool nsp, Connection *con); +void ncrack_couchbase(nsock_pool nsp, Connection *con); + +#endif diff --git a/include/DomainExec/modules/ncrack_cassandra.cc b/include/DomainExec/modules/ncrack_cassandra.cc new file mode 100644 index 00000000..8f0f34c3 --- /dev/null +++ b/include/DomainExec/modules/ncrack_cassandra.cc @@ -0,0 +1,314 @@ +/*************************************************************************** + * ncrack_cassandra.cc -- ncrack module for the Cassandra DBMS Service * + * Created by Barrend * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" + +#define CASS_TIMEOUT 20000 //here + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +static int cass_loop_read(nsock_pool nsp, Connection *con); +static void cass_encode_CALL(Connection *con); +static void cass_encode_data(Connection *con); + + +enum states { CASS_INIT, CASS_USER }; + +struct cass_CALL { + + uint8_t len[4]; + uint16_t version[1]; + uint8_t zero; + uint8_t call_id; + uint8_t length[4]; + uint16_t sequence_id[2]; +}; + +struct cass_data { + + uint8_t t_struct; + u_char field_id[2]; + uint8_t t_stop; + struct { + uint8_t t_map; + u_char field_id[2]; + uint8_t t_stop; + struct { + uint8_t t_utf7; + uint8_t nomitems[4]; + uint8_t length1[4]; + u_char string1[8]; + uint8_t length2[4]; + uint8_t length3[4]; + u_char string3[8]; + uint8_t length4[4]; + } map; + } Struct; +}; + + +static int +cass_loop_read(nsock_pool nsp, Connection *con) +{ + if ((con->inbuf == NULL) || (con->inbuf->get_len()<22)) { + nsock_read(nsp, con->niod, ncrack_read_handler, CASS_TIMEOUT, con); + return -1; + } + return 0; +} + + +static void +cass_encode_CALL(Connection *con) { + cass_CALL call; + call.len[0] = 0; + call.len[1] = 0; + call.len[2] = 0; + call.len[3] = 63 + strlen(con->user) + strlen(con->pass);//total length of the packet + con->outbuf->append(&call.len, sizeof(call.len)); + call.version[0] = 0x0180; //2byte + con->outbuf->append(&call.version, sizeof(call.version)); + call.zero = 0; + con->outbuf->append(&call.zero, sizeof(call.zero)); + call.call_id = 1; + con->outbuf->append(&call.call_id, sizeof(call.call_id)); + call.length[0] = 0; + call.length[1] = 0; + call.length[2] = 0; + call.length[3] = 5; + con->outbuf->append(&call.length, sizeof(call.length)); + con->outbuf->snprintf(5, "login"); + call.sequence_id[0] = 0; + call.sequence_id[1] = 0; + //call.sequence_id[2] = 0; + //call.sequence_id[3] = 0; + con->outbuf->append(&call.sequence_id, sizeof(call.sequence_id)); +} + +static void +cass_encode_data(Connection *con) { + cass_data data; + + data.t_struct = 12; //T_STRUCT (12)=1byte + con->outbuf->append(&data.t_struct, sizeof(data.t_struct)); + data.field_id[0] = 0; + data.field_id[1] = 1; // Field Id: 1 =2byte + con->outbuf->append(&data.field_id, sizeof(data.field_id)); + data.Struct.t_map = 13; // T_MAP (13) =1byte + con->outbuf->append(&data.Struct.t_map, sizeof(data.Struct.t_map)); + data.Struct.field_id[0] = 0; + data.Struct.field_id[1] = 1; + con->outbuf->append(&data.Struct.field_id, sizeof(data.Struct.field_id)); + data.Struct.map.t_utf7 = 11; + con->outbuf->append(&data.Struct.map.t_utf7, sizeof(data.Struct.map.t_utf7)); con->outbuf->append(&data.Struct.map.t_utf7, sizeof(data.Struct.map.t_utf7)); + data.Struct.map.nomitems[0] = 0; + data.Struct.map.nomitems[1] = 0; + data.Struct.map.nomitems[2] = 0; + data.Struct.map.nomitems[3] = 2; + con->outbuf->append(&data.Struct.map.nomitems, sizeof(data.Struct.map.nomitems)); + data.Struct.map.length1[0] = 0; //4byte + data.Struct.map.length1[1] = 0; + data.Struct.map.length1[2] = 0; + data.Struct.map.length1[3] = strlen("username"); + con->outbuf->append(&data.Struct.map.length1, sizeof(data.Struct.map.length1)); + memcpy((char * )&data.Struct.map.string1[0], "username", 8); + con->outbuf->append(&data.Struct.map.string1, sizeof(data.Struct.map.string1)); + data.Struct.map.length2[0] = 0; + data.Struct.map.length2[1] = 0; + data.Struct.map.length2[2] = 0; + data.Struct.map.length2[3] = strlen(con->user); + con->outbuf->append(&data.Struct.map.length2, sizeof(data.Struct.map.length2)); + con->outbuf->snprintf(strlen(con->user), "%s", con->user); + + data.Struct.map.length3[0] = 0; //4byte + data.Struct.map.length3[1] = 0; + data.Struct.map.length3[2] = 0; + data.Struct.map.length3[3] = strlen("password"); + con->outbuf->append(&data.Struct.map.length3, sizeof(data.Struct.map.length3)); + memcpy((char * )&data.Struct.map.string3[0], "password", 8); + con->outbuf->append(&data.Struct.map.string3, sizeof(data.Struct.map.string3)); + data.Struct.map.length4[0] = 0; //4byte + data.Struct.map.length4[1] = 0; //4byte + data.Struct.map.length4[2] = 0; //4byte + data.Struct.map.length4[3] = strlen(con->pass); //4byte + con->outbuf->append(&data.Struct.map.length4, sizeof(data.Struct.map.length4)); + con->outbuf->snprintf(strlen(con->pass), "%s", con->pass); + data.Struct.t_stop = 0; //2->1byte + con->outbuf->append(&data.Struct.t_stop, sizeof(data.Struct.t_stop)); + data.t_stop = 0; + con->outbuf->append(&data.t_stop, sizeof(data.t_stop)); + +} + +void +ncrack_cassandra(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + + switch(con->state) + { + case CASS_INIT: + + con->state = CASS_USER; + delete con->inbuf; + con->inbuf = NULL; + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + cass_encode_CALL(con); + cass_encode_data(con); + nsock_write(nsp, nsi, ncrack_write_handler, CASS_TIMEOUT, con, (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case CASS_USER: + if (cass_loop_read(nsp,con) < 0){ + break; + } + //The difference of the successful and failed authentication resides on the 22th byte of the reply packet + const char *p = (const char *)con->inbuf->get_dataptr(); + if (p[21] == '\x0c')//find the 22th byte and compare it to 0c + ;//printf("%x", p[21]); + else if (p[21] == '\x00')//find the 22th byte and compare it to 00 + con->auth_success = true; + con->state = CASS_INIT; + + return ncrack_module_end(nsp, con); + } +} + diff --git a/include/DomainExec/modules/ncrack_couchbase.cc b/include/DomainExec/modules/ncrack_couchbase.cc new file mode 100644 index 00000000..048734ec --- /dev/null +++ b/include/DomainExec/modules/ncrack_couchbase.cc @@ -0,0 +1,246 @@ +/*************************************************************************** + * ncrack_couchbase.cc -- ncrack module for the Couchbase * + * * + * 09. 07. 2020 by Angel * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" + + +#include +#include +#define SIZE 1000 + +#define COUCHBASE_TIMEOUT 20000 + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); +static int couchbase_loop_read(nsock_pool nsp, Connection *con); + + +enum states { COUCHBASE_INIT, COUCHBASE_USER }; + + +static int couchbase_loop_read(nsock_pool nsp, Connection *con) +{ + + if (con->inbuf == NULL) { + + nsock_read(nsp, con->niod, ncrack_read_handler, COUCHBASE_TIMEOUT, con); + return -1; + } + + + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\r\n",con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, COUCHBASE_TIMEOUT, con); + return -1; + } + + return 0; + +} + + + +void +ncrack_couchbase(nsock_pool nsp, Connection *con) +{ + + Service *serv = con->service; + nsock_iod nsi = con->niod; + + char *tmp; + char *b64; + size_t tmplen; + + + switch(con->state) + { + case COUCHBASE_INIT: + + + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + con->outbuf->append("GET ", 4); + con->outbuf->append("/pools HTTP/1.1\r\nHost: ", strlen("/pools HTTP/1.1\r\nHost: ")); + con->outbuf->append(serv->target->NameIP(), strlen(serv->target->NameIP())); + con->outbuf->append(":8091\r\n",strlen(":8091\r\n")); + con->outbuf->append("User-Agent: couchbase-cli 6.5.1-6299\r\n",strlen("User-Agent: couchbase-cli 6.5.1-6299\r\n")); + con->outbuf->append("Accept-Encoding: gzip, deflate\r\n",strlen("Accept-Encoding: gzip, deflate\r\n")); + con->outbuf->append("Accept: */*\r\n", strlen("Accept: */*\r\n")); + con->outbuf->append("Connection: keep-alive\r\n", strlen("Connection: keep-alive\r\n")); + con->outbuf->append("Authorization: Basic ", strlen("Authorization: Basic ")); + + tmplen = strlen(con->user) + strlen(con->pass) + 1; + tmp = (char *)safe_malloc(tmplen + 1); + sprintf(tmp, "%s:%s", con->user, con->pass); + + b64 = (char *)safe_malloc(BASE64_LENGTH(tmplen) + 1); + base64_encode(tmp, tmplen, b64); + + con->outbuf->append(b64, strlen(b64)); + free(b64); + free(tmp); + con->outbuf->append("\r\n\r\n", sizeof("\r\n\r\n")-1); + + nsock_write(nsp, nsi, ncrack_write_handler, COUCHBASE_TIMEOUT, con, (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + con->state = COUCHBASE_USER; + break; + + + case COUCHBASE_USER: + + if (couchbase_loop_read(nsp,con) < 0) + break; + + con->state = COUCHBASE_INIT; + + /* If we get a "200 OK" HTTP response, + * then it means our credentials were correct. + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), + "200 OK", con->inbuf->get_len()) ) { + con->auth_success = true; + } + + delete con->inbuf; /* empty the inbuf */ + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + + } +} diff --git a/include/DomainExec/modules/ncrack_cvs.cc b/include/DomainExec/modules/ncrack_cvs.cc new file mode 100644 index 00000000..fb01ed00 --- /dev/null +++ b/include/DomainExec/modules/ncrack_cvs.cc @@ -0,0 +1,204 @@ +/*************************************************************************** + * ncrack_cvs.cc -- ncrack module for CVS * + * Created by Barrend * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" + +#define CVS_TIMEOUT 20000 //here + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +static int cvs_loop_read(nsock_pool nsp, Connection *con); + +enum states { CVS_INIT, CVS_USER }; + +static char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62}; + +static int +cvs_loop_read(nsock_pool nsp, Connection *con) +{ + if ((con->inbuf == NULL) || !memsearch((const char *)con->inbuf->get_dataptr(), "\n", con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, CVS_TIMEOUT, con); + return -1; + } + + return 0; +} + +void +ncrack_cvs(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + char encoded_pass[512]; + size_t i = 0; + + switch(con->state) + { + case CVS_INIT: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + memset(encoded_pass, 0, sizeof(encoded_pass)); + strncpy(encoded_pass, con->pass, sizeof(encoded_pass) - 1); + + for (i = 0; i < strlen(con->pass); i++) { + encoded_pass[i] = key[encoded_pass[i] - 0x20]; + } + + con->state = CVS_USER; + con->outbuf->snprintf(69 + strlen(con->user) + strlen(encoded_pass), + "BEGIN VERIFICATION REQUEST\n/home/cvsroot\n%s\nA%s\nEND VERIFICATION REQUEST\n", + con->user, encoded_pass); + nsock_write(nsp, nsi, ncrack_write_handler, CVS_TIMEOUT, con, (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case CVS_USER: + + if (cvs_loop_read(nsp,con) < 0){ + break; + } + + if (memsearch((const char *)con->inbuf->get_dataptr(),"I LOVE YOU\n", con->inbuf->get_len())) + con->auth_success = true; + + con->state = CVS_INIT; + + return ncrack_module_end(nsp, con); + } +} + diff --git a/include/DomainExec/modules/ncrack_dicom.cc b/include/DomainExec/modules/ncrack_dicom.cc new file mode 100644 index 00000000..60fbd58b --- /dev/null +++ b/include/DomainExec/modules/ncrack_dicom.cc @@ -0,0 +1,428 @@ + +/*************************************************************************** + * ncrack_dicom.cc -- ncrack module for the DICOM protocol * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" + +#define DICOM_TIMEOUT 20000 + + +#define DICOM_APP "1.2.840.10008.3.1.1.1" +#define DICOM_ABS "1.2.840.10008.5.1.4.1.1.7" +#define DICOM_TRX_EXP_L "1.2.840.10008.1.2.1" +#define DICOM_TRX_IMP_L "1.2.840.10008.1.2" +#define DICOM_TRX_EXP_B "1.2.840.10008.1.2.2" +#define DICOM_UID "1.2.826.0.1.3680043.2.1545.1" +#define DICOM_IMPL "Ncrack" + +#define DICOM_ERROR "Received bogus pdu type" + +typedef struct dicom_assoc { + + struct assoc_request { + + struct app_ctx { + uint16_t item_type; // 0x10 = app context + uint16_t item_length; + u_char ctx[21]; + + app_ctx() { + item_type = 0x10; + item_length = le_to_be16(21); + memcpy(ctx, DICOM_APP, sizeof(ctx)); + } + } __attribute__((__packed__)); + + struct pres_context { + + struct abstract_syntax { + uint16_t item_type; // 0x30 = abstract + uint16_t item_length; + u_char abs_syntax[25]; + + abstract_syntax() { + item_type = 0x30; + item_length = le_to_be16(25); + memcpy(abs_syntax, DICOM_ABS, sizeof(abs_syntax)); + } + } __attribute__((__packed__)); + +#if 0 + struct transfer_syntax_explicit_l { + uint16_t item_type; // 0x40 = transfer + uint16_t item_length; + u_char trx_syntax[19]; // explicit vr little endian + + transfer_syntax_explicit_l() { + item_type = 0x40; + item_length = le_to_be16(19); + memcpy(trx_syntax, DICOM_TRX_EXP_L, sizeof(trx_syntax)); + } + } __attribute__((__packed__)); + + struct transfer_syntax_explicit_b { + uint16_t item_type; // 0x40 = transfer + uint16_t item_length; + u_char trx_syntax[19]; // explicit vr big endian + + transfer_syntax_explicit_b() { + item_type = 0x40; + item_length = le_to_be16(19); + memcpy(trx_syntax, DICOM_TRX_EXP_B, sizeof(trx_syntax)); + } + } __attribute__((__packed__)); +#endif + + struct transfer_syntax_implicit_l { + uint16_t item_type; // 0x40 = transfer + uint16_t item_length; + u_char trx_syntax[17]; // implicit vr little endian + + transfer_syntax_implicit_l() { + item_type = 0x40; + item_length = le_to_be16(17); + memcpy(trx_syntax, DICOM_TRX_IMP_L, sizeof(trx_syntax)); + } + } __attribute__((__packed__)); + + + pres_context() { + item_type = 0x20; + item_length = le_to_be16(54); + context_id = 0x01; + } + + uint16_t item_type; // 0x20 = presentation + uint16_t item_length; + uint8_t context_id; + u_char pad0[3] = { 0x00, 0x00, 0x00 }; + abstract_syntax abs; + //transfer_syntax_explicit_l trx_el; + transfer_syntax_implicit_l trx_il; + //transfer_syntax_explicit_b trx_eb; + } __attribute__((__packed__)); + + struct user_info { + + struct max_length { + uint16_t item_type; // 0x51 = max-length + uint16_t item_length; + uint32_t max_len; + + max_length() { + item_type = 0x51; + item_length = le_to_be16(4); + max_len = le_to_be32(16384); + } + } __attribute__((__packed__)); + struct implementation_id { + uint16_t item_type; // 0x52 = class uid + uint16_t item_length; + u_char class_uid[28]; + + implementation_id() { + item_type = 0x52; + item_length = le_to_be16(28); + memcpy(class_uid, DICOM_UID, sizeof(class_uid)); + } + } __attribute__((__packed__)); + struct async_neg { + uint16_t item_type; // 0x53 = async op + uint16_t item_length; + uint16_t max_num_ops_invoked; + uint16_t max_num_ops_performed; + + async_neg() { + item_type = 0x53; + item_length = le_to_be16(4); + max_num_ops_invoked = 0; + max_num_ops_performed = 0; + } + } __attribute__((__packed__)); + struct implementation_version { + uint16_t item_type; // 0x55 = impl version + uint16_t item_length; + u_char impl_version[6]; + + implementation_version() { + item_type = 0x55; + item_length = le_to_be16(6); + memcpy(impl_version, DICOM_IMPL, sizeof(impl_version)); + } + } __attribute__((__packed__)); + + user_info() { + item_type = 0x50; + item_length = le_to_be16(50); // 26 + } + + uint16_t item_type; // 0x50 = user-info + uint16_t item_length; + max_length max; + implementation_id uid; + //async_neg async; + implementation_version impl; + + } __attribute__((__packed__)); + + assoc_request() { + version = le_to_be16(1); + } + + uint16_t version; + u_char pad[2] = { 0x00, 0x00 }; + u_char called_ae[16] = { 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 }; + u_char calling_ae[16] = { 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 }; + u_char pad0[32] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + app_ctx app; + pres_context pres; + user_info user; + } __attribute__((__packed__)); + + dicom_assoc() { + pdu_type = le_to_be16(0x100); + pdu_length = le_to_be32(205); // 231 + } + + uint16_t pdu_type; + uint32_t pdu_length; + assoc_request assoc; + +} __attribute__((__packed__)) dicom_assoc; + + + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); +static int dicom_loop_read(nsock_pool nsp, Connection *con); + +enum states { DICOM_INIT, DICOM_FINI }; + + +static int +dicom_loop_read(nsock_pool nsp, Connection *con) +{ + uint32_t *pdu_length; + + /* we need at least 6 bytes to read the whole PDU length */ + if (con->inbuf == NULL || con->inbuf->get_len() < 6) { + nsock_read(nsp, con->niod, ncrack_read_handler, DICOM_TIMEOUT, con); + return -1; + } + + pdu_length = (uint32_t *)((u_char *)con->inbuf->get_dataptr() + 2); + *pdu_length = le_to_be32(*pdu_length); + + if (o.debugging > 9) + printf("pdu length: %d\n", *pdu_length); + + /* now read until we receive all bytes mentioned in length */ + if (con->inbuf->get_len() < *pdu_length) { + nsock_read(nsp, con->niod, ncrack_read_handler, DICOM_TIMEOUT, con); + return -1; + } + + return 0; +} + + + +void +ncrack_dicom(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + Service *serv = con->service; + dicom_assoc da; + uint8_t *pdu_type; + + switch (con->state) + { + case DICOM_INIT: + + con->state = DICOM_FINI; + + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + memcpy(da.assoc.called_ae, con->user, strlen(con->user)); + memcpy(da.assoc.calling_ae, con->pass, strlen(con->pass)); + + con->outbuf->append(&da, sizeof(da)); + + nsock_write(nsp, nsi, ncrack_write_handler, DICOM_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case DICOM_FINI: + + if (dicom_loop_read(nsp, con) < 0) + break; + + pdu_type = (uint8_t *)((u_char *)con->inbuf->get_dataptr()); + if (o.debugging > 9) + printf("pdu_type: %d \n", *pdu_type); + + if (*pdu_type == 0x03) { // ASSOC REJECT + ; + } else if (*pdu_type == 0x02) { // ASSOC ACCEPT + con->auth_success = true; + con->force_close = true; + } else { + /* received weird pdu + * close connection and stop cracking + */ + con->force_close = true; + con->close_reason = MODULE_ERR; + serv->end.orly = true; + serv->end.reason = Strndup(DICOM_ERROR, sizeof(DICOM_ERROR)); + } + con->state = DICOM_INIT; + + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + } +} diff --git a/include/DomainExec/modules/ncrack_ftp.cc b/include/DomainExec/modules/ncrack_ftp.cc new file mode 100644 index 00000000..40c8ad62 --- /dev/null +++ b/include/DomainExec/modules/ncrack_ftp.cc @@ -0,0 +1,314 @@ + +/*************************************************************************** + * ncrack_ftp.cc -- ncrack module for the FTP protocol * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" + +#define FTP_TIMEOUT 20000 +#define FTP_DIGITS 3 + + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); +static int ftp_loop_read(nsock_pool nsp, Connection *con, char *ftp_code_ret); + +enum states { FTP_INIT, FTP_USER, FTP_FINI }; + + +static int +ftp_loop_read(nsock_pool nsp, Connection *con, char *ftp_code_ret) +{ + int i; + int ftp_dig[FTP_DIGITS]; + char ftp_code[FTP_DIGITS + 2]; /* 3 digits + space + '\0' */ + char dig[2]; /* temporary digit string */ + char *p; + + if (con->inbuf == NULL || con->inbuf->get_len() < FTP_DIGITS + 1) { + nsock_read(nsp, con->niod, ncrack_read_handler, FTP_TIMEOUT, con); + return -1; + } + + /* Make sure first 3 (FTP_DIGITS) bytes of each line are digits */ + p = (char *)con->inbuf->get_dataptr(); + dig[1] = '\0'; + for (i = 0; i < FTP_DIGITS; i++) { + dig[0] = *p++; + ftp_dig[i] = (int)Strtoul(dig, 0); + if (errno) { /* It wasn't a number! */ + return -2; /* Oops, malformed FTP packet */ + } + } + + /* + * http://www.faqs.org/rfcs/rfc959.html + * Thus the format for multi-line replies is that the first line + * will begin with the exact required reply code, followed + * immediately by a Hyphen, "-" (also known as Minus), followed by + * text. The last line will begin with the same code, followed + * immediately by Space , optionally some text, and the Telnet + * end-of-line code. + * + * For example: + * 123-First line + * Second line + * 234 A line beginning with numbers + * 123 The last line + */ + + /* Convert digits to string code for parsing */ + snprintf(ftp_code, FTP_DIGITS + 1, "%d%d%d", ftp_dig[0], ftp_dig[1], + ftp_dig[2]); + ftp_code[FTP_DIGITS] = ' '; + ftp_code[FTP_DIGITS + 1] = '\0'; + + if (*p == '-') { + /* FTP message is multiple lines, so first search for the 'ftp code' to + * find the last line, according to the scheme proposed by RFC 959 */ + if (!(p = memsearch((const char *)con->inbuf->get_dataptr(), ftp_code, + con->inbuf->get_len()))) { + nsock_read(nsp, con->niod, ncrack_read_handler, FTP_TIMEOUT, con); + return -1; + } + /* Now that we found the the last line, find that line's end */ + if (!memsearch((const char *)p, "\r\n", con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, FTP_TIMEOUT, con); + return -1; + } + } else { + /* FTP message is one line only */ + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\r\n", + con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, FTP_TIMEOUT, con); + return -1; + } + } + + /* Return the ftp code to caller */ + memcpy(ftp_code_ret, ftp_code, FTP_DIGITS); + + return 0; + +} + + + +void +ncrack_ftp(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + Service *serv = con->service; + const char *hostinfo = serv->HostInfo(); + char ftp_code[FTP_DIGITS + 1]; + memset(ftp_code, 0, sizeof(ftp_code)); + + switch (con->state) + { + case FTP_INIT: + + /* Wait to read banner only at the beginning of the connection */ + if (!con->login_attempts) { + + if (ftp_loop_read(nsp, con, ftp_code) < 0) + break; + + /* ftp_loop_read already takes care so that the inbuf contains the + * 3 first ftp digit code, so you can safely traverse it that much */ + if (strncmp(ftp_code, "220", FTP_DIGITS)) { + + if (o.debugging > 6) + error("%s Not ftp or service was shutdown\n", hostinfo); + return ncrack_module_end(nsp, con); + } + } + + con->state = FTP_USER; + + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + con->outbuf->snprintf(7 + strlen(con->user), "USER %s\r\n", con->user); + + nsock_write(nsp, nsi, ncrack_write_handler, FTP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case FTP_USER: + + if (ftp_loop_read(nsp, con, ftp_code) < 0) + break; + + if (!strncmp(ftp_code, "331", FTP_DIGITS)) { + ; + } else { + return ncrack_module_end(nsp, con); + } + + con->state = FTP_FINI; + + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + con->outbuf->snprintf(7 + strlen(con->pass), "PASS %s\r\n", con->pass); + + nsock_write(nsp, nsi, ncrack_write_handler, FTP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case FTP_FINI: + + if (ftp_loop_read(nsp, con, ftp_code) < 0) + break; + + if (!strncmp(ftp_code, "230", FTP_DIGITS)) + con->auth_success = true; + + con->state = FTP_INIT; + + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + } + /* make sure that ncrack_module_end() is always called last or returned to + * have tail recursion or else stack space overflow might occur */ +} diff --git a/include/DomainExec/modules/ncrack_http.cc b/include/DomainExec/modules/ncrack_http.cc new file mode 100644 index 00000000..d038d8f4 --- /dev/null +++ b/include/DomainExec/modules/ncrack_http.cc @@ -0,0 +1,741 @@ + +/*************************************************************************** + * ncrack_http.cc -- ncrack module for the HTTP protocol * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include "http.h" +#include + +#include +using namespace std; +bool http_map_initialized = false; +map http_map; + +#define USER_AGENT "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1) Gecko/20090703 Shiretoko/3.5\r\n" +#define HTTP_LANG "Accept-Language: en-us,en;q=0.5\r\n" +#define HTTP_ENCODING "Accept-Encoding: gzip,deflate\r\n" +#define HTTP_CHARSET "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n" +#define HTTP_ACCEPT "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +#define HTTP_CACHE "Cache-Control: max-age=0, max-age=0, max-age=0, max-age=0\r\n" + +//#define USER_AGENT "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" +#define HTTP_UNKNOWN "Service might not be HTTP." +#define HTTP_NOAUTH_SCHEME "Service didn't reply with authentication scheme." +#define HTTP_TIMEOUT 10000 + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +static int http_loop_read(nsock_pool nsp, Connection *con); +static void http_basic(nsock_pool nsp, Connection *con); +#if HAVE_OPENSSL + static void http_digest(nsock_pool nsp, Connection *con); +#endif +static void http_set_error(Service *serv, const char *reply); +static char *http_decode(int http_code); + +static void http_free(Connection *con); + + +enum states { HTTP_INIT, HTTP_GET_AUTH, HTTP_BASIC_AUTH, HTTP_DIGEST_AUTH }; + +/* Basic Authentication substates */ +enum { BASIC_SEND, BASIC_RESULTS }; + +/* Digest Authentication substates */ +enum { DIGEST_SEND, DIGEST_RESULTS }; + + +typedef struct http_info { + char *auth_scheme; + int substate; +} http_info; + +typedef struct http_state { + bool reconnaissance; + char *auth_scheme; + int state; + int keep_alive; +} http_state; + + +void +ncrack_http(nsock_pool nsp, Connection *con) +{ + char *start, *end; /* auxiliary pointers */ + size_t i; + char *http_reply = NULL; /* server's message reply */ + size_t tmpsize; + nsock_iod nsi = con->niod; + Service *serv = con->service; + http_info *info = NULL; + http_state *hstate = NULL; + con->ops_free = &http_free; + + //printf("-------HTTP MODULE START---------\n"); + //printf("state: %d\n", con->state); + + if (con->misc_info) { + info = (http_info *) con->misc_info; + //printf("info substate: %d \n", info->substate); + } + + if (serv->module_data && con->misc_info == NULL) { + + //printf("got here\n"); + hstate = (http_state *)serv->module_data; + con->misc_info = (http_info *)safe_zalloc(sizeof(http_info)); + info = (http_info *)con->misc_info; + if (!strcmp(hstate->auth_scheme, "Basic")) { + con->state = hstate->state; + } + info->auth_scheme = Strndup(hstate->auth_scheme, + strlen(hstate->auth_scheme)); + + //printf("got here scheme: %s\n", info->auth_scheme); + + serv->more_rounds = false; + } + + //printf("con->state: %d\n", con->state); + + switch (con->state) + { + case HTTP_INIT: + + con->state = HTTP_GET_AUTH; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + con->outbuf->append("GET ", 4); + if (serv->path[0] != '/') + con->outbuf->append("/", 1); + con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ", + serv->path); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, + strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), + strlen(serv->target->NameIP())); + + //con->outbuf->snprintf(115, "\r\nUser-Agent: %sConnection: close\r\n\r\n", + // USER_AGENT); + con->outbuf->append("\r\n\r\n", 4); + + nsock_write(nsp, nsi, ncrack_write_handler, HTTP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case HTTP_GET_AUTH: + + //printf("http get auth state READ\n"); + + if (http_loop_read(nsp, con) < 0) + break; + + //printf("---------------memprint-------------\n"); + //memprint((const char *)con->inbuf->get_dataptr(), con->inbuf->get_len()); + //printf("---------------memprint-------------\n"); + + /* If target doesn't need authorization for the path selected, then + * there is no point in trying to crack it. So inform the core engine + * to mark the service as finished. + */ + if (!memsearch((const char *)con->inbuf->get_dataptr(), + "401", con->inbuf->get_len())) { + serv->end.orly = true; + start = memsearch((const char *)con->inbuf->get_dataptr(), + "HTTP", con->inbuf->get_len()); + if (!start) { + http_set_error(serv, http_reply); + return ncrack_module_end(nsp, con); + } + i = 0; + end = start; + while (*end != '\n' && *end != '\r' && i != con->inbuf->get_len()) { + end++; + i++; + } + http_reply = Strndup(start, i); + /* Now try to decode the HTTP reply we got into a message format, + * suitable for human viewing. + */ + http_set_error(serv, http_reply); + free(http_reply); + return ncrack_module_end(nsp, con); + } + + /* Now that we are sure that the service actually needs authentication, + * we can move on to parsing the reply to get the exact type of + * authentication scheme used. + */ + if (!(start = memsearch((const char *)con->inbuf->get_dataptr(), + "WWW-Authenticate:", con->inbuf->get_len()))) { + serv->end.orly = true; + serv->end.reason = Strndup(HTTP_NOAUTH_SCHEME, + sizeof(HTTP_NOAUTH_SCHEME) - 1); + return ncrack_module_end(nsp, con); + } + start += sizeof("WWW-Authenticate: ") - 1; + end = start; + i = 0; + while (*end != ' ' && i != con->inbuf->get_len()) { + end++; + i++; + } + + if (info == NULL) { + con->misc_info = (http_info *)safe_zalloc(sizeof(http_info)); + info = (http_info *)con->misc_info; + info->auth_scheme = Strndup(start, i); + } + + if (!strcmp("Basic", info->auth_scheme)) { + + //con->state = HTTP_BASIC_AUTH; + //info->substate = BASIC_SEND; + serv->module_data = (http_state *)safe_zalloc(sizeof(http_state)); + hstate = (http_state *)serv->module_data; + hstate->auth_scheme = Strndup(info->auth_scheme, + strlen(info->auth_scheme)); + hstate->state = HTTP_BASIC_AUTH; + hstate->reconnaissance = true; + serv->more_rounds = true; + + return ncrack_module_end(nsp, con); + + } else if (!strcmp("Digest", info->auth_scheme)) { + +#if HAVE_OPENSSL + + con->state = HTTP_DIGEST_AUTH; + + serv->module_data = (http_state *)safe_zalloc(sizeof(http_state)); + hstate = (http_state *)serv->module_data; + hstate->auth_scheme = Strndup(info->auth_scheme, + strlen(info->auth_scheme)); + //hstate->state = HTTP_DIGEST_AUTH; + //hstate->reconnaissance = true; + serv->more_rounds = false; + con->peer_alive = true; + + + http_digest(nsp, con); + + //return ncrack_module_end(nsp, con); +#endif + + } else { + serv->end.orly = true; + + /* Instead of going through this trouble, I should really + * make something like a combination of Strndup and sscanf */ + tmpsize = sizeof("Current authentication can't be handled: \n") + + strlen(info->auth_scheme); + serv->end.reason = (char *)safe_malloc(tmpsize); + snprintf(serv->end.reason, tmpsize, + "Current authentication can't be handled: %s\n", + info->auth_scheme); + + return ncrack_module_end(nsp, con); + + } + break; + + case HTTP_BASIC_AUTH: + + http_basic(nsp, con); + break; + + case HTTP_DIGEST_AUTH: + +#if HAVE_OPENSSL + http_digest(nsp, con); +#endif + break; + + } + +} + + +/* + * Sets the reason why this service can no longer be cracked, by parsing the + * http reply we got. If we don't have available information about the returned + * HTTP code, then we just set the current reply as the reason. + */ +static void +http_set_error(Service *serv, const char *reply) +{ + assert(serv); + char *msg = NULL; + size_t len = strlen(reply); + + if (!reply) { + serv->end.reason = Strndup(HTTP_UNKNOWN, sizeof(HTTP_UNKNOWN) - 1); + return; + } + + if (memsearch(reply, "200", len)) + msg = http_decode(200); + else if (memsearch(reply, "400", len)) + msg = http_decode(400); + else if (memsearch(reply, "403", len)) + msg = http_decode(403); + else if (memsearch(reply, "404", len)) + msg = http_decode(404); + else + msg = Strndup(reply, strlen(reply)); + + serv->end.reason = msg; +} + + + +static char * +http_decode(int http_code) +{ + char *ret; + + if (http_map_initialized == false) { + http_map_initialized = true; + http_map.insert(make_pair(200, "File or directory requested doesn't seem to be password protected. (200 OK)")); + http_map.insert(make_pair(400, "Malformed syntax on our part. (400 Bad Request)")); + http_map.insert(make_pair(401, "File or directory has forbidden access. (403 Forbidden)")); + http_map.insert(make_pair(404, "File or directory doesn't seem to exist. (404 Not Found)")); + http_map.insert(make_pair(-1, "Unknown HTTP error")); + } + + map::iterator mi = http_map.end(); + mi = http_map.find(http_code); + if (mi == http_map.end()) { + /* fallback to key -1 */ + mi = http_map.find(-1); + } + ret = Strndup(mi->second, strlen(mi->second)); + + return ret; +} + + + + +static int +http_loop_read(nsock_pool nsp, Connection *con) +{ + + //printf("loop read\n"); + + if (con->inbuf == NULL) { + nsock_read(nsp, con->niod, ncrack_read_handler, HTTP_TIMEOUT, con); + return -1; + } + + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\r\n\r\n", + con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, HTTP_TIMEOUT, con); + return -1; + } + + return 0; +} + + +#if HAVE_OPENSSL +static void +http_digest(nsock_pool nsp, Connection *con) +{ + Service *serv = con->service; + nsock_iod nsi = con->niod; + http_info *info = (http_info *)con->misc_info; + struct http_header *h; + char *header; + struct http_challenge challenge; + char *response_hdr; + + //printf("substate: %d \n", info->substate); + //printf("digest inbuf: %x \n", con->inbuf); + //char *la; + + + switch(info->substate) { + case DIGEST_SEND: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + //printf("read header\n"); + if (http_read_header((char *)con->inbuf->get_dataptr(), con->inbuf->get_len(), + &header) < 0) { + //printf("Error reading response header.\n"); + return ncrack_module_end(nsp, con); + } + + if (http_parse_header(&h, header) != 0) { + //printf("Error parsing response header.\n"); + return ncrack_module_end(nsp, con); + } + free(header); + header = NULL; + + if (http_header_get_challenge(h, &challenge) == NULL) { + //printf("Error getting Authenticate challenge.\n"); + http_header_free(h); + return ncrack_module_end(nsp, con); + } + http_header_free(h); + + response_hdr = http_digest_proxy_authorization(&challenge, + con->user, con->pass, "GET", serv->path); + + if (response_hdr == NULL) { + //printf("Error building Authorization header.\n"); + http_challenge_free(&challenge); + + if (header != NULL) + free(header); + return ncrack_module_end(nsp, con); + } + + /* craft digest reply */ + con->outbuf->append("GET ", 4); + if (serv->path[0] != '/') + con->outbuf->append("/", 1); + con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ", + serv->path); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, + strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), + strlen(serv->target->NameIP())); +// con->outbuf->snprintf(94, "\r\nUser-Agent: %s", USER_AGENT); + //con->outbuf->append("Keep-Alive: 300\r\nConnection: keep-alive\r\n", 41); + con->outbuf->append("\r\nAuthorization:", 16); + con->outbuf->append(response_hdr, strlen(response_hdr)); + con->outbuf->append("Accept: */*\r\n", 13); + con->outbuf->append("\r\n", sizeof("\r\n")-1); + + //printf("outbuf: \n"); + //la = (char *)con->outbuf->get_dataptr(); + //for (int i = 0; i < con->outbuf->get_len(); i++) + //printf("%c", *(la + i)); + //printf("------\n"); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, HTTP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + info->substate = DIGEST_RESULTS; + break; + + case DIGEST_RESULTS: + if (http_loop_read(nsp, con) < 0) + break; + + info->substate = DIGEST_SEND; + + // nonce is already in this reply + ((http_state *) serv->module_data)->state = HTTP_DIGEST_AUTH; + + //printf("DIGEST SERVER REPLY %s \n", (char *)con->inbuf->get_dataptr()); + + //memprint((const char *)con->iobuf->get_dataptr(), + // con->iobuf->get_len()); + + /* If we get a "200 OK" HTTP response OR a "301 Moved Permanently" which + * happpens when we request access to a directory without an ending '/', + * then it means our credentials were correct. + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), + "200 OK", con->inbuf->get_len()) + || memsearch((const char *)con->inbuf->get_dataptr(), + "301", con->inbuf->get_len())) { + con->auth_success = true; + } + + /* The in buffer has to be cleared out, because we are expecting + * possibly new answers in the same connection. + */ + //delete con->inbuf; + //con->inbuf = NULL; + + ncrack_module_end(nsp, con); + break; + } + +} +#endif + + + + +static void +http_basic(nsock_pool nsp, Connection *con) +{ + char *tmp; + char *b64; + size_t tmplen; + Service *serv = con->service; + nsock_iod nsi = con->niod; + http_info *info = (http_info *)con->misc_info; + + switch (info->substate) { + case BASIC_SEND: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + con->outbuf->append("GET ", 4); + if (serv->path[0] != '/') + con->outbuf->append("/", 1); + + con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ", + serv->path); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, + strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), + strlen(serv->target->NameIP())); + + con->outbuf->snprintf(94, "\r\nUser-Agent: %s", USER_AGENT); + +#if 0 + con->outbuf->append(HTTP_ACCEPT, sizeof(HTTP_ACCEPT) - 1); + con->outbuf->append(HTTP_LANG, sizeof(HTTP_LANG) - 1); + con->outbuf->append(HTTP_ENCODING, sizeof(HTTP_ENCODING) - 1); + con->outbuf->append(HTTP_CHARSET, sizeof(HTTP_CHARSET) - 1); +#endif + + /* Try sending keep-alive values and see how much authentication attempts + * we can do in that time-period. + */ + //con->outbuf->append(HTTP_CACHE, sizeof(HTTP_CACHE) - 1); + + con->outbuf->append("Keep-Alive: 300\r\nConnection: keep-alive\r\n", 41); + con->outbuf->append("Authorization: Basic ", 21); + + tmplen = strlen(con->user) + strlen(con->pass) + 1; + tmp = (char *)safe_malloc(tmplen + 1); + sprintf(tmp, "%s:%s", con->user, con->pass); + + b64 = (char *)safe_malloc(BASE64_LENGTH(tmplen) + 1); + base64_encode(tmp, tmplen, b64); + + //b64 = b64enc(tmp, tmplen - 1); + ////printf("%s %s %s \n", con->user, con->pass, b64); + con->outbuf->append(b64, strlen(b64)); + free(b64); + free(tmp); + con->outbuf->append("\r\n\r\n", sizeof("\r\n\r\n")-1); + + nsock_write(nsp, nsi, ncrack_write_handler, HTTP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + info->substate = BASIC_RESULTS; + break; + + case BASIC_RESULTS: + if (http_loop_read(nsp, con) < 0) + break; + + info->substate = BASIC_SEND; + //memprint((const char *)con->iobuf->get_dataptr(), + // con->iobuf->get_len()); + + /* If we get a "200 OK" HTTP response OR a "301 Moved Permanently" which + * happpens when we request access to a directory without an ending '/', + * then it means our credentials were correct. + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), + "200 OK", con->inbuf->get_len()) + || memsearch((const char *)con->inbuf->get_dataptr(), + "301", con->inbuf->get_len())) { + con->auth_success = true; + } + + /* The in buffer has to be cleared out, because we are expecting + * possibly new answers in the same connection. + */ + delete con->inbuf; + con->inbuf = NULL; + + ncrack_module_end(nsp, con); + break; + } +} + + +static void +http_free(Connection *con) +{ + //printf("http free\n"); + + http_info *p = NULL; + if (con->misc_info == NULL) + return; + + p = (http_info *)con->misc_info; + + //printf("free scheme: %s\n", p->auth_scheme); + //printf("free substate: %d\n", p->substate); + + //if (con->service->module_data) + // s = (http_state *)con->service->module_data; + + //printf("free service scheme: %s\n", s->auth_scheme); + /* We only deallocate the 'auth_scheme' string from the http_info struct + * when it hasn't been assigned from the module http_state (thus we check + * that the pointers are different). If we freed it, when the two + * pointers referred to the same memory address, then the http_state's + * would be deallocated as well, something we don't want to happen. + */ + //if (p->auth_scheme && s && s->auth_scheme && p->auth_scheme != s->auth_scheme) { + //printf("freed scheme\n"); + free(p->auth_scheme); + // } + +} + + diff --git a/include/DomainExec/modules/ncrack_imap.cc b/include/DomainExec/modules/ncrack_imap.cc new file mode 100644 index 00000000..68b6a7e4 --- /dev/null +++ b/include/DomainExec/modules/ncrack_imap.cc @@ -0,0 +1,208 @@ +/*************************************************************************** + * ncrack_imap.cc -- ncrack module for the IMAP protocol * + * Created by Barrend * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" + +#define IMAP_TIMEOUT 20000 + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +static int imap_loop_read(nsock_pool nsp, Connection *con); + +enum states { IMAP_INIT, IMAP_USER }; + +static int +imap_loop_read(nsock_pool nsp, Connection *con) +{ + + if ((con->inbuf == NULL) || !(memsearch((const char *)con->inbuf->get_dataptr(),"\r\n",con->inbuf->get_len()))) { + nsock_read(nsp, con->niod, ncrack_read_handler, IMAP_TIMEOUT, con); + return -1; + } + + if (memsearch((const char *)con->inbuf->get_dataptr(),"NO",con->inbuf->get_len())) + return 1; + + return 0; +} + + + +void +ncrack_imap(nsock_pool nsp, Connection *con) +{ + int ret; + nsock_iod nsi = con->niod; + + switch(con->state) + { + case IMAP_INIT: + + if (!con->login_attempts) { + if ((imap_loop_read(nsp, con)) < 0) { + break; + } + } + + con->state = IMAP_USER; + + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + con->outbuf->snprintf(12 + strlen(con->user) + strlen(con->pass), "01 LOGIN %s %s\r\n", con->user, con->pass); + + nsock_write(nsp, nsi, ncrack_write_handler, IMAP_TIMEOUT, con, (const char *)con->outbuf-> + get_dataptr(), con->outbuf->get_len()); + break; + + case IMAP_USER: + + if ((ret = imap_loop_read(nsp, con)) < 0) + break; + + if (ret == 0) + con->auth_success = true; + + con->state = IMAP_INIT; + + return ncrack_module_end(nsp, con); + } +} + diff --git a/include/DomainExec/modules/ncrack_joomla.cc b/include/DomainExec/modules/ncrack_joomla.cc new file mode 100644 index 00000000..6fa8cbde --- /dev/null +++ b/include/DomainExec/modules/ncrack_joomla.cc @@ -0,0 +1,327 @@ + +/*************************************************************************** + * ncrack_joomla.cc -- ncrack module for joomla * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" + +using namespace std; + +#define USER_AGENT "Ncrack (https://nmap.org/ncrack)\r\n" +#define JOOMLA_TIMEOUT 10000 + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +static int joomla_loop_read(nsock_pool nsp, Connection *con); + +enum states { JOOMLA_INIT, JOOMLA_GET, JOOMLA_AUTH, JOOMLA_FINI }; + + +typedef struct http_info { + /* true if Content-Length in received HTTP packet > 0 */ + int content_expected; + int chunk_expected; +} http_info; + + +void +ncrack_joomla(nsock_pool nsp, Connection *con) +{ + Service *serv = con->service; + nsock_iod nsi = con->niod; + char tmp[16]; + size_t formlen; + + switch (con->state) + { + case JOOMLA_INIT: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + con->outbuf->append("POST ", 5); + /* + * the following are almost exactly like the initial HTTP GET query we sent in JOOMLA_INIT + */ + if (strlen(serv->path) > 1) { + /* user provided path in command-line */ + con->outbuf->append("/", 1); + con->outbuf->snprintf(strlen(serv->path), "%s", serv->path); + } else { + /* default path */ + con->outbuf->append("/administrator/index.php", 24); + } + con->outbuf->append(" HTTP/1.1\r\nHost: ", 17); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), strlen(serv->target->NameIP())); + con->outbuf->snprintf(48, "\r\nUser-Agent: %s", USER_AGENT); + con->outbuf->append("Keep-Alive: 300\r\nConnection: keep-alive\r\n", 41); + /* Up until this point, the data we put in the buffer were exactly the same as in the HTTP + * GET request, from hereon the data are different: + * We need to add the Content-Type and Content-Length along with the joomla form + */ + con->outbuf->append("Content-Type: application/x-www-form-urlencoded\r\n", 49); + + /* Now we need to calculate the content-length of the form before we append the form + * to the buffer. The content-length is exactly the length of the form. + * The form is a string that is formed as follows in the HTTP packet: + * pwd=password&log=username + * where password is a placeholder for every password and username is a placeholder for + * every username + */ + formlen = strlen(con->user) + strlen(con->pass) + sizeof("username=&passwd=&task=login&lang=&option=com_login") - 1 + 20 + 35; + snprintf(tmp, sizeof(tmp) - 1, "%lu", formlen); + /* note this has two \r\n in the end - one for the end of Content-Length, the other + * for the end of the HTTP header - because after that the form (data) follows + */ + con->outbuf->snprintf(20 + strlen(tmp), "Content-Length: %s\r\n\r\n", tmp); + + /* Now append the form to the ougoing buffer */ + con->outbuf->append("username=", sizeof("username=") - 1); + con->outbuf->append(con->user, strlen(con->user)); + con->outbuf->append("&passwd=", sizeof("&passwd=") - 1); + con->outbuf->append(con->pass, strlen(con->pass)); + + con->outbuf->append("&lang=", sizeof("&lang=") - 1); + con->outbuf->append("&option=com_login", sizeof("&option=com_login") - 1); + con->outbuf->append("&task=login", sizeof("&task=login") - 1); + + con->outbuf->append("&return=aW5kZXgucGhw", 20); + con->outbuf->append("&0cb72d59183588d129dee3073075f858=1", 35); + + + /* That's it, we don't need to write anything else, just send the whole buffer out */ + con->state = JOOMLA_FINI; + + nsock_write(nsp, nsi, ncrack_write_handler, JOOMLA_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case JOOMLA_FINI: + + /* let's read the reply to our authentication attempt now */ + if (joomla_loop_read(nsp, con) < 0) + break; + + /* we have to jump back to the JOOMLA_AUTH after finishing with this one + * so that we continue the brute-forcing + */ + con->state = JOOMLA_AUTH; + + // useful for debugging + //memprint((const char *)con->inbuf->get_dataptr(), con->inbuf->get_len()); + + /* + * If we get a "302" HTTP response then it's a redirect to wp-admin, meaning + * the credentials were sent were correct. Otherwise we can assume they were + * wrong. + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), "303 See other", con->inbuf->get_len())) { + con->auth_success = true; + } + + /* don't forget to empty the inbuf */ + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + break; + } + +} + +static int +joomla_loop_read(nsock_pool nsp, Connection *con) +{ + http_info *http_state; /* per connection state */ + char *ptr; + char tmp[2]; + long int num; + + if (con->misc_info) { + http_state = (http_info *)con->misc_info; + } else { + http_state = (http_info *)safe_zalloc(sizeof(http_info)); + } + + if (con->inbuf == NULL) { + nsock_read(nsp, con->niod, ncrack_read_handler, JOOMLA_TIMEOUT, con); + return -1; + } + + /* Until when do we keep reading data? + * \n is a good indicator but keep in mind other implementations might send \r\n instead + * Since we observer in wireshark that in the first reply by wordpress when we send it a HTTP GET request + * the reply always ends in \n then we search for that as the end of the packet (to avoid any + * fancy HTTP parsing) + */ + if ((ptr = memsearch((const char *)con->inbuf->get_dataptr(), "Content-Length:", con->inbuf->get_len()))) { + /* make pointer point to the end of string "Content-Length:" (plus one space) */ + ptr += 16; /* it should now point to the Content-Length number */ + tmp[0] = *ptr; + tmp[1] = '\0'; + num = strtol(tmp, NULL, 10); + /* if first character of Content-length is anything else other than 0, then we expect to + * see an HTTP payload */ + if (num != 0) { + http_state->content_expected = 1; + } + } + + /* If you have content (content-length > 0) then you need to read until */ + if (http_state->content_expected) { + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\n", con->inbuf->get_len())) { + http_state->content_expected = 0; + nsock_read(nsp, con->niod, ncrack_read_handler, JOOMLA_TIMEOUT, con); + return -1; + } + } else { + /* + * For the rest of the cases - when we need an indicator for the replies from wordpress to our authentication + * attempts, we search for \r\n\r\n as the end of the packet + */ + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\r\n\r\n", con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, JOOMLA_TIMEOUT, con); + return -1; + } + } + + + return 0; +} + diff --git a/include/DomainExec/modules/ncrack_mongodb.cc b/include/DomainExec/modules/ncrack_mongodb.cc new file mode 100644 index 00000000..00e95c8e --- /dev/null +++ b/include/DomainExec/modules/ncrack_mongodb.cc @@ -0,0 +1,1206 @@ +/*************************************************************************** + * ncrack_mongodb.cc -- ncrack module for the MongoDB protocol * + * Coded by edeirme * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include + +#include +#include +#include + +#include + +#define MONGODB_TIMEOUT 10000 +#define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8) & 0xff), \ + (((x) >> 16) & 0xff), (((x) >> 24) & 0xff) + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); +static int mongodb_loop_read(nsock_pool nsp, Connection *con); +static void mongodb_free(Connection *con); +static void mongodb_cr(nsock_pool nsp, Connection *con); +static void mongodb_scram_sha1(nsock_pool nsp, Connection *con); + +static void rand_str(char *dest, size_t length); +static void xor_hashes(char *to, const u_char *s1, const u_char *s2, u_int len); +static char *enhex(char *dest, const unsigned char *src, size_t n); + +enum states { MONGODB_INIT, MONGODB_RECEIVE, MONGODB_RECEIVE_VER, + MONGODB_CR, MONGODB_SCRAM_SHA1}; + +/* MongoDB CR substates */ +enum { CR_INIT, CR_NONCE, CR_FINI }; + +/* MongoDB SCRAM_SHA_1 substates */ +enum { SCRAM_INIT, SCRAM_NONCE, SCRAM_FINI }; + +static int +mongodb_loop_read(nsock_pool nsp, Connection *con) +{ + if (con->inbuf == NULL) { + nsock_read(nsp, con->niod, ncrack_read_handler, MONGODB_TIMEOUT, con); + return -1; + } + return 0; +} + +typedef struct mongodb_info { + char *auth_scheme; + char *client_nonce; + int substate; +} mongodb_info; + +typedef struct mongodb_state { + bool reconnaissance; + char *auth_scheme; + int state; + int keep_alive; +} mongodb_state; + +void +ncrack_mongodb(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + Service *serv = con->service; + mongodb_info *info = NULL; + mongodb_state *hstate = NULL; + con->ops_free = &mongodb_free; + + int tmplen; + char * tmp; + size_t tmpsize; + + srand(time(NULL)); + + char *start; + char *challenge; + char *full_collection_name; + + if (con->misc_info) { + info = (mongodb_info *) con->misc_info; + // printf("info substate: %d \n", info->substate); + } + + if (serv->module_data && con->misc_info == NULL) { + + hstate = (mongodb_state *)serv->module_data; + con->misc_info = (mongodb_info *)safe_zalloc(sizeof(mongodb_info)); + info = (mongodb_info *)con->misc_info; + if (!strcmp(hstate->auth_scheme, "MONGODB_CR") + || !strcmp(hstate->auth_scheme, "MONGODB_SCRAM_SHA1") + ) { + // printf("setting connection state\n"); + con->state = hstate->state; + } + info->auth_scheme = Strndup(hstate->auth_scheme, + strlen(hstate->auth_scheme)); + } + switch (con->state) { + case MONGODB_INIT: + /* This step attempts to perform the list databases command. + * This will only work if the database does not have any authentication. + */ + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + tmplen = 4 + 4 /* mesage length + request ID*/ + + 4 + 4 + 4 /* response to + opcode + queryflags */ + + strlen(serv->db) + strlen(".$cmd") + 1 /* full collection name + null byte */ + + 4 + 4 /* number to skip, number to return */ + + 4 /* query length */ + + 1 + strlen("listDatabases") + 1 + 4 + 4 /* element list database length */ + + 1 /* null byte */ + ; + tmp = (char *)safe_malloc(tmplen + 1); + + full_collection_name = (char *)safe_malloc(strlen(serv->db) + strlen(".$cmd") + 1); + + sprintf(full_collection_name, "%s%s", serv->db, ".$cmd"); + + snprintf((char *)tmp, tmplen, + "%c%c%c%c" /* message length */ + "%c%c%c%c" /* request ID, might have to be dynamic */ + "\xff\xff\xff\xff" /* response to */ + "\xd4\x07%c%c" /* OpCode: We use query 2004 */ + "%c%c%c%c" /* Query Flags */ + "%s" /* Full Collection Name */ + "%c" /* null byte */ + "%c%c%c%c" /* Number to Skip (0) */ + "\xff\xff\xff\xff" /* Number to return (-1) */ + "\x1c%c%c%c" /* query length, fixed length (28) */ + "\x01" /* query type (Double 0x01) */ + "%s" /* element (listDatabases) */ + "%c" + "%c%c%c%c" /* element value (1) */ + "%c%c\xf0\x3f" /* element value (1) cnt. */ + "%c", /* end of packet null byte */ + LONGQUARTET(tmplen), + 0x00,0x00,0x30,0x3a, + 0x00,0x00, + 0x00,0x00,0x00,0x00, + full_collection_name, 0x00, + 0x00,0x00,0x00,0x00, /* Num to skip */ + 0x00,0x00,0x00, /* query length */ + "listDatabases", 0x00, + 0x00,0x00,0x00,0x00, + 0x00,0x00, + 0x00 + ); + + con->outbuf->append(tmp, tmplen); + free(tmp); + free(full_collection_name); + + nsock_write(nsp, nsi, ncrack_write_handler, MONGODB_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + con->state = MONGODB_RECEIVE; + break; + + case MONGODB_RECEIVE: + if (mongodb_loop_read(nsp, con) < 0) + break; + + if (!(memsearch((const char *)con->inbuf->get_dataptr(), + "errmsg", con->inbuf->get_len()) + || memsearch((const char *)con->inbuf->get_dataptr(), + "not authorized", con->inbuf->get_len()))) { + /* In this case, the mongo database does not have authorization. + * The module terminates with success. + */ + serv->end.orly = true; + tmpsize = sizeof("Access to the database does not require authorization.\n"); + serv->end.reason = (char *)safe_malloc(tmpsize); + snprintf(serv->end.reason, tmpsize, + "Access to the database does not require authorization.\n"); + return ncrack_module_end(nsp, con); + } + + /* This step will try to find the server's version. According to the MongoDB + * specification if the server is above version 3.0 it will not authenticate + * via the MongoDB-CR method. It will accept those requests but the attempt + * will always fail. As such we need to extract the version and decide which + * method to use. Unless of course, the user forces an authentication method. + * + * The server's version is identified by extracting the isMaster object and + * checking the value of the maxWireVersion variable. This variable was introduced + * in Mongo v 2.6. I haven't found yet a clear table listing the values of this + * variable. From various documentation articles, I could extract the following + * information: + * maxWireVersion=2 -> MongoDB 2.6.4 + * maxWireVersion=3 -> MongoDB 2.6 + * maxWireVersion=4 -> MongoDB 3.2 (?) + * maxWireVersion=5 -> MongoDB 3.4 + * If we receive a maxWireVersion above 4 we should use SCRAM-SHA1 while + * if we receive 3 or below, we should use MongoDB-CR. + */ + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + tmplen = 4 + 4 /* mesage length + request ID*/ + + 4 + 4 + 4 /* response to + opcode + queryflags */ + + strlen(serv->db) + strlen(".$cmd") + 1 /* full collection name + null byte */ + + 4 + 4 /* number to skip, number to return */ + + 4 /* query length */ + + 1 + strlen("isMaster") + 1 + 4 /* element list database length */ + + 1 /* null byte */ + ; + + tmp = (char *)safe_malloc(tmplen + 1); + + full_collection_name = (char *)safe_malloc(strlen(serv->db) + strlen(".$cmd") + 1); + + sprintf(full_collection_name, "%s%s", serv->db, ".$cmd"); + + snprintf((char *)tmp, tmplen, + "%c%c%c%c" /* message length */ + "%c%c%c%c" /* request ID, might have to be dynamic */ + "\xff\xff\xff\xff" /* response to */ + "\xd4\x07%c%c" /* OpCode: We use query 2004 */ + "%c%c%c%c" /* Query Flags */ + "%s" /* Full Collection Name */ + "%c" /* null byte */ + "%c%c%c%c" /* Number to Skip (0) */ + "\xff\xff\xff\xff" /* Number to return (-1) */ + "%c%c%c%c" /* query length, fixed length (28) */ + + "\x10" /* query type (Int32 0x10) */ + "%s" /* element (listDatabases) */ + "%c" /* null byte */ + "\x01%c%c%c" /* element value (1) */ + + "%c", /* end of packet null byte */ + LONGQUARTET(tmplen), + 0x00,0x00,0x30,0x3a, + 0x00,0x00, + 0x00,0x00,0x00,0x00, + full_collection_name,0x00, + 0x00,0x00,0x00,0x00, /* Num to skip */ + + LONGQUARTET(4 + 1 + (int) strlen("isMaster") + 1 + 4 + 1), + "isMaster", 0x00, + 0x00, 0x00, 0x00, + + 0x00 + ); + + con->outbuf->append(tmp, tmplen); + free(tmp); + free(full_collection_name); + + nsock_write(nsp, nsi, ncrack_write_handler, MONGODB_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + con->state = MONGODB_RECEIVE_VER; + delete con->inbuf; + con->inbuf = NULL; + break; + + case MONGODB_RECEIVE_VER: + if (mongodb_loop_read(nsp, con) < 0) + break; + + if ((start = memsearch((const char *)con->inbuf->get_dataptr(), + "maxWireVersion", con->inbuf->get_len()))) { + + start += sizeof("maxWireVersion ") - 1; + + challenge = Strndup(start, 1); + + if (info == NULL) { + con->misc_info = (mongodb_info *)safe_zalloc(sizeof(mongodb_info)); + info = (mongodb_info *)con->misc_info; + } + + if ( (unsigned char) challenge[0] == 0x05 || + (unsigned char) challenge[0] == 0x04 ){ + + info->auth_scheme = Strndup("MONGODB_SCRAM_SHA1", strlen("MONGODB_SCRAM_SHA1")); + serv->module_data = (mongodb_state *)safe_zalloc(sizeof(mongodb_state)); + hstate = (mongodb_state *)serv->module_data; + hstate->auth_scheme = Strndup(info->auth_scheme, + strlen(info->auth_scheme)); + hstate->state = MONGODB_SCRAM_SHA1; + mongodb_scram_sha1(nsp, con); + + } + else if ((unsigned char) challenge[0] == 0x03 || + (unsigned char) challenge[0] == 0x02 || + (unsigned char) challenge[0] == 0x01 ) + { + info->auth_scheme = Strndup("MONGODB_CR", strlen("MONGODB_CR")); + serv->module_data = (mongodb_state *)safe_zalloc(sizeof(mongodb_state)); + hstate = (mongodb_state *)serv->module_data; + hstate->auth_scheme = Strndup(info->auth_scheme, + strlen(info->auth_scheme)); + hstate->state = MONGODB_CR; + mongodb_cr(nsp, con); + } + } + break; + + case MONGODB_CR: + + mongodb_cr(nsp, con); + break; + + case MONGODB_SCRAM_SHA1: + mongodb_scram_sha1(nsp, con); + break; + } +} + +static void +mongodb_cr(nsock_pool nsp, Connection *con) +{ + char *tmp; + size_t tmplen; + size_t querylen; + char *start, *end; + size_t i; + char *challenge; + char *nonce; + char *full_collection_name; + + unsigned char hashbuf[MD5_DIGEST_LENGTH]; + char HA1_hex[MD5_DIGEST_LENGTH * 2 + 1]; + char buf[MD5_DIGEST_LENGTH * 2 + 1]; + MD5_CTX md5; + + Service *serv = con->service; + nsock_iod nsi = con->niod; + mongodb_info *info = (mongodb_info *)con->misc_info; + + switch (info->substate) { + case CR_INIT: + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + con->state = MONGODB_CR; + + full_collection_name = (char *)safe_malloc(strlen(serv->db) + 6 + 1); + sprintf(full_collection_name, "%s%s", serv->db, ".$cmd"); + + querylen = 4 /* query length */ + + 1 + strlen("getnonce") + 1 + 4 + 4 /* element getnonce length */ + + 1 /* null byte */ + ; + tmplen = 4 + 4 /* mesage length + request ID*/ + + 4 + 4 + 4 /* response to + opcode + queryflags */ + + strlen(full_collection_name) + 1 /* full collection name + null byte */ + + 4 + 4 /* number to skip, number to return */ + + querylen + ; + + tmp = (char *)safe_malloc(tmplen + 1); + + + snprintf((char *)tmp, tmplen, + "%c%c%c%c" /* message length */ + "%c%c%c%c" /* request ID, might have to be dynamic */ + "\xff\xff\xff\xff" /* response to */ + "\xd4\x07%c%c" /* OpCode: We use query 2004 */ + "%c%c%c%c" /* Query Flags */ + "%s" /* Full Collection Name */ + "%c" /* nnull byte*/ + "%c%c%c%c" /* Number to Skip (0) */ + "\xff\xff\xff\xff" /* Number to return (-1) */ + "%c%c%c%c" /* query length, fixed 23 */ + + "\x01" /* query type (Double 0x01) */ + "%s" /* element (getnonce) */ + "%c" /* element null byte */ + "%c%c%c%c" /* element value (1) */ + "%c%c\xf0\x3f" /* element value (1) cnt. */ + + "%c", /* end of packet null byte */ + + LONGQUARTET((int) tmplen), + 0x00,0x00,0x30,0x3a, + 0x00,0x00, + 0x00,0x00,0x00,0x00, + full_collection_name, 0x00, + 0x00,0x00,0x00,0x00, /* Num to skip */ + LONGQUARTET((int) querylen), + "getnonce", 0x00, + 0x00,0x00,0x00,0x00, + 0x00,0x00, + + 0x00 + ); + + con->outbuf->append(tmp, tmplen); + free(full_collection_name); + free(tmp); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, MONGODB_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + info->substate = CR_NONCE; + break; + + case CR_NONCE: + + if (mongodb_loop_read(nsp, con) < 0) + break; + + if ((start = memsearch((const char *)con->inbuf->get_dataptr(), + "nonce", con->inbuf->get_len()))) { + + start += sizeof("nonce ") - 1; + end = start; + i = 0; + while (i != 4) { + end++; + i++; + } + unsigned char tmp_buf[4]; + /* There is a nonce element. In CR mode the nonce has a length attribute. + * Read the length and then read the nonce. The length is 4 bytes after + * the 'nonce\0' string. + */ + challenge = Strndup(start, i); + tmp_buf[0] = (int) (unsigned char) challenge[0]; + + nonce = (char *)safe_malloc(((int) tmp_buf[0] + 1)); + for(i=0; ioutbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + + /* Calculate MD5(Username:mongo:Password) */ + MD5_Init(&md5); + MD5_Update(&md5, con->user, strlen(con->user)); + MD5_Update(&md5, ":mongo:", strlen(":mongo:")); + MD5_Update(&md5, con->pass, strlen(con->pass)); + MD5_Final(hashbuf, &md5); + enhex(HA1_hex, hashbuf, sizeof(hashbuf)); + + /* Calculate MD5(nonce + username + digest). */ + MD5_Init(&md5); + MD5_Update(&md5, nonce, strlen(nonce)); + MD5_Update(&md5, con->user, strlen(con->user)); + MD5_Update(&md5, HA1_hex, strlen(HA1_hex)); + MD5_Final(hashbuf, &md5); + enhex(buf, hashbuf, sizeof(hashbuf)); + + /* Now craft the response with the 4 elements: + * authenticate, user, nonce, and key + */ + char *full_collection_name; + full_collection_name = (char *)safe_malloc(strlen(serv->db) + 6 + 1); + sprintf(full_collection_name, "%s%s", serv->db, ".$cmd"); + + querylen = 4 /* query length */ + + 1 + strlen("authenticate") + 1 + 4 + 4 /* element authenticate length */ + + 1 + strlen("nonce") + 1 + 4 + strlen(nonce) + 1 /* element nonce length */ + + 1 + strlen("key") + 1 + 4 + MD5_DIGEST_LENGTH * 2 + 1 /* element key length */ + + 1 + strlen("user") + 1 + 4 + strlen(con->user) + 1 /* element user length */ + + 1 /* null byte */ + ; + + tmplen = 4 + 4 /* mesage length + request ID*/ + + 4 + 4 + 4 /* response to + opcode + queryflags */ + + strlen(full_collection_name) + 1 /* full collection name + null byte */ + + 4 + 4 /* number to skip, number to return */ + + querylen + ; + + tmp = (char *)safe_malloc(tmplen + 1); + + snprintf((char *)tmp, tmplen, + "%c%c%c%c" /* message length */ + "%c%c%c%c" /* request ID, might have to be dynamic */ + "\xff\xff\xff\xff" /* response to */ + "\xd4\x07%c%c" /* OpCode: We use query 2004 */ + "%c%c%c%c" /* Query Flags */ + "%s" /* Full Collection Name */ + "%c" + "%c%c%c%c" /* Number to Skip (0) */ + "\xff\xff\xff\xff" /* Number to return (-1) */ + "%c%c%c%c" /* query length, dynamic */ + + "\x01" /* query type (Double 0x01) */ + "%s" /* element (authenticate) */ + "%c" /* element null byte */ + "%c%c%c%c" /* element value (1) */ + "%c%c\xf0\x3f" /* element value (1) cnt. */ + + "\x02" /* query type (String 0x02) */ + "%s" /* element (nonce) */ + "%c" /* element null byte */ + "%c%c%c%c" /* element value length (dynamic) */ + "%s" /* element value (nonce value) */ + "%c" /* element value null byte */ + + "\x02" /* query type (String 0x02) */ + "%s" /* element (key) */ + "%c" /* element null byte */ + "%c%c%c%c" /* element value length (md5hash length) */ + "%s" /* element value (nonce value) */ + "%c" /* element value null byte */ + + "\x02" /* query type (String 0x02) */ + "%s" /* element (user) */ + "%c" /* element null byte */ + "%c%c%c%c" /* element value length (username length) */ + "%s" /* element value (nonce value) */ + "%c" /* element value null byte */ + + "%c", /* end of packet null byte */ + + LONGQUARTET((int) tmplen), + 0x00,0x00,0x30,0x3a, + 0x00,0x00, + 0x00,0x00,0x00,0x00, + full_collection_name, 0x00, + 0x00,0x00,0x00,0x00, /* Num to skip */ + LONGQUARTET((int) querylen), + + "authenticate", 0x00, + 0x00,0x00,0x00,0x00, + 0x00,0x00, + + "nonce", 0x00, + LONGQUARTET(((int) strlen(nonce) + 1)), + nonce, 0x00, + + "key", 0x00, + LONGQUARTET(((int) MD5_DIGEST_LENGTH * 2 + 1)), + buf, 0x00, + + "user", 0x00, + LONGQUARTET(((int) strlen(con->user) + 1)), + con->user, 0x00, + + 0x00 + ); + + con->outbuf->append(tmp, tmplen); + free(full_collection_name); + free(tmp); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, MONGODB_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + info->substate = CR_FINI; + } + break; + + case CR_FINI: + if (mongodb_loop_read(nsp, con) < 0) + break; + + info->substate = CR_INIT; + + /* We only know the err mesage xD. FIXME*/ + if (!memsearch((const char *)con->inbuf->get_dataptr(), + "errmsg", con->inbuf->get_len())) { + con->auth_success = true; + } + + delete con->inbuf; + con->inbuf = NULL; + + ncrack_module_end(nsp, con); + break; + } +} + +static void +mongodb_scram_sha1(nsock_pool nsp, Connection *con) +{ + char *tmp; + size_t tmplen; + size_t querylen; + char * payload; + char *start, *end; + size_t i; + char *challenge; + unsigned char tmp_buf[4]; + unsigned char conversationId[4]; + size_t tmpsize; + char *full_collection_name; + + unsigned char hashbuf[MD5_DIGEST_LENGTH]; + unsigned char hashbuf2[SHA_DIGEST_LENGTH]; + char HA1_hex[MD5_DIGEST_LENGTH * 2 + 1]; + MD5_CTX md5; + SHA_CTX sha1; + + Service *serv = con->service; + nsock_iod nsi = con->niod; + + mongodb_info *info = (mongodb_info *)con->misc_info; + switch (info->substate) { + case SCRAM_INIT: + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + con->state = MONGODB_SCRAM_SHA1; + + /* Generate client nonce. + * We are using a 12 random character string. + */ + info->client_nonce = (char *)safe_malloc(12 + 1); + rand_str(info->client_nonce, 12); + full_collection_name = (char *)safe_malloc(strlen(serv->db) + 6 + 1); + sprintf(full_collection_name, "%s%s", serv->db, ".$cmd"); + + /* Allocate 12 bytes for the client nonce, the length of the username + * and 8 bytes for the following sequence "n,,n=,r=" + */ + payload = (char *)safe_malloc(strlen(info->client_nonce) + strlen(con->user) + 8 + 1); + snprintf(payload, strlen(info->client_nonce) + 1 + strlen(con->user) + 8, + "n,,n=%s,r=%s", con->user, info->client_nonce); + + querylen = 4 /* query length */ + + 1 + strlen("saslStart") + 1 + 4 /* element saslStart length */ + + 1 + strlen("mechanism") + 1 + 4 + strlen("SCRAM-SHA-1") + 1 /* element SCRAM-SHA-1 length */ + + 1 + strlen("payload") + 1 + 4 + 1 + strlen(payload) + 1 /* element payload length */ + + 1 + strlen("autoAuthorize") + 1 + 4 /* element autoAuthorize length */ + + 1 /* null byte */ + ; + tmplen = 0; + tmplen = 4 + 4 /* mesage length + request ID*/ + + 4 + 4 + 4 /* response to + opcode + queryflags */ + + strlen(full_collection_name) + 1 /* full collection name + null byte */ + + 4 + 4 /* number to skip, number to return */ + + querylen + ; + + tmp = (char *)safe_malloc(tmplen + 1); + snprintf((char *)tmp, tmplen, + "%c%c%c%c" /* message length */ + "%c%c%c%c" /* request ID, might have to be dynamic */ + "%c%c%c%c" /* response to*/ + "\xd4\x07%c%c" /* OpCode: We use query 2004 */ + "%c%c%c%c" /* Query Flags */ + "%s" /* Full Collection Name */ + "%c" /* null byte */ + "%c%c%c%c" /* Number to Skip (0) */ + "\xff\xff\xff\xff" /* Number to return (-1) */ + "%c%c%c%c" /* query length, dynamic */ + + "\x10" /* query type (Int32 0x10) */ + "%s" /* element (saslStart) */ + "%c" /* element null byte */ + "\x01%c%c%c" /* element value (1) */ + + "\x02" /* query type (String 0x02) */ + "%s" /* element (mechanism) */ + "%c" /* element null byte */ + "\x0c%c%c%c" /* element value length (12) */ + "%s" /* element value (SCRAM-SHA-1) */ + "%c" /* element value null byte */ + + "\x05" /* query type (Binary 0x05) */ + "%s" /* element (payload) */ + "%c" /* element null byte */ + "%c%c%c%c" /* element value length (dynamic) */ + "%c" /* null byte */ + "%s" /* element value */ + "%c" /* null byte */ + "\x10" /* query type (Int32 0x10) */ + "%s" /* element (autoAuthorize) */ + "%c" /* element null byte */ + "\x01%c%c%c" /* element value (1) */ + + "%c", /* end of packet null byte */ + + LONGQUARTET((int) tmplen), + 0x00,0x00,0x30,0x3a, + 0x00,0x00,0x00,0x00, + 0x00,0x00, + 0x00,0x00,0x00,0x00, + full_collection_name, 0x00, + 0x00,0x00,0x00,0x00, /* Num to skip */ + LONGQUARTET((int) querylen), /* query length fix me */ + "saslStart", 0x00, + 0x00,0x00,0x00, + "mechanism", 0x00, + 0x00,0x00,0x00, + "SCRAM-SHA-1", 0x00, + + "payload",0x00, + LONGQUARTET(((int) strlen(payload) + 1)), 0x00, + payload, 0x00, + + "autoAuthorize", 0x00, + 0x00,0x00,0x00, + + 0x00 + ); + + con->outbuf->append(tmp, tmplen); + free(full_collection_name); + free(tmp); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, MONGODB_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + info->substate = SCRAM_NONCE; + + break; + + case SCRAM_NONCE: + if (mongodb_loop_read(nsp, con) < 0) + break; + if ((start = memsearch((const char *)con->inbuf->get_dataptr(), + "conversationId", con->inbuf->get_len()))) { + start += sizeof("conversationId ") - 1; + end = start; + i = 0; + while (i != 4) { + end++; + i++; + } + /* There is a payload element. In SCRAM_SHA1 mode the payload has a length attribute. + * Read the length and then read the payload. The length is 4 bytes after + * the 'payload\0' string. After the length of the payload, there is a null byte. + */ + challenge = Strndup(start, i); + conversationId[0] = (int) (unsigned char) challenge[0]; + } else { + /* Abort */ + // serv->end.orly = true; + // tmpsize = sizeof("Response does not contain conversationId.\n"); + // serv->end.reason = (char *)safe_malloc(tmpsize); + // snprintf(serv->end.reason, tmpsize, + // "Response does not contain conversationId.\n"); + // + info->substate = SCRAM_INIT; + if (o.debugging > 5) + log_write(LOG_STDOUT, "%s skipping username: %s\n", serv->HostInfo(), con->user); + serv->skip_username = true; + return ncrack_module_end(nsp, con); + } + + /* We search for the string 'payload' in the server's response. + * We extract that value and proceed with step 3. + */ + if ((start = memsearch((const char *)con->inbuf->get_dataptr(), + "payload", con->inbuf->get_len()))) { + + start += sizeof("payload ") - 1; + end = start; + i = 0; + while (i != 4) { + end++; + i++; + } + info->substate = SCRAM_FINI; + + /* There is a payload element. In SCRAM_SHA1 mode the payload has a length attribute. + * Read the length and then read the payload. The length is 4 bytes after + * the 'payload\0' string. After the length of the payload, there is a null byte. + */ + char * tmp_buffer; + challenge = Strndup(start, i); + tmp_buf[0] = (int) (unsigned char) challenge[0]; + /* skip one null byte after the payload length. */ + end++; + tmp = (char *)safe_malloc((int) tmp_buf[0]); + tmp_buffer = (char *)safe_malloc((int) tmp_buf[0]); + + + for(i=0; iend.orly = true; + tmpsize = sizeof("Invalid server response.\n"); + serv->end.reason = (char *)safe_malloc(tmpsize); + snprintf(serv->end.reason, tmpsize, + "Invalid server response.\n"); + return ncrack_module_end(nsp, con); + } + + salt += 2; + iterations += 2; + rnonce += 2; + + if(strncmp(info->client_nonce, rnonce, strlen(info->client_nonce))){ + /* Abort */ + /* TODO: FIX THIS, it works but no message + */ + serv->end.orly = true; + tmpsize = sizeof("Server nonce does not contain client nonce.\n"); + serv->end.reason = (char *)safe_malloc(tmpsize); + snprintf(serv->end.reason, tmpsize, + "Server nonce does not contain client nonce.\n"); + return ncrack_module_end(nsp, con); + } + + /* Calculate MD5(Username:mongo:Password) + */ + MD5_Init(&md5); + MD5_Update(&md5, con->user, strlen(con->user)); + MD5_Update(&md5, ":mongo:", strlen(":mongo:")); + MD5_Update(&md5, con->pass, strlen(con->pass)); + MD5_Final(hashbuf, &md5); + enhex(HA1_hex, hashbuf, sizeof(hashbuf)); + + /* PBKDF2 with data the MD5 hash of username:mongo:password, salt the + * base64 decoded salt and iterations equal to the variable 'iterations'. + * The variable 'out' contains the salted password. + */ + unsigned char * out; + + out = (unsigned char *)safe_malloc(20 + 1); + decoded_salt = (char *)safe_malloc((strlen(salt) + 1)); + base64_decode(salt, strlen(salt), decoded_salt); + + PKCS5_PBKDF2_HMAC_SHA1(HA1_hex, strlen(HA1_hex), + (unsigned char*) decoded_salt, strlen(decoded_salt), atoi(iterations), + 20, out); + + /* Next step is to perform an HMAC to the salted password (out). + * Using HMAC-SHA1 with 'Client Key' as a key. + */ + unsigned char client_key[20]; + char tmp_key[] = "Client Key"; + HMAC(EVP_sha1(), out, 20, (unsigned const char*) tmp_key, + 10, client_key, NULL); + + /* SHA1 on the client_key variable. + */ + SHA1_Init(&sha1); + SHA1_Update(&sha1, client_key, 20); + SHA1_Final(hashbuf2, &sha1); + + char * without_proof; + without_proof = (char *)safe_malloc(strlen("c=biws,r=") + strlen(rnonce) + 1); + snprintf(without_proof, strlen("c=biws,r=") + strlen(rnonce) + 1, + "c=biws,r=%s", rnonce); + + char * auth_msg; + size_t auth_msg_len; + + /* Auth_msg length is: + * 12 for the nonce + * 7 for the characters 'n=,r=,,' + */ + auth_msg_len = strlen(con->user) + 12 + strlen(tmp_buffer) + strlen(without_proof) + 7 + 1; + + auth_msg = (char *)safe_malloc(auth_msg_len + 1); + snprintf(auth_msg, auth_msg_len, + "n=%s,r=%s,%s,%s", con->user, info->client_nonce, tmp_buffer, without_proof); + free(tmp_buffer); + unsigned char client_sig[20]; + /* We use auth_msg_len to avoid including the trailing null byte. + */ + HMAC(EVP_sha1(), hashbuf2, sizeof(hashbuf2), (unsigned const char*) auth_msg, + auth_msg_len - 1, client_sig, NULL); + /* Create the client proof by b64 encoding the XORed client_key and client_sig. + * The length of the client_proof is set to SHA_DIGEST_LENGTH. + */ + char client_proof[SHA_DIGEST_LENGTH]; + xor_hashes(client_proof, client_key, client_sig, SHA_DIGEST_LENGTH); + char * tmp_b64; + char * client_final; + tmp_b64 = (char *)safe_malloc(BASE64_LENGTH(SHA_DIGEST_LENGTH) + 1); + base64_encode(client_proof, SHA_DIGEST_LENGTH, tmp_b64); + + /* client_final length breakdown: + * 3 for string ',p=', + * length of tmp_b64 + * length of without_proof. + */ + client_final = (char *)safe_malloc(3 + strlen(tmp_b64) + strlen(without_proof)); + snprintf(client_final, 3 + strlen(tmp_b64) + 1 + strlen(without_proof), + "%s,p=%s", without_proof, tmp_b64); + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + full_collection_name = (char *)safe_malloc(strlen(serv->db) + 6 + 1); + sprintf(full_collection_name, "%s%s", serv->db, ".$cmd"); + + /* Craft the packet. */ + querylen = 4 /* query length */ + + 1 + strlen("saslContinue") + 1 + 4 /* element saslContinue length */ + + 1 + strlen("conversationId") + 1 + 4 /* element conversationId length */ + + 1 + strlen("payload") + 1 + 4 + 1 + strlen(client_final) /* element payload length */ + + 1 /* null byte */ + ; + + tmplen = 4 + 4 /* mesage length + request ID*/ + + 4 + 4 + 4 /* response to + opcode + queryflags */ + + strlen(full_collection_name) + 1 /* full collection name + null byte */ + + 4 + 4 /* number to skip, number to return */ + + querylen + ; + free(tmp); + tmp = (char *)safe_malloc(tmplen + 1); + + snprintf((char *)tmp, tmplen, + "%c%c%c%c" /* message length */ + "%c%c%c%c" /* request ID, might have to be dynamic */ + "%c%c%c%c" /* response to */ + "\xd4\x07%c%c" /* OpCode: We use query 2004 */ + "%c%c%c%c" /* Query Flags */ + "%s" /* Full Collection Name */ + "%c" /* null byte */ + "%c%c%c%c" /* Number to Skip (0) */ + "\xff\xff\xff\xff" /* Number to return (-1) */ + "%c%c%c%c" /* query length, dynamic */ + + "\x10" /* query type (Int32 0x10) */ + "%s" /* element (saslContinue) */ + "%c" /* element null byte */ + "\x01%c%c%c" /* element value (1) */ + + "\x10" /* query type (Int32 0x10) */ + "%s" /* element (conversationId) */ + "%c" /* element null byte */ + "%c%c%c%c" /* element value */ + + "\x05" /* query type (Binary 0x05) */ + "%s" /* element (payload) */ + "%c" /* element null byte */ + "%c%c%c%c" /* element value length (dynamic) */ + "%c" /* null byte */ + "%s" /* element value */ + + "%c", /* end of packet null byte */ + + LONGQUARTET((int) tmplen), + 0x00,0x00,0x30,0x3b, + 0x00,0x00,0x00,0x00, /*testing 00 instead of ff*/ + 0x00,0x00, + 0x00,0x00,0x00,0x00, + full_collection_name, 0x00, + 0x00,0x00,0x00,0x00, /* Num to skip */ + LONGQUARTET((int) querylen), /* query length fix me */ + "saslContinue", 0x00, + 0x00,0x00,0x00, + + "conversationId", 0x00, + LONGQUARTET((int) conversationId[0]), + + "payload",0x00, + LONGQUARTET(((int)strlen(client_final) )), 0x00, + client_final, + + 0x00 + ); + + con->outbuf->append(tmp, tmplen); + delete con->inbuf; + con->inbuf = NULL; + + free(tmp); + free(full_collection_name); + + nsock_write(nsp, nsi, ncrack_write_handler, MONGODB_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + } + + break; + + case SCRAM_FINI: + if (mongodb_loop_read(nsp, con) < 0) + break; + info->substate = SCRAM_INIT; + + if (memsearch((const char *)con->inbuf->get_dataptr(), + "payload", con->inbuf->get_len())) { + con->auth_success = true; + } + + delete con->inbuf; + con->inbuf = NULL; + + ncrack_module_end(nsp, con); + break; + } +} + +static void +mongodb_free(Connection *con) +{ + mongodb_info *p = NULL; + if (con->misc_info == NULL) + return; + p = (mongodb_info *)con->misc_info; + free(p->auth_scheme); +} + +static void +xor_hashes(char *to, const u_char *s1, const u_char *s2, u_int len) +{ + const uint8_t *s1_end= s1 + len; + while (s1 < s1_end) + *to++= *s1++ ^ *s2++; +} + +static void +rand_str(char *dest, size_t length) +{ + char charset[] = "0123456789" + "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + + while (length-- > 0) { + size_t index = (double) rand() / RAND_MAX * (sizeof charset - 1); + *dest++ = charset[index]; + } + *dest = '\0'; +} + +static char *enhex(char *dest, const unsigned char *src, size_t n) +{ + unsigned int i; + for (i = 0; i < n; i++) + Snprintf(dest + i * 2, 3, "%02x", src[i]); + return dest; +} diff --git a/include/DomainExec/modules/ncrack_mqtt.cc b/include/DomainExec/modules/ncrack_mqtt.cc new file mode 100644 index 00000000..9f0281e7 --- /dev/null +++ b/include/DomainExec/modules/ncrack_mqtt.cc @@ -0,0 +1,256 @@ + +/*************************************************************************** + * ncrack_mqtt.cc -- ncrack module for the MQTT protocol * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "Service.h" +#include "modules.h" + +#define MQTT_TIMEOUT 20000 + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); +static int mqtt_loop_read(nsock_pool nsp, Connection *con); + +enum states { MQTT_INIT, MQTT_FINI }; + +struct connect_cmd { + uint8_t message_type; /* 1 for CONNECT packet */ + uint8_t msg_len; /* length of remaining packet */ + uint16_t prot_name_len; /* should be 4 for "MQTT" */ + u_char protocol[4]; /* it's always "MQTT" */ + uint8_t version; /* 4 for version MQTT version 3.1.1 */ + uint8_t flags; /* 0xc2 for flags: username, password, clean session */ + uint16_t keep_alive; /* 60 seconds */ + uint16_t client_id_len; /* should be 6 with "Ncrack" as id */ + u_char client_id[6]; /* let's keep it short - Ncrack */ + uint16_t username_len; /* length of username string */ + /* the rest of the packet, we'll add dynamically in our buffer: + * username (dynamic length), + * password_length (uint16_t) + * password (dynamic length) + */ + connect_cmd() { /* constructor - initialize with these values */ + message_type = 0x10; + prot_name_len = htons(4); + memcpy(protocol, "MQTT", 4); + version = 0x04; + flags = 0xc2; + keep_alive = htons(60); + client_id_len = htons(6); + memcpy(client_id, "Ncrack", 6); + } + +} __attribute__((__packed__)) connect_cmd; + + +struct ack { + uint8_t message_type; + uint8_t msg_len; + uint8_t flags; + uint8_t ret_code; +} __attribute__((__packed__)) ack; + + + +static int +mqtt_loop_read(nsock_pool nsp, Connection *con) +{ + struct ack *p; + if (con->inbuf == NULL || con->inbuf->get_len() < 4) { + nsock_read(nsp, con->niod, ncrack_read_handler, MQTT_TIMEOUT, con); + return -1; + } + + p = (struct ack *)((char *)con->inbuf->get_dataptr()); + /* reject if not an MQTT ACK message */ + if (p->message_type != 0x20) + return -2; + + /* return 0 only if return code is 0 */ + if (p->ret_code == 0) + return 0; + + return -2; +} + + + +void +ncrack_mqtt(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + struct connect_cmd cmd; + uint16_t pass_len; + + switch (con->state) + { + case MQTT_INIT: + + con->state = MQTT_FINI; + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + /* the message len is the size of the struct plus the length of the usernames and password + * minus 2 for the first 2 bytes (message type and message length) that are not counted in + */ + cmd.msg_len = sizeof(connect_cmd) + strlen(con->user) + strlen(con->pass) + sizeof(pass_len) - 2; + cmd.username_len = htons(strlen(con->user)); + pass_len = htons(strlen(con->pass)); + + con->outbuf->append(&cmd, sizeof(cmd)); + con->outbuf->snprintf(strlen(con->user), "%s", con->user); + con->outbuf->append(&pass_len, sizeof(pass_len)); + con->outbuf->snprintf(strlen(con->pass), "%s", con->pass); + + nsock_write(nsp, nsi, ncrack_write_handler, MQTT_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case MQTT_FINI: + + if (mqtt_loop_read(nsp, con) == -1) + break; + else if (mqtt_loop_read(nsp, con) == 0) + con->auth_success = true; + + con->state = MQTT_INIT; + + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + } +} diff --git a/include/DomainExec/modules/ncrack_mssql.cc b/include/DomainExec/modules/ncrack_mssql.cc new file mode 100644 index 00000000..fd34f5db --- /dev/null +++ b/include/DomainExec/modules/ncrack_mssql.cc @@ -0,0 +1,573 @@ +/*************************************************************************** + * ncrack_mssql.cc -- ncrack module for the MSSQL protocol * + * Coded by edeirme * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" + +#define MSSQL_TIMEOUT 10000 + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); +static int mssql_loop_read(nsock_pool nsp, Connection *con); + +enum states { MSSQL_ATTEMPT, MSSQL_INIT, MSSQL_GET_PORT, MSSQL_FINI }; + +static int +mssql_loop_read(nsock_pool nsp, Connection *con) +{ + if (con->inbuf == NULL) { + nsock_read(nsp, con->niod, ncrack_read_handler, MSSQL_TIMEOUT, con); + return -1; + } + return 0; +} + +void +ncrack_mssql(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + unsigned char len_login, len_pass; + int tmplen; + char * tmp; + int pklen; + char *start, *end; + size_t i; + + switch (con->state) + { + case MSSQL_INIT: + + con->state = MSSQL_GET_PORT; + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + /* In case the server uses named instances the port assigned + * to them is going to be dynamic. We won't be able to know which + * port to target. In order to bypass this small problem, we will + * have to ping the SQL Monitor server. The monitor is running + * on port 1434 and is listening to UDP connections. + * + */ + + /* Excerpt from [MC-SQLR]: SQL Server Resolution Protocol + * + * The CLNT_BCAST_EX packet is a broadcast or multicast + * request that is generated by clients that are trying to + * identify the list of database instances on the network + * and their network protocol connection information. + * + * CLNT_BCAST_EX (1 byte): A single byte whose value MUST be 0x02. + */ + + /* + * Could we instead use CLNT_UCAST_EX (0x03) ? Should test it. + */ + break; + + case MSSQL_GET_PORT: + + if (mssql_loop_read(nsp, con) < 0) + break; + /* In this step, we are interested only in extracting the + * port number of the SQL server. Once extracted, we set + * as a service attribute and proceed to the actual bruteforcing. + */ + + + /* SRV_RESP message structure: + * Index Description Content + * 0 SRV_RESP MUST be 0x05 + * 8 RESP_SIZE unsigned int specifies length + * 16 RESP_DATA For packets CLNT_BCAST_EX or + * CLNT_UCAST_EX max length is 65,535 bytes + */ + + /* RESP_DATA terminates on a double semicolon. + * RESP_DATA contents + * "ServerName" SEMICOLON SERVERNAME SEMICOLON "InstanceName" + * SEMICOLON INSTANCENAME SEMICOLON "IsClustered" SEMICOLON + * YES_OR_NO SEMICOLON "Version" SEMICOLON VERSION_STRING [NP_INFO] + * [TCP_INFO] [VIA_INFO] [RPC_INFO] [SPX_INFO] [ADSP_INFO] [BV_INFO] + * SEMICOLON SEMICOLON ; + */ + + /* We only care about the TCP_INFO segment which is: + * SEMICOLON "tcp" SEMICOLON TCP_PORT + * Identify the string ";tcp;" and extract the following + * integer. + */ + con->state = MSSQL_ATTEMPT; + return ncrack_module_end(nsp, con); + + case MSSQL_ATTEMPT: + { + /* This step contains the actual brute-forcing. + * The protocol used by MSSQL server is Tabular Data Stream Protocol + * aka TDS. + */ + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + /* A simple solution that we will employ for the moment is + * to send a Pre-TDS 7 Login request. + * + * Packet structure was found in: + * http://www.freetds.org/tds.html#login + */ + + /* A TDS packet that is longer than 512 bytes (without the 8-byte header) has + * to be split in more packets. + * + * That limit was increased to 4096 (default value) in TSD version 7. + * + * TDS version 7 was introduced for Microsoft SQL server 7.0 (1998). + * As such we can squeeze the whole (Pre-TDS 7 Login) packet in just one request + * without having to worry about incompatibility with older servers + * (Unless of course, you encounter an SQL server running software older than 1998). + */ + + /* + * TDS PRELOGIN Packet Header + * Index Description Content + * 0 PRELOGIN packet header In our case 0x02 for Pre-TDS, + * 0x12 or 0x04 for server tabular response + * 1 Status 0x00 for normal message or + * 0x01 for end of message + * 2 Length Packet Length uint16 + * 4 SPID Server process ID, uint16 + * 6 PacketID Packet ID, uint8 + * 7 Window SHOULD be 0x00 + * + */ + + /* + * TDS PRELOGIN Data Content + * Index Description Content + * 8 host name 30 chars + * 38 host name length integer 8 + * 39 user name 30 chars + * 69 user name length integer 8 + * 70 password 30 chars + * 100 password length integer 8 + * 101 host process 30 chars + * 131 host process length integer 8 + * 132 magic number 6 bytes \x03\x01\x06\x0a\x09\x01 + * 138 bulk copy integer 0x01 + * 139 magic number 9 bytes \x00\x00\x00\x00\x00\x00\x00\x00\x00 + * 148 app name 30 chars + * 178 app name length integer 8 + * 179 server name 30 chars + * 209 server name length integer 8 + * 210 magic number 1 byte \x00 + * 211 password2 length integer 8 + * 212 password2 30 chars + * 242 magic number 223 null bytes + * 465 password2 length + 2 integer 8 + * 466 TDS major version integer 16 + * 468 TDS minor version integer 16 + * 470 library name 10 chars + * 480 library name length integer 8 + * 481 program major version integer 16 + * 483 program minor version integer 16 + * 485 magic number 3 bytes \x00\x0d\x11 + * 488 language 30 chars e.g. "us-english" + * 518 language length integer 8 + * 519 magic number 1 byte \x01 + * 520 old_secure integer 16 (we will use \x00\x00) + * 522 encrypter integer (we will use 0 for no encryption) + * 523 magic number 1 byte 0x00 + * 524 sec_spare 9 bytes (fill with zeros) + * 533 character set 30 chars e.g. iso_1 (fill with zeros) + * 563 character set length integer (0x00) + * 564 magic number 1 bytes 0x01 + * 565 block size 6 chars + * 571 block size length integer 8 + */ + + /* 30 null bytes */ + unsigned char hostname[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + + char *username; + username = (char *)safe_malloc(30 + 1); + snprintf(username, 31, "%s", con->user); + char *password; + password = (char *)safe_malloc(30 + 1); + snprintf(password, 31, "%s", con->pass); + + /* Fill it up to 30 chars with zeros. */ + memset(username + strlen(con->user), 0, 30 - strlen(con->user)); + memset(password + strlen(con->pass), 0, 30 - strlen(con->pass)); + + /* 30 null bytes */ + unsigned char host_process[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + + unsigned char magic1[] = + "\x03\x01\x06\x0a\x09\x01"; + + /* 9 null bytes */ + unsigned char magic2[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + + /* 30 null bytes */ + unsigned char app_name[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + + /* 30 null bytes */ + unsigned char server_name[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + + /* 233 null bytes */ + unsigned char magic4[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00"; + + unsigned char tds_major_v[] = + "\x04\x02"; + + unsigned char tds_minor_v[] = + "\x00\x00"; + + unsigned char library_name[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + + unsigned char program_major_v[] = + "\x06\x00"; + + unsigned char program_minor_v[] = + "\x00\x00"; + + unsigned char magic5[] = + "\x00\x0d\x11"; + + /* 30 null bytes */ + unsigned char language[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + ; + + unsigned char old_secure[] = + "\x00\x00"; + + unsigned char sec_spare[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + + /* 30 null bytes */ + unsigned char character_set[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + + /* SQL server 2016 does not check these values. + * Leaving them as zeros for the moment. + */ + unsigned char block_size[] = + "\x00\x00\x00\x00\x00\x00"; + + pklen = 8; /* Packet header length */ + + tmplen = 30 + 1 /* hostname + length */ + + 30 + 1 /* username + length */ + + 30 + 1 /* password + length */ + + 30 + 1 /* host process + length */ + + 6 + 1 + 9 /* magic number 1&2 + bulk copy */ + + 30 + 1 /* app name */ + + 30 + 1 /* server name */ + + 1 /* magic number 3 */ + + 30 + 1 /* password2 + length */ + + 233 /* magic nmber 4 */ + + 1 /* password length + 2*/ + + 2 + 2 /* TDS version min/maj*/ + + 10 + 1 /* lib name + length */ + + 2 + 2 /* program version min/maj */ + + 3 /* magic number 5 */ + + 30 + 1 /* language + length */ + + 1 /* magic number 6 */ + + 2 /* old secure */ + + 1 /* encryptor */ + + 1 /* magic number 7 */ + + 9 /* sec_spare */ + + 30 + 1 /* character set + length */ + + 1 /* magic number 8 */ + + 6 + 1 /* block size + length */ + ; + + tmp = (char *)safe_malloc(tmplen + pklen + 1); + + /* added +1 to pklen to supress gcc warning - does not affect + * the program since later we write at this position using memcpy at + * tmp + pklen + */ + snprintf((char *)tmp, pklen + 1, + "%c" /* 0x02 Pre-TDS packet indicator */ + "%c" /* 0x01 end of message status indicator */ + "%c%c" /* uint16 packet length */ + "%c%c" /* uint16 SSID */ + "%c" /* uint8 packet ID */ + "%c", /* window byte 0x00 */ + 0x02, + 0x01, + 0x02, 0x3e, /* fixed length for now 574 bytes*/ + 0x00, 0x00, /* 0x00, 0x00 works for SSID */ + 0x01, /* This is the first packet. */ + 0x00 + ); + + len_login = (unsigned char)strlen(con->user); + len_pass = (unsigned char)strlen(con->pass); + memcpy(tmp + pklen, hostname, 30); + + memcpy(tmp + pklen + 30, "\x00", 1); + + memcpy(tmp + pklen + 30 + 1 , username, 30); + + memcpy(tmp + pklen + 30 + 1 + 30, &len_login, 1); + memcpy(tmp + pklen + 30 + 1 + 30 + 1, password, 30); + memcpy(tmp + pklen + 30 + 1 + 30 + 1 + 30, &len_pass, 1); + /* This adds up to 8 + 1 + 30 + 1 + 30 + 1 + 30 = 101 */ + memcpy(tmp + 101, host_process, 30); + memcpy(tmp + 101 + 30, "\x00", 1); + memcpy(tmp + 101 + 30 + 1, magic1, 6); + memcpy(tmp + 101 + 30 + 1 + 6, "\x01", 1); + memcpy(tmp + 101 + 30 + 1 + 6 + 1, magic2, 9); + memcpy(tmp + 101 + 30 + 1 + 6 + 1 + 9, app_name, 30); + memcpy(tmp + 101 + 30 + 1 + 6 + 1 + 9 + 30, "\x00", 1); + /* + 101 + 30 + 1 + 6 + 1 + 9 + 30 + 1= 179 */ + memcpy(tmp + 179, server_name, 30); + memcpy(tmp + 179 + 30,"\x00", 1); + memcpy(tmp + 179 + 30 + 1,"\x00", 1); + memcpy(tmp + 179 + 30 + 1 + 1, &len_pass, 1); + memcpy(tmp + 179 + 30 + 1 + 1 + 1, password, 30); + memcpy(tmp + 179 + 30 + 1 + 1 + 1 + 30, magic4, 223); + memcpy(tmp + 179 + 30 + 1 + 1 + 1 + 30 + 223, &len_pass + 2, 1); + /* + 179 + 30 + 1 + 1 + 1 + 30 + 223 + 1 = 466 */ + memcpy(tmp + 466, tds_major_v, 2); + memcpy(tmp + 466 + 2, tds_minor_v, 2); + memcpy(tmp + 466 + 2 + 2, library_name, 10); + memcpy(tmp + 466 + 2 + 2 + 10,"\x00", 1); + memcpy(tmp + 466 + 2 + 2 + 10 + 1, program_major_v, 2); + memcpy(tmp + 466 + 2 + 2 + 10 + 1 + 2, program_minor_v, 2); + memcpy(tmp + 466 + 2 + 2 + 10 + 1 + 2 + 2, magic5, 3); + memcpy(tmp + 466 + 2 + 2 + 10 + 1 + 2 + 2 + 3, language, 30); + memcpy(tmp + 466 + 2 + 2 + 10 + 1 + 2 + 2 + 3 + 30,"\x00", 1); + memcpy(tmp + 466 + 2 + 2 + 10 + 1 + 2 + 2 + 3 + 30 + 1,"\x01", 1); + /* 466 + 2 + 2 + 10 + 1 + 2 + 2 + 3 + 30 + 1 + 1 = 520 */ + memcpy(tmp + 520, old_secure, 2); + memcpy(tmp + 520 + 2, "\x00", 1); + memcpy(tmp + 520 + 2 + 1, "\x00", 1); + memcpy(tmp + 520 + 2 + 1 + 1, sec_spare, 9); + memcpy(tmp + 520 + 2 + 1 + 1 + 9, character_set, 30); + memcpy(tmp + 520 + 2 + 1 + 1 + 9 + 30, "\x00", 1); + memcpy(tmp + 520 + 2 + 1 + 1 + 9 + 30 + 1, "\x01", 1); + memcpy(tmp + 520 + 2 + 1 + 1 + 9 + 30 + 1 + 1, block_size, 6); + memcpy(tmp + 520 + 2 + 1 + 1 + 9 + 30 + 1 + 1 + 6, "\x00", 1); + + con->outbuf->append(tmp, tmplen); + + nsock_write(nsp, nsi, ncrack_write_handler, MSSQL_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + con->state = MSSQL_FINI; + break; + } + + case MSSQL_FINI: + { + if (mssql_loop_read(nsp, con) < 0) + break; + con->state = MSSQL_ATTEMPT; + + start = (char *)con->inbuf->get_dataptr(); + end = start; + i = 0; + while (i != con->inbuf->get_len()) { + end++; + i++; + } + + /* Parse the header and then verify that we have at least a 9-byte response + * 8 bytes for the correct header and 1 byte for the code. + * (It will never be just 9 bytes unless it is a different protocol) + * Then check the first byte of the response, it should be 0x04. + * This value denotes a TDS server response packet. + * Then check the 1 packet of the data segment of the packet. + * If the byte is 0xe3 then the authentication attempt was correct. + */ + if (con->inbuf->get_len() > 9 + && (unsigned char) start[0] == 0x04 + && (unsigned char) start[8] == 0xe3){ + con->auth_success = true; + } + + ncrack_module_end(nsp, con); + break; + } + } +} diff --git a/include/DomainExec/modules/ncrack_mysql.cc b/include/DomainExec/modules/ncrack_mysql.cc new file mode 100644 index 00000000..f2aa5fec --- /dev/null +++ b/include/DomainExec/modules/ncrack_mysql.cc @@ -0,0 +1,502 @@ +/*************************************************************************** + * ncrack_mysql.cc -- ncrack module for the MySQL protocol * + * Coded by edeirme * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include +#include + +#define MYSQL_TIMEOUT 20000 +#define MYSQL_DIGITS 4 +#define MYSQL_VERSION 3 +#define MYSQL_SALT 20 +#define SHA1_HASH_SIZE 20 + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); +static int mysql_loop_read(nsock_pool nsp, Connection *con, char *mysql_auth_method, + char *mysql_salt_ret); + +enum states { MYSQL_INIT, MYSQL_FINI, MYSQL_OTHER_AUTH }; + + +static int +mysql_loop_read(nsock_pool nsp, Connection *con, char *mysql_auth_method, char *mysql_salt_ret) +{ + int i = 0; + char mysql_salt[MYSQL_SALT + 1]; + char dig[5]; /* temporary digit string */ + char *p; + size_t packet_length; + int packet_number; + char server_authentication_method[21 + 1]; + + if (con->inbuf == NULL || con->inbuf->get_len() < MYSQL_DIGITS + 1) { + nsock_read(nsp, con->niod, ncrack_read_handler, MYSQL_TIMEOUT, con); + return -1; + } + /* Get the first character */ + p = (char *)con->inbuf->get_dataptr(); + dig[1] = '\0'; + for (i = 0; i < MYSQL_DIGITS - 3; i++) { + snprintf(dig, 4, "\n%x", *p++); + packet_length = (int)strtol(dig, NULL, 16); + } + + if (con->inbuf->get_len() < packet_length + 4) { + nsock_read(nsp, con->niod, ncrack_read_handler, MYSQL_TIMEOUT, con); + return -1; + } + + + /* Procceed only if the first byte is the packet length. */ + if (packet_length > 0) { + + for (i = 0; i < MYSQL_DIGITS - 2; i++) { + p++; + } + + /* The fourth byte is the packet number which starts from 0. + The packet with packet number 0 contains the SALT. */ + + snprintf(dig, 4, "\n%x", *p++); + packet_number = (int)strtol(dig, NULL, 16); + + if (packet_number == 0 && *p == '\xff') { + if(o.debugging > 6) + error("Anti-bruteforcing mechanism is triggered. Incoming connections are now blocked."); + return -2; + } else if (packet_number == 0) { + /* We need to go through the whole packet to find the SALT. */ + /* The next byte is the protocol verion*/ + p++; + /* The following series of bytes are a zero terminated server + version string. Perhaps we can figure out the version here. */ + while (*(p++) != '\00') { + + } + /* The next four bytes are the internal MySQL ID of the thread + handling the connection. */ + for (i = 0; i < 4; i++) { + p++; + } + /* This part could be either the full SALT or just a part of it. + In version 4.0 and earlier this part contains the full SALT while + in 4.1 and later only the first 8 bytes can be found. We will start + by reading the first 8 bytes and if the 9th byte is a zero byte \x00 + we will be facing a 4.1 or newer version of MySQL. In the other case we + will read the full SALT and then we will exit. */ + mysql_salt[0] = *p++; + for (i = 1; i < 8 + 1; i++) { + mysql_salt[i] = *p++; + } + if (mysql_salt[8] == '\00') { + /* The version of the sevice is 4.1 or later. + We need to find the other half of the SALT.*/ + + /* The next 18 bytes are the server capabilities (2), + Default character set code (1), Sever status bit mask (2) + and the rest (13) are zeroed out for future use. */ + + for (i = 0; i < 18; i++) + p++; + + /* Finally the next 13 bytes are the rest of the SALT terminated + with a zero byte. */ + for (i = 0; i < 13; i++) { + mysql_salt[i + 8] = *p++; + } + mysql_salt[20] = '\0'; + memcpy(mysql_salt_ret, mysql_salt, strlen(mysql_salt)); + + /* The next bytes denotes the default authentication method of the server. + The string ends with a null byte. */ + /* Possible values: mysql_native_password, mysql_old_password, sha256_password*/ + for (i = 0; i < 21; i++) { + if (*(p) != '\00') { + server_authentication_method[i] = *p; + p++; + } + } + server_authentication_method[i] = '\0'; + server_authentication_method[strlen(server_authentication_method) + 1] = '\0'; + //printf("Server default authentication: %s\n", server_authentication_method); + memcpy(mysql_auth_method, server_authentication_method, strlen(server_authentication_method)); + return 0; + } else { + /* Currently we don't support versions earlier than 4.1 */ + return -2; + } + } + else if ((packet_number == 2 || packet_number == 4)&& *p == '\xff') + /* This is an error packet. Most probably wrong authentication. + We will consider it as a failed attempt. If we triggered anti-bruteforcing + measures we will find out in the next packet. We are checking for that in + the first 'if' statement. */ + return 0; + + else if ((packet_number == 2 || packet_number == 4)&& *p == '\x00') + /* Successful authentication packet. */ + return 1; + + else if (packet_number == 2) { + /* In this case the specific the user uses another authentication method than the default authentication + of the server. */ + p++; + for (i = 0; i < 21 ; i++) { + server_authentication_method[i] = *p++; + } + server_authentication_method[i] = '\0'; + server_authentication_method[strlen(server_authentication_method) + 1] = '\0'; + memcpy(mysql_auth_method, server_authentication_method, strlen(server_authentication_method)); + + /* The next 20 bytes are the SALT. */ + for(i = 0; i < MYSQL_SALT; i++) { + mysql_salt[i] = *p++; + } + + mysql_salt[20] = '\0'; + memcpy(mysql_salt_ret, mysql_salt, strlen(mysql_salt)); + return 2; + } + + } + /* Malformed packet. Exit safely. */ + return -2; +} + + +static void +xor_hashes(char *to, const u_char *s1, const u_char *s2, u_int len) +{ + const uint8_t *s1_end= s1 + len; + while (s1 < s1_end) + *to++= *s1++ ^ *s2++; +} + +static void hash_password(char *buf, const char *password, const char *salt) +{ + SHA_CTX sha1_ctx; + + uint8_t first_hash[SHA1_HASH_SIZE]; + uint8_t second_hash[SHA1_HASH_SIZE]; + + + /* First step is SHA1(pass). */ + SHA1_Init(&sha1_ctx); + SHA1_Update(&sha1_ctx, (const uint8_t *) password, strlen(password)); + SHA1_Final(first_hash, &sha1_ctx); + + /* Second step is SHA1(first_hash). */ + SHA1_Init(&sha1_ctx); + SHA1_Update(&sha1_ctx, first_hash, SHA1_HASH_SIZE); + SHA1_Final(second_hash, &sha1_ctx); + + /* Third step is SHA1(SALT+second_hash). */ + SHA1_Init(&sha1_ctx); + SHA1_Update(&sha1_ctx, (const uint8_t *) salt, SHA1_HASH_SIZE); + SHA1_Update(&sha1_ctx, second_hash, SHA1_HASH_SIZE); + SHA1_Final((uint8_t *) buf, &sha1_ctx); + + /* Fourth step is first_hash XOR third_hash. */ + xor_hashes(buf, (const u_char *) buf, (const u_char *) first_hash, SHA1_HASH_SIZE); + +} + + + +void +ncrack_mysql(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + size_t packet_length = 0; + char mysql_auth_method[21 + 1]; + char mysql_salt[MYSQL_SALT + 1]; + memset(mysql_auth_method, 0, sizeof(mysql_auth_method)); + char response_hex[SHA_DIGEST_LENGTH]; + switch (con->state) + { + case MYSQL_INIT: + + if (mysql_loop_read(nsp, con, mysql_auth_method, mysql_salt) < 0) + break; + con->state = MYSQL_FINI; + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + + con->outbuf = new Buf(); + + if (!strncmp(mysql_auth_method, "mysql_native_password", sizeof("mysql_native_password"))){ + + hash_password(response_hex, con->pass, mysql_salt); + + packet_length = strlen(con->user) + 4 + 23 + + strlen("\x01\x05\xa6\x0f\x01\x21\x14"); + + con->outbuf->snprintf(packet_length + 4 + 20 + 21 + 1, + "%c%c%c\x01\x05\xa6\x0f%c%c%c%c\x01\x21%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%s%c\x14", + (char)packet_length + 20 + 21 + 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,con->user,0); + memcpy((char *)con->outbuf->get_dataptr() + packet_length + 4 , response_hex, sizeof response_hex); + strncpy((char *)con->outbuf->get_dataptr() + packet_length + 20 + 4, "mysql_native_password\x00", sizeof "mysql_native_password "); + nsock_write(nsp, nsi, ncrack_write_handler, MYSQL_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len() ); + + } else if(!strncmp(mysql_auth_method, "mysql_old_password", sizeof("mysql_old_password"))){ + + // con->outbuf = new Buf(); + // packet_length = strlen(con->user) + 4 + 23 + sizeof("mysql_old_password") + + // strlen("\x01\x05\xa6\x0f\x01\x21"); + + // con->outbuf->snprintf(packet_length + 4, + // "%c%c%c\x01\x05\xa6\x0f%c%c%c%c\x01\x21%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%s%c%cmysql_old_password%c", + // packet_length + 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,con->user,0,0,0); + // nsock_write(nsp, nsi, ncrack_write_handler, MYSQL_TIMEOUT, con, + // (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len() ); + return ncrack_module_end(nsp, con); + + } else if(!strncmp(mysql_auth_method, "sha256_password", sizeof("sha256_password"))){ + + /* Not yet implemented. This part includes sha256 auth over SSL or + RSA encryption of the SHA256 hash if sent cleartext. Second option is available + to enterprise only. */ + /* We are terminating the effort at the moment but this doesn't mean that the user uses SHA256 + authentication. SHA256 is just the default authentication of the server.*/ + return ncrack_module_end(nsp, con); + + } else { + /* Not yet implement. we're lacking Windows authentication. Enterprise MySQL. */ + /* We are terminating the effort at the moment but this doesn't mean that the user uses SHA256 + authentication. SHA256 is just the default authentication of the server.*/ + return ncrack_module_end(nsp, con); + } + + + break; + + case MYSQL_FINI: + + if (mysql_loop_read(nsp, con, mysql_auth_method, mysql_salt) < 0) + break; + else if (mysql_loop_read(nsp, con , mysql_auth_method, mysql_salt) == 1){ + con->auth_success = true; + con->state = MYSQL_INIT; + } + else if (mysql_loop_read(nsp, con , mysql_auth_method, mysql_salt) == 2){ + con->state = MYSQL_OTHER_AUTH; + } + else if (mysql_loop_read(nsp, con , mysql_auth_method, mysql_salt) == 0){ + con->state = MYSQL_INIT; + } + + + + delete con->inbuf; + con->inbuf = NULL; + + if(con->state == MYSQL_OTHER_AUTH){ + //printf("Con state:\n"); + //printf("Con state: %s\n", mysql_auth_method); + if (!strncmp(mysql_auth_method, "mysql_native_password", sizeof("mysql_native_password"))){ + + hash_password(response_hex, con->pass, mysql_salt); + + con->outbuf->snprintf(4, + "%c%c%c\x03", + (char)packet_length,0,0); + + memcpy((char *)con->outbuf->get_dataptr() + 4 , response_hex, sizeof response_hex); + + nsock_write(nsp, nsi, ncrack_write_handler, MYSQL_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len() ); + + break; + + } else if(!strncmp(mysql_auth_method, "mysql_old_password", sizeof("mysql_old_password"))){ + + // scramble_323(response_hex, con->pass, mysql_salt); + // con->outbuf = new Buf(); + // packet_length = 9; + + // con->outbuf->snprintf(packet_length + 4, + // "%c%c%c\x03%s%c", + // packet_length,0,0,response_hex,0); + // nsock_write(nsp, nsi, ncrack_write_handler, MYSQL_TIMEOUT, con, + // (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len() ); + + // break; + + return ncrack_module_end(nsp, con); + + } else if(!strncmp(mysql_auth_method, "sha256_password", sizeof("sha256_password"))){ + + /* Not yet implemented. This part includes sha256 auth over SSL or + RSA encryption of the SHA256 hash if sent cleartext. Second option is available + to enterprise only. */ + /* We are terminating the effort at the moment but this doesn't mean that the user uses SHA256 + authentication. SHA256 is just the default authentication of the server.*/ + return ncrack_module_end(nsp, con); + + } else { + /* Not yet implement. we're lacking Windows authentication. Enterprise MySQL. */ + /* We are terminating the effort at the moment but this doesn't mean that the user uses SHA256 + authentication. SHA256 is just the default authentication of the server.*/ + return ncrack_module_end(nsp, con); + } + + } else + + return ncrack_module_end(nsp, con); + + case MYSQL_OTHER_AUTH: + if (mysql_loop_read(nsp, con, mysql_auth_method, mysql_salt) < 0) + break; + else if (mysql_loop_read(nsp, con , mysql_auth_method, mysql_salt) == 1){ + con->auth_success = true; + } + + con->state = MYSQL_INIT; + + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + } + /* make sure that ncrack_module_end() is always called last or returned to + * have tail recursion or else stack space overflow might occur */ +} diff --git a/include/DomainExec/modules/ncrack_owa.cc b/include/DomainExec/modules/ncrack_owa.cc new file mode 100644 index 00000000..9b9794eb --- /dev/null +++ b/include/DomainExec/modules/ncrack_owa.cc @@ -0,0 +1,358 @@ + +/*************************************************************************** + * ncrack_owa.cc -- ncrack module for the OWA protocol * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include "http.h" +#include + +#include +using namespace std; + +#define USER_AGENT "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0\r\n" +#define HTTP_LANG "Accept-Language: en-US,en;q=0.5\r\n" +#define HTTP_ENCODING "Accept-Encoding: gzip, deflate, br\r\n" +#define HTTP_ACCEPT "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +#define HTTP_COOKIE "Cookie: PrivateComputer=true; PBack=0\r\n" +#define HTTP_CONNECTION "Connection: close\r\n" +#define HTTP_CONTENT_TYPE "Content-Type: application/x-www-form-urlencoded\r\n" +#define HTTP_UPGRADE "Upgrade-Insecure-Requests: 1\r\n" + +#define HTTP_UNKNOWN "Service might not be HTTP." +#define HTTP_NOAUTH_SCHEME "Service didn't reply with authentication scheme." +#define OWA_TIMEOUT 10000 + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +static void owa_basic(nsock_pool nsp, Connection *con); +static int owa_loop_read(nsock_pool nsp, Connection *con); +static void owa_free(Connection *con); + + +enum states { OWA_INIT, OWA_BASIC_AUTH, OWA_FINI }; + +/* Basic Authentication substates */ +enum { BASIC_SEND, BASIC_RESULTS }; + + +typedef struct owa_info { + char *auth_scheme; + int substate; +} owa_info; + +typedef struct owa_state { + bool reconnaissance; + char *auth_scheme; + int state; + int keep_alive; +} owa_state; + + +void +ncrack_owa(nsock_pool nsp, Connection *con) +{ + con->ops_free = &owa_free; +#if 0 + owa_info *info = NULL; + if (con->misc_info) { + info = (owa_info *) con->misc_info; + //printf("info substate: %d \n", info->substate); + } + + if (con->misc_info == NULL) { + con->misc_info = (owa_info *)safe_zalloc(sizeof(owa_info)); + info = (owa_info *)con->misc_info; + } +#endif + + switch (con->state) + { + case OWA_INIT: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + owa_basic(nsp, con); + + break; + + + case OWA_BASIC_AUTH: + + //owa_basic(nsp, con); + break; + + } + +} + +static int +owa_loop_read(nsock_pool nsp, Connection *con) +{ + //printf("loop read\n"); + + if (con->inbuf == NULL) { + //printf("inbuf null\n"); + nsock_read(nsp, con->niod, ncrack_read_handler, OWA_TIMEOUT, con); + return -1; + } + + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\r\n", + con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, OWA_TIMEOUT, con); + return -1; + } + + return 0; +} + + + +static void +owa_basic(nsock_pool nsp, Connection *con) +{ + char tmp[16]; + size_t tmplen; + Service *serv = con->service; + nsock_iod nsi = con->niod; + owa_info *info = (owa_info *)con->misc_info; + + switch (info->substate) { + case BASIC_SEND: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + + con->outbuf->append("POST ", 5); + con->outbuf->append("/owa/auth.owa HTTP/1.1\r\n", 24); + con->outbuf->append("Host: ", 6); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, + strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), + strlen(serv->target->NameIP())); + con->outbuf->append("\r\n", sizeof("\r\n") - 1); + + con->outbuf->append(USER_AGENT, sizeof(USER_AGENT) - 1); + con->outbuf->append(HTTP_ACCEPT, sizeof(HTTP_ACCEPT) - 1); + con->outbuf->append(HTTP_LANG, sizeof(HTTP_LANG) - 1); + con->outbuf->append(HTTP_ENCODING, sizeof(HTTP_ENCODING) - 1); + con->outbuf->append(HTTP_COOKIE, sizeof(HTTP_COOKIE) - 1); + con->outbuf->append(HTTP_CONNECTION, sizeof(HTTP_CONNECTION) - 1); + con->outbuf->append(HTTP_UPGRADE, sizeof(HTTP_UPGRADE) - 1); + con->outbuf->append(HTTP_CONTENT_TYPE, sizeof(HTTP_CONTENT_TYPE) - 1); + + tmplen = strlen(con->user) + strlen(con->pass) + + sizeof("destination=https%3A%2F%2F") - 1 + + sizeof("%2Fowa%2F&flags=4&forcedownlevel=0&username=") - 1 + + sizeof("&password=") - 1 + + sizeof("&isUtf8=1") - 1; + if (serv->target->targetname) + tmplen += strlen(serv->target->targetname); + else + tmplen += strlen(serv->target->NameIP()); + + snprintf(tmp, sizeof(tmp) - 1, "%lu", tmplen); + + con->outbuf->snprintf(20 + strlen(tmp), "Content-Length: %s\r\n\r\n", tmp); + + //destination=https%3A%2F%2F172.16.127.139%2Fowa%2F&flags=4&forcedownlevel=0&username=ithilgore&password=test&isUtf8=1 + + con->outbuf->append("destination=https%3A%2F%2F", sizeof("destination=https%3A%2F%2F") - 1); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, + strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), + strlen(serv->target->NameIP())); + + con->outbuf->append("%2Fowa%2F&flags=4&forcedownlevel=0&username=", sizeof("%2Fowa%2F&flags=4&forcedownlevel=0&username=") - 1); + con->outbuf->snprintf(strlen(con->user), "%s", con->user); + con->outbuf->append("&password=", sizeof("&password=") - 1); + con->outbuf->snprintf(strlen(con->pass), "%s", con->pass); + con->outbuf->append("&isUtf8=1", sizeof("&isUtf8=1") - 1); + + //memprint((const char *)con->outbuf->get_dataptr(), + // con->outbuf->get_len()); + + nsock_write(nsp, nsi, ncrack_write_handler, OWA_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + info->substate = BASIC_RESULTS; + break; + + case BASIC_RESULTS: + if (owa_loop_read(nsp, con) < 0) + break; + + info->substate = BASIC_SEND; + memprint((const char *)con->inbuf->get_dataptr(), + con->inbuf->get_len()); + + if (memsearch((const char *)con->inbuf->get_dataptr(), + "cadataKey", con->inbuf->get_len())) { + con->auth_success = true; + } + + /* The in buffer has to be cleared out, because we are expecting + * possibly new answers in the same connection. + */ + delete con->inbuf; + con->inbuf = NULL; + + ncrack_module_end(nsp, con); + break; + } +} + + +static void +owa_free(Connection *con) +{ + + owa_info *p = NULL; + if (con->misc_info == NULL) + return; + + p = (owa_info *)con->misc_info; + free(p->auth_scheme); + +} + diff --git a/include/DomainExec/modules/ncrack_pop3.cc b/include/DomainExec/modules/ncrack_pop3.cc new file mode 100644 index 00000000..5e8272e2 --- /dev/null +++ b/include/DomainExec/modules/ncrack_pop3.cc @@ -0,0 +1,276 @@ + +/*************************************************************************** + * ncrack_pop3.cc -- ncrack module for the POP3 protocol * + * Coded by Balázs Bucsay * + * http://rycon.hu/ * + * * + * 2010. 02. 05. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include + +#define POP3_TIMEOUT 20000 + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +static int pop3_response_parser(nsock_pool nsp, Connection *con); + +enum states { POP3_INIT, POP3_USER, POP3_FINI }; + +static int +pop3_response_parser(nsock_pool nsp, Connection *con) +{ + + if (con->inbuf == NULL || con->inbuf->get_len() < 3) { + nsock_read(nsp, con->niod, ncrack_read_handler, POP3_TIMEOUT, con); + return -1; + } + if (memsearch((const char *)con->inbuf->get_dataptr(), "-ERR", + con->inbuf->get_len())) { + return 2; + } + if (!(memsearch((const char *)con->inbuf->get_dataptr(), "+OK", + con->inbuf->get_len()))) { + return 1; + } + + return 0; +} + +void +ncrack_pop3(nsock_pool nsp, Connection *con) +{ + int ret; + nsock_iod nsi = con->niod; + Service *serv = con->service; + + switch (con->state) + { + case POP3_INIT: + + if (!con->login_attempts) { + + if ((ret = pop3_response_parser(nsp, con)) < 0) { + break; + } + + if (ret == 1) { + if (o.debugging > 6) { + error("%s Not pop3 or service was shutdown\n", serv->HostInfo()); + return ncrack_module_end(nsp, con); + } + } + } + + con->state = POP3_USER; + + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + con->outbuf->snprintf(7 + strlen(con->user), "USER %s\r\n", con->user); + + nsock_write(nsp, nsi, ncrack_write_handler, POP3_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case POP3_USER: + + if ((ret = pop3_response_parser(nsp, con)) < 0) { + break; + } + + if (ret == 2) { + if (o.debugging > 6) { + error("%s Unknown user: %s\n", serv->HostInfo(), con->user); + return ncrack_module_end(nsp, con); + } + } + if (ret == 1) { + if (o.debugging > 6) { + error("%s Unknown pop3 error for USER\n", serv->HostInfo()); + return ncrack_module_end(nsp, con); + } + } + + con->state = POP3_FINI; + + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + con->outbuf->snprintf(7 + strlen(con->pass), "PASS %s\r\n", con->pass); + + nsock_write(nsp, nsi, ncrack_write_handler, POP3_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case POP3_FINI: + + if ((ret = pop3_response_parser(nsp, con)) < 0) { + break; + } + + if (ret == 0) { + con->auth_success = true; + } + + con->state = POP3_INIT; + + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + } +} + + + + + + + + + + + + + diff --git a/include/DomainExec/modules/ncrack_psql.cc b/include/DomainExec/modules/ncrack_psql.cc new file mode 100644 index 00000000..dc43ba8e --- /dev/null +++ b/include/DomainExec/modules/ncrack_psql.cc @@ -0,0 +1,365 @@ +/*************************************************************************** + * ncrack_psql.cc -- ncrack module for the PSQL protocol * + * Coded by edeirme * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include + +#define PSQL_TIMEOUT 20000 +#define PSQL_DIGITS 1 +#define PSQL_PACKET_LENGTH 4 +#define PSQL_AUTH_TYPE 4 +#define PSQL_SALT 4 + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); +static int psql_loop_read(nsock_pool nsp, Connection *con, char *psql_code_ret, char *psql_salt_ret); + +unsigned char charToHexDigit(char c); +enum states { PSQL_INIT, PSQL_AUTH, PSQL_FINI }; + + + +/* n is the size of src. dest must have at least n * 2 + 1 allocated bytes. +*/ +static char *enhex(char *dest, const unsigned char *src, size_t n) +{ + unsigned int i; + + for (i = 0; i < n; i++) + Snprintf(dest + i * 2, 3, "%02x", src[i]); + + return dest; +} + + +/* Arguments are assumed to be non-NULL, with the exception of nc and + cnonce, which may be garbage only if qop == QOP_NONE. */ +static void make_response(char buf[MD5_DIGEST_LENGTH * 2 + 3], + const char *username, const char *password, const char *salt) +{ + char HA1_hex[MD5_DIGEST_LENGTH * 2 + 1]; + unsigned char hashbuf[MD5_DIGEST_LENGTH]; + char finalhash[MD5_DIGEST_LENGTH * 2 + 3 + 1]; + MD5_CTX md5; + + /* Calculate MD5(Password + Username) */ + MD5_Init(&md5); + MD5_Update(&md5, password, strlen(password)); + MD5_Update(&md5, username, strlen(username)); + MD5_Final(hashbuf, &md5); + enhex(HA1_hex, hashbuf, sizeof(hashbuf)); + + /* Calculate response MD5(above + Salt). */ + MD5_Init(&md5); + MD5_Update(&md5, HA1_hex, strlen(HA1_hex)); + MD5_Update(&md5, salt, strlen(salt)); + MD5_Final(hashbuf, &md5); + enhex(buf, hashbuf, sizeof(hashbuf)); + + /* Add the string md5 at the beggining. */ + memcpy(finalhash,"md5", sizeof("md5")); + strncat(finalhash, buf, sizeof(finalhash) - 1); + buf[0] = '\0'; + memcpy(buf, finalhash, MD5_DIGEST_LENGTH * 2 + 3); + buf[MD5_DIGEST_LENGTH * 2 + 3] = '\0'; +} + +static int +psql_loop_read(nsock_pool nsp, Connection *con, char *psql_code_ret, char +*psql_salt_ret) +{ + int i = 0; + char psql_code[PSQL_DIGITS + 1]; /* 1 char + '\0' */ + char psql_salt[PSQL_SALT + 1]; /* 4 + '\0' */ + char dig[PSQL_PACKET_LENGTH + 1]; /* temporary digit string */ + char *p; + size_t packet_length; + int authentication_type; + + if (con->inbuf == NULL || con->inbuf->get_len() < PSQL_DIGITS + 1) { + nsock_read(nsp, con->niod, ncrack_read_handler, PSQL_TIMEOUT, con); + return -1; + } + + /* Get the first character */ + p = (char *)con->inbuf->get_dataptr(); + dig[1] = '\0'; + for (i = 0; i < PSQL_DIGITS; i++) { + psql_code[i] = *p++; + } + psql_code[1] = '\0'; + memcpy(psql_code_ret, psql_code, PSQL_DIGITS); + + if (!strncmp(psql_code_ret, "R", PSQL_DIGITS)) { + /* Read packet length only if it is of type R */ + + /* Currently we care only for the last byte. + The packet length will always be small enough + to fit in one byte */ + for (i = 0; i < PSQL_PACKET_LENGTH; i++) { + snprintf(dig, 3, "\n%x", *p++); + packet_length = (int)strtol(dig, NULL, 16); + } + if (con->inbuf->get_len() < packet_length + 1) { + nsock_read(nsp, con->niod, ncrack_read_handler, PSQL_TIMEOUT, con); + return -1; + } + + /* At this point we will need to know the authentication type. + Possible values are 5 and 0. 5 stands for MD5 and 0 stands for + successful authentication. If it is 5 we are at the second stage of + the process PSQL_AUTH while if it is 0 we are at the third stage PSQL_FINI. + This value consists of 4 bytes but only the fourth will have a value + e.g. 00 00 00 05 for MD5 or 00 00 00 00 for successful authentication. + */ + for (i = 0; i < PSQL_AUTH_TYPE; i++) { + snprintf(dig, 3, "\n%x", *p++); + authentication_type = (int)strtol(dig, NULL, 16); + } + + + /* If authentication type is 'MD5 password' (carries Salt) read salt */ + if (authentication_type == 5) { + + for (i = 0; i < 4; i++){ + psql_salt[i] = *p++; + } + psql_salt[4] = '\0'; + memcpy(psql_salt_ret, psql_salt, PSQL_SALT); + + return 0; + + } + else if (authentication_type == 0) + /* Successful authentication */ + return 1; + + } else if (!strncmp(psql_code_ret, "E", PSQL_DIGITS)) { + + /* Error packet. The login attempt has failed. + Perhaps we could do some more validation on the packet. + Currently any kind of packet with E as the first byte will + be interpreted as a Error package. It is only a matter + of concerns if the service is not a Postgres service. */ + + return 0; + + } + + /* Malformed packet. Exit safely. */ + return -2; +} + +void +ncrack_psql(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + + char packet_length; + char psql_code[PSQL_DIGITS + 1]; + char psql_salt[PSQL_SALT + 1]; + memset(psql_code, 0, sizeof(psql_code)); + memset(psql_salt, 0, sizeof(psql_salt)); + + char response_hex[MD5_DIGEST_LENGTH *2 + 3]; + switch (con->state) + { + case PSQL_INIT: + + con->state = PSQL_AUTH; + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + + con->outbuf = new Buf(); + packet_length = strlen(con->user) + 7 + + strlen("\x03user database postgres application_name psql client_encoding UTF8 "); + + con->outbuf->snprintf(packet_length, + "%c%c%c%c%c\x03%c%cuser%c%s%cdatabase%cpostgres%capplication_name%cpsql%cclient_encoding%cUTF8%c%c", + 0,0,0,packet_length,0,0,0,0,con->user,0,0,0,0,0,0,0,0); + nsock_write(nsp, nsi, ncrack_write_handler, PSQL_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + break; + + case PSQL_AUTH: + + if (psql_loop_read(nsp, con, psql_code, psql_salt) < 0) + break; + + if (!strncmp(psql_code, "E", PSQL_DIGITS)) + return ncrack_module_end(nsp, con); + + make_response(response_hex, con->user , con->pass, psql_salt); + + response_hex[MD5_DIGEST_LENGTH * 2 + 3] = '\0'; + + con->state = PSQL_FINI; + delete con->inbuf; + con->inbuf = NULL; + + + if (con->outbuf) + delete con->outbuf; + + con->outbuf = new Buf(); + packet_length = strlen(response_hex) + 5 + strlen("p"); + + /* This packet will not count the last null byte in packet length + byte, that is why we remove one from snprintf. */ + con->outbuf->snprintf(packet_length, + "p%c%c%c%c%s%c",0,0,0,packet_length - 1,response_hex,0); + + nsock_write(nsp, nsi, ncrack_write_handler, PSQL_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case PSQL_FINI: + + if (psql_loop_read(nsp, con, psql_code, psql_salt) < 0) + break; + else if (psql_loop_read(nsp, con , psql_code, psql_salt) == 1) + con->auth_success = true; + + con->state = PSQL_INIT; + + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + } +} diff --git a/include/DomainExec/modules/ncrack_rdp.cc b/include/DomainExec/modules/ncrack_rdp.cc new file mode 100644 index 00000000..33b834b7 --- /dev/null +++ b/include/DomainExec/modules/ncrack_rdp.cc @@ -0,0 +1,5237 @@ + +/*************************************************************************** + * ncrack_rdp.cc -- ncrack module for RDP * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include "crypto.h" +#include +#include +#include +#include +#include + +using namespace std; +bool rdp_discmap_initialized = false; +map rdp_discmap; + +#ifdef WIN32 +#ifndef __attribute__ +# define __attribute__(x) +#endif +# pragma pack(1) +#endif + +#define RDP_TIMEOUT 20000 +#define COOKIE_USERNAME "NCRACK_USER" + + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + + +typedef struct stream_struct +{ + u_char *p; + u_char *end; + u_char *data; + unsigned int size; +} *stream; + + + +typedef struct rdp_state { + + uint8_t crypted_random[256]; + uint8_t sign_key[16]; + uint8_t encrypt_key[16]; + uint8_t decrypt_key[16]; + uint8_t encrypt_update_key[16]; + uint8_t decrypt_update_key[16]; + RC4_KEY rc4_encrypt_key; + RC4_KEY rc4_decrypt_key; + int rc4_keylen; + int encrypt_use_count; + int decrypt_use_count; + uint32_t server_public_key_length; + uint16_t mcs_userid; + uint32_t shareid; + + u_char *rdp_packet; + u_char *rdp_next_packet; + u_char *rdp_packet_end; + uint16_t packet_len; + + stream assembled[0x0F]; + + int login_result; + + /* + * hack to find pattern for RDPv5 to determine when + * there is an authentication failure, since Windows + * does not explicitly send a status message about that + * if we detect a certain number of patterns a specific number + * of times, then we can assume that this is a failure + */ + int login_pattern_fail; + + int rdp_version; /* 4, 5, 6 */ + + uint8_t order_state_type; + + typedef struct order_memblt { + uint8_t color_table; + uint8_t cache_id; + int16_t x; + int16_t y; + int16_t cx; + int16_t cy; + uint8_t opcode; + int16_t srcx; + int16_t srcy; + uint16_t cache_idx; + } order_memblt; + + bool win7_vista_fingerprint; + + order_memblt memblt; + +} rdp_state; + + +static int rdp_loop_read(nsock_pool nsp, Connection *con); +static void rdp_iso_connection_request(Connection *con); +static int rdp_iso_connection_confirm(Connection *con); +static void rdp_mcs_connect(Connection *con); +static int rdp_mcs_connect_response(Connection *con); +static int rdp_get_crypto(Connection *con, u_char *p); +static void rdp_mcs_erect_domain_request(Connection *con); +static void rdp_iso_data(Connection *con, uint16_t datalen); +static void rdp_mcs_attach_user_request(Connection *con); +static int rdp_mcs_attach_user_confirm(Connection *con); +static int rdp_iso_recv_data(Connection *con); +static void rdp_mcs_channel_join_request(Connection *con, uint16_t channel_id); +static int rdp_mcs_channel_join_confirm(Connection *con); +static void rdp_encrypt_data(Connection *con, uint8_t *data, uint32_t datalen, + uint32_t flags); +static void rdp_mcs_data(Connection *con, uint16_t datalen); +static void rdp_security_exchange(Connection *con); +static void rdp_client_info(Connection *con); +static u_char *rdp_mcs_recv_data(Connection *con, uint16_t *channel, bool *fastpath, uint8_t *fastpath_header); +static u_char *rdp_secure_recv_data(Connection *con, bool *fastpath); +static u_char *rdp_recv_data(Connection *con, uint8_t *pdu_type); +static void rdp_data(Connection *con, Buf *data, uint8_t pdu_type); +static void rdp_synchronize(Connection *con); +static void rdp_control(Connection *con, uint16_t action); +static void rdp_confirm_active(Connection *con); +static void rdp_input_msg(Connection *con, uint32_t time, uint16_t message_type, + uint16_t device_flags, uint16_t param1, uint16_t param2); +//static void rdp_scancode_msg(Connection *con, uint32_t time, uint16_t flags, +// uint8_t scancode); +static void rdp_demand_active_confirm(Connection *con, u_char *p); +static int rdp_parse_rdpdata_pdu(Connection *con, u_char *p); +static char *rdp_disc_reason(uint32_t code); +static void rdp_fonts_send(Connection *con, uint16_t sequence); +static void rdp_disconnect(Connection *con); +static u_char *rdp_iso_recv_data_loop(Connection *con, bool *fastpath, uint8_t *fastpath_header); +static void rdp_parse_update_pdu(Connection *con, u_char *p); +static void rdp_parse_orders(Connection *con, u_char *p, uint16_t num); +//static void rdp_parse_second_order(u_char *p); +static u_char *rdp_parse_destblt(u_char *p, uint32_t params, bool delta); +static u_char *rdp_coord(u_char *p, bool delta, int16_t *coord = NULL); +static u_char *rdp_parse_brush(u_char *p, uint32_t params); +static u_char *rdp_parse_patblt(u_char *p, uint32_t params, bool delta); +static u_char *rdp_parse_screenblt(u_char *p, uint32_t params, bool delta); +static u_char *rdp_parse_line(u_char *p, uint32_t params, bool delta); +static u_char *rdp_parse_pen(u_char *p, uint32_t params); +static u_char *rdp_color(u_char *p); +static u_char *rdp_parse_rect(u_char *p, uint32_t params, bool delta); +static u_char *rdp_parse_desksave(u_char *p, uint32_t params, bool delta); +static u_char *rdp_parse_memblt(u_char *p, uint32_t params, bool delta, rdp_state *info); +static u_char *rdp_parse_triblt(u_char *p, uint32_t params, bool delta); +static u_char *rdp_parse_polygon(u_char *p, uint32_t params, bool delta); +static u_char *rdp_parse_polygon2(u_char *p, uint32_t params, bool delta); +static u_char *rdp_parse_ellipse(u_char *p, uint32_t params, bool delta); +static u_char *rdp_parse_ellipse2(u_char *p, uint32_t params, bool delta); +static u_char *rdp_parse_text2(Connection *con, u_char *p, uint32_t params, bool delta); +static u_char *rdp_parse_ber(u_char *p, int tag, int *length); +static u_char *rdp_process_fastpath(Connection *con, u_char *p); +//static u_char *rdp_parse_bitmap_update(u_char *p); +static void rdp_parse_bmpcache2(Connection *con, u_char *p, uint16_t sec_flags, bool compressed); + + +/* RDP PDU codes */ +enum RDP_PDU_TYPE +{ + RDP_PDU_DEMAND_ACTIVE = 1, + RDP_PDU_CONFIRM_ACTIVE = 3, + RDP_PDU_REDIRECT = 4, /* Standard Server Redirect */ + RDP_PDU_DEACTIVATE = 6, + RDP_PDU_DATA = 7, + RDP_PDU_ENHANCED_REDIRECT = 10 /* Enhanced Server Redirect */ +}; + + +enum RDP_DATA_PDU_TYPE +{ + RDP_DATA_PDU_UPDATE = 2, + RDP_DATA_PDU_CONTROL = 20, + RDP_DATA_PDU_POINTER = 27, + RDP_DATA_PDU_INPUT = 28, + RDP_DATA_PDU_SYNCHRONISE = 31, + RDP_DATA_PDU_BELL = 34, + RDP_DATA_PDU_CLIENT_WINDOW_STATUS = 35, + RDP_DATA_PDU_LOGON = 38, /* PDUTYPE2_SAVE_SESSION_INFO */ + RDP_DATA_PDU_FONT2 = 39, + RDP_DATA_PDU_KEYBOARD_INDICATORS = 41, + RDP_DATA_PDU_DISCONNECT = 47, + RDP_DATA_PDU_AUTORECONNECT_STATUS = 50 +}; + +enum RDP_UPDATE_PDU_TYPE +{ + RDP_UPDATE_ORDERS = 0, + RDP_UPDATE_BITMAP = 1, + RDP_UPDATE_PALETTE = 2, + RDP_UPDATE_SYNCHRONISE = 3 +}; + +#define FASTPATH_MULTIFRAGMENT_MAX_SIZE 65535UL + +#define FASTPATH_OUTPUT_ENCRYPTED 0x2 +#define FASTPATH_OUTPUT_COMPRESSION_USED (0x2 << 6) + +#define FASTPATH_FRAGMENT_SINGLE (0x0 << 4) +#define FASTPATH_FRAGMENT_LAST (0x1 << 4) +#define FASTPATH_FRAGMENT_FIRST (0x2 << 4) +#define FASTPATH_FRAGMENT_NEXT (0x3 << 4) + +#define RDP_MPPC_COMPRESSED 0x20 + +#define FASTPATH_UPDATETYPE_ORDERS 0x0 +#define FASTPATH_UPDATETYPE_BITMAP 0x1 +#define FASTPATH_UPDATETYPE_PALETTE 0x2 +#define FASTPATH_UPDATETYPE_SYNCHRONIZE 0x3 +#define FASTPATH_UPDATETYPE_SURFCMDS 0x4 +#define FASTPATH_UPDATETYPE_PTR_NULL 0x5 +#define FASTPATH_UPDATETYPE_PTR_DEFAULT 0x6 +#define FASTPATH_UPDATETYPE_PTR_POSITION 0x8 +#define FASTPATH_UPDATETYPE_COLOR 0x9 +#define FASTPATH_UPDATETYPE_CACHED 0xA +#define FASTPATH_UPDATETYPE_POINTER 0xB + + +#define RDP_ORDER_STANDARD 0x01 +#define RDP_ORDER_SECONDARY 0x02 +#define RDP_ORDER_BOUNDS 0x04 +#define RDP_ORDER_CHANGE 0x08 +#define RDP_ORDER_DELTA 0x10 +#define RDP_ORDER_LASTBOUNDS 0x20 +#define RDP_ORDER_SMALL 0x40 +#define RDP_ORDER_TINY 0x80 + +enum RDP_ORDER_TYPE +{ + RDP_ORDER_DESTBLT = 0, + RDP_ORDER_PATBLT = 1, + RDP_ORDER_SCREENBLT = 2, + RDP_ORDER_LINE = 9, + RDP_ORDER_RECT = 10, + RDP_ORDER_DESKSAVE = 11, + RDP_ORDER_MEMBLT = 13, + RDP_ORDER_TRIBLT = 14, + RDP_ORDER_POLYGON = 20, + RDP_ORDER_POLYGON2 = 21, + RDP_ORDER_POLYLINE = 22, + RDP_ORDER_ELLIPSE = 25, + RDP_ORDER_ELLIPSE2 = 26, + RDP_ORDER_TEXT2 = 27 +}; + +enum RDP_SECONDARY_ORDER_TYPE +{ + RDP_ORDER_RAW_BMPCACHE = 0, + RDP_ORDER_COLCACHE = 1, + RDP_ORDER_BMPCACHE = 2, + RDP_ORDER_FONTCACHE = 3, + RDP_ORDER_RAW_BMPCACHE2 = 4, + RDP_ORDER_BMPCACHE2 = 5, + RDP_ORDER_BRUSHCACHE = 7 +}; + +/* RDP_BMPCACHE2_ORDER */ +#define ID_MASK 0x0007 +#define MODE_MASK 0x0038 +#define SQUARE 0x0080 +#define PERSIST 0x0100 +#define FLAG_51_UNKNOWN 0x0800 +#define MODE_SHIFT 3 +#define LONG_FORMAT 0x80 +#define BUFSIZE_MASK 0x3FFF + +/* ISO PDU codes */ +enum ISO_PDU_CODE +{ + ISO_PDU_CR = 0xE0, /* Connection Request */ + ISO_PDU_CC = 0xD0, /* Connection Confirm */ + ISO_PDU_DR = 0x80, /* Disconnect Request */ + ISO_PDU_DT = 0xF0, /* Data */ + ISO_PDU_ER = 0x70 /* Error */ +}; + +enum RDP_INPUT_DEVICE +{ + RDP_INPUT_SYNCHRONIZE = 0, + RDP_INPUT_CODEPOINT = 1, + RDP_INPUT_VIRTKEY = 2, + RDP_INPUT_SCANCODE = 4, + RDP_INPUT_MOUSE = 0x8001 +}; + + +enum RDP_CONTROL_PDU_TYPE +{ + RDP_CTL_REQUEST_CONTROL = 1, + RDP_CTL_GRANT_CONTROL = 2, + RDP_CTL_DETACH = 3, + RDP_CTL_COOPERATE = 4 +}; + +#define RDP_KEYPRESS 0 + +#define PERF_DISABLE_FULLWINDOWDRAG 0x02 +#define PERF_DISABLE_MENUANIMATIONS 0x04 +#define PERF_ENABLE_FONT_SMOOTHING 0x80 + +#define CS_CORE 0xC001; +#define CS_SECURITY 0xC002; +#define CS_NET 0xC003; +#define CS_CLUSTER 0xC004; + +#define MCS_CONNECT_INITIAL 0x7f65 +#define MCS_CONNECT_RESPONSE 0x7f66 +#define MCS_GLOBAL_CHANNEL 1003 +#define MCS_USERCHANNEL_BASE 1001 +#define MCS_SDIN 26 /* Send Data Indication */ +#define MCS_DPUM 8 /* Disconnect Provider Ultimatum */ + +#define BER_TAG_BOOLEAN 1 +#define BER_TAG_INTEGER 2 +#define BER_TAG_OCTET_STRING 4 +#define BER_TAG_RESULT 10 +#define MCS_TAG_DOMAIN_PARAMS 0x30 + +/* Virtual channel options */ +#define CHANNEL_OPTION_INITIALIZED 0x80000000 +#define CHANNEL_OPTION_ENCRYPT_RDP 0x40000000 +#define CHANNEL_OPTION_COMPRESS_RDP 0x00800000 +#define CHANNEL_OPTION_SHOW_PROTOCOL 0x00200000 + +#define SEC_TAG_SRV_INFO 0x0c01 +#define SEC_TAG_SRV_CRYPT 0x0c02 +#define SEC_TAG_SRV_CHANNELS 0x0c03 +#define SEC_TAG_PUBKEY 0x0006 +#define SEC_TAG_KEYSIG 0x0008 +#define SEC_RSA_MAGIC 0x31415352 /* RSA1 */ +#define SEC_CLIENT_RANDOM 0x0001 +#define SEC_ENCRYPT 0x0008 +#define SEC_LOGON_INFO 0x0040 +#define SEC_LICENCE_NEG 0x0080 + +#define RDP_LOGON_AUTO 0x0008 +#define RDP_LOGON_NORMAL 0x0033 + + +enum states { RDP_INIT, RDP_CON, RDP_MCS_RESP, RDP_MCS_AURQ, RDP_MCS_AUCF, + RDP_MCS_CJ_USER, RDP_SEC_EXCHANGE, RDP_CLIENT_INFO, + RDP_DEMAND_ACTIVE, RDP_DEMAND_ACTIVE_SYNC, RDP_DEMAND_ACTIVE_INPUT_SYNC, + RDP_DEMAND_ACTIVE_FONTS, RDP_LOOP }; + + +enum login_results { LOGIN_INIT, LOGIN_FAIL, LOGIN_ERROR, LOGIN_SUCCESS }; + + + +/* RDP header */ +typedef struct rdp_hdr_data { + + uint16_t length; + uint16_t code; + uint16_t mcs_userid; + uint32_t shareid; + uint8_t pad; + uint8_t streamid; + uint16_t remaining_length; + uint8_t type; + uint8_t compress_type; + uint16_t compress_len; + + rdp_hdr_data() { + code = RDP_PDU_DATA | 0x10; + pad = 0; + streamid = 1; + compress_type = 0; + compress_len = 0; + } + +} __attribute__((__packed__)) rdp_hdr_data; + + +typedef struct rdp_input_event { + + uint16_t num_events; + uint16_t pad; + uint32_t time; + uint16_t message_type; + uint16_t device_flags; + uint16_t param1; + uint16_t param2; + + rdp_input_event() { + num_events = 1; + pad = 0; + } + +} __attribute__((__packed__)) rdp_input_event; + + +typedef struct rdp_fonts { + + uint16_t num_fonts; + uint16_t pad; + uint16_t seq; + uint16_t entry_size; + + rdp_fonts() { + num_fonts = 0; + pad = 0; + entry_size = 0x32; + } + +} __attribute__((__packed__)) rdp_fonts; + + +typedef struct rdp_sync { + + uint16_t type; + uint16_t type2; + + rdp_sync() { + type = 1; + type2 = 1002; + } +} __attribute__((__packed__)) rdp_sync; + + +typedef struct rdp_ctrl { + + uint16_t action; + uint16_t user_id; + uint32_t control_id; + + rdp_ctrl() { + user_id = 0; + control_id = 0; + } +} __attribute__((__packed__)) rdp_ctrl; + + +/* + * Client Confirm Active PDU + * http://msdn.microsoft.com/en-us/library/cc240487%28v=PROT.10%29.aspx + */ +#define RDP_SOURCE "MSTSC" +typedef struct rdp_confirm_active_pdu { + + uint16_t length; + uint16_t type; + uint16_t mcs_userid; + uint32_t shareid; + uint16_t userid; + uint16_t source_len; + uint16_t caplen; + u_char source[sizeof(RDP_SOURCE)]; + uint16_t num_caps; + uint8_t pad[2]; + + rdp_confirm_active_pdu() { + + type = RDP_PDU_CONFIRM_ACTIVE | 0x10; + userid = 0x3ea; + source_len = sizeof(RDP_SOURCE); + memcpy(source, RDP_SOURCE, sizeof(RDP_SOURCE)); + num_caps = 16; + memset(&pad, 0, sizeof(pad)); + } + +} __attribute__((__packed__)) rdp_confirm_active_pdu; + + +/* RDP capabilities */ +#define RDP_CAPSET_GENERAL 1 /* generalCapabilitySet in T.128 p.138 */ +#define RDP_CAPLEN_GENERAL 0x18 +/* extraFlags, [MS-RDPBCGR] 2.2.7.1.1 */ +#define FASTPATH_OUTPUT_SUPPORTED 0x0001 +#define LONG_CREDENTIALS_SUPPORTED 0x0004 +#define AUTORECONNECT_SUPPORTED 0x0008 +#define ENC_SALTED_CHECKSUM 0x0010 +#define NO_BITMAP_COMPRESSION_HDR 0x0400 +typedef struct rdp_general_caps { + + uint16_t type; + uint16_t len; + + uint16_t os_major; + uint16_t os_minor; + uint16_t protocol_version; + uint16_t pad; + uint16_t compression_type; + uint16_t extra_flags; /* careful with this, might trigger rdp5 */ + uint16_t update_cap; + uint16_t remote_unshare_cap; + uint16_t compression_level; + uint8_t refresh_rect; + uint8_t suppress_output; + + rdp_general_caps() { + + type = RDP_CAPSET_GENERAL; + len = RDP_CAPLEN_GENERAL; + os_major = 1; + os_minor = 3; + protocol_version = 0x200; + pad = 0; + compression_type = 0; + extra_flags = 0; + update_cap = 0; + remote_unshare_cap = 0; + compression_level = 0; + refresh_rect = 0; + suppress_output = 0; + } + +} __attribute__((__packed__)) rdp_general_caps; + + +#define RDP_CAPSET_BITMAP 2 +#define RDP_CAPLEN_BITMAP 0x1C +typedef struct rdp_bitmap_caps { + + uint16_t type; + uint16_t len; + uint16_t bpp; + uint16_t bpp1; + uint16_t bpp2; + uint16_t bpp3; + uint16_t width; + uint16_t height; + uint16_t pad; + uint16_t allow_resize; + uint16_t compression; + uint8_t high_color_flags; + uint8_t drawing_flags; + uint16_t multiple_rectangle; + uint16_t pad2; + + rdp_bitmap_caps() { + type = RDP_CAPSET_BITMAP; + len = RDP_CAPLEN_BITMAP; + bpp = 8; + bpp1 = 1; + bpp2 = 1; + bpp3 = 1; + width = 800; + height = 600; + pad = 0; + allow_resize = 1; + compression = 1; + high_color_flags = 0; + drawing_flags = 0; + multiple_rectangle = 1; + pad2 = 0; + } + +} __attribute__((__packed__)) rdp_bitmap_caps; + + + +#define RDP_CAPSET_ORDER 3 +#define RDP_CAPLEN_ORDER 0x58 +typedef struct rdp_order_caps { + + uint16_t type; + uint16_t len; + uint8_t term_desc[20]; + uint16_t cache_x; + uint16_t cache_y; + uint16_t pad; + uint16_t max_order; + uint16_t num_fonts; + uint16_t cap_flags; + + struct order { + + uint8_t dest_blt; + uint8_t pat_blt; + uint8_t screen_blt; + uint8_t mem_blt; + uint8_t tri_blt; + uint8_t pad[3]; + uint8_t line1; + uint8_t line2; + uint8_t rect; + uint8_t desksave; + uint8_t pad2; + uint8_t mem_blt2; + uint8_t tri_blt2; + uint8_t pad3[5]; + uint8_t polygon1; + uint8_t polygon2; + uint8_t polyline; + uint8_t pad4[2]; + uint8_t ellipse1; + uint8_t ellipse2; + uint8_t text2; + uint8_t pad5[4]; + + order() { + dest_blt = 1; + pat_blt = 1; + screen_blt = 1; + mem_blt = 1; + tri_blt = 0; + memset(&pad, 0, sizeof(pad)); + line1 = 1; + line2 = 1; + rect = 1; + desksave = 1; + pad2 = 0; + mem_blt2 = 1; + tri_blt2 = 1; + memset(&pad3, 0, sizeof(pad3)); + polygon1 = 1; + polygon2 = 1; + polyline = 1; + memset(&pad4, 0, sizeof(pad4)); + ellipse1 = 1; + ellipse2 = 1; + text2 = 1; + memset(&pad5, 0, sizeof(pad5)); + } + + } __attribute__((__packed__)) order; + + uint16_t text_cap_flags; + uint8_t pad2[6]; + uint32_t desk_cache_size; + uint32_t unknown1; + uint32_t unknown2; + + rdp_order_caps() { + type = RDP_CAPSET_ORDER; + len = RDP_CAPLEN_ORDER; + memset(&term_desc, 0, sizeof(term_desc)); + cache_x = 1; + cache_y = 20; + pad = 0; + max_order = 1; + num_fonts = 0x147; + cap_flags = 0x2a; + text_cap_flags = 0x6a1; + memset(&pad2, 0, sizeof(pad2)); + desk_cache_size = 0x38400; + unknown1 = 0; + unknown2 = 0x4e4; + } + +} __attribute__((__packed__)) rdp_order_caps; + + +#define RDP_CAPSET_BMPCACHE 4 +#define RDP_CAPLEN_BMPCACHE 0x28 +typedef struct rdp_bmpcache_caps { + + uint16_t type; + uint16_t len; + uint8_t unused[24]; + uint16_t entries1; + uint16_t max_cell_size1; + uint16_t entries2; + uint16_t max_cell_size2; + uint16_t entries3; + uint16_t max_cell_size3; + + rdp_bmpcache_caps() { + type = RDP_CAPSET_BMPCACHE; + len = RDP_CAPLEN_BMPCACHE; + memset(&unused, 0, sizeof(unused)); + entries1 = 0x258; + max_cell_size1 = 0x100 * ((8 + 7) / 8); + entries2 = 0x12c; + max_cell_size2 = 0x400 * ((8 + 7) / 8); + entries3 = 0x106; + max_cell_size3 = 0x1000 * ((8 + 7) / 8); + } + +} __attribute__((__packed__)) rdp_bmpcache_caps; + + +#define RDP_CAPSET_BMPCACHE2 19 +#define RDP_CAPLEN_BMPCACHE2 0x28 +#define BMPCACHE2_C0_CELLS 0x78 +#define BMPCACHE2_C1_CELLS 0x78 +#define BMPCACHE2_C2_CELLS 0x150 +typedef struct rdp_bmpcache_caps2 { + + uint16_t type; + uint16_t len; + uint16_t bitmap_cache_persist; + uint16_t caches_num; /* big endian */ + uint32_t bmp_c0_cells; + uint32_t bmp_c1_cells; + uint32_t bmp_c2_cells; + uint8_t unused[20]; + + rdp_bmpcache_caps2() { + type = RDP_CAPSET_BMPCACHE2; + len = RDP_CAPLEN_BMPCACHE2; + bitmap_cache_persist = 0; + caches_num = htons(3); + bmp_c0_cells = BMPCACHE2_C0_CELLS; + bmp_c1_cells = BMPCACHE2_C1_CELLS; + bmp_c2_cells = BMPCACHE2_C2_CELLS; + memset(&unused, 0, sizeof(unused)); + } + +} __attribute__((__packed__)) rdp_bmpcache_caps2; + + +#define RDP_CAPSET_BRUSHCACHE 15 +#define RDP_CAPLEN_BRUSHCACHE 0x08 +typedef struct rdp_brushcache_caps { + uint16_t type; + uint16_t len; + uint32_t cache_type; + + rdp_brushcache_caps() { + type = RDP_CAPSET_BRUSHCACHE; + len = RDP_CAPLEN_BRUSHCACHE; + cache_type = 1; + } + +} __attribute__((__packed__)) rdp_brushcache_caps; + + +#define RDP_CAPSET_MULTIFRAGMENTUPDATE 26 +#define RDP_CAPLEN_MULTIFRAGMENTUPDATE 8 +typedef struct rdp_multifragment_caps { + + uint16_t type; + uint16_t len; + uint32_t max_request_size; + + rdp_multifragment_caps() { + type = RDP_CAPSET_MULTIFRAGMENTUPDATE; + len = RDP_CAPLEN_MULTIFRAGMENTUPDATE; + max_request_size = 65535; + } + +} __attribute__((__packed__)) rdp_multifragment_caps; + + +#define RDP_CAPSET_LARGE_POINTER 27 +#define RDP_CAPLEN_LARGE_POINTER 6 +typedef struct rdp_large_pointer_caps { + + uint16_t type; + uint16_t len; + uint16_t flags; + + rdp_large_pointer_caps() { + type = RDP_CAPSET_LARGE_POINTER; + len = RDP_CAPLEN_LARGE_POINTER; + flags = 1; + } + +} __attribute__((__packed__)) rdp_large_pointer_caps; + + +#define RDP_CAPSET_GLYPHCACHE 16 +#define RDP_CAPLEN_GLYPHCACHE 52 +typedef struct rdp_glyphcache_caps { + + uint16_t type; + uint16_t len; + uint16_t entries1; uint16_t maxcellsize1; + uint16_t entries2; uint16_t maxcellsize2; + uint16_t entries3; uint16_t maxcellsize3; + uint16_t entries4; uint16_t maxcellsize4; + uint16_t entries5; uint16_t maxcellsize5; + uint16_t entries6; uint16_t maxcellsize6; + uint16_t entries7; uint16_t maxcellsize7; + uint16_t entries8; uint16_t maxcellsize8; + uint16_t entries9; uint16_t maxcellsize9; + uint16_t entries10; uint16_t maxcellsize10; + uint32_t frag_cache; + uint16_t glyph_support_level; + uint16_t pad0; + + rdp_glyphcache_caps() { + type = RDP_CAPSET_GLYPHCACHE; + len = RDP_CAPLEN_GLYPHCACHE; + entries1 = 254; maxcellsize1 = 4; + entries2 = 254; maxcellsize2 = 4; + entries3 = 254; maxcellsize3 = 8; + entries4 = 254; maxcellsize4 = 8; + entries5 = 254; maxcellsize5 = 16; + entries6 = 254; maxcellsize6 = 32; + entries7 = 254; maxcellsize7 = 64; + entries8 = 254; maxcellsize8 = 128; + entries9 = 254; maxcellsize9 = 256; + entries10 = 64; maxcellsize10 = 2048; + frag_cache = 0x01000100; + glyph_support_level = 0x0002; + pad0 = 0; + } + +} __attribute__((__packed__)) rdp_glyphcache_caps; + + +#define RDP_CAPSET_FONT 14 +#define RDP_CAPLEN_FONT 8 +typedef struct rdp_font_caps { + + uint16_t type; + uint16_t len; + uint16_t flags; + uint16_t pad0; + + rdp_font_caps() { + type = RDP_CAPSET_FONT; + len = RDP_CAPLEN_FONT; + flags = 0x0001; + pad0 = 0; + } +} __attribute__((__packed__)) rdp_font_caps; + + + +#define RDP_CAPSET_INPUT 13 +#define RDP_CAPLEN_INPUT 88 +typedef struct rdp_input_caps { + + uint16_t type; + uint16_t len; + uint16_t flags; + uint16_t pad0; + uint32_t keyboard_layout; + uint32_t keyboard_type; + uint32_t keyboard_subtype; + uint32_t keyboard_funckey; + uint8_t ime_filename[64]; + + rdp_input_caps() { + type = RDP_CAPSET_INPUT; + len = RDP_CAPLEN_INPUT; + flags = 0x0001; + pad0 = 0; + keyboard_layout = 0x409; + keyboard_type = 0x4; + keyboard_subtype = 0; + keyboard_funckey = 0xC; + memset(ime_filename, 0, sizeof(ime_filename)); + + //for (int i = 0; i < sizeof(ime_filename) - 1; i++) { + // ime_filename[i] = '\0'; + // ime_filename[i+1] = 0; + //} + } + +} __attribute__((__packed__)) rdp_input_caps; + + +#define RDP_CAPSET_SOUND 12 +#define RDP_CAPLEN_SOUND 8 +typedef struct rdp_sound_caps { + + uint16_t type; + uint16_t len; + uint16_t sound_flags; + uint16_t pad0; + + rdp_sound_caps() { + type = RDP_CAPSET_SOUND; + len = RDP_CAPLEN_SOUND; + sound_flags = 0x0001; + pad0 = 0; + } + +} __attribute__((__packed__)) rdp_sound_caps; + + + +#define RDP_CAPSET_COLCACHE 10 +#define RDP_CAPLEN_COLCACHE 0x08 +typedef struct rdp_colcache_caps { + + uint16_t type; + uint16_t len; + uint16_t cache_size; + uint16_t pad; + + rdp_colcache_caps() { + type = RDP_CAPSET_COLCACHE; + len = RDP_CAPLEN_COLCACHE; + cache_size = 6; + pad = 0; + } + +} __attribute__((__packed__)) rdp_colcache_caps; + + +#define RDP_CAPSET_ACTIVATE 7 +#define RDP_CAPLEN_ACTIVATE 0x0C +typedef struct rdp_activate_caps { + + uint16_t type; + uint16_t len; + uint16_t help_key; + uint16_t help_index_key; + uint16_t extended_help_key; + uint16_t windows_activate; + + rdp_activate_caps() { + type = RDP_CAPSET_ACTIVATE; + len = RDP_CAPLEN_ACTIVATE; + help_key = 0; + help_index_key = 0; + extended_help_key = 0; + windows_activate = 0; + } + +} __attribute__((__packed__)) rdp_activate_caps; + + +#define RDP_CAPSET_CONTROL 5 +#define RDP_CAPLEN_CONTROL 0x0C +typedef struct rdp_control_caps { + + uint16_t type; + uint16_t len; + uint16_t control_caps; + uint16_t remote_detach; + uint16_t control_interest; + uint16_t detach_interest; + + rdp_control_caps() { + type = RDP_CAPSET_CONTROL; + len = RDP_CAPLEN_CONTROL; + control_caps = 0; + remote_detach = 0; + control_interest = 2; + detach_interest = 2; + } + +} __attribute__((__packed__)) rdp_control_caps; + + +#define RDP_CAPSET_POINTER 8 +#define RDP_CAPLEN_POINTER 0x08 +typedef struct rdp_pointer_caps { + + uint16_t type; + uint16_t len; + uint16_t color_ptr; + uint16_t cache_size; + + rdp_pointer_caps() { + type = RDP_CAPSET_POINTER; + len = RDP_CAPLEN_POINTER; + color_ptr = 0; + cache_size = 20; + } + +} __attribute__((__packed__)) rdp_pointer_caps; + + +#define RDP_CAPLEN_NEWPOINTER 0x0a + +typedef struct rdp_newpointer_caps { + + uint16_t type; + uint16_t len; + uint16_t color_ptr; + uint16_t cache_size; + uint16_t cache_size_new; + + rdp_newpointer_caps() { + type = RDP_CAPSET_POINTER; + len = RDP_CAPLEN_NEWPOINTER; + color_ptr = 1; + cache_size = 20; + cache_size_new = 20; + } + +} __attribute__((__packed__)) rdp_newpointer_caps; + + +#define RDP_CAPSET_SHARE 9 +#define RDP_CAPLEN_SHARE 0x08 +typedef struct rdp_share_caps { + + uint16_t type; + uint16_t len; + uint16_t userid; + uint16_t pad; + + rdp_share_caps() { + type = RDP_CAPSET_SHARE; + len = RDP_CAPLEN_SHARE; + userid = 0; + pad = 0; + } + +} __attribute__((__packed__)) rdp_share_caps; + + +static uint8_t caps_0x0d_array[] = { + 0x01, 0x00, 0x00, 0x00, 0x09, 0x04, 0x00, 0x00, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 +}; + +typedef struct rdp_caps_0x0d { + uint16_t id; + uint16_t length; + uint8_t caps[sizeof(caps_0x0d_array)]; + + rdp_caps_0x0d() { + id = 0x0d; + length = 0x58; + memcpy(caps, caps_0x0d_array, sizeof(caps_0x0d_array)); + } + +} __attribute__((__packed__)) rdp_caps_0x0d; + + +static uint8_t caps_0x0c_array[] = { 0x01, 0x00, 0x00, 0x00 }; + +typedef struct rdp_caps_0x0c { + uint16_t id; + uint16_t length; + uint8_t caps[sizeof(caps_0x0c_array)]; + + rdp_caps_0x0c() { + id = 0x0c; + length = 0x08; + memcpy(caps, caps_0x0c_array, sizeof(caps_0x0c_array)); + } + +} __attribute__((__packed__)) rdp_caps_0x0c; + + +static uint8_t caps_0x0e_array[] = { 0x01, 0x00, 0x00, 0x00 }; + +typedef struct rdp_caps_0x0e { + uint16_t id; + uint16_t length; + uint8_t caps[sizeof(caps_0x0e_array)]; + + rdp_caps_0x0e() { + id = 0x0e; + length = 0x08; + memcpy(caps, caps_0x0e_array, sizeof(caps_0x0e_array)); + } + +} __attribute__((__packed__)) rdp_caps_0x0e; + + +static uint8_t caps_0x10_array[] = { + 0xFE, 0x00, 0x04, 0x00, 0xFE, 0x00, 0x04, 0x00, + 0xFE, 0x00, 0x08, 0x00, 0xFE, 0x00, 0x08, 0x00, + 0xFE, 0x00, 0x10, 0x00, 0xFE, 0x00, 0x20, 0x00, + 0xFE, 0x00, 0x40, 0x00, 0xFE, 0x00, 0x80, 0x00, + 0xFE, 0x00, 0x00, 0x01, 0x40, 0x00, 0x00, 0x08, + 0x00, 0x01, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00 +}; + +typedef struct rdp_caps_0x10 { + uint16_t id; + uint16_t length; + uint8_t caps[sizeof(caps_0x10_array)]; + + rdp_caps_0x10() { + id = 0x10; + length = 0x34; + memcpy(caps, caps_0x10_array, sizeof(caps_0x10_array)); + } + +} __attribute__((__packed__)) rdp_caps_0x10; + + +/* TPKT header */ +typedef struct iso_tpkt { + + uint8_t version; /* default version = 3 */ + uint8_t reserved; + uint16_t length; /* total packet length (including this header) - be */ + +} __attribute__((__packed__)) iso_tpkt; + + +/* TPKT header - fastpath version */ +typedef struct iso_tpkt_fast { + + uint8_t version; /* default version = 3 */ + uint8_t length1; + uint8_t length2; /* total packet length (including this header) - be */ + +} __attribute__((__packed__)) iso_tpkt_fast; + + +/* ITU-T header */ +typedef struct iso_itu_t { + + uint8_t hdrlen; /* ITU-T header length */ + uint8_t code; /* ISO_PDU_CODE */ + uint16_t dst_ref; /* 0 */ + uint16_t src_ref; /* 0 */ + uint8_t class_num;/* 0 */ + +} __attribute__((__packed__)) iso_itu_t; + + +/* ITU-T header - data case */ +typedef struct iso_itu_t_data { + + uint8_t hdrlen; + uint8_t code; + uint8_t eot; + + iso_itu_t_data() { + hdrlen = 2; + code = ISO_PDU_DT; + eot = 0x80; + } + +} __attribute__((__packed__)) iso_itu_t_data; + + +/* negotiate protocol */ +typedef struct iso_neg { + uint8_t negreq; + uint8_t zero; + uint16_t eight; + uint32_t neg_proto; + + iso_neg() { + negreq = 1; // negotiate request + zero = 0; + eight = 8; + neg_proto = 0; // RDP = 0, SSL = 1, HYBRID = 2 + } +} __attribute__((__packed__)) iso_neg; + + +/* + * Client MCS Erect Domain Request PDU + * http://msdn.microsoft.com/en-us/library/cc240523%28v=PROT.10%29.aspx + */ +typedef struct mcs_erect_domain_rq { + + uint8_t tag; + uint16_t sub_height; + uint16_t sub_interval; + + mcs_erect_domain_rq() { + tag = 4; + sub_height = htons(1); + sub_interval = htons(1); + } + +} __attribute__((__packed__)) mcs_erect_domain_rq; + + +/* + * Client MCS Attach User Request PDU + * http://msdn.microsoft.com/en-us/library/cc240524%28v=PROT.10%29.aspx + */ +typedef struct mcs_attach_user_rq { + + uint8_t tag; + mcs_attach_user_rq() { + tag = 40; + } + +} mcs_attach_user_rq; + + +/* + * Server MCS Attach User Confirm PDU + * http://msdn.microsoft.com/en-us/library/cc240525%28v=PROT.10%29.aspx + */ +typedef struct mcs_attach_user_confirm { + + uint8_t tag; /* must be 44 */ + uint8_t result; /* must be 0 */ + uint16_t user_id;/* (be) */ + +} __attribute__((__packed__)) mcs_attach_user_confirm; + +/* + * Client MCS Channel Join Request PDU + * http://msdn.microsoft.com/en-us/library/cc240526%28v=PROT.10%29.aspx + */ +typedef struct mcs_channel_join_request { + + uint8_t tag; + uint16_t user_id; + uint16_t channel_id; + mcs_channel_join_request() { + tag = 56; + } + +} __attribute__((__packed__)) mcs_channel_join_request; + +/* + * Server MCS Channel Join Confirm PDU + * http://msdn.microsoft.com/en-us/library/cc240527%28v=PROT.10%29.aspx + */ +typedef struct mcs_channel_join_confirm { + + uint8_t tag; + uint8_t result; + uint16_t user_id; + uint16_t req_channel_id; + uint16_t channel_id; + +} __attribute__((__packed__)) mcs_channel_join_confirm; + + +typedef struct mcs_data { + + uint8_t tag; + uint16_t user_id; /* be */ + uint16_t channel; /* be */ + uint8_t flags; + uint16_t length; /* be */ + + mcs_data() { + tag = 100; + channel = ntohs(MCS_GLOBAL_CHANNEL); + flags = 0x70; + } + +} __attribute__((__packed__)) mcs_data; + + +typedef struct sec_header { + + uint32_t flags; /* normally SEC_ENCRYPT etc */ + uint8_t sig[8]; /* signature */ + +} __attribute__((__packed__)) sec_header; + + +/* Generic Conference Control (T.124) ConferenceCreateRequest + * T124 Section 8.7: http://www.itu.int/rec/T-REC-T.124-200701-I/en + */ +typedef struct gcc_conference_create_request { + /* be = big endian, le = little endian */ + /* The above document is a bit fuzzy in which names correspond to which + * variables, thus no particular names were given to them */ + + /* be */ + uint16_t conf_num; /* 5 */ + uint16_t word1; /* 0x14 */ + uint8_t word2; /* 0x7c */ + uint16_t word3; /* 1 */ + uint16_t word4; /* remaining length: length | 0x8000 */ + uint16_t word5; /* 8, length? */ + uint16_t word6; /* 16 */ + uint8_t word7; /* 0 */ + uint16_t word8; /* 0xc001 (le) */ + uint8_t word9; /* 0 */ + uint32_t word10; /* OEM ID: (le) */ + uint16_t word11; /* remaining length: length - 14 | 0x8000 */ + +} __attribute__((__packed__)) gcc_ccr; + + + +/* + * Client Core Data (TS_UD_CS_CORE) + * http://msdn.microsoft.com/en-us/library/cc240510%28v=PROT.10%29.aspx + */ +typedef struct client_core_data { + + struct { + uint16_t type; + uint16_t length; + } __attribute__((__packed__)) hdr; + + uint16_t version1;/* rdp version: 1 == RDP4, 4 == RD5 */ + uint16_t version2;/* always 8 */ + + uint16_t width; /* desktop width */ + uint16_t height; /* desktop height */ + uint16_t depth; /* color depth: 0xca00 = 4bits per pixel, 0xca01 8bpp */ + uint16_t sassequence; /* always: RNS_UD_SAS_DEL (0xAA03) */ + uint32_t kb_layout; /* 0x409: US keyboard layout */ + uint32_t client_build; /* build number of client, 2600 */ + u_char client_name[32]; /* unicode name, padded to 32 bytes */ + uint32_t kb_type; /* 0x4 for US kb type */ + uint32_t kb_subtype; /* 0x0 for US kb subtype */ + uint32_t kb_fn; /* 0xc for US kb function keys */ + uint8_t ime[64]; /* Input Method Editor file, 0 */ + uint16_t color_depth; /* 0xca01 */ + uint16_t client_id; /* 1 */ + uint32_t serial_num; /* 0 */ + uint8_t server_depth; /* 8 */ + uint16_t word1; /* 0x0700 */ + uint8_t word2; /* 0 */ + uint32_t word3; /* 1 */ + uint8_t product_id[64]; /* all 0 */ + uint8_t server_selected_protocol[4]; /* all 0 */ + +} __attribute__((__packed__)) client_core_data; + + + +/* + * Client Security Data (TS_UD_CS_SEC) + * http://msdn.microsoft.com/en-us/library/cc240511%28v=PROT.10%29.aspx + */ +typedef struct client_security_data { + + struct { + uint16_t type; + uint16_t length;/* 12 */ + } __attribute__((__packed__)) hdr; + + /* Rdesktop sets this field (enc_methods) to 0x3 for some reason + * microsoft doesn't mention 3 as a possible value */ + uint32_t enc_methods; /* 0 for no enc, 2 for 128-bit */ + uint32_t ext_enc; /* 0 for non-french locale clients */ + +} __attribute__((__packed__)) client_security_data; + + + +/* + * Client Network Data (TS_UD_CS_NET) + * http://msdn.microsoft.com/en-us/library/cc240512%28v=PROT.10%29.aspx + * This is only for 1 channel or else you need as many + * channel structs as the number of channels. + */ +typedef struct client_network_data { + + struct { + uint16_t type; + uint16_t length; + } __attribute__((__packed__)) hdr; + + uint32_t channel_count; + struct { + char name[8]; /* null-terminated array of ANSI chars for channel id */ + uint32_t flags; /* channel option flags */ + } __attribute__((__packed__)) channel; + +} __attribute__((__packed__)) client_network_data; + + + +/* + * Client Cluster Data (TS_UD_CS_CLUSTER) + * http://msdn.microsoft.com/en-us/library/cc240514%28v=PROT.10%29.aspx + */ +typedef struct client_cluster_data { + + struct { + uint16_t type; + uint16_t length; + } __attribute__((__packed__)) hdr; + + uint32_t redir_id; + uint32_t pad; /* ? rdesktop seems to send another 32 zero bits */ + +} __attribute__((__packed__)) client_cluster_data; + + +/* + * TS_TIME_ZONE_INFORMATION + * (RDPv5 only) + */ +#if 0 +typedef struct ts_timezone_info { + + uint32_t timezone; + + + +} __attribute__((__packed__)) ts_timezone_info; +#endif + + + +typedef struct ber_integer { + uint8_t tag; + uint8_t length; + uint16_t value; + ber_integer() { + tag = BER_TAG_INTEGER; + length = 2; + } +} __attribute__((__packed__)) ber_integer; + + +typedef struct ber_string_small { + uint8_t tag; + uint8_t length; + uint8_t value; + ber_string_small() { + tag = BER_TAG_OCTET_STRING; + length = 1; + } +} __attribute__((__packed__)) ber_string_small; + + +typedef struct ber_boolean { + uint8_t tag; + uint8_t length; + uint8_t value; + ber_boolean() { + tag = BER_TAG_BOOLEAN; + length = 1; + } +} __attribute__((__packed__)) ber_boolean; + + + +/* Each MCS Connect Initial struct is followed by 3 mcs_domain_params structs: + * target_params, min_params and max_params. Then the mcs data follow. + */ +typedef struct mcs_domain_params { + + uint8_t tag; + uint8_t length; + ber_integer max_channels; + ber_integer max_users; + ber_integer max_tokens; + ber_integer num_priorities; + ber_integer min_throughput; + ber_integer max_height; + ber_integer max_pdusize; + ber_integer ver_protocol; + + mcs_domain_params() { + tag = MCS_TAG_DOMAIN_PARAMS; + length = 32; + } + +} __attribute__((__packed__)) mcs_domain_params; + + + +/* + * Variable-length Basic Encoding Rules encoded (BER-encoded) + * MCS Connect Initial structure (using definite-length encoding) + * as described in [T125] sections 10.1 and I.2 + * (the ASN.1 structure definition is detailed in [T125] section 7, part 2). + */ +typedef struct mcs_connect_initial { + + uint16_t mcs_tag; + uint8_t length_tag; + uint16_t total_length; /* total length (be) */ + + ber_string_small calling_dom; /* calling domain */ + ber_string_small called_dom; /* called domain */ + ber_boolean upward_flag; /* upward flag */ + + /* domain parameters */ + mcs_domain_params target; + mcs_domain_params min; + mcs_domain_params max; + + struct mcs_data { + uint8_t tag; + uint8_t length_tag; + uint16_t datalength; + + mcs_data() { + tag = BER_TAG_OCTET_STRING; + length_tag = 0x82; + } + } __attribute__((__packed__)) mcs_data; + + mcs_connect_initial() { + mcs_tag = htons(MCS_CONNECT_INITIAL); + length_tag = 0x82; + } + +} __attribute__((__packed__)) mcs_connect_initial; + + + +/* + * Variable-length BER-encoded MCS Connect Response structure + * (using definite-length encoding) as described in [T125] sections 10.2 and I.2 + * (the ASN.1 structure definition is detailed in [T125] section 7, part 2). + * The userData field of the MCS Connect Response encapsulates the GCC + * Conference Create Response data (contained in the gccCCrsp and + * subsequent fields). + */ +typedef struct mcs_response { + + uint16_t mcs_tag; + uint8_t length_tag; + uint16_t total_length; + + uint8_t result_tag; + uint8_t result_len; + uint8_t result_value; + + uint8_t connectid_tag; + uint8_t connectid_len; + uint8_t connectid_value; + +} __attribute__((__packed__)) mcs_response; + +static uint8_t pad0[64] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0 +}; + +static uint8_t pad54[40] = { + 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, + 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, + 54, 54, 54, 54, 54, 54 +}; + +static uint8_t pad92[48] = { + 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, + 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, + 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92 +}; + + + + + +static int +rdp_loop_read(nsock_pool nsp, Connection *con) +{ + uint16_t total_length; + iso_tpkt *tpkt; + iso_tpkt_fast *fast_tpkt = NULL; + + if (o.debugging > 9) + printf("----rdp loop read----\n"); + + /* Make sure we get at least 4 bytes: this is the TPKT header which + * contains the total size of the message + */ + if (con->inbuf == NULL || con->inbuf->get_len() < 4) { + nsock_read(nsp, con->niod, ncrack_read_handler, RDP_TIMEOUT, con); + return -1; + } + + /* Get message length from TPKT header. It is in big-endian byte order */ + tpkt = (iso_tpkt *) ((u_char *)con->inbuf->get_dataptr()); + if (tpkt->version != 3) { // fastpath + fast_tpkt = (iso_tpkt_fast *)((u_char *)con->inbuf->get_dataptr()); + total_length = fast_tpkt->length1; + if (total_length & 0x80) { + total_length &= ~0x80; + total_length = (total_length << 8) + fast_tpkt->length2; + } + } else { + total_length = ntohs(tpkt->length); // big endian + } + + if (o.debugging > 9) { + printf("total length: %u \n", total_length); + printf("inbuf length: %u \n", con->inbuf->get_len()); + } + + /* If we haven't received all the bytes of the message, according to the + * total length that we calculated, then try and get the rest */ + if (con->inbuf == NULL || con->inbuf->get_len() < total_length) { + nsock_read(nsp, con->niod, ncrack_read_handler, RDP_TIMEOUT, con); + return -1; + } + + if (o.debugging > 9) + printf("RDP LOOP READ SUCCESS length: %d \n", total_length); + + return 0; + +} + + +static u_char * +rdp_parse_ber(u_char *p, int tag, int *length) +{ + int len; + + if (tag > 0xFF) + p += 2; + else + p += 1; + + len = *(uint8_t *)p; + p += 1; + + if (len & 0x80) { + len &= ~0x80; + *length = 0; + while (len--) { + *length = (*length << 8) + *(p++); + } + } else + *length = len; + + return p; +} + + + +/***************************************************************************** + * Prepares a Disconnect packet, which only consists of an ISO message with the + * appropriate code (ISO_PDU_DR). The resulting headers are placed in Ncrack's + * 'outbuf' buffer. + */ +static void +rdp_disconnect(Connection *con) +{ + iso_tpkt tpkt; + iso_itu_t itu_t; + + tpkt.version = 3; + tpkt.reserved = 0; + tpkt.length = htons(11); + + itu_t.hdrlen = 6; + itu_t.code = ISO_PDU_DR; + itu_t.dst_ref = 0; + itu_t.src_ref = 0; + itu_t.class_num = 0; + + con->outbuf->append(&tpkt, sizeof(tpkt)); + con->outbuf->append(&itu_t, sizeof(iso_itu_t)); + +} + + + +static void +rdp_iso_connection_request(Connection *con) +{ + iso_tpkt tpkt; + iso_itu_t itu_t; + iso_neg neg; + uint16_t length = 30 + strlen(COOKIE_USERNAME) + 8; // + 8 for RDP version 5 + + tpkt.version = 3; + tpkt.reserved = 0; + tpkt.length = htons(length); + + itu_t.hdrlen = length - 5; + itu_t.code = ISO_PDU_CR; + itu_t.dst_ref = 0; + itu_t.src_ref = 0; + itu_t.class_num = 0; + + con->outbuf->append(&tpkt, sizeof(tpkt)); + con->outbuf->append(&itu_t, sizeof(iso_itu_t)); + + /* It appears that we need to send a username cookie */ + con->outbuf->snprintf(strlen("Cookie: mstshash="), "%s", + "Cookie: mstshash="); + con->outbuf->snprintf(strlen(COOKIE_USERNAME), "%s", COOKIE_USERNAME); + con->outbuf->snprintf(2, "%c%c", '\r', '\n'); + + // send negotiation request + con->outbuf->append(&neg, sizeof(neg)); + +} + + +static int +rdp_iso_connection_confirm(Connection *con) +{ + + iso_tpkt *tpkt; + iso_itu_t *itu_t; + + tpkt = (iso_tpkt *) ((const char *)con->inbuf->get_dataptr()); + itu_t = (iso_itu_t *) ((const char *)tpkt + sizeof(iso_tpkt)); + + if (tpkt->version != 3) + fatal("rdp_module: not supported version: %d\n", tpkt->version); + + if (itu_t->code != ISO_PDU_CC) { + con->service->end.orly = true; + con->service->end.reason = Strndup("TPKT Connection denied.", 23); + return -1; + } + + return 0; +} + + +/* + * Prepares an ISO header (TPKT and ITU_T) + * the 'datalen' is the number of bytes following this header. + * This usually means the size of the MCS header + the size of the + * security header (if it exists) + the size of any additional data + * (rdp_data) + */ +static void +rdp_iso_data(Connection *con, uint16_t datalen) +{ + + iso_tpkt tpkt; + iso_itu_t_data itu_t_data; + + tpkt.version = 3; + tpkt.reserved = 0; + tpkt.length = htons(sizeof(tpkt) + sizeof(itu_t_data) + datalen); + + con->outbuf->append(&tpkt, 4); + con->outbuf->append(&itu_t_data, 3); + +} + +static void +rdp_mcs_data(Connection *con, uint16_t datalen) +{ + mcs_data mcs; + rdp_state *info = (rdp_state *)con->misc_info; + + mcs.user_id = htons(info->mcs_userid); + + /* The length in the MCS header doesn't include the size of the header + * itself, rather all the data following the header: the security header + * and RDP data (if any) following it. + */ + mcs.length = htons(datalen | 0x8000); + + con->outbuf->append(&mcs, sizeof(mcs)); + +} + + + +static void +rdp_mcs_erect_domain_request(Connection *con) +{ + mcs_erect_domain_rq edrq; + + rdp_iso_data(con, sizeof(edrq)); + + con->outbuf->append(&edrq, sizeof(edrq)); +} + + +static void +rdp_mcs_attach_user_request(Connection *con) +{ + mcs_attach_user_rq aurq; + + rdp_iso_data(con, sizeof(aurq)); + + con->outbuf->append(&aurq, sizeof(aurq)); +} + + +static int +rdp_mcs_attach_user_confirm(Connection *con) +{ + mcs_attach_user_confirm *aucf; + u_char *p; + char error[64]; + rdp_state *info; + + /* rdp_state must have already been initialized! */ + info = (rdp_state *)con->misc_info; + + if (rdp_iso_recv_data(con) < 0) + return -1; + + p = ((u_char *)con->inbuf->get_dataptr() + sizeof(iso_tpkt) + + sizeof(iso_itu_t_data)); + + aucf = (mcs_attach_user_confirm *)p; + + /* Check opcode */ + if ((aucf->tag >> 2) != 11) { + snprintf(error, sizeof(error), "MCS attach user confirm opcode: %u\n", + aucf->tag); + goto mcs_aucf_error; + } + + /* Check result parameter */ + if (aucf->result != 0) { + snprintf(error, sizeof(error), "MCS attach user confirm result: %u\n", + aucf->result); + goto mcs_aucf_error; + } + + if (aucf->tag & 2) + info->mcs_userid = ntohs(aucf->user_id); + + return 0; + +mcs_aucf_error: + + con->service->end.orly = true; + con->service->end.reason = Strndup(error, strlen(error)); + return -1; + +} + + +static void +rdp_mcs_channel_join_request(Connection *con, uint16_t channel_id) +{ + mcs_channel_join_request cjrq; + rdp_state *info = (rdp_state *)con->misc_info; + + rdp_iso_data(con, sizeof(cjrq)); + + cjrq.user_id = htons(info->mcs_userid); + cjrq.channel_id = htons(channel_id); + + con->outbuf->append(&cjrq, sizeof(cjrq)); +} + + +static int +rdp_mcs_channel_join_confirm(Connection *con) +{ + mcs_channel_join_confirm *cjcf; + u_char *p; + char error[64]; + + if (rdp_iso_recv_data(con) < 0) + return -1; + + p = ((u_char *)con->inbuf->get_dataptr() + sizeof(iso_tpkt) + + sizeof(iso_itu_t_data)); + + cjcf = (mcs_channel_join_confirm *)p; + + /* Check opcode */ + if ((cjcf->tag >> 2) != 15) { + snprintf(error, sizeof(error), "MCS channel join confirm opcode: %u\n", + cjcf->tag); + goto mcs_cjcf_error; + } + + /* Check result parameter */ + if (cjcf->result != 0) { + snprintf(error, sizeof(error), "MCS channel join confirm result: %u\n", + cjcf->result); + goto mcs_cjcf_error; + } + + return 0; + +mcs_cjcf_error: + + con->service->end.orly = true; + con->service->end.reason = Strndup(error, strlen(error)); + return -1; +} + + + +/* + * Client MCS Connect Initial PDU with GCC Conference Create Request + * Constructs the packet which is is described at: + * http://msdn.microsoft.com/en-us/library/cc240508%28v=PROT.10%29.aspx + */ +static void +rdp_mcs_connect(Connection *con) +{ + mcs_connect_initial mcs; + + gcc_ccr ccr; + client_core_data ccd; + client_security_data csd; + client_cluster_data cluster; + + uint16_t datalen = 259 + 4; + uint16_t total_length = datalen + 115; + +#if 0 + printf("total_length: mcs=%d ccr=%d ccd=%d csd=%d cluster=%d total:%d \n", + sizeof(mcs), sizeof(ccr), sizeof(ccd), sizeof(csd), sizeof(cluster), + sizeof(mcs) + sizeof(ccr) + sizeof(ccd) + sizeof(csd) + sizeof(cluster)); +#endif + + rdp_iso_data(con, 379 + 4); + + /* + * MCS Connect Initial structure + */ + mcs.total_length = htons(total_length); + mcs.calling_dom.value = 1; + mcs.called_dom.value = 1; + mcs.upward_flag.value = 0xff; + + /* target params */ + mcs.target.max_channels.value = htons(34); + mcs.target.max_users.value = htons(2); + mcs.target.max_tokens.value = 0; + mcs.target.num_priorities.value = htons(1); + mcs.target.min_throughput.value = htons(0); + mcs.target.max_height.value = htons(1); + mcs.target.max_pdusize.value = htons(0xffff); + mcs.target.ver_protocol.value = htons(2); + + /* min params */ + mcs.min.max_channels.value = htons(1); + mcs.min.max_users.value = htons(1); + mcs.min.max_tokens.value = htons(1); + mcs.min.num_priorities.value = htons(1); + mcs.min.min_throughput.value = htons(0); + mcs.min.max_height.value = htons(1); + mcs.min.max_pdusize.value = htons(0x420); + mcs.min.ver_protocol.value = htons(2); + + /* max params */ + mcs.max.max_channels.value = htons(0xffff); + mcs.max.max_users.value = htons(0xfc17); + mcs.max.max_tokens.value = htons(0xffff); + mcs.max.num_priorities.value = htons(1); + mcs.max.min_throughput.value = htons(0); + mcs.max.max_height.value = htons(1); + mcs.max.max_pdusize.value = htons(0xffff); + mcs.max.ver_protocol.value = htons(2); + + /* MCS data */ + mcs.mcs_data.datalength = htons(datalen); + + + /* first remaining length - it is on word4 so subtract the size of all the + * previous words + the size of word4 (2+2+1+2+2 = 9). The rest is the size + * of the whole remaining packet + */ + int length = 250 + 4; + + + /* Fill in the mcs_data: + * This consists of a variable-length PER-encoded GCC Connect Data structure + * which encapsulates a Connect GCC PDU that contains a GCC Conference Create + * Request. The userData field of this struct contains a user data set + * consisting of concatenated Client Data Blocks: clientCoreData, + * clientSecurityData etc + */ + + /* Generic Conference Control (T.124) ConferenceCreateRequest + * T124 Section 8.7: http://www.itu.int/rec/T-REC-T.124-200701-I/en + */ + ccr.conf_num = htons(5); + ccr.word1 = htons(0x14); + ccr.word2 = 0x7c; + ccr.word3 = htons(1); + ccr.word4 = htons(length | 0x8000); /* remaining length */ + ccr.word5 = htons(8); + ccr.word6 = htons(16); + ccr.word7 = 0; + ccr.word8 = 0xc001; + ccr.word9 = 0; + ccr.word10 = 0x61637544; /* OEM ID: "Duca" */ + ccr.word11 = htons((length - 14) | 0x8000); + + + /* Client Core Data (TS_UD_CS_CORE) + * http://msdn.microsoft.com/en-us/library/cc240510%28v=PROT.10%29.aspx + */ + ccd.hdr.type = CS_CORE; + ccd.hdr.length = 216; + ccd.version1 = 4; /* RDP 5 by default -- for RDP 4 the version1 would be 1 */ + ccd.version2 = 8; + ccd.width = 800; + ccd.height = 600; + ccd.depth = 0xca01; + ccd.sassequence = 0xaa03; + ccd.kb_layout = 0x409; + ccd.client_build = 2600; + u_char hostname[] = { 0x4E, 0x00, 0x43, 0x00, 0x52, 0x00, 0x41, + 0x00, 0x43, 0x00, 0x4B, 0x00 }; + memset(ccd.client_name, 0, 32); + memcpy(ccd.client_name, hostname, sizeof(hostname)); + ccd.kb_type = 0x4; + ccd.kb_subtype = 0x0; + ccd.kb_fn = 0xc; + memset(&ccd.ime, 0, 64); + ccd.color_depth = 0xca01; + ccd.client_id = 1; + ccd.serial_num = 0; + ccd.server_depth = 8; + ccd.word1 = 0x0700; + ccd.word2 = 0; + ccd.word3 = 1; + memset(&ccd.product_id, 0, 64); + memset(&ccd.server_selected_protocol, 0, 4); + + /* Client Cluster Data (TS_UD_CS_CLUSTER) + * http://msdn.microsoft.com/en-us/library/cc240514%28v=PROT.10%29.aspx + */ + cluster.hdr.type = CS_CLUSTER; + cluster.hdr.length = 12; + cluster.redir_id = 9; + cluster.pad = 0; + + /* Client Security Data (TS_UD_CS_SEC) + * http://msdn.microsoft.com/en-us/library/cc240511%28v=PROT.10%29.aspx + */ + csd.hdr.type = CS_SECURITY; + csd.hdr.length = 12; + csd.enc_methods = 3; + csd.ext_enc = 0; + + +#if 0 + /* + * Client Network Data (TS_UD_CS_NET) + * http://msdn.microsoft.com/en-us/library/cc240512%28v=PROT.10%29.aspx + */ + cnd.hdr.length = 1 * 12 + 8; /* only 1 channel */ + cnd.channel_count = 1; + strncpy(cnd.channel.name, "rdpdr", sizeof("rdpdr")); + cnd.channel.flags = CHANNEL_OPTION_INITIALIZED | CHANNEL_OPTION_COMPRESS_RDP; +#endif + + + con->outbuf->append(&mcs, 120); + con->outbuf->append(&ccr, sizeof(ccr)); + con->outbuf->append(&ccd, sizeof(ccd)); + con->outbuf->append(&cluster, sizeof(cluster)); + con->outbuf->append(&csd, sizeof(csd)); + +} + + +static void +rdp_demand_active_confirm(Connection *con, u_char *p) +{ + + rdp_state *info = (rdp_state *)con->misc_info; + + /* Store the shareid and ingore the rest of the data in this packet */ + info->shareid = *(uint32_t *)p; + + /* Now prepare the confirm active egress data */ + rdp_confirm_active(con); +} + + + +/***************************************************************************** + * Maps disconnection error codes to human readable text. Upon first + * invocation, it initializes an STL map accordingly. It then performs a lookup + * based on the 32bit 'code' that gets as input. The message string is + * dynamically allocated here, so the caller is responsible for freeing it + * later. + */ +static char * +rdp_disc_reason(uint32_t code) +{ + char *ret; + + if (rdp_discmap_initialized == false) { + rdp_discmap_initialized = true; + + rdp_discmap.insert(make_pair(0x0000, "No information available")); + rdp_discmap.insert(make_pair(0x0001, "Server initiated disconnect")); + rdp_discmap.insert(make_pair(0x0002, "Server initiated logoff")); + rdp_discmap.insert(make_pair(0x0003, "Server idle timeout reached")); + rdp_discmap.insert(make_pair(0x0004, "Server logon timeout reached")); + rdp_discmap.insert(make_pair(0x0005, "The session was replaced")); + rdp_discmap.insert(make_pair(0x0006, "The server is out of memory")); + rdp_discmap.insert(make_pair(0x0007, "The server denied the connection")); + rdp_discmap.insert(make_pair(0x0008, + "The server denied the connection for security reason")); + rdp_discmap.insert(make_pair(0x0100, "Internal licensing error")); + rdp_discmap.insert(make_pair(0x0101, "No license server available")); + rdp_discmap.insert(make_pair(0x0102, "No valid license available")); + rdp_discmap.insert(make_pair(0x0103, "Invalid licensing message")); + rdp_discmap.insert(make_pair(0x0104, + "Hardware id doesn't match software license")); + rdp_discmap.insert(make_pair(0x0105, "Client license error")); + rdp_discmap.insert(make_pair(0x0106, + "Network error during licensing protocol")); + rdp_discmap.insert(make_pair(0x0107, + "Licensing protocol was not completed")); + rdp_discmap.insert(make_pair(0x0108, + "Incorrect client license enryption")); + rdp_discmap.insert(make_pair(0x0109, "Can't upgrade license")); + rdp_discmap.insert(make_pair(0x010a, + "The server is not licensed to accept remote connections")); + rdp_discmap.insert(make_pair(-1, + "Internal protocol error / Unknown reason")); + } + + map::iterator mi = rdp_discmap.end(); + mi = rdp_discmap.find(code); + if (mi == rdp_discmap.end()) { + /* fallback to key -1 */ + mi = rdp_discmap.find(-1); + } + ret = Strndup(mi->second, strlen(mi->second)); + + return ret; +} + + + +static u_char * +rdp_parse_brush(u_char *p, uint32_t params) +{ + + if (params & 1) + p += 1; + if (params & 2) + p += 1; + if (params & 4) + p += 1; + if (params & 8) + p += 1; + if (params & 16) + p += 7; + + return p; +} + + + +static u_char * +rdp_parse_pen(u_char *p, uint32_t params) +{ + if (params & 1) + p += 1; + if (params & 2) + p += 1; + if (params & 4) + p = rdp_color(p); + + return p; +} + + +/* The following are currently extracted from the rdesktop bruteforcing + * patches. + */ + +/* This appears to indicate that our attempt has failed in some way */ +#define LOGON_AUTH_FAILED "\xfe\x00\x00" + +/* The system could not log you on. Make sure your User name and domain are correct [FAILED] */ +#define LOGON_MESSAGE_FAILED_XP "\x17\x00\x18\x06\x10\x06\x1a\x09\x1b\x05\x1a\x06\x1c\x05\x10\x04\x1d\x06" +#define LOGON_MESSAGE_FAILED_2K3 "\x11\x00\x12\x06\x13\x06\x15\x09\x16\x05\x15\x06\x17\x05\x13\x04\x18\x06" + +/* The system can log you on but you do not have the allow log on using + * terminal services right (not in remote desktop group) [SUCCESS]*/ +#define LOGON_MESSAGE_NOT_IN_RDESKTOP_GROUP "\x11\x00\x12\x06\x14\x09\x12\x02\x15\x06\x12\x09\x16\x06\x17\x09\x12\x04" + +/* The local policy of this system does not permit you to logon interactively. [SUCCESS] */ +#define LOGON_MESSAGE_NO_INTERACTIVE_XP "\x17\x00\x18\x06\x10\x06\x11\x09\x1a\x02\x0f\x06\x0d\x05\x11\x06\x1b\x05" +#define LOGON_MESSAGE_NO_INTERACTIVE_2K3 "\x11\x00\x12\x06\x13\x06\x15\x09\x16\x02\x17\x06\x18\x05\x15\x06\x19\x05" + +/* Unable to log you on because your account has been locked out */ +#define LOGON_MESSAGE_LOCKED_XP "\x17\x00\x0e\x07\x0d\x06\x18\x06\x11\x06\x10\x02\x1a\x09\x1b\x04\x11\x09" +#define LOGON_MESSAGE_LOCKED_2K3 "\x11\x00\x12\x07\x13\x06\x14\x06\x15\x06\x16\x02\x18\x09\x19\x04\x15\x09" + +/* Your account has been disabled. Please see your system administrator. [ERROR] */ +/* Your account has expired. Please see your system administrator. [ERROR] */ +#define LOGON_MESSAGE_DISABLED_XP "\x17\x00\x18\x06\x19\x06\x1a\x06\x0d\x07\x0f\x06\x0f\x05\x18\x05\x19\x06" +#define LOGON_MESSAGE_DISABLED_2K3 "\x11\x00\x12\x06\x13\x06\x14\x06\x16\x07\x17\x06\x17\x05\x12\x05\x13\x06" + +/* Your password has expired and must be changed. [SUCCESS] */ +#define LOGON_MESSAGE_EXPIRED_XP "\x17\x00\x18\x06\x19\x06\x0d\x09\x1b\x06\x10\x04\x1b\x09\x10\x04\x1c\x06" +#define LOGON_MESSAGE_EXPIRED_2K3 "\x11\x00\x12\x06\x13\x06\x14\x06\x16\x07\x17\x06\x18\x06\x18\x05\x19\x05" + +/* You are required to change your password at first logon. [SUCCESS] */ +#define LOGON_MESSAGE_MUST_CHANGE_XP "\x17\x00\x18\x06\x19\x06\x0d\x09\x1b\x06\x10\x04\x1b\x09\x10\x04\x1c\x06" +#define LOGON_MESSAGE_MUST_CHANGE_2K3 "\x11\x00\x12\x06\x13\x06\x15\x09\x16\x06\x17\x04\x16\x09\x17\x04\x18\x06" + +/* The terminal server has exceeded the maximum number of allowed connections. [SUCCESS] */ +#define LOGON_MESSAGE_MSTS_MAX_2K3 "\x00\x00\x01\x06\x02\x07\x01\x07\x05\x07\x24\x0a\x25\x0a\x0b\x07\x0b\x06\x26" + +/* The user MACHINE_NAME\USER is currently logged on to this computer. [SUCCESS] */ +#define LOGON_MESSAGE_CURRENT_USER_XP "\x12\x00\x13\x07\x10\x05\x14\x06\x0e\x07\x0d\x06\x16\x06\x10\x08\x17\x06" + + +static u_char * +rdp_parse_text2(Connection *con, u_char *p, uint32_t params, bool delta) +{ + uint8_t length; + u_char text[256]; + rdp_state *info = (rdp_state *)con->misc_info; + const char *hostinfo = con->service->HostInfo(); + + if (params & 0x000001) + p += 1; + if (params & 0x000002) + p += 1; + if (params & 0x000004) + p += 1; + if (params & 0x000008) + p += 1; + if (params & 0x000010) + p = rdp_color(p); + if (params & 0x000020) + p = rdp_color(p); + if (params & 0x000040) + p += 2; + if (params & 0x000080) + p += 2; + if (params & 0x000100) + p += 2; + if (params & 0x000200) + p += 2; + if (params & 0x000400) + p += 2; + if (params & 0x000800) + p += 2; + if (params & 0x001000) + p += 2; + if (params & 0x002000) + p += 2; + + p = rdp_parse_brush(p, params >> 14); + + if (params & 0x080000) + p += 2; + if (params & 0x100000) + p += 2; + + if (params & 0x200000) { + length = *(uint8_t *)p; + p += 1; + //if (length <= sizeof(text)) + // the above is always true because length is always <=255 + // however, if you change the text to be less than 256, we would have a problem + memcpy(text, p, length); + p += length; +#if 0 + // below would always be false, because length always <= 255 + if (length > sizeof(text)) { + if (o.debugging > 2) + fprintf(stderr, "Text message too long!\n"); + return p; + } +#endif + } + + if (!memcmp(text, LOGON_AUTH_FAILED, 3)) + if (o.debugging > 8) + fprintf(stderr, "Retrieved connection termination packet.\n"); + + if ((!memcmp(text, LOGON_MESSAGE_FAILED_XP, 18)) + || (!memcmp(text, LOGON_MESSAGE_FAILED_2K3, 18))) { + info->login_result = LOGIN_FAIL; + if (o.debugging > 8) + log_write(LOG_PLAIN, "%s Account credentials are NOT valid.\n", hostinfo); + + } else if ((!memcmp(text, LOGON_MESSAGE_NOT_IN_RDESKTOP_GROUP, 18))) { + info->login_result = LOGIN_SUCCESS; + if (o.verbose) + log_write(LOG_PLAIN, "%s Account credentials are valid, however, the " + "account does not have the log on through terminal services right " + "(not in remote desktop users group).\n", hostinfo); + + } else if ((!memcmp(text, LOGON_MESSAGE_NO_INTERACTIVE_XP, 18)) + || (!memcmp(text, LOGON_MESSAGE_NO_INTERACTIVE_2K3, 18))) { + info->login_result = LOGIN_SUCCESS; + if (o.verbose) + log_write(LOG_PLAIN, "%s Account credentials are valid, however," + "the account is denied interactive logon.\n", hostinfo); + + } else if ((!memcmp(text, LOGON_MESSAGE_LOCKED_XP, 18)) + || (!memcmp(text, LOGON_MESSAGE_LOCKED_2K3, 18))) { + info->login_result = LOGIN_ERROR; + if (o.verbose) + log_write(LOG_PLAIN, "%s Account is currently locked out.\n", hostinfo); + + } else if ((!memcmp(text, LOGON_MESSAGE_DISABLED_XP, 18)) + || (!memcmp(text, LOGON_MESSAGE_DISABLED_2K3, 18))) { + info->login_result = LOGIN_ERROR; + if (o.verbose) + log_write(LOG_PLAIN, "%s Account is currently disabled or expired. " + "XP appears to report that an account is disabled only for valid " + "credentials.\n", hostinfo); + + } else if ((!memcmp(text, LOGON_MESSAGE_EXPIRED_XP, 18)) + || (!memcmp(text, LOGON_MESSAGE_EXPIRED_2K3, 18))) { + info->login_result = LOGIN_SUCCESS; + if (o.verbose) + log_write(LOG_PLAIN, "%s Account credentials are valid, however, the " + "password has expired and must be changed.\n", hostinfo); + + } else if ((!memcmp(text, LOGON_MESSAGE_MUST_CHANGE_XP, 18)) + || (!memcmp(text, LOGON_MESSAGE_MUST_CHANGE_2K3, 18))) { + info->login_result = LOGIN_SUCCESS; + if (o.verbose) + log_write(LOG_PLAIN, "%s Account credentials are valid, however, the " + "password must be changed at first logon.\n", hostinfo); + + } else if (!memcmp(text, LOGON_MESSAGE_MSTS_MAX_2K3, 18)) { + info->login_result = LOGIN_SUCCESS; + if (o.verbose) + log_write(LOG_PLAIN, "%s Account credentials are valid, however, the " + "maximum number of terminal services connections has been " + "reached.\n", hostinfo); + + } else if (!memcmp(text, LOGON_MESSAGE_CURRENT_USER_XP, 18)) { + info->login_result = LOGIN_SUCCESS; + if (o.verbose) + log_write(LOG_PLAIN, "%s Valid credentials, however, another user is " + "currently logged on.\n", hostinfo); + + } else { + if (o.debugging > 8) + fprintf(stderr, "Text: irrelevant message\n"); + + } + + + return p; +} + + + +static u_char * +rdp_parse_ellipse(u_char *p, uint32_t params, bool delta) +{ + + if (params & 0x01) + p = rdp_coord(p, delta); + if (params & 0x02) + p = rdp_coord(p, delta); + if (params & 0x04) + p = rdp_coord(p, delta); + if (params & 0x08) + p = rdp_coord(p, delta); + if (params & 0x10) + p += 1; + if (params & 0x20) + p += 1; + if (params & 0x40) + p = rdp_color(p); + + return p; +} + + + +static u_char * +rdp_parse_ellipse2(u_char *p, uint32_t params, bool delta) +{ + + if (params & 0x0001) + p = rdp_coord(p, delta); + if (params & 0x0002) + p = rdp_coord(p, delta); + if (params & 0x0004) + p = rdp_coord(p, delta); + if (params & 0x0008) + p = rdp_coord(p, delta); + if (params & 0x0010) + p += 1; + if (params & 0x0020) + p += 1; + if (params & 0x0040) + p = rdp_color(p); + if (params & 0x0080) + p = rdp_color(p); + + p = rdp_parse_brush(p, params >> 8); + + return p; +} + + + +static u_char * +rdp_parse_polyline(u_char *p, uint32_t params, bool delta) +{ + uint8_t datasize; + + if (params & 0x01) + p = rdp_coord(p, delta); + if (params & 0x02) + p = rdp_coord(p, delta); + if (params & 0x04) + p += 1; + if (params & 0x10) + p = rdp_color(p); + if (params & 0x20) + p += 1; + if (params & 0x40) { + datasize = *(uint8_t *)p; + p += 1; + p += datasize; + } + + return p; +} + + +static u_char * +rdp_parse_polygon(u_char *p, uint32_t params, bool delta) +{ + uint8_t datasize; + + if (params & 0x01) + p = rdp_coord(p, delta); + if (params & 0x02) + p = rdp_coord(p, delta); + if (params & 0x04) + p += 1; + if (params & 0x08) + p += 1; + if (params & 0x10) + p = rdp_color(p); + if (params & 0x20) + p += 1; + if (params & 0x40) { + datasize = *(uint8_t *)p; + p += 1; + p += datasize; + } + + return p; +} + + +static u_char * +rdp_parse_polygon2(u_char *p, uint32_t params, bool delta) +{ + uint8_t datasize; + + if (params & 0x0001) + p = rdp_coord(p, delta); + if (params & 0x0002) + p = rdp_coord(p, delta); + if (params & 0x0004) + p += 1; + if (params & 0x0008) + p += 1; + if (params & 0x0010) + p = rdp_color(p); + if (params & 0x0020) + p = rdp_color(p); + + p = rdp_parse_brush(p, params >> 6); + + if (params & 0x0800) + p += 1; + if (params & 0x1000) { + datasize = *(uint8_t *)p; + p += 1; + p += datasize; + } + + return p; +} + + + +static u_char * +rdp_parse_triblt(u_char *p, uint32_t params, bool delta) +{ + + if (params & 0x000001) + p += 2; + if (params & 0x000002) + p = rdp_coord(p, delta); + if (params & 0x000004) + p = rdp_coord(p, delta); + if (params & 0x000008) + p = rdp_coord(p, delta); + if (params & 0x000010) + p = rdp_coord(p, delta); + if (params & 0x000020) + p += 1; + if (params & 0x000040) + p = rdp_coord(p, delta); + if (params & 0x000080) + p = rdp_coord(p, delta); + if (params & 0x000100) + p = rdp_color(p); + if (params & 0x000200) + p = rdp_color(p); + + p = rdp_parse_brush(p, params >> 10); + + if (params & 0x008000) + p += 2; + if (params & 0x010000) + p += 2; + + return p; +} + + +static u_char * +rdp_parse_memblt(u_char *p, uint32_t params, bool delta, rdp_state *info) +{ + + if (params & 0x0001) { + info->memblt.cache_id = *(uint8_t *)p; + p += 1; + info->memblt.color_table = *(uint8_t *)p; + p += 1; + } + + if (params & 0x0002) + p = rdp_coord(p, delta, &info->memblt.x); + + if (params & 0x0004) + p = rdp_coord(p, delta, &info->memblt.y); + + if (params & 0x0008) + p = rdp_coord(p, delta, &info->memblt.cx); + + if (params & 0x0010) + p = rdp_coord(p, delta, &info->memblt.cy); + + if (params & 0x0020) { + info->memblt.opcode = *(uint8_t *)p; + p += 1; + } + + if (params & 0x0040) + p = rdp_coord(p, delta, &info->memblt.srcx); + + if (params & 0x0080) + p = rdp_coord(p, delta, &info->memblt.srcy); + + if (params & 0x0100) { + info->memblt.cache_idx = *(uint16_t *)p; + p += 2; + } + + /* This is a fingerprint for Windows 7, Windows Vista, Windows Server + * 2008. These specific values for the memblt always appear when your + * credentials fail to authenticate. The Microsoft RDP server from Windows + * Vista and above doesn't send any text message -> inside a text order <- + * unlike what happens in Windows XP etc. Consequently, we needed to + * inspect the RDP packets deeper and search for patterns that always + * appear whenever we fail to authenticate. This specific pattern has to + * do (most probably) with the coordinates of the 'OK' button that appears + * at the bottom of the screen when Windows tells us that our credentials + * weren't correct. + */ + if (info->memblt.opcode == 0xcc && + info->memblt.x == 740 && + info->memblt.y == 448 && + info->memblt.cx == 60 && + info->memblt.cy == 56 && + info->memblt.cache_id == 2) { + if (o.debugging > 8) + printf(" ======================= WIN_7 FAIL ==============\n"); + info->login_result = LOGIN_FAIL; + info->win7_vista_fingerprint = true; + } + + if (info->memblt.opcode == 0xcc && + info->memblt.x == 256 && + info->memblt.y == 256 && + info->memblt.cx == 64 && + info->memblt.cy == 64 && + info->memblt.cache_id == 2) { + + info->login_pattern_fail++; + + // we need to see this pattern 6 times to indicate failure + if (info->login_pattern_fail >= 6) { + + if (o.debugging > 9) + printf("================ WIN 2012 FAIL ================\n"); + info->login_result = LOGIN_FAIL; + info->login_pattern_fail = 0; + } + + } + + + + if (o.debugging > 8) + printf("MEMBLT(op=0x%x,x=%d,y=%d,cx=%d,cy=%d,id=%d,idx=%d)\n", + info->memblt.opcode, info->memblt.x, info->memblt.y, info->memblt.cx, + info->memblt.cy, info->memblt.cache_id, info->memblt.cache_idx); + + return p; +} + + + +static u_char * +rdp_parse_desksave(u_char *p, uint32_t params, bool delta) +{ + if (params & 0x01) + p += 4; + if (params & 0x02) + p = rdp_coord(p, delta); + if (params & 0x04) + p = rdp_coord(p, delta); + if (params & 0x08) + p = rdp_coord(p, delta); + if (params & 0x10) + p = rdp_coord(p, delta); + if (params & 0x20) + p += 1; + + return p; +} + + + + +static u_char * +rdp_parse_rect(u_char *p, uint32_t params, bool delta) +{ + if (params & 0x01) + p = rdp_coord(p, delta); + if (params & 0x02) + p = rdp_coord(p, delta); + if (params & 0x04) + p = rdp_coord(p, delta); + if (params & 0x08) + p = rdp_coord(p, delta); + if (params & 0x10) + p += 1; + if (params & 0x20) + p += 1; + if (params & 0x40) + p += 1; + + return p; +} + + + + +static u_char * +rdp_parse_line(u_char *p, uint32_t params, bool delta) +{ + if (params & 0x0001) + p += 2; + if (params & 0x0002) + p = rdp_coord(p, delta); + if (params & 0x0004) + p = rdp_coord(p, delta); + if (params & 0x0008) + p = rdp_coord(p, delta); + if (params & 0x0010) + p = rdp_coord(p, delta); + if (params & 0x0020) + p = rdp_color(p); + if (params & 0x0040) + p += 1; + + p = rdp_parse_pen(p, params >> 7); + + return p; +} + + + +static u_char * +rdp_parse_screenblt(u_char *p, uint32_t params, bool delta) +{ + if (params & 0x0001) + p = rdp_coord(p, delta); + if (params & 0x0002) + p = rdp_coord(p, delta); + if (params & 0x0004) + p = rdp_coord(p, delta); + if (params & 0x0008) + p = rdp_coord(p, delta); + if (params & 0x0010) + p += 1; + if (params & 0x0020) + p = rdp_coord(p, delta); + if (params & 0x0040) + p = rdp_coord(p, delta); + + return p; +} + + + +static u_char * +rdp_parse_patblt(u_char *p, uint32_t params, bool delta) +{ + if (params & 0x0001) + p = rdp_coord(p, delta); + if (params & 0x0002) + p = rdp_coord(p, delta); + if (params & 0x0004) + p = rdp_coord(p, delta); + if (params & 0x0008) + p = rdp_coord(p, delta); + if (params & 0x0010) + p += 1; + if (params & 0x0020) + p = rdp_color(p); + if (params & 0x0040) + p = rdp_color(p); + + p = rdp_parse_brush(p, params >> 7); + + return p; +} + + +static u_char * +rdp_parse_destblt(u_char *p, uint32_t params, bool delta) +{ + + if (params & 0x01) + p = rdp_coord(p, delta); + if (params & 0x02) + p = rdp_coord(p, delta); + if (params & 0x04) + p = rdp_coord(p, delta); + if (params & 0x08) + p = rdp_coord(p, delta); + if (params & 0x10) + p += 1; + + return p; +} + + +static u_char * +rdp_color(u_char *p) +{ + p += 3; + return p; +} + + +static u_char * +rdp_coord(u_char *p, bool delta, int16_t *coord) +{ + int8_t change; + + if (delta) { + if (coord) { + change = *(uint8_t *)p; + *coord += change; + } + p += 1; + } else { + if (coord) { + *coord = *(uint16_t *)p; + } + p += 2; + } + + return p; +} + + +static void +rdp_parse_bmpcache2(Connection *con, u_char *p, uint16_t sec_flags, bool compressed) +{ + uint8_t cache_id, cache_idx_low, Bpp, width, height; + uint16_t buffer_size, cache_idx; + //rdp_state *info = (rdp_state *) con->misc_info; + + cache_id = sec_flags & ID_MASK; + Bpp = ((sec_flags & MODE_MASK) >> MODE_SHIFT) - 2; + + if (sec_flags & PERSIST) + p += 8; /* skip bitmap id */ + + if (sec_flags & SQUARE) { + width = *(uint8_t *)p; + p += 1; + height = width; + } else { + width = *(uint8_t *)p; + p += 1; + height = *(uint8_t *)p; + p += 1; + } + + buffer_size = ntohs(*(uint16_t *)p); + p += 2; + buffer_size &= BUFSIZE_MASK; + + cache_idx = *(uint8_t *)p; + p += 1; + + if (cache_idx & LONG_FORMAT) { + cache_idx_low = *(uint8_t *)p; + p += 1; + cache_idx = ((cache_idx ^ LONG_FORMAT) << 8) + cache_idx_low; + } + + if (o.debugging > 9) + printf("rdp_parse_bmpcache2(), compr=%d, flags=%x, cx=%d, cy=%d, id=%d, idx=%d, Bpp=%d, bs=%d\n", + compressed, sec_flags, width, height, cache_id, cache_idx, Bpp, buffer_size); + +#if 0 + /* Windows 2012 fail fingerprint */ + if (compressed == true && + sec_flags == 0x4a2 && + width == 64 && + height == 64 && + cache_id == 1 && + //cache_idx == 3 && + Bpp == 2 && + buffer_size == 25) { + if (o.debugging > 9) + printf("================ WIN 2012 FAIL ================\n"); + info->login_result = LOGIN_FAIL; + } +#endif + +} + + + +static void +rdp_parse_orders(Connection *con, u_char *p, uint16_t num) +{ + uint16_t parsed = 0; + uint8_t flags; + int size, temp_size; + uint32_t params; + bool delta; + rdp_state *info = (rdp_state *)con->misc_info; + + while (parsed < num) { + + flags = *(uint8_t *)p; + p += 1; + + if ((!flags & RDP_ORDER_STANDARD)) { + if (o.debugging > 8) + printf("%s error parsing orders\n", __func__); + break; + } + + if (flags & RDP_ORDER_SECONDARY) { + + if (o.debugging > 9) + printf("SECONDARY ORDERS \n"); + + /* parse secondary order: we just ignore everything here after we parse + * the length field to know how many bytes to skip to move on to the next + * order + */ + uint16_t second_length = *(uint16_t *)p; + p += 2; + uint16_t sec_flags = *(uint16_t *)p; + p += 2; + uint8_t sec_type = *(uint8_t *)p; + p += 1; + + switch (sec_type) + { + case RDP_ORDER_RAW_BMPCACHE: + //process_raw_bmpcache(s); + break; + case RDP_ORDER_COLCACHE: + //process_colcache(s); + break; + case RDP_ORDER_BMPCACHE: + //process_bmpcache(s); + break; + case RDP_ORDER_FONTCACHE: + //process_fontcache(s); + break; + case RDP_ORDER_RAW_BMPCACHE2: + rdp_parse_bmpcache2(con, p, sec_flags, false); /* uncompressed */ + break; + case RDP_ORDER_BMPCACHE2: + rdp_parse_bmpcache2(con, p, sec_flags, true); /* compressed */ + break; + case RDP_ORDER_BRUSHCACHE: + //process_brushcache(s, flags); + break; + default: + if (o.debugging > 8) + printf("process_secondary_order(), unhandled secondary order %d\n", sec_type); + } + + /* now add length and ignore that many bytes */ + p += (int16_t) second_length + 7; + + } else { + + if (flags & RDP_ORDER_CHANGE) { + info->order_state_type = *(uint8_t *)p; + p += 1; + + } + + switch (info->order_state_type) { + case RDP_ORDER_TRIBLT: + case RDP_ORDER_TEXT2: + size = 3; + break; + + case RDP_ORDER_PATBLT: + case RDP_ORDER_MEMBLT: + case RDP_ORDER_LINE: + case RDP_ORDER_POLYGON2: + case RDP_ORDER_ELLIPSE2: + size = 2; + break; + + default: + size = 1; + } + + /* Check parameters present */ + temp_size = size; + + if (flags & RDP_ORDER_SMALL) + temp_size--; + + if (flags & RDP_ORDER_TINY) { + if (temp_size < 2) + temp_size = 0; + else + temp_size -= 2; + } + + params = 0; + uint8_t bits; + for (int i = 0; i < temp_size; i++) { + bits = *(uint8_t *)p; + p += 1; + params |= bits << (i * 8); + } + + if (flags & RDP_ORDER_BOUNDS) { + if (!(flags & RDP_ORDER_LASTBOUNDS)) { + + uint8_t bounds = *(uint8_t *)p; + p += 1; + + if (bounds & 1) + p += 2; + else if (bounds & 16) + p += 1; + + if (bounds & 2) + p += 2; + else if (bounds & 32) + p += 1; + + if (bounds & 4) + p += 2; + else if (bounds & 64) + p += 1; + + if (bounds & 8) + p += 2; + else if (bounds & 128) + p += 1; + + } + } + + delta = flags & RDP_ORDER_DELTA; + + switch (info->order_state_type) { + + case RDP_ORDER_DESTBLT: + if (o.debugging > 9) + printf(" ORDER DESTBLT \n"); + p = rdp_parse_destblt(p, params, delta); + break; + + case RDP_ORDER_PATBLT: + if (o.debugging > 9) + printf(" ORDER PATBLT\n"); + p = rdp_parse_patblt(p, params, delta); + break; + + case RDP_ORDER_SCREENBLT: + if (o.debugging > 9) + printf(" ORDER SCREENBLT\n"); + p = rdp_parse_screenblt(p, params, delta); + break; + + case RDP_ORDER_LINE: + if (o.debugging > 9) + printf(" ORDER LINE\n"); + p = rdp_parse_line(p, params, delta); + break; + + case RDP_ORDER_RECT: + if (o.debugging > 9) + printf(" ORDER RECT\n"); + p = rdp_parse_rect(p, params, delta); + break; + + case RDP_ORDER_DESKSAVE: + if (o.debugging > 9) + printf(" ORDER DESKSAVE\n"); + p = rdp_parse_desksave(p, params, delta); + break; + + case RDP_ORDER_MEMBLT: + if (o.debugging > 9) + printf(" ORDER MEMBLT\n"); + p = rdp_parse_memblt(p, params, delta, info); + break; + + case RDP_ORDER_TRIBLT: + if (o.debugging > 9) + printf(" ORDER TRIBLT\n"); + p = rdp_parse_triblt(p, params, delta); + break; + + case RDP_ORDER_POLYGON: + if (o.debugging > 9) + printf(" ORDER POLYGON\n"); + p = rdp_parse_polygon(p, params, delta); + break; + + case RDP_ORDER_POLYGON2: + if (o.debugging > 9) + printf(" ORDER POLYGON 2 \n"); + p = rdp_parse_polygon2(p, params, delta); + break; + + case RDP_ORDER_POLYLINE: + if (o.debugging > 9) + printf(" ORDER POLYLINE \n"); + p = rdp_parse_polyline(p, params, delta); + break; + + case RDP_ORDER_ELLIPSE: + if (o.debugging > 9) + printf(" ORDER ELLIPSE\n"); + p = rdp_parse_ellipse(p, params, delta); + break; + + case RDP_ORDER_ELLIPSE2: + if (o.debugging > 9) + printf(" ORDER ELLIPSE 2 \n"); + p = rdp_parse_ellipse2(p, params, delta); + break; + + case RDP_ORDER_TEXT2: + if (o.debugging > 9) + printf("------> PARSE TEXT <------- \n"); + p = rdp_parse_text2(con, p, params, delta); + break; + + default: + if (o.debugging > 9) + printf("Unimplemented order %u\n", info->order_state_type); + return; + + } + + } + + parsed++; + } + +} + + + + +static void +rdp_parse_update_pdu(Connection *con, u_char *p) +{ + + uint16_t type; + uint16_t num_orders; + + type = *(uint16_t *)p; + p += 2; + + switch (type) { + + case RDP_UPDATE_ORDERS: + + if (o.debugging > 8) + printf(" -----> UPDATE ORDERs\n"); + p += 2; /* padding */ + num_orders = *(uint16_t *)p; + p += 2; + p += 2; /* more padding */ + rdp_parse_orders(con, p, num_orders); + + break; + + case RDP_UPDATE_BITMAP: + break; + + case RDP_UPDATE_PALETTE: + break; + + case RDP_UPDATE_SYNCHRONISE: + break; + + default: + if (o.debugging > 8) + printf("Update PDU unimplemented: %u\n", type); + } + +} + + + + +/***************************************************************************** + * Parses an RDP data PDU. A disconnection PDU is one example and is useful for + * realizing why the RDP server decided to choke on us and close the + * connection. + */ +static int +rdp_parse_rdpdata_pdu(Connection *con, u_char *p) +{ + uint8_t pdu_type; + uint32_t disc_reason; + char *disc_msg; + + /* Skip shareid, padding and streamid */ + p += 6; + + /* Skip len */ + p += 2; + + /* Get pdu type */ + pdu_type = *(uint8_t *)p; + p += 1; + + /* Skip compression type and compression len */ + p += 1; + p += 2; + + + switch (pdu_type) { + + case RDP_DATA_PDU_UPDATE: + if (o.debugging > 8) + printf(" -- DATA PDU UPDATE\n"); + rdp_parse_update_pdu(con, p); + break; + + case RDP_DATA_PDU_CONTROL: + if (o.debugging > 8) + printf(" -- DATA PDU CONTROL\n"); + break; + + case RDP_DATA_PDU_SYNCHRONISE: + if (o.debugging > 8) + printf(" -- DATA PDU SYNC\n"); + break; + + case RDP_DATA_PDU_POINTER: + if (o.debugging > 8) + printf(" -- DATA PDU POINTER\n"); + break; + + case RDP_DATA_PDU_BELL: + break; + + case RDP_DATA_PDU_DISCONNECT: + disc_reason = *(uint32_t *)p; + p += 4; + disc_msg = rdp_disc_reason(disc_reason); + if (o.debugging > 8) + log_write(LOG_PLAIN, "RDP: Disconnected: %s\n", disc_msg); + free(disc_msg); + /* Don't disconnect because Windows Vista and Windows 7 always send a + * disconnect PDU, when you authenticate correctly, with reason 0 */ + //return -1; + break; + + case RDP_DATA_PDU_LOGON: + if (o.debugging > 8) { + printf("=========LOGIN SUCCESSFUL=======\n"); + printf("user: %s pass %s\n", con->user, con->pass); + } + return 1; + break; + + default: + if (o.debugging > 8) { + printf("PDU data unimplemented %u\n", pdu_type); + + rdp_state *info = (rdp_state *)con->misc_info; + printf("============== INCOMING DATA ===============\n"); + char *string = hexdump((u8*)info->rdp_packet, info->rdp_packet_end - info->rdp_packet); + log_write(LOG_PLAIN, "%s", string); + printf("============= INCOMING DATA END ===============\n"); + + } + break; + } + + return 0; + +} + +/* not used currently */ +#if 0 +static u_char * +rdp_parse_bitmap_update(u_char *p) +{ + uint16_t num, width, height, bpp, Bpp, compress, buffer_size, size; + int i = 0; + + num = *(uint16_t *)p; + p += 2; + + printf("num: %d\n", num); + + for (i = 0; i < num; i++) { + p += 2; // left + p += 2; // top + p += 2; // right + p += 2; // bottom + width = *(uint16_t *) p; + p += 2; + height = *(uint16_t *) p; + p += 2; + bpp = *(uint16_t *) p; + Bpp = (bpp + 7) / 8; + p += 2; + compress = *(uint16_t *) p; + p += 2; + buffer_size = *(uint16_t *) p; + p += 2; + + if (!compress) { + int j; + for (j = 0; j < height; j++) + p += width * Bpp; + continue; + } + + if (compress & 0x400) { + size = buffer_size; + } else { + p += 2; + size = *(uint16_t *) p; + p += 4; + } + + p += size; + } + + return p; +} +#endif + + + +u_char * +rdp_process_fastpath_code(Connection *con, u_char *p, uint8_t code) +{ + uint16_t num; + + switch (code) + { + case FASTPATH_UPDATETYPE_ORDERS: + num = *(uint16_t *) p; + p += 2; + if (o.debugging > 9) + printf("RDP PARSE ORDERS \n"); + rdp_parse_orders(con, p, num); + break; + case FASTPATH_UPDATETYPE_BITMAP: + p += 1; + //p = rdp_parse_bitmap_update(p); + break; + case FASTPATH_UPDATETYPE_PALETTE: + p += 2; + //p = rdp_parse_palette(p); + break; + case FASTPATH_UPDATETYPE_SYNCHRONIZE: + break; + case FASTPATH_UPDATETYPE_PTR_NULL: + break; + case FASTPATH_UPDATETYPE_PTR_DEFAULT: + break; + case FASTPATH_UPDATETYPE_PTR_POSITION: + p += 2; + p += 2; + break; + case FASTPATH_UPDATETYPE_COLOR: + //process_colour_pointer_pdu(s); + break; + case FASTPATH_UPDATETYPE_CACHED: + //process_cached_pointer_pdu(s); + break; + case FASTPATH_UPDATETYPE_POINTER: + //process_new_pointer_pdu(s); + break; + default: + if (o.debugging > 9) + printf("unhandled opcode %d\n", code); + } + return p; + +} + +u_char * +rdp_process_fastpath(Connection *con, u_char *p) +{ + rdp_state *info = (rdp_state *)con->misc_info; + uint8_t header, code, frag, compression, ctype = 0; + uint16_t length; + uint8_t *next; + + while (p < info->rdp_packet_end) { + header = *(uint8_t *) p; + p += 1; + + code = header & 0x0F; + frag = header & 0x30; + compression = header & 0xC0; + + if (compression & FASTPATH_OUTPUT_COMPRESSION_USED) { + ctype = *(uint8_t *) p; + p += 1; + } + + length = *(uint16_t *) p; + p += 2; + + if (o.debugging > 9) + printf("FASTPATH LENGTH: %d \n", length); + + info->rdp_next_packet = next = p + length; + + if (ctype & RDP_MPPC_COMPRESSED) { + if (o.debugging > 9) + printf(" ----------- COMPRESSED \n"); + } + + if (frag == FASTPATH_FRAGMENT_SINGLE) { + rdp_process_fastpath_code(con, p, code); + } else { + if (o.debugging > 9) + printf(" ---------- FRAGMENTED \n"); + + if (info->assembled[code] == NULL) { + info->assembled[code] = (stream_struct *)safe_malloc(sizeof(struct stream_struct)); + memset(info->assembled[code], 0, sizeof(struct stream_struct)); + + // realloc + u_char *data; + if (info->assembled[code]->size < FASTPATH_MULTIFRAGMENT_MAX_SIZE) { + data = info->assembled[code]->data; + info->assembled[code]->size = FASTPATH_MULTIFRAGMENT_MAX_SIZE; + info->assembled[code]->data = (u_char *)safe_realloc(data, FASTPATH_MULTIFRAGMENT_MAX_SIZE); + info->assembled[code]->p = info->assembled[code]->data + (info->assembled[code]->p - data); + info->assembled[code]->end = info->assembled[code]->data + (info->assembled[code]->end - data); + } + + // reset + struct stream_struct tmp; + tmp = *(info->assembled[code]); + memset(info->assembled[code], 0, sizeof(struct stream_struct)); + info->assembled[code]->size = tmp.size; + info->assembled[code]->end = info->assembled[code]->p = info->assembled[code]->data = tmp.data; + } + + if (frag == FASTPATH_FRAGMENT_FIRST) { + // reset + struct stream_struct tmp; + tmp = *(info->assembled[code]); + memset(info->assembled[code], 0, sizeof(struct stream_struct)); + info->assembled[code]->size = tmp.size; + info->assembled[code]->end = info->assembled[code]->p = info->assembled[code]->data = tmp.data; + } + + memcpy(info->assembled[code]->p, p, length); + info->assembled[code]->p += length; + + if (frag == FASTPATH_FRAGMENT_LAST) { + printf(" -------- LAST FRAGMENT \n"); + + info->assembled[code]->end = info->assembled[code]->p; + info->assembled[code]->p = info->assembled[code]->data; + + rdp_process_fastpath_code(con, info->assembled[code]->p, code); + } + } + + p = next; + + } + return p; + +} + + + + +enum { LOOP_WRITE, LOOP_DISC, LOOP_NOTH, LOOP_AUTH }; +static int +rdp_process_loop(Connection *con) +{ + bool loop = true; + uint8_t pdu_type = 0; + rdp_state *info = (rdp_state *)con->misc_info; + u_char *p; + int pdudata_ret; + + if (o.debugging > 8) + printf(" --------------------------------------- FUNCTION LOOP ---------------------------------\n"); + + while (loop) { + + if (o.debugging > 8) + printf(" ------------------ RDP LOOP -----------------\n"); + + p = rdp_recv_data(con, &pdu_type); + if (p == NULL) { + if (o.debugging > 8) + printf("LOOP NOTH NULL DATA\n"); + + // TODO: check if these 3 lines should stay here + con->inbuf->get_data(NULL, info->packet_len); + info->packet_len = 0; + info->rdp_packet = NULL; + + // we need this extra check here for RDPv5 because of fastpath + if (info->login_result != LOGIN_INIT) + return LOOP_AUTH; + + return LOOP_NOTH; + } + + switch (pdu_type) { + case RDP_PDU_DEMAND_ACTIVE: + if (o.debugging > 8) + printf("PDU DEMAND ACTIVE\n"); + rdp_demand_active_confirm(con, p); + break; + + case RDP_PDU_DEACTIVATE: + if (o.debugging > 8) + printf("PDU deactivate\n"); + break; + + case RDP_PDU_REDIRECT: + case RDP_PDU_ENHANCED_REDIRECT: + if (o.debugging > 8) + printf("PDU REDIRECT\n"); + break; + + case RDP_PDU_DATA: + if (o.debugging > 8) + printf("PDU DATA\n"); + pdudata_ret = rdp_parse_rdpdata_pdu(con, p); + if (pdudata_ret == 1) { + info->login_result = LOGIN_SUCCESS; + } else if (pdudata_ret == -1) { + return LOOP_DISC; + } + + break; + + default: + if (o.debugging > 8) + printf("PDU default\n"); + break; + + } + + loop = info->rdp_next_packet < info->rdp_packet_end; + + } + + if (o.debugging > 9) + printf("-----eating away packet for length: %d \n", info->packet_len); + + con->inbuf->get_data(NULL, info->packet_len); + + if (o.debugging > 9) + printf("-----bytes left in buf: %d \n", con->inbuf->get_len()); + + if (con->inbuf->get_len() == 0) { + delete con->inbuf; + con->inbuf = NULL; + } + + info->packet_len = 0; + info->rdp_packet = NULL; + + if (info->login_result != LOGIN_INIT) + return LOOP_AUTH; + + switch (pdu_type) { + case RDP_PDU_DEMAND_ACTIVE: + return LOOP_WRITE; + case RDP_PDU_DEACTIVATE: + case RDP_PDU_REDIRECT: + case RDP_PDU_ENHANCED_REDIRECT: + case RDP_PDU_DATA: + default: + return LOOP_NOTH; + } + +} + + + + +static u_char * +rdp_recv_data(Connection *con, uint8_t *pdu_type) +{ + rdp_state *info = (rdp_state *)con->misc_info; + uint16_t length; + bool fastpath = false; + + if (info->rdp_packet == NULL) { + + if (o.debugging > 9) + printf("BEFORE RDP SECURE RECV DATA \n"); + info->rdp_packet = rdp_secure_recv_data(con, &fastpath); + if (info->rdp_packet == NULL) { + if (o.debugging > 8) + printf("rdp packet NULL!\n"); + return NULL; + } + if (fastpath == true) { + if (o.debugging > 9) + printf("rdp_recv_data fastpath = true\n"); + + rdp_process_fastpath(con, info->rdp_packet); + return NULL; + } + + info->rdp_next_packet = info->rdp_packet; + + + /* Time to get the next TCP segment */ + } else if ((info->rdp_next_packet >= info->rdp_packet_end) + || (info->rdp_next_packet == NULL)) { + + if (o.debugging > 9) { + //printf("rdp_packet_end: %x \n", info->rdp_packet_end); + //printf("rdp_next_packet: %x \n", info->rdp_next_packet); + ; + } + + if (o.debugging > 8) + printf(" RECV DATA TCP NEXT SEGMENT %u\n", info->packet_len); + /* Eat away the ISO packet */ + con->inbuf->get_data(NULL, info->packet_len); + return NULL; + + } else { + + if (o.debugging > 8) + printf("NEXT PACKET\n"); + info->rdp_packet = info->rdp_next_packet; + } + + + /* parse TS SHARE CONTROL HEADER */ + + /* Get the length */ + length = *(uint16_t *)info->rdp_packet; + info->rdp_packet += 2; + + if (length == 0x8000) { + if (o.debugging > 9) + printf(" SKIP OVER THIS MESSAGE \n"); + /* skip over this message in stream */ + info->rdp_next_packet += 8; + return NULL; + } + + /* Get pdu type */ + *pdu_type = *(uint16_t *)info->rdp_packet & 0xf; + info->rdp_packet += 2; + + /* Skip userid */ + info->rdp_packet += 2; + + if (o.debugging > 8) + printf(" RDP length: %u\n", length); + info->rdp_next_packet += length; + + if (o.debugging > 8) { + printf("============= INCOMING DATA ==============\n"); + char *string = hexdump((u8*)info->rdp_packet, length); + log_write(LOG_PLAIN, "%s", string); + printf("============== INCOMING DATA END ==============\n"); + } + + return info->rdp_packet; +} + + + +static u_char* +rdp_secure_recv_data(Connection *con, bool *fastpath) +{ + u_char *p; + uint16_t channel; + uint32_t flags; + uint8_t fastpath_flags = 0; + uint8_t fastpath_header = 0; + rdp_state *info = (rdp_state *)con->misc_info; + uint32_t datalen; + + + while ((p = rdp_mcs_recv_data(con, &channel, fastpath, &fastpath_header)) != NULL) { + + if (*fastpath == true) { + + if (o.debugging > 9) + printf("fastpath in rdp_secure_recvdata\n"); + + fastpath_flags = (fastpath_header & 0xc0) >> 6; + if (fastpath_flags & FASTPATH_OUTPUT_ENCRYPTED) { + + if (o.debugging > 9) + printf("FASTPATH OUTPUT ENCRYPTED\n"); + /* Skip signature */ + p += 8; + + datalen = (info->rdp_packet_end - p); + + if (info->decrypt_use_count == 4096) + info->decrypt_use_count = 0; + + RC4(&info->rc4_decrypt_key, datalen, p, p); + info->decrypt_use_count++; + } + return p; + } + + flags = *(uint32_t *)p; + p += 4; + + if (flags & SEC_ENCRYPT) { + + /* Skip signature */ + p += 8; + + /* Decrypt Data */ + if (info->decrypt_use_count == 4096) { + /* Normally we should update our keys here, but we never get to receive + * more than 4096 RDP packets in one authentication session (since we + * close the connection after 1 attempt and reconnect with new keys), + * so we don't bother with this. + */ + info->decrypt_use_count = 0; + } + + datalen = (info->rdp_packet_end - p); + + if (o.debugging > 9) + printf(" Sec length: %u\n", datalen); + + RC4(&info->rc4_decrypt_key, datalen, p, p); + info->decrypt_use_count++; + } + + if (flags & SEC_LICENCE_NEG) { + if (o.debugging > 9) + printf("SEC LICENSE\n"); + + /* Eat away the ISO packet */ + con->inbuf->get_data(NULL, info->packet_len); + + return NULL; + } + + if (flags & 0x0400) { + if (o.debugging > 9) + printf("----SEC REDIRECT-----\n"); + } + + if (channel != MCS_GLOBAL_CHANNEL) { + if (o.debugging > 9) + printf("non-global channel\n"); + + } + + return p; + } + + return NULL; +} + + +static u_char * +rdp_mcs_recv_data(Connection *con, uint16_t *channel, bool *fastpath, uint8_t *fastpath_header) +{ + u_char *p; + char error[64]; + uint8_t opcode; + + p = rdp_iso_recv_data_loop(con, fastpath, fastpath_header); + if (p == NULL) + return NULL; + + if (*fastpath == true) + return p; + + /* Check opcode */ + opcode = (*(uint8_t *)p) >> 2; + p += 1; + + if (opcode != MCS_SDIN) { + if (opcode != MCS_DPUM) { + snprintf(error, sizeof(error), "Expected data packet, but got 0x%x.", + opcode); + con->service->end.orly = true; + con->service->end.reason = Strndup(error, strlen(error)); + } + if (o.debugging > 8) + printf(" ----------MCS ERR\n"); + return NULL; + } + + /* Skip userid */ + p += 2; + + /* Store channel for later use (big endian value) */ + *channel = ntohs(*(uint16_t *)p); + p += 2; + + /* Skip flags */ + p += 1; + + /* Skip length */ + uint8_t length = *(uint8_t *)p; + p += 1; + if (length & 0x80) + p += 1; + + + return p; +} + + +static u_char * +rdp_iso_recv_data_loop(Connection *con, bool *fastpath, uint8_t *fastpath_header) +{ + iso_tpkt *tpkt; + iso_tpkt_fast *fast_tpkt = NULL; + iso_itu_t_data *itu_t; + char error[64]; + rdp_state *info = (rdp_state *)con->misc_info; + u_char *p; + bool length_bigger = false; + + if (o.debugging > 8) + printf("TCP length: %u\n", con->inbuf->get_len()); + + tpkt = (iso_tpkt *) ((u_char *)con->inbuf->get_dataptr()); + itu_t = (iso_itu_t_data *) ((u_char *)tpkt + sizeof(iso_tpkt)); + + // this is a fastpath pdu if the T.123 version is not 3 + if (tpkt->version != 3) { + if (o.debugging > 8) + printf("FASTPATH\n"); + fast_tpkt = (iso_tpkt_fast *)((u_char *)con->inbuf->get_dataptr()); + *fastpath = true; + *fastpath_header = fast_tpkt->version; + info->packet_len = fast_tpkt->length1; + if (info->packet_len & 0x80) { + if (o.debugging > 9) + printf("length bigger\n"); + info->packet_len &= ~0x80; + info->packet_len = (info->packet_len << 8) + fast_tpkt->length2; + length_bigger = true; + } + if (o.debugging > 9) { + printf("fastpath length: %u\n", info->packet_len); + + printf("============== FASTPATH HEADER ===============\n"); + char *string = hexdump((u8*)fast_tpkt, sizeof(iso_tpkt_fast)); + log_write(LOG_PLAIN, "%s", string); + printf("============= FASTPATH HEADER END ===============\n"); + } + + info->rdp_packet_end = (u_char *)fast_tpkt + info->packet_len; + + } else { + info->packet_len = ntohs(tpkt->length); + info->rdp_packet_end = (u_char *)tpkt + info->packet_len; + } + + if (info->packet_len < 4) { + con->service->end.orly = true; + con->service->end.reason = Strndup("Bad tptk packet header.", 23); + return NULL; + } + + if (*fastpath == true) { + if (o.debugging > 9) + printf("fastpath return\n"); + + // if length is not bigger then iso_tpkt_fast is 1 byte less + if (length_bigger == true) + p = ((u_char *)(fast_tpkt) + sizeof(iso_tpkt_fast)); + else + p = ((u_char *)(fast_tpkt) - 1 + sizeof(iso_tpkt_fast)); + return p; + } + + + p = ((u_char *)(itu_t) + sizeof(iso_itu_t_data)); + + if (itu_t->code != ISO_PDU_DT) { + snprintf(error, sizeof(error), "Expected data packet, but got 0x%x.", + itu_t->code); + con->service->end.orly = true; + con->service->end.reason = Strndup(error, strlen(error)); + return NULL; + } + + return p; +} + + +static int +rdp_iso_recv_data(Connection *con) +{ + iso_tpkt *tpkt; + iso_itu_t_data *itu_t; + char error[64]; + + + tpkt = (iso_tpkt *) ((const char *)con->inbuf->get_dataptr()); + itu_t = (iso_itu_t_data *) ((const char *)tpkt + sizeof(iso_tpkt)); + + if (tpkt->version != 3) + fatal("rdp_module: not supported TPKT version: %d\n", tpkt->version); + + if (ntohs(tpkt->length) < 4) { + con->service->end.orly = true; + con->service->end.reason = Strndup("Bad tptk packet header.", 23); + return -1; + } + + if (itu_t->code != ISO_PDU_DT) { + snprintf(error, sizeof(error), "Expected data packet, but got 0x%x.", + itu_t->code); + con->service->end.orly = true; + con->service->end.reason = Strndup(error, strlen(error)); + return -1; + } + + return 0; +} + + + + + + +/***************************************************************************** + * Parses and gets the Server Security Data (TS_UD_SC_SEC1) from MCS connect + * response. Saves everything that will be needed later into rdp_state. + * http://msdn.microsoft.com/en-us/library/cc240518%28v=PROT.10%29.aspx + */ +static int +rdp_get_crypto(Connection *con, u_char *p) +{ + uint8_t client_random[32]; + uint8_t mod[256]; + uint8_t exp[4]; + uint8_t *server_random = NULL; + uint32_t server_random_len; + uint32_t rc4_size; + uint32_t encryption_level; + uint32_t rsa_len; + uint32_t mod_len = 0; + char error[128]; + rdp_state *info; + + + /* rdp_state must have already been initialized! */ + info = (rdp_state *)con->misc_info; + + memset(mod, 0, sizeof(mod)); + memset(exp, 0, sizeof(exp)); + + /* Get encryption method: + * 0x00000000: None + * 0x00000001: 40 bit + * 0x00000002: 128 bit + * 0x00000008: 56 bit + * 0x00000010: FIPS 140-1 compliant + */ + rc4_size = *(uint32_t *)p; + p += 4; + + /* Get encryption level: + * 0x00000000: None + * 0x00000001: low + * 0x00000002: client compatible + * 0x00000003: high + * 0x00000004: fips + */ + encryption_level = *(uint32_t *)p; + p += 4; + + if (encryption_level == 0) + return -1; + + /* Now get the serverRandomLen */ + server_random_len = *(uint32_t *)p; + p += 4; + + /* According to the specs, this field value MUST be 32 bytes, as long as both + * the encryption method and level are not 0. + */ + if (server_random_len != 32) { + con->service->end.orly = true; + snprintf(error, sizeof(error), "Server security data: " + "server random len was %d but should be 32.", server_random_len); + con->service->end.reason = Strndup(error, strlen(error)); + return -1; + } + + /* Get rsa len */ + rsa_len = *(uint32_t *)p; + p += 4; + + /* Store pointer for the serverRandom field and move it forward so far as + * specified by the serverRandomLen field which we parsed earlier. + */ + server_random = p; + p += server_random_len; + + u_char *real_end = (u_char *)con->inbuf->get_dataptr() + con->inbuf->get_len(); + u_char *end = p + rsa_len; + if (end > real_end) { + con->service->end.orly = true; + snprintf(error, sizeof(error), "Server security data: possibly corrupted " + " packet. %ld more bytes specified", end - real_end); + con->service->end.reason = Strndup(error, strlen(error)); + return -1; + } + + uint32_t flags = *(uint32_t *)p; + /* RDP4 encryption */ + if (!(flags & 1)) + fatal("rdp_module: not supported rdp5 encryption\n"); + + p += 8; /* skip 8 bytes */ + + uint16_t tag, hdr_length; + u_char *saved_p; + uint32_t rsa_magic; + while (p < end) { + + tag = *(uint16_t *)p; + p += 2; + hdr_length = *(uint16_t *)p; + p += 2; + + saved_p = p + hdr_length; + + switch (tag) + { + case SEC_TAG_PUBKEY: + + rsa_magic = *(uint32_t *)p; + p += 4; + + if (rsa_magic != SEC_RSA_MAGIC) { + con->service->end.orly = true; + snprintf(error, sizeof(error), "Server security data: Expected %d " + "for RSA magic but got %d.", SEC_RSA_MAGIC, rsa_magic); + con->service->end.reason = Strndup(error, strlen(error)); + return -1; + } + + mod_len = *(uint32_t *)p; + p += 4; + + /* subtract padding size 8 */ + mod_len -= 8; + if (mod_len < 64 || mod_len > 256) { + con->service->end.orly = true; + snprintf(error, sizeof(error), "Server security data: Expected " + "modulus size to be between 64 and 256 but was %d", mod_len); + con->service->end.reason = Strndup(error, strlen(error)); + return -1; + } + p += 8; /* skip 8 bytes */ + memcpy(exp, p, 4); + p += 4; + memcpy(mod, p, mod_len); + p += mod_len; + p += 8; /* skip padding */ + /* store modulus length for later use */ + info->server_public_key_length = mod_len; + + break; + + case SEC_TAG_KEYSIG: + //TODO: we don't check for signatures now, but perhaps we should to + //detect MITM attacks + break; + + default: + break; + + } + + p = saved_p; + } + + /* + * This is not strong randomness since it uses nbase's relatively weak algo + * to get the 32 bytes needed. + */ + get_random_bytes(client_random, sizeof(client_random)); + rsa_encrypt(client_random, info->crypted_random, 32, mod, mod_len, exp); + + uint8_t premaster_secret[48]; + uint8_t master_secret[48]; + uint8_t key[48]; + + /* pre master secret */ + memcpy(premaster_secret, client_random, 24); + memcpy(premaster_secret + 24, server_random, 24); + + /* master secret and key */ + hash48(master_secret, premaster_secret, 'A', client_random, server_random); + hash48(key, master_secret, 'X', client_random, server_random); + + /* create key used for signing */ + memcpy(info->sign_key, key, 16); + + /* export keys */ + hash16(info->decrypt_key, &key[16], client_random, server_random); + hash16(info->encrypt_key, &key[32], client_random, server_random); + + //TODO: check for case of 40bit enc + if (rc4_size == 1) { + /* 40 bit enc */ + info->rc4_keylen = 8; + } else + info->rc4_keylen = 16; /* 128 bit encryption */ + + /* update keys */ + memcpy(info->encrypt_update_key, info->encrypt_key, 16); + memcpy(info->decrypt_update_key, info->decrypt_key, 16); + + RC4_set_key(&info->rc4_encrypt_key, info->rc4_keylen, info->encrypt_key); + RC4_set_key(&info->rc4_decrypt_key, info->rc4_keylen, info->decrypt_key); + + return 0; +} + + + +/***************************************************************************** + * Parses the MCS connect response which comes as a reply from the server for + * our MCS connect initial request. This packet contains the server's public + * crypto key, which we store using 'rdp_get_crypto()'. + */ +static int +rdp_mcs_connect_response(Connection *con) +{ + //mcs_response *mcs; + u_char *p; + char error[64]; + + if (rdp_iso_recv_data(con) < 0) + return -1; + + p = ((u_char *)con->inbuf->get_dataptr() + sizeof(iso_tpkt) + + sizeof(iso_itu_t_data)); + + // mcs = (mcs_response *)p; + + int length; + p = rdp_parse_ber(p, MCS_CONNECT_RESPONSE, &length); + p = rdp_parse_ber(p, BER_TAG_RESULT, &length); + uint8_t result = *(uint8_t *)p; + p += 1; + + /* Check result parameter */ + if (result != 0) { + snprintf(error, sizeof(error), "MCS connect result: %x\n", result); + con->service->end.orly = true; + con->service->end.reason = Strndup(error, strlen(error)); + return -1; + } + + + p = rdp_parse_ber(p, BER_TAG_INTEGER, &length); + p += length; + + /* Now parse MCS_TAG_DOMAIN_PARAMS header and ignore as many bytes as the + * length of this header. + */ + p = rdp_parse_ber(p, MCS_TAG_DOMAIN_PARAMS, &length); + p += length; + + p = rdp_parse_ber(p, BER_TAG_OCTET_STRING, &length); + +#if 0 + p += sizeof(mcs_response); + + p++; /* now p should point to length of the header */ + uint8_t mcs_domain_len = *p; + p += mcs_domain_len; /* ignore that many bytes */ + + /* Now p points to the BER header of mcs_data - ignore header */ + p += 5; +#endif + + /* Ignore the 21 bytes of the T.124 ConferenceCreateResponse */ + p += 21; + + /* Now parse Server Data Blocks (serverCoreData, serverNetworkData, + * serverSecurityData) + */ + uint8_t len = *(uint8_t *)p; + p++; + if (len & 0x80) { + len = *(uint8_t *)p; + p++; + } + + uint16_t tag, hdr_length; + u_char *saved_p; + u_char *end = (u_char *)con->inbuf->get_dataptr() + con->inbuf->get_len(); + + while (p < end) { + + tag = *(uint16_t *)p; + p += 2; + hdr_length = *(uint16_t *)p; + p += 2; + + saved_p = p + hdr_length - 4; + + if (hdr_length <= 4) { + return 0; + //con->service->end.orly = true; + //con->service->end.reason = Strndup("MCS response: corrupted packet.", 31); + //return -1; + } + + switch (tag) + { + case SEC_TAG_SRV_INFO: + p += 2; + break; + + case SEC_TAG_SRV_CRYPT: + if (rdp_get_crypto(con, p) < 0) + return -1; + break; + + default: + break; + } + + p = saved_p; + } + + return 0; +} + + +/***************************************************************************** + * Cryptographically signs and encrypts the data and puts them in Ncrack's + * outbuf. It also creates the security header which is nothing more than the + * 32bit flags (which must contain SEC_ENCRYPT). The security header precedes + * the data. Since this function appends the header, the signature and the + * encrypted data in the 'outbuf' everything preceding them, like the ISO and + * MCS headers must already be there. + */ +static void +rdp_encrypt_data(Connection *con, uint8_t *data, uint32_t datalen, + uint32_t flags) +{ + rdp_state *info = (rdp_state *)con->misc_info; + sec_header sec; + + sec.flags = flags; + + /* Now sign the data */ + SHA_CTX sha1_ctx; + uint8_t sha1_sig[20]; + MD5_CTX md5_ctx; + uint8_t md5_sig[16]; + uint8_t len_header[4]; + + SHA1_Init(&sha1_ctx); + MD5_Init(&md5_ctx); + + len_header[0] = (datalen) & 0xFF; + len_header[1] = (datalen >> 8) & 0xFF; + len_header[2] = (datalen >> 16) & 0xFF; + len_header[3] = (datalen >> 24) & 0xFF; + + SHA1_Update(&sha1_ctx, info->sign_key, info->rc4_keylen); + SHA1_Update(&sha1_ctx, pad54, 40); + SHA1_Update(&sha1_ctx, len_header, 4); + SHA1_Update(&sha1_ctx, data, datalen); + SHA1_Final(sha1_sig, &sha1_ctx); + + MD5_Update(&md5_ctx, info->sign_key, info->rc4_keylen); + MD5_Update(&md5_ctx, pad92, 48); + MD5_Update(&md5_ctx, sha1_sig, 20); + MD5_Final(md5_sig, &md5_ctx); + + memcpy(sec.sig, md5_sig, sizeof(sec.sig)); + + /* Encrypt the data */ + if (info->encrypt_use_count == 4096) { + info->encrypt_use_count = 0; + /* Normally we should update our keys here, but we never get to receive + * more than 4096 RDP packets in one authentication session (since we + * close the connection after 1 attempt and reconnect with new keys), + * so we don't bother with this. + */ + } + RC4(&info->rc4_encrypt_key, datalen, data, data); + info->encrypt_use_count++; + + /* This is the security header, which is after the ISO and MCS headers */ + con->outbuf->append(&sec, sizeof(sec)); + /* Everything below the security header is the encrypted data. */ + con->outbuf->append(data, datalen); + +} + + +/***************************************************************************** + * Prepares a Client Security Exchange PDU. This packet contains the client's + * random data portion needed for the cryptographic exchange. This was created + * by using nbase's PRNG and later encrypted in the 'rdp_get_crypto()' + * function. + * http://msdn.microsoft.com/en-us/library/cc240471%28v=PROT.10%29.aspx + */ +static void +rdp_security_exchange(Connection *con) +{ + /* This is the length of the data of this specific portion of the packet + * Things like the lengths of the rest of the headers (MCS, ISO) aren't + * included. + */ + uint32_t sec_length; + uint32_t total_length; + uint32_t flags; + rdp_state *info = (rdp_state *)con->misc_info; + + /* We don't use the sec_header struct here, since the security header + * now includes only the flags field (32 bit). We also don't call + * rdp_encrypt_data(), since the data aren't encrypted for this packet. + */ + sec_length = info->server_public_key_length + 8; /* padding size = 8 */ + + /* 4 is the length field itself and another 4 for the security header + * (which has only the 32bit flags field) + */ + total_length = sec_length + 4 + 4; + + total_length += sizeof(mcs_data); + rdp_iso_data(con, total_length); + total_length -= sizeof(mcs_data); + rdp_mcs_data(con, total_length); + + flags = SEC_CLIENT_RANDOM; + /* Security header part */ + con->outbuf->append(&flags, sizeof(flags)); + + /* Client Security Exchange part */ + con->outbuf->append(&sec_length, sizeof(sec_length)); + con->outbuf->append(info->crypted_random, info->server_public_key_length); + con->outbuf->append(pad0, 8); /* paddding */ + +} + + +/***************************************************************************** + * Prepares a Client Info PDU. Secure Settings Exchange phase. + * http://msdn.microsoft.com/en-us/library/cc240473%28v=PROT.10%29.aspx + * http://msdn.microsoft.com/en-us/library/cc240474%28v=PROT.10%29.aspx + * http://msdn.microsoft.com/en-us/library/cc240475%28v=PROT.10%29.aspx + */ +static void +rdp_client_info(Connection *con) +{ + rdp_state *info = (rdp_state *)con->misc_info; + Buf *data; + char domain[16]; + char shell[256]; + char workingdir[256]; + uint16_t username_length, password_length, domain_length, + shell_length, workingdir_length; + uint32_t total_length; + uint32_t flags = RDP_LOGON_AUTO | RDP_LOGON_NORMAL; // TODO: test the flags + int packetlen = 0; + int err; + + uint32_t rdp5_performance_flags = (PERF_DISABLE_FULLWINDOWDRAG | + PERF_DISABLE_MENUANIMATIONS | + PERF_ENABLE_FONT_SMOOTHING); + + + /* length of strings in TS_EXTENDED_PACKET includes null terminator */ + int len_ip = 2 * strlen("172.16.51.1") + 2; // TODO: change this to non-hardcoded IP + int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll") + 2; + + time_t t = time(NULL); + time_t tzone; + struct tm local_time; + struct tm gm_time; + + data = new Buf(); + domain[0] = shell[0] = workingdir[0] = 0; + + /* We need to convert every string data to its unicode equivalent. + * unicode_alloc() dynamically allocates the data, so be sure to free the + * memory later. + */ + char *u_domain = unicode_alloc(domain); + char *u_username = unicode_alloc(con->user); + char *u_password = unicode_alloc(con->pass); + char *u_shell = unicode_alloc(shell); + char *u_workdingdir = unicode_alloc(workingdir); + + char *u_ip = unicode_alloc("172.16.51.1"); + char *u_dll = unicode_alloc("C:\\WINNT\\System32\\mstscax.dll"); + char *u_gtb_normal = unicode_alloc("GTB, normaltid"); + char *u_gtb_sommar = unicode_alloc("GTB, sommartid"); + + domain_length = strlen(domain) * 2; + username_length = strlen(con->user) * 2; + password_length = strlen(con->pass) * 2; + shell_length = strlen(shell) * 2; + workingdir_length = strlen(workingdir) * 2; + + if (info->rdp_version == 4) { + + /* Now fill in the data to our temporary buffer. These will be later + * encrypted by rdp_encrypt_data() + */ + + //TODO: check if these need to be explicitly sent in little endian + data->append(pad0, 4); + data->append(&flags, sizeof(flags)); + + data->append(&domain_length, sizeof(domain_length)); + data->append(&username_length, sizeof(username_length)); + data->append(&password_length, sizeof(password_length)); + data->append(&shell_length, sizeof(shell_length)); + data->append(&workingdir_length, sizeof(workingdir_length)); + + /* Make sure the minimum length is 2, which means only the unicode NULL + * (2 bytes) character is sent. Note, that this is not the special + * additional NULL character that follows every string for this header, + * but the string itself denoting it is empty. + */ + data->append(u_domain, domain_length ? domain_length : 2); + data->append(u_username, username_length ? username_length : 2); + data->append(pad0, 2); /* extra unicode NULL terminator */ + + data->append(u_password, password_length ? password_length : 2); + data->append(pad0, 2); + + data->append(u_shell, shell_length ? shell_length : 2); + data->append(u_workdingdir, workingdir_length ? workingdir_length : 2); + + /* 18 = the size of all above fields (pad0, flags and the lengths of each + * variable + * 10 = the size of the unicode NULL terminators for each of the above 5 + * strings, which are not included in the lengths + * see: http://msdn.microsoft.com/en-us/library/cc240475%28v=PROT.10%29.aspx + */ + if (o.debugging > 8) + printf("username: %s pass: %s\n", con->user, con->pass); + + total_length = 18 + domain_length + username_length + password_length + + shell_length + workingdir_length + 10; + + } else { + + packetlen = + /* size of TS_INFO_PACKET */ + 4 + /* CodePage */ + 4 + /* flags */ + 2 + /* cbDomain */ + 2 + /* cbUserName */ + 2 + /* cbPassword */ + 2 + /* cbAlternateShell */ + 2 + /* cbWorkingDir */ + 2 + domain_length + /* Domain */ + 2 + username_length + /* UserName */ + 2 + password_length + /* Password */ + 2 + shell_length + /* AlternateShell */ + 2 + workingdir_length + /* WorkingDir */ + /* size of TS_EXTENDED_INFO_PACKET */ + 2 + /* clientAddressFamily */ + 2 + /* cbClientAddress */ + len_ip + /* clientAddress */ + 2 + /* cbClientDir */ + len_dll + /* clientDir */ + /* size of TS_TIME_ZONE_INFORMATION */ + 4 + /* Bias, (UTC = local time + bias */ + 64 + /* StandardName, 32 unicode char array, Descriptive standard time on client */ + 16 + /* StandardDate */ + 4 + /* StandardBias */ + 64 + /* DaylightName, 32 unicode char array */ + 16 + /* DaylightDate */ + 4 + /* DaylightBias */ + 4 + /* clientSessionId */ + 4 + /* performanceFlags */ + 2 + /* cbAutoReconnectCookie, either 0 or 0x001c */ + /* size of ARC_CS_PRIVATE_PACKET */ + 0; /* autoReconnectCookie: +28 if you have a cookie */ + + data->append(pad0, 4); + data->append(&flags, sizeof(flags)); + data->append(&domain_length, sizeof(domain_length)); + data->append(&username_length, sizeof(username_length)); + data->append(&password_length, sizeof(password_length)); + data->append(&shell_length, sizeof(shell_length)); + data->append(&workingdir_length, sizeof(workingdir_length)); + + /* no null terminator needed because domain is null - same for other null vars */ + data->append(u_domain, domain_length ? domain_length : 2); + data->append(u_username, username_length ? username_length : 2); + data->append(pad0, 2); /* extra unicode NULL terminator */ + data->append(u_password, password_length ? password_length : 2); + data->append(pad0, 2); + data->append(u_shell, shell_length ? shell_length : 2); + data->append(u_workdingdir, workingdir_length ? workingdir_length : 2); + + /* TS_EXTENDED_INFO_PACKET */ + uint16_t af = 2; + data->append(&af, 2); + data->append(&len_ip, 2); + data->append(u_ip, len_ip - 2); data->append(pad0, 2); + data->append(&len_dll, 2); + data->append(u_dll, len_dll - 2); data->append(pad0, 2); + + /* TS_TIME_ZONE_INFORMATION */ + err = n_localtime(&t, &local_time); + if (err) + log_write(LOG_STDERR, "Timing error (n_localtime): %s\n", strerror(err)); + gmtime_r(&t, &gm_time); + + tzone = (mktime(&gm_time) - mktime(&local_time)) / 60; + data->append(&tzone, 4); + data->append(u_gtb_normal, 2 * strlen("GTB, normaltid")); + data->append(pad0, 2); + data->append(pad0, 62 - 2 * strlen("GTB, normaltid")); + + uint32_t val = 0x0a0000; data->append(&val, sizeof(val)); + val = 0x050000; data->append(&val, sizeof(val)); + val = 3; data->append(&val, sizeof(val)); + val = 0; data->append(&val, sizeof(val)); + val = 0; data->append(&val, sizeof(val)); + data->append(u_gtb_sommar, 2 * strlen("GTB, sommartid")); + data->append(pad0, 2); + data->append(pad0, 62 - 2 * strlen("GTB, sommartid")); + + val = 0x30000; data->append(&val, sizeof(val)); + val = 0x050000; data->append(&val, sizeof(val)); + val = 2; data->append(&val, sizeof(val)); + data->append(pad0, 4); + val = 0xffffffc4; data->append(&val, sizeof(val)); /* daylight bias */ + + data->append(pad0, 4); /* clientSessionId (must be 0) */ + data->append(&rdp5_performance_flags, sizeof(rdp5_performance_flags)); // rdp5 performance flags + data->append(pad0, 2); /* auto reconnect length */ + + total_length = packetlen; + + } + + if (o.debugging > 9) { + printf("-----------DATA OUTGOING --------\n"); + char *string = hexdump((u8*)data->get_dataptr(), data->get_len()); + log_write(LOG_PLAIN, "%s", string); + printf("-----------DATA OUTGOING END --------\n"); + } + + total_length += sizeof(mcs_data) + sizeof(sec_header); + rdp_iso_data(con, total_length); + total_length -= sizeof(mcs_data); + rdp_mcs_data(con, total_length); + + rdp_encrypt_data(con, (uint8_t *)data->get_dataptr(), data->get_len(), + SEC_LOGON_INFO | SEC_ENCRYPT); + + delete data; + free(u_gtb_normal); + free(u_gtb_sommar); + free(u_dll); + free(u_ip); + free(u_domain); + free(u_username); + free(u_password); + free(u_shell); + free(u_workdingdir); +} + + +/***************************************************************************** + * Sends a certain scancode by calling 'rdp_input_msg()' accordingly. Note + * that the data will be saved in Ncrack's 'outbuf'. + */ +#if 0 +static void +rdp_scancode_msg(Connection *con, uint32_t time, uint16_t flags, + uint8_t scancode) +{ + rdp_input_msg(con, time, RDP_INPUT_SCANCODE, flags, scancode, 0); + +} +#endif + + +/***************************************************************************** + * Sends an input message - this can be for example a keystroke or a mouse + * click. Ncrack usually needs to send the 'ENTER' scancode to emulate the + * behaviour of pressing (or clicking) 'OK' on the window that appears + * whenever the user authentication fails. The data are saved in + * Ncrack's 'outbuf'. + */ +static void +rdp_input_msg(Connection *con, uint32_t time, uint16_t message_type, + uint16_t device_flags, uint16_t param1, uint16_t param2) +{ + rdp_input_event input; + Buf *data = new Buf(); + + input.time = time; + input.message_type = message_type; + input.device_flags = device_flags; + input.param1 = param1; + input.param2 = param2; + + data->append(&input, sizeof(input)); + + rdp_data(con, data, RDP_DATA_PDU_INPUT); +} + + +static void +rdp_fonts_send(Connection *con, uint16_t sequence) +{ + Buf *data = new Buf(); + rdp_fonts fonts; + + fonts.seq = sequence; + + data->append(&fonts, sizeof(fonts)); + + rdp_data(con, data, RDP_DATA_PDU_FONT2); +} + + + +static void +rdp_synchronize(Connection *con) +{ + Buf *data = new Buf(); + rdp_sync sync; + data->append(&sync, sizeof(sync)); + + rdp_data(con, data, RDP_DATA_PDU_SYNCHRONISE); + +} + + +static void +rdp_control(Connection *con, uint16_t action) +{ + Buf *data = new Buf(); + rdp_ctrl control; + + control.action = action; + data->append(&control, sizeof(control)); + + rdp_data(con, data, RDP_DATA_PDU_CONTROL); + +} + + +static void +rdp_confirm_active(Connection *con) +{ + rdp_state *info = (rdp_state *)con->misc_info; + rdp_confirm_active_pdu pdu; + uint16_t caplen; + rdp_general_caps general; + rdp_bitmap_caps bitmap; + rdp_order_caps order; + rdp_bmpcache_caps bmpcache; + rdp_colcache_caps colcache; + rdp_activate_caps activate; + rdp_control_caps control; + rdp_pointer_caps pointer; + rdp_share_caps share; + rdp_bmpcache_caps2 bmpcache2; + rdp_newpointer_caps newpointer; + rdp_brushcache_caps brushcache; + rdp_input_caps input; + rdp_sound_caps sound; + rdp_font_caps font; + rdp_glyphcache_caps glyph; + rdp_multifragment_caps multifrag; + rdp_large_pointer_caps largepointer; + uint16_t total_length; + uint32_t flags = 0x0030 | SEC_ENCRYPT; + Buf *data = new Buf(); + + caplen = RDP_CAPLEN_GENERAL + + RDP_CAPLEN_BITMAP + + RDP_CAPLEN_ORDER + + RDP_CAPLEN_COLCACHE + + RDP_CAPLEN_ACTIVATE + + RDP_CAPLEN_CONTROL + + RDP_CAPLEN_SHARE + + RDP_CAPLEN_BRUSHCACHE + + RDP_CAPLEN_INPUT + + RDP_CAPLEN_FONT + + RDP_CAPLEN_SOUND + + RDP_CAPLEN_GLYPHCACHE + + RDP_CAPLEN_MULTIFRAGMENTUPDATE + + RDP_CAPLEN_LARGE_POINTER + + 4; + + if (info->rdp_version >= 5) { + caplen += RDP_CAPLEN_BMPCACHE2; + caplen += RDP_CAPLEN_NEWPOINTER; + } else { + caplen += RDP_CAPLEN_BMPCACHE; + caplen += RDP_CAPLEN_POINTER; + } + + pdu.length = 2 + 14 + caplen + sizeof(RDP_SOURCE); + pdu.mcs_userid = info->mcs_userid + 1001; + pdu.shareid = info->shareid; + pdu.caplen = caplen; + + if (info->rdp_version >= 5) { + general.extra_flags |= NO_BITMAP_COMPRESSION_HDR; + general.extra_flags |= AUTORECONNECT_SUPPORTED; + general.extra_flags |= LONG_CREDENTIALS_SUPPORTED; + general.extra_flags |= FASTPATH_OUTPUT_SUPPORTED; + } + + data->append(&pdu, sizeof(pdu)); + data->append(&general, sizeof(general)); + data->append(&bitmap, sizeof(bitmap)); + data->append(&order, sizeof(order)); + + if (info->rdp_version >= 5) { + data->append(&bmpcache2, sizeof(bmpcache2)); + data->append(&newpointer, sizeof(newpointer)); + } else { + data->append(&bmpcache, sizeof(bmpcache)); + data->append(&pointer, sizeof(pointer)); + } + + data->append(&colcache, sizeof(colcache)); + data->append(&activate, sizeof(activate)); + data->append(&control, sizeof(control)); + data->append(&share, sizeof(share)); + data->append(&brushcache, sizeof(brushcache)); + data->append(&input, sizeof(input)); + data->append(&sound, sizeof(sound)); + data->append(&font, sizeof(font)); + data->append(&glyph, sizeof(glyph)); + data->append(&multifrag, sizeof(multifrag)); + data->append(&largepointer, sizeof(largepointer)); + + total_length = data->get_len(); + total_length += sizeof(mcs_data) + sizeof(sec_header); + rdp_iso_data(con, total_length); + total_length -= sizeof(mcs_data); + rdp_mcs_data(con, total_length); + + if (o.debugging > 9) { + printf("-----------CONFIRM ACTIVE OUTGOING DATA-------- %u \n", data->get_len()); + char *string = hexdump((u8*)data->get_dataptr(), data->get_len()); + log_write(LOG_PLAIN, "%s", string); + printf("-----------OUTGOING DATA END--------\n"); + } + + rdp_encrypt_data(con, (uint8_t *)data->get_dataptr(), data->get_len(), flags); + + delete data; + + /* reset order state */ + info->order_state_type = RDP_ORDER_PATBLT; + memset(&info->memblt, 0, sizeof(info->memblt)); + +} + + + +/* + * must free data after completion + */ +static void +rdp_data(Connection *con, Buf *data, uint8_t pdu_type) +{ + rdp_hdr_data hdr; + rdp_state *info = (rdp_state *)con->misc_info; + uint32_t flags = SEC_ENCRYPT; + Buf *rdp = new Buf(); + uint32_t total_length; + + hdr.length = data->get_len() + sizeof(hdr); + hdr.mcs_userid = info->mcs_userid + 1001; + hdr.shareid = info->shareid; + hdr.remaining_length = hdr.length - 14; + hdr.type = pdu_type; + + rdp->append(&hdr, sizeof(hdr)); + rdp->append(data->get_dataptr(), data->get_len()); + + total_length = sizeof(hdr) + data->get_len(); + total_length += sizeof(mcs_data) + sizeof(sec_header); + rdp_iso_data(con, total_length); + total_length -= sizeof(mcs_data); + rdp_mcs_data(con, total_length); + + if (o.debugging > 9) { + printf("-----------OUTGOING DATA-------- %u \n", rdp->get_len()); + char *string = hexdump((u8*)rdp->get_dataptr(), rdp->get_len()); + log_write(LOG_PLAIN, "%s", string); + printf("-----------OUTGOING DATA END--------\n"); + } + + rdp_encrypt_data(con, (uint8_t *)rdp->get_dataptr(), rdp->get_len(), flags); + + delete rdp; + delete data; + +} + + + +void +ncrack_rdp(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + rdp_state *info = NULL; + int loop_val; + + if (con->misc_info) + info = (rdp_state *) con->misc_info; + else { + con->misc_info = (rdp_state *)safe_zalloc(sizeof(rdp_state)); + info = (rdp_state *)con->misc_info; + info->rdp_version = 5; //TODO: assume RDP version 5 for now + } + + switch (con->state) + { + case RDP_INIT: + + con->state = RDP_CON; + + con->outbuf = new Buf(); + rdp_iso_connection_request(con); + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + + case RDP_CON: + + if (rdp_loop_read(nsp, con) < 0) + break; + + con->state = RDP_MCS_RESP; + + if (rdp_iso_connection_confirm(con) < 0) + return ncrack_module_end(nsp, con); + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + rdp_mcs_connect(con); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + case RDP_MCS_RESP: + + if (rdp_loop_read(nsp, con) < 0) + break; + + con->state = RDP_MCS_AURQ; + + + if (rdp_mcs_connect_response(con) < 0) + return ncrack_module_end(nsp, con); + + /* Now send Erection Domain Request */ + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + rdp_mcs_erect_domain_request(con); + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case RDP_MCS_AURQ: + + con->state = RDP_MCS_AUCF; + + /* Now send Attach User Request */ + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + rdp_mcs_attach_user_request(con); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case RDP_MCS_AUCF: + + if (rdp_loop_read(nsp, con) < 0) + break; + + con->state = RDP_MCS_CJ_USER; + + if (rdp_mcs_attach_user_confirm(con) < 0) + return ncrack_module_end(nsp, con); + + /* Now send User Channel Join request */ + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + rdp_mcs_channel_join_request(con, info->mcs_userid + + MCS_USERCHANNEL_BASE); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case RDP_MCS_CJ_USER: + + if (rdp_loop_read(nsp, con) < 0) + break; + + con->state = RDP_SEC_EXCHANGE; + + if (rdp_mcs_channel_join_confirm(con) < 0) + return ncrack_module_end(nsp, con); + + /* Now send Global Channel Join request */ + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + rdp_mcs_channel_join_request(con, MCS_GLOBAL_CHANNEL); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case RDP_SEC_EXCHANGE: + + if (rdp_loop_read(nsp, con) < 0) + break; + + con->state = RDP_CLIENT_INFO; + + if (rdp_mcs_channel_join_confirm(con) < 0) + return ncrack_module_end(nsp, con); + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + rdp_security_exchange(con); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case RDP_CLIENT_INFO: + + con->state = RDP_DEMAND_ACTIVE; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + rdp_client_info(con); + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case RDP_DEMAND_ACTIVE: + + if (rdp_loop_read(nsp, con) < 0) + break; + + con->state = RDP_DEMAND_ACTIVE; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + loop_val = rdp_process_loop(con); + if (loop_val != LOOP_WRITE) { + //nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + delete con->inbuf; + con->inbuf = NULL; + break; + } + + con->state = RDP_DEMAND_ACTIVE_SYNC; + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case RDP_DEMAND_ACTIVE_SYNC: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + con->state = RDP_DEMAND_ACTIVE_INPUT_SYNC; + + if (o.debugging > 9) { + printf("RDP_DEMAND_ACTIVE_SYNC\n"); + printf("rdp_synchronize\n"); + } + rdp_synchronize(con); + if (o.debugging > 9) + printf("rdp_control cooperate\n"); + rdp_control(con, RDP_CTL_COOPERATE); + if (o.debugging > 9) + printf("rdp_control request\n"); + rdp_control(con, RDP_CTL_REQUEST_CONTROL); + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case RDP_DEMAND_ACTIVE_INPUT_SYNC: + + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + if (o.debugging > 9) + printf("DEMAND_ACTIVE_INPUT_SYNC\n"); + + con->state = RDP_DEMAND_ACTIVE_FONTS; + + rdp_input_msg(con, 0, RDP_INPUT_SYNCHRONIZE, 0, 0, 0); + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case RDP_DEMAND_ACTIVE_FONTS: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + con->state = RDP_LOOP; + + if (o.debugging > 9) + printf("DEMAND_ACTIVE_FONTS\n"); + + if (info->rdp_version >= 5) { + // normally we would send a bmpcache2 here + // but we don't have any so don't have to send anything + if (o.debugging > 9) + printf("rdp_fonts_send\n"); + rdp_fonts_send(con, 3); + } else { + rdp_fonts_send(con, 1); + rdp_fonts_send(con, 2); + } + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case RDP_LOOP: + + if (rdp_loop_read(nsp, con) < 0) + break; + + if (o.debugging > 8) + printf("RDP LOOP STATE \n"); + con->state = RDP_LOOP; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + loop_val = rdp_process_loop(con); + + switch (loop_val) { + + case LOOP_WRITE: + + if (o.debugging > 9) + printf(" ----- LOOP WRITE ------\n"); + + con->state = RDP_DEMAND_ACTIVE_SYNC; + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case LOOP_DISC: + + if (o.debugging > 9) + printf(" ----- LOOP DISC ------\n"); + + delete con->inbuf; + con->inbuf = NULL; + + con->force_close = true; + rdp_disconnect(con); + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + return ncrack_module_end(nsp, con); + + break; + + case LOOP_NOTH: + + if (o.debugging > 9) + printf(" ----- LOOP NOTH ------\n"); + + nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + break; + + case LOOP_AUTH: + + if (o.debugging > 9) + printf(" ----- LOOP AUTH ------\n"); + + if (info->login_result == LOGIN_SUCCESS) { + con->auth_success = true; + } + + delete con->inbuf; + con->inbuf = NULL; + + info->login_pattern_fail = 0; + con->force_close = true; + rdp_disconnect(con); + + nsock_write(nsp, nsi, ncrack_write_handler, RDP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + return ncrack_module_end(nsp, con); + + break; + + default: + + if (o.debugging > 9) + printf(" ----- LOOP DEFAULT ------\n"); + nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + break; + } + + + break; + } + +} + diff --git a/include/DomainExec/modules/ncrack_redis.cc b/include/DomainExec/modules/ncrack_redis.cc new file mode 100644 index 00000000..89ed4844 --- /dev/null +++ b/include/DomainExec/modules/ncrack_redis.cc @@ -0,0 +1,203 @@ +/*************************************************************************** + * ncrack_redis.cc -- ncrack module for the REDIS protocol * + * Coded by edeirme * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" + +#define REDIS_TIMEOUT 20000 + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); +static int redis_loop_read(nsock_pool nsp, Connection *con); + +enum states { REDIS_INIT, REDIS_FINI }; + + +static int +redis_loop_read(nsock_pool nsp, Connection *con) +{ + char *p; + if (con->inbuf == NULL) { + nsock_read(nsp, con->niod, ncrack_read_handler, REDIS_TIMEOUT, con); + return -1; + } + p = (char *)con->inbuf->get_dataptr(); + if (!memsearch((const char *)p, "\r\n", con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, REDIS_TIMEOUT, con); + return -1; + } + if (memsearch((const char *)p, "OK", con->inbuf->get_len())) + return 0; + else if (memsearch((const char *)p, "ERR invalid password", con->inbuf->get_len())) + return -2; + return -1; +} + +void +ncrack_redis(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + + switch (con->state) + { + case REDIS_INIT: + + con->state = REDIS_FINI; + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + con->outbuf->snprintf(7 + strlen(con->pass), "AUTH %s\r\n", con->pass); + nsock_write(nsp, nsi, ncrack_write_handler, REDIS_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case REDIS_FINI: + + if (redis_loop_read(nsp, con) == -1) + break; + else if(redis_loop_read(nsp, con) == 0) + con->auth_success = true; + con->state = REDIS_INIT; + + delete con->inbuf; + con->inbuf = NULL; + + con->force_close = true; + + return ncrack_module_end(nsp, con); + } +} diff --git a/include/DomainExec/modules/ncrack_sip.cc b/include/DomainExec/modules/ncrack_sip.cc new file mode 100644 index 00000000..745544b1 --- /dev/null +++ b/include/DomainExec/modules/ncrack_sip.cc @@ -0,0 +1,468 @@ + +/*************************************************************************** + * ncrack_sip.cc -- ncrack module for the SIP protocol * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include "http.h" +#ifndef WIN32 + #include + #include +#else + #include +#endif + +using namespace std; + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +static int sip_loop_read(nsock_pool nsp, Connection *con); +static char *get_ip_address(void); + + +typedef struct sip_info { + int cseq; + u16 localport; + char *local_ip; +} sip_info; + + +enum states { SIP_INIT, SIP_STATUS, SIP_AUTH }; + +#define SIP_TIMEOUT 10000 + + +void +ncrack_sip(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + Service *serv = con->service; + sip_info *info = NULL; + struct sockaddr_storage local; + struct sockaddr_in *local4 = NULL; + struct sockaddr_in6 *local6 = NULL; + int family = 0; + local4 = (struct sockaddr_in *)&local; + local6 = (struct sockaddr_in6 *)&local; + char localport_s[6]; + char cseq_s[6]; + + struct http_header *h; + char *header; + struct http_challenge challenge; + char *response_hdr; + + + if (con->misc_info) { + info = (sip_info *) con->misc_info; + } else { + con->misc_info = (sip_info *) safe_zalloc(sizeof(sip_info)); + info = (sip_info *) con->misc_info; + info->cseq = 1; + } + + + switch (con->state) + { + + case SIP_INIT: + + nsock_iod_get_communication_info(nsi, NULL, &family, (struct sockaddr*)&local, + NULL, sizeof(struct sockaddr_storage)); + if (family == AF_INET6) { + info->localport = ntohs(local6->sin6_port); + } else { + info->localport = ntohs(local4->sin_port); + } + + snprintf(localport_s, sizeof(localport_s), "%d", info->localport); + printf("local port %s \n", localport_s); + + snprintf(cseq_s, sizeof(cseq_s), "%d", info->cseq); + + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + info->local_ip = get_ip_address(); + + con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \ + + strlen(serv->target->NameIP()) + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \ + + strlen(cseq_s) + + strlen("REGISTER sip: SIP/2.0\r\nVia: SIP/2.0/TCP :\r\nFrom: \r\nTo: \r\n" "Call-ID: 1234@\r\nCSeq: REGISTER\r\nContent-Length: 0\r\n\r\n"), + "REGISTER sip:%s SIP/2.0\r\n" + "Via: SIP/2.0/TCP %s:%d\r\n" + "From: \r\n" + "To: \r\n" "Call-ID: 1234@%s\r\n" \ + "CSeq: %i REGISTER\r\n" "Content-Length: 0\r\n\r\n", serv->target->NameIP(), info->local_ip, info->localport, con->user, + serv->target->NameIP(), con->user, serv->target->NameIP(), serv->target->NameIP(), info->cseq); + +#if 0 + con->outbuf->snprintf(strlen("officesip.local") + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \ + + strlen("officesip.local") + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \ + + strlen(cseq_s) + + strlen("REGISTER sip: SIP/2.0\r\nVia: SIP/2.0/TCP :\r\nFrom: \r\nTo: \r\n" "Call-ID: 1234@\r\nCSeq: REGISTER\r\nContent-Length: 0\r\n\r\n"), + "REGISTER sip:%s SIP/2.0\r\n" + "Via: SIP/2.0/TCP %s:%d\r\n" + "From: \r\n" + "To: \r\n" "Call-ID: 1234@%s\r\n" \ + "CSeq: %i REGISTER\r\n" "Content-Length: 0\r\n\r\n", "officesip.local", info->local_ip, info->localport, con->user, + "officesip.local", con->user, serv->target->NameIP(), serv->target->NameIP(), info->cseq); +#endif + + info->cseq++; + + con->state = SIP_STATUS; + + nsock_write(nsp, nsi, ncrack_write_handler, SIP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + break; + + case SIP_STATUS: + + if (sip_loop_read(nsp, con) < 0) + break; + +#if 0 + printf("---------------memprint-------------\n"); + memprint((const char *)con->inbuf->get_dataptr(), con->inbuf->get_len()); + printf("---------------memprint-------------\n"); +#endif + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + /* If domain is invalid, then we should stop trying to crack this + * service. + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), + "Domain invalid or not specified", con->inbuf->get_len())) { + serv->end.orly = true; + serv->end.reason = Strndup("Domain invalid or not specified.", + strlen("Domain invalid or not specified.")); + return ncrack_module_end(nsp, con); + } + + + if (http_read_header((char *)con->inbuf->get_dataptr(), con->inbuf->get_len(), + &header) < 0) { + //printf("Error reading response header.\n"); + return ncrack_module_end(nsp, con); + } + + if (http_parse_header(&h, header) != 0) { + //printf("Error parsing response header.\n"); + return ncrack_module_end(nsp, con); + } + free(header); + header = NULL; + + if (http_header_get_challenge(h, &challenge) == NULL) { + //printf("Error getting Authenticate challenge.\n"); + http_header_free(h); + return ncrack_module_end(nsp, con); + } + http_header_free(h); + + response_hdr = http_digest_proxy_authorization(&challenge, + con->user, con->pass, "REGISTER", "sip:officesip.local"); + + //printf("resp hdr: %s\n", response_hdr); + //printf("length: %d \n", strlen(response_hdr)); + + snprintf(localport_s, sizeof(localport_s), "%d", info->localport); + snprintf(cseq_s, sizeof(cseq_s), "%d", info->cseq); + + con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \ + + strlen(serv->target->NameIP()) + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \ + + strlen(cseq_s) + strlen(response_hdr) + + strlen("REGISTER sip: SIP/2.0\r\nVia: SIP/2.0/TCP :\r\nFrom: \r\nTo: \r\n" "Call-ID: 1234@\r\nCSeq: REGISTER\r\nAuthorization:\r\nContent-Length: 0\r\n\r\n"), + "REGISTER sip:%s SIP/2.0\r\n" + "Via: SIP/2.0/TCP %s:%d\r\n" + "From: \r\n" + "To: \r\n" "Call-ID: 1234@%s\r\n" \ + "CSeq: %u REGISTER\r\n" "Authorization:%s\r\n" "Content-Length: 0\r\n\r\n", serv->target->NameIP(), info->local_ip, info->localport, con->user, + serv->target->NameIP(), con->user, serv->target->NameIP(), serv->target->NameIP(), info->cseq, response_hdr); + + info->cseq++; + +#if 0 + printf("outbuf: \n"); + la = (char *)con->outbuf->get_dataptr(); + for (int i = 0; i < con->outbuf->get_len(); i++) + printf("%c", *(la + i)); + printf("------\n"); +#endif + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, SIP_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + con->state = SIP_AUTH; + + break; + + case SIP_AUTH: + + + if (sip_loop_read(nsp, con) < 0) + break; + +#if 0 + printf("----------AUTH memprint-------------\n"); + memprint((const char *)con->inbuf->get_dataptr(), con->inbuf->get_len()); + printf("----------AUTH memprint-------------\n"); +#endif + + if (memsearch((const char *)con->inbuf->get_dataptr(), + "200 OK", con->inbuf->get_len())) { + con->auth_success = true; + } + + ncrack_module_end(nsp, con); + break; + + } + + +} + + + +static int +sip_loop_read(nsock_pool nsp, Connection *con) +{ + + if (con->inbuf == NULL) { + nsock_read(nsp, con->niod, ncrack_read_handler, SIP_TIMEOUT, con); + return -1; + } + + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\r\n\r\n", + con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, SIP_TIMEOUT, con); + return -1; + } + + return 0; +} + + + +char *get_ip_address(void) { + + char *addr = NULL; +#ifndef WIN32 + struct ifaddrs *ifaddr, *ifa; + int family, s, n; + char host[NI_MAXHOST]; + //int addrlen; + + if (getifaddrs(&ifaddr) == -1) + return NULL; + + for (ifa = ifaddr, n = 0; ifa != NULL; ifa = ifa->ifa_next, n++) { + if (ifa->ifa_addr == NULL) + continue; + + family = ifa->ifa_addr->sa_family; + + if(ifa->ifa_flags & IFF_LOOPBACK) + continue; + + /* For an AF_INET* interface address, display the address */ + if (family == AF_INET || family == AF_INET6) { + s = getnameinfo(ifa->ifa_addr, + (family == AF_INET) ? sizeof(struct sockaddr_in) : + sizeof(struct sockaddr_in6), + host, NI_MAXHOST, + NULL, 0, NI_NUMERICHOST); + if (s != 0) { + printf("getnameinfo() failed: %s\n", gai_strerror(s)); + return NULL; + } + if (family == AF_INET) { + addr = (char *)malloc(strlen(host) + 1); + memset(addr, 0, strlen(host) + 1); + memcpy(addr, host, strlen(host)); + //addrlen = strlen(host); + break; + } + printf("address: <%s>\n", host); + + } + } + + if (ifa == NULL) { + freeifaddrs(ifaddr); + return NULL; + } + + //printf("final addr: %s\n", addr); + //printf("final addrlen: %d\n", addrlen); + freeifaddrs(ifaddr); + +#else + + IP_ADAPTER_INFO *pAdapterInfo; + ULONG ulOutBufLen; + DWORD dwRetVal; + PIP_ADAPTER_INFO pAdapter = pAdapterInfo; + + while (pAdapter) { + printf("Adapter Name: %s\n", pAdapter->AdapterName); + printf("Adapter Desc: %s\n", pAdapter->Description); + printf("\tAdapter Addr: \t"); + for (UINT i = 0; i < pAdapter->AddressLength; i++) { + if (i == (pAdapter->AddressLength - 1)) + printf("%.2X\n", (int)pAdapter->Address[i]); + else + printf("%.2X-", (int)pAdapter->Address[i]); + } + printf("IP Address: %s\n", pAdapter->IpAddressList.IpAddress.String); + } + + +#endif + + return addr; +} + diff --git a/include/DomainExec/modules/ncrack_smb.cc b/include/DomainExec/modules/ncrack_smb.cc new file mode 100644 index 00000000..c840a966 --- /dev/null +++ b/include/DomainExec/modules/ncrack_smb.cc @@ -0,0 +1,736 @@ + +/*************************************************************************** + * ncrack_smb.cc -- ncrack module for the SMB protocol * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include "crypto.h" +#include + +#ifdef WIN32 +#ifndef __attribute__ +# define __attribute__(x) +#endif +# pragma pack(1) +#endif + +#define SMB_TIMEOUT 20000 + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +enum states { SMB_INIT, SMB_NEGOTIATE, SMB_SESSION_AUTH, SMB_FINI }; + +static int smb_loop_read(nsock_pool nsp, Connection *con); +static void smb_encode_header(Connection *con, char command); +static void smb_encode_negotiate_protocol(Buf *buf); +static void smb_prepend_length(Buf *buf); +static int smb_decode_header(Connection *con); +static int smb_decode_negresp(Connection *con); +static void smb_encode_session_header(Connection *con); +static void smb_get_password(Connection *con); +static void smb_encode_session_data(Connection *con); +static int smb_check_auth(Connection *con); + + + +//static void smb_free(Connection *con); + +enum hash_types { HASH_V1, HASH_LM, HASH_NTLM, HASH_V2, HASH_LMV2 }; + +typedef struct smb_state { + int hash_type; /* v1, lm, ntlm, v2, lmv2 */ + uint32_t session_key; /* value needs to be echoed back */ + u_char server_challenge[8]; /* random string for challenge/response */ + uint16_t max_mpx; /* maximum multiplexed connections */ + uint16_t pid; /* process id */ + + struct { + uint8_t hash[16]; + uint16_t length; /* ANSI Password length (LanMan) */ + uint8_t response[24]; + } lm; + struct { + uint8_t hash[16]; + uint16_t length; /* Unicode Password length (NTLM) */ + uint8_t response[24]; + } ntlm; + +} smb_state; + + +/* + * SMB header based on Microsoft's struct: + * http://msdn.microsoft.com/en-us/library/dd327707.aspx + */ +typedef struct smb_header { + + u_char protocol[4]; /* Contains 0xFF, 'SMB' */ + u_char command; /* Command code */ + union { + struct { + u_char error_class; /* Error class */ + u_char reserved; /* Reserved for future use */ + uint16_t error; /* Error code */ + } __attribute__((__packed__)) dos_error; + uint32_t status; + } status; + + u_char flags; + uint16_t flags2; + union { + uint16_t pad[6]; /* Ensure section is 12 bytes long */ + struct { + uint16_t pid_high; /* high part of PID */ + u_char security_signature[8]; /* reserved for security */ + } __attribute__((__packed__)) extra; + }; + + uint16_t tid; /* Tree identifier */ + uint16_t pid; /* Caller's process id */ + uint16_t uid; /* Unauthenticated user id */ + uint16_t mid; /* mutliplex id */ + +} __attribute__((__packed__)) smb_header; + + +/* + * Negotiate Response header + */ +typedef struct smb_negresp_header { + u_char word_count; /* Always 17 for this struct */ + struct { + uint16_t dialect_index; /* Selected dialect index */ + u_char security_mode; /* Server security flags */ + uint16_t max_mpx_count; /* Maximum Multiplex Count */ + uint16_t max_num_vc; /* Maximum Virtual Circuits */ + uint32_t max_buffer_size; /* Maximum SMB message size */ + uint32_t max_raw_size; /* Obsolete */ + uint32_t session_key; /* Unique session ID */ + uint32_t capabilities; /* Server capabilities flags */ + uint32_t system_time_low; /* Server time; low bytes */ + uint32_t system_time_high; /* Server time; high bytes */ + int16_t server_time_zone; /* Minutes from UTC; signed */ + u_char encryption_key_length; /* 0 or 8 */ + } __attribute__((__packed__)) words; +} __attribute__((__packed__)) smb_negresp_header; + + +/* + * Session Setup AndX Request header + */ +typedef struct +{ + u_char word_count; /* 12 or 13 words */ + struct + { + struct + { + u_char command; + u_char reserved; + uint16_t offset; + } andx; + uint16_t max_buffer_size; + uint16_t max_mpx_count; + uint16_t vc_number; + uint32_t session_key; + uint16_t lengths[2]; /* 1 or 2 elements */ + uint32_t reserved; + uint32_t capabilities; + } __attribute__((__packed__)) words; +} __attribute__((__packed__)) smb_andx_req_header; + + +/* + * Session Setup AndX Request data // not used atm + */ + #if 0 +typedef struct +{ + uint16_t byte_count; + struct + { + union + { + u_char security_blob[]; + struct + { + u_char case_insensitive_password[]; + u_char case_sensitive_password[]; + u_char pad[]; + u_char account_name[]; + u_char primary_domain[]; + } __attribute__((__packed__)) non_ext_sec; + } auth_stuff; + u_char native_os[]; + u_char native_LanMan[]; + u_char pad2[]; + } __attribute__((__packed__)) bytes; +} __attribute__((__packed__)) smb_andx_req_data; +#endif + + +/* SMB commands */ +#define SMB_COM_NEGOTIATE 0x72 +#define SMB_COM_SESSION_SETUP_ANDX 0x73 + +/* SMB Flags */ +#define SMB_FLAGS_CANONICAL_PATHNAMES 0x10 +#define SMB_FLAGS_CASELESS_PATHNAMES 0x08 + +/* SMB Flags2 */ +#define SMB_FLAGS2_32BIT_STATUS 0x4000 +#define SMB_FLAGS2_EXECUTE_ONLY_READS 0x2000 +#define SMB_FLAGS2_IS_LONG_NAME 0x0040 +#define SMB_FLAGS2_KNOWS_LONG_NAMES 0x0001 + +#define NT_STATUS_SUCCESS 0x00000000 + + +static int +smb_loop_read(nsock_pool nsp, Connection *con) +{ + uint32_t netbios_length, total_length; + void *ioptr; + + /* Make sure we get at least 4 bytes: these are the NetBIOS header which + * contains the total size of the message + */ + if (con->inbuf == NULL || con->inbuf->get_len() < 4) { + nsock_read(nsp, con->niod, ncrack_read_handler, SMB_TIMEOUT, con); + return -1; + } + + /* Get message length from NetBIOS header. It is in big-endian byte order and + * 24 bits in total, so do necessary conversions */ + ioptr = con->inbuf->get_dataptr(); + memcpy(&netbios_length, ioptr, sizeof(uint32_t)); + netbios_length = ntohl(netbios_length); /* convert to host-byte order */ + netbios_length &= 0x00FFFFFF; /* make it 24 bits */ + /* total length = netbios length + 4 (for the length itself) */ + total_length = netbios_length + 4; + + /* If we haven't received all the bytes of the message, according to the + * total length that we calculated, then try and get the rest */ + if (con->inbuf == NULL || con->inbuf->get_len() < total_length) { + nsock_read(nsp, con->niod, ncrack_read_handler, SMB_TIMEOUT, con); + return -1; + } + + return 0; + +} + + + + +/* Creates a string containing a SMB packet header. The header looks like this: + * + * + * -------------------------------------------------------------------------------------------------- + * | 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 | + * -------------------------------------------------------------------------------------------------- + * | 0xFF | 'S' | 'M' | 'B' | + * -------------------------------------------------------------------------------------------------- + * | Command | Status... | + * -------------------------------------------------------------------------------------------------- + * | ...Status | Flags | Flags2 | + * -------------------------------------------------------------------------------------------------- + * | PID_high | Signature..... | + * -------------------------------------------------------------------------------------------------- + * | ....Signature.... | + * -------------------------------------------------------------------------------------------------- + * | ....Signature | Unused | + * -------------------------------------------------------------------------------------------------- + * | TID | PID | + * -------------------------------------------------------------------------------------------------- + * | UID | MID | + * ------------------------------------------------------------------------------------------------- + + * All fields are, incidentally, encoded in little endian byte order. + + For the purposes here, the program doesn't care about most of the fields so they're given default + values. The "command" field is the only one we ever have to set manually, in my experience. The TID + and UID need to be set, but those are stored in the smb state and don't require user intervention. + */ +static void +smb_encode_header(Connection *con, char command) +{ + + smb_header header; + smb_state *info; + + info = (smb_state *) con->misc_info; + + /* Every SMB packet needs a NetBIOS Session Service Header prepended which + * is the length of the packet in 4 bytes in big endian. The length field is + * 17 or 24 bits depending on whether or not it is raw (SMB over TCP). + * + * For now allocate space in the buffer, and when everything is done go fill + * in the actual length with smb_prepend_length() + */ + con->outbuf->snprintf(4, "%c%c%c%c", 0, 0, 0, 0); + + /* -- SMB packet follows -- */ + + /* SMB header: 0xFF SMB */ + header.protocol[0] = 0xFF; + memcpy((char *)&header.protocol[1], "SMB", 3); + + header.command = command; + header.status.status = 0; + header.flags = SMB_FLAGS_CANONICAL_PATHNAMES | SMB_FLAGS_CASELESS_PATHNAMES; + header.flags2 = SMB_FLAGS2_32BIT_STATUS | SMB_FLAGS2_EXECUTE_ONLY_READS | + SMB_FLAGS2_IS_LONG_NAME | SMB_FLAGS2_KNOWS_LONG_NAMES; + memset(header.pad, 0, 2); + header.extra.pid_high = 0; + memset(&header.extra.security_signature, 0, + sizeof(header.extra.security_signature)); + header.tid = 0; + header.pid = info->pid ? info->pid : 0; + header.uid = 0; + header.mid = 0; + + con->outbuf->append(&header, sizeof(smb_header)); + +} + + +static void +smb_encode_negotiate_protocol(Buf *buf) +{ + uint16_t byte_count = 14; + + /* word count */ + buf->snprintf(1, "%c", 0); + + /* byte count */ + buf->append(&byte_count, 2); + + /* List of strings */ + buf->snprintf(12, "%c%s", 2, "NT LM 0.12"); + buf->snprintf(2, "%c%c", 2, 0); + +} + +static void +smb_prepend_length(Buf *buf) +{ + u_int len; + void *ptr; + uint32_t nbt_len; + + /* Now caluclate total length */ + len = buf->get_len(); + ptr = buf->get_dataptr(); + + nbt_len = htonl(len - 4); + memcpy(ptr, &nbt_len, sizeof(uint32_t)); + +} + + +/* + * Decodes SMB packet and stores the most improtant fields in smb_state + */ +static int +smb_decode_header(Connection *con) +{ + smb_state *info; + smb_header *header; + + info = (smb_state *) con->misc_info; + + /* Point to SMB header, 4 bytes after the beginning of NetBIOS header. + * Without any need for additional memory-copy operations, just have the + * smb_header pointer point to the incoming data. + */ + header = (smb_header *) ((const char *)(con->inbuf->get_dataptr()) + 4); + + /* First check if protocol magic number is correct */ + if (header->protocol[0] != 0xFF + || strncmp((const char *)&header->protocol[1], "SMB", 3)) { + return -1; + } + + /* Store important values in smb_state for future reference */ + info->pid = header->pid; + + return 0; +} + +/* + * This is similar to the smb_decode_header but specifically checks if we + * succeeded in the authentication. + * Returns 0 for success, < 0 for errors. + */ +static int +smb_check_auth(Connection *con) +{ + + smb_header *header; + + /* Point to SMB header, 4 bytes after the beginning of NetBIOS header. + * Without any need for additional memory-copy operations, just have the + * smb_header pointer point to the incoming data. + */ + header = (smb_header *) ((const char *)(con->inbuf->get_dataptr()) + 4); + + /* First check if protocol magic number is correct */ + if (header->protocol[0] != 0xFF + || strncmp((const char *)&header->protocol[1], "SMB", 3)) { + return -1; + } + + if (header->status.status == NT_STATUS_SUCCESS) { + return 0; + } + + return -1; + +} + + + +static int +smb_decode_negresp(Connection *con) +{ + smb_negresp_header *neg; + smb_state *info; + char *ptr; + + info = (smb_state *) con->misc_info; + + /* Point to Negotiate Protocol Response Header */ + neg = (smb_negresp_header *) ((const char *)(con->inbuf->get_dataptr()) + + sizeof(smb_header) + 4); + + info->session_key = neg->words.session_key; + info->max_mpx = neg->words.max_mpx_count; + + if (!neg->words.encryption_key_length) + return -1; + + /* Get encryption key */ + ptr = (char*)neg + sizeof(smb_negresp_header) + 2; + memcpy(info->server_challenge, ptr, 8); + + return 0; +} + + +static void +smb_encode_session_header(Connection *con) +{ + + smb_andx_req_header andx; + smb_state *info; + + info = (smb_state *) con->misc_info; + + andx.word_count = 13; // TODO: probably dynamic + + andx.words.andx.command = 0xFF; /* ANDX - No further commands */ + andx.words.andx.reserved = 0x00; /* ANDX - Reserved (0) */ + andx.words.andx.offset = 0x0000; /* ANDX - next offset */ + andx.words.max_buffer_size = 0xFFFF; /* Max buffer size */ + andx.words.max_mpx_count = 0x0001; /* Max multiplexes */ + andx.words.vc_number = 0x0000; /* Virtual circuit number */ + andx.words.session_key = info->session_key; /* Session key from earlier */ + andx.words.lengths[0] = info->lm.length; + andx.words.lengths[1] = info->ntlm.length; + andx.words.reserved = 0x00000000; /* Reserved */ + andx.words.capabilities = 0x00000050; /* Capabilities */ + + con->outbuf->append(&andx, sizeof(andx)); + +} + + +static void +smb_encode_session_data(Connection *con) +{ + smb_state *info; + char *ptr; + uint16_t byte_count = 0; + + info = (smb_state *) con->misc_info; + + ptr = (char *)con->outbuf->get_dataptr() + 4 + + sizeof(smb_header) + sizeof(smb_andx_req_header); + + /* Allocate first space for the byte count field. Calculate at the end the + * actual value, after we know the lengths of the rest of the fields */ + con->outbuf->append(&byte_count, sizeof(byte_count)); + + /* ANSI and Unicode passwords */ + con->outbuf->append(&info->lm.response, info->lm.length); + con->outbuf->append(&info->ntlm.response, info->ntlm.length); + + /* User account (trailing '\0' included) */ + con->outbuf->append(con->user, strlen(con->user) + 1); + + /* Primary domain */ + con->outbuf->snprintf(1, "%c", 0); + + /* Native OS */ + con->outbuf->snprintf(7, "%s", "Ncrack"); + + /* Native LAN Manager */ + con->outbuf->snprintf(14, "%s", "Native Lanman"); + + /* Now write the byte count, by calculating the above lengths */ + byte_count = info->lm.length + info->ntlm.length + strlen(con->user) + 1 + + 1 + 5 + 14; + memcpy(ptr, &byte_count, sizeof(byte_count)); + +} + + + +static void +smb_get_password(Connection *con) +{ + smb_state *info = (smb_state *) con->misc_info; + + /* Create the hashes */ + lm_create_hash(con->pass, info->lm.hash); + ntlm_create_hash(con->pass, info->ntlm.hash); + + switch (info->hash_type) + { + default: + lm_create_response(info->lm.hash, info->server_challenge, + info->lm.response); + info->lm.length = sizeof(info->lm.response); + + ntlm_create_response(info->ntlm.hash, info->server_challenge, + info->ntlm.response); + info->ntlm.length = sizeof(info->ntlm.response); + + } + + +} + + + +void +ncrack_smb(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + //con->ops_free = &smb_free; + + switch (con->state) + { + case SMB_INIT: + + con->state = SMB_NEGOTIATE; + + con->misc_info = (smb_state *)safe_zalloc(sizeof(smb_state)); + con->outbuf = new Buf(); + smb_encode_header(con, SMB_COM_NEGOTIATE); + smb_encode_negotiate_protocol(con->outbuf); + smb_prepend_length(con->outbuf); + + nsock_write(nsp, nsi, ncrack_write_handler, SMB_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + + case SMB_NEGOTIATE: + + if (smb_loop_read(nsp, con) < 0) + break; + + con->state = SMB_SESSION_AUTH; + + smb_decode_header(con); + smb_decode_negresp(con); + + /* Change state without any read or write */ + nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + break; + + case SMB_SESSION_AUTH: + + con->state = SMB_FINI; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + smb_get_password(con); + smb_encode_header(con, SMB_COM_SESSION_SETUP_ANDX); + smb_encode_session_header(con); + smb_encode_session_data(con); + smb_prepend_length(con->outbuf); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, SMB_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + + case SMB_FINI: + + if (smb_loop_read(nsp, con) < 0) + break; + + con->state = SMB_SESSION_AUTH; + + if (!smb_check_auth(con)) { + con->auth_success = true; + } + + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + } + + +} + + +#if 0 +static void +smb_free(Connection *con) +{ + + +} +#endif diff --git a/include/DomainExec/modules/ncrack_smb2.cc b/include/DomainExec/modules/ncrack_smb2.cc new file mode 100644 index 00000000..29f92e47 --- /dev/null +++ b/include/DomainExec/modules/ncrack_smb2.cc @@ -0,0 +1,459 @@ + +/*************************************************************************** + * ncrack_smb2.cc -- ncrack module for the SMB2 protocol * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include "crypto.h" +#include "ntlmssp.h" +#include "portable_endian.h" +#include + +#ifdef WIN32 +#ifndef __attribute__ +# define __attribute__(x) +#endif +# pragma pack(1) +#endif + +#define SMB2_TIMEOUT 20000 + +#define SMB2_CMD_NEGPROT 0x00 +#define SMB2_CMD_SESSETUP 0x01 + +#define SMB2_NEGOTIATE_SIGNING_ENABLED 0x0001 + +#define NT_STATUS_SUCCESS 0x00000000 +#define NT_STATUS_MOREPRO 0xc0000016 +#define NT_STATUS_LOGON_FAILURE 0xc000006d + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +enum states { SMB2_INIT, SMB2_NEGPROT, SMB2_SESSETUP1, SMB2_SESSETUP2, SMB2_FINI }; + +static int smb2_loop_read(nsock_pool nsp, Connection *con); +static void smb2_prepend_length(Buf *buf); + +//static void smb_free(Connection *con); + + +struct smb2_state { + struct auth_data *auth_data; + uint64_t session_id; + uint32_t msg_id; +}; + +static int +smb2_loop_read(nsock_pool nsp, Connection *con) +{ + uint32_t netbios_length, total_length; + void *ioptr; + + /* Make sure we get at least 4 bytes: these are the NetBIOS header which + * contains the total size of the message + */ + if (con->inbuf == NULL || con->inbuf->get_len() < 4) { + nsock_read(nsp, con->niod, ncrack_read_handler, SMB2_TIMEOUT, con); + return -1; + } + + /* Get message length from NetBIOS header. It is in big-endian byte order and + * 24 bits in total, so do necessary conversions */ + ioptr = con->inbuf->get_dataptr(); + memcpy(&netbios_length, ioptr, sizeof(uint32_t)); + netbios_length = ntohl(netbios_length); /* convert to host-byte order */ + netbios_length &= 0x00FFFFFF; /* make it 24 bits */ + /* total length = netbios length + 4 (for the length itself) */ + total_length = netbios_length + 4; + + /* If we haven't received all the bytes of the message, according to the + * total length that we calculated, then try and get the rest */ + if (con->inbuf == NULL || con->inbuf->get_len() < total_length) { + nsock_read(nsp, con->niod, ncrack_read_handler, SMB2_TIMEOUT, con); + return -1; + } + + return 0; + +} + +static void +smb2_prepend_length(Buf *buf) +{ + u_int len; + void *ptr; + uint32_t nbt_len; + + /* Now caluclate total length */ + len = buf->get_len(); + ptr = buf->get_dataptr(); + + nbt_len = htonl(len - 4); + memcpy(ptr, &nbt_len, sizeof(uint32_t)); + +} + +static void encode_u8(Buf *buf, uint8_t n) { + buf->append(&n, 1); +} +static void encode_le64(Buf *buf, uint64_t n) { + uint64_t u64 = htole64(n); + buf->append(&u64, 8); +} +static void encode_le32(Buf *buf, uint32_t n) { + uint32_t u32 = htole32(n); + buf->append(&u32, 4); +} +static void encode_le16(Buf *buf, uint16_t n) { + uint16_t u16 = htole16(n); + buf->append(&u16, 2); +} +static void encode_be32(Buf *buf, uint32_t n) { + uint32_t u32 = htonl(n); + buf->append(&u32, 4); +} +/* not used */ +#if 0 +static void encode_be16(Buf *buf, uint16_t n) { + uint16_t u16 = htons(n); + buf->append(&u16, 2); +} +#endif + +static void smb2_encode_header(Connection *con, int cmd) +{ + smb2_state *smb2 = (smb2_state*)con->misc_info; + + encode_be32(con->outbuf, 0); // NetBios size, overwritten later + encode_be32(con->outbuf, 0xFE534d42); // ProtocolID + encode_le16(con->outbuf, 64); // StructureSize + encode_le16(con->outbuf, 0); // CreditCharge + encode_le32(con->outbuf, 0); // Status + encode_le16(con->outbuf, cmd); // Command + encode_le16(con->outbuf, 0); // CreditRequested + encode_le32(con->outbuf, 0); // Flags + encode_le32(con->outbuf, 0); // NextCommand + encode_le64(con->outbuf, smb2->msg_id++); // MessageId + encode_le32(con->outbuf, 0); // Reserved + encode_le32(con->outbuf, 0); // TreeId + encode_le64(con->outbuf, smb2->session_id); // SessionId + encode_le64(con->outbuf, 0); // Signature (16 bytes) + encode_le64(con->outbuf, 0); // Signature +} + +static void smb2_encode_negprot_req(Connection *con) +{ + smb2_encode_header(con, SMB2_CMD_NEGPROT); + + encode_le16(con->outbuf, 36); // StructureSize + encode_le16(con->outbuf, 1); // DialectCount + encode_le16(con->outbuf, SMB2_NEGOTIATE_SIGNING_ENABLED); // SecurityMode + encode_le16(con->outbuf, 0); // Reserved + encode_le32(con->outbuf, 0); // Capabilities + for (int i = 0; i < 16; i++) { + encode_u8(con->outbuf, rand()%256); // ClientGuid + } + encode_le64(con->outbuf, 0); // ClientStartTime + encode_le16(con->outbuf, 0x0202); // Dialect + + smb2_prepend_length(con->outbuf); +} + +static void smb2_encode_sessetup_req(Connection *con, unsigned char *in_sec_buf = NULL, uint16_t in_sec_len = 0) +{ + smb2_state *smb2 = (smb2_state*)con->misc_info; + unsigned char *sec_buf; + uint16_t sec_len; + uint16_t *sec_off; + + if (!in_sec_buf) { + smb2->auth_data = ntlmssp_init_context(con->user, con->pass, "", "", "abcdefgh"); + } + ntlmssp_generate_blob(smb2->auth_data, in_sec_buf, in_sec_len, &sec_buf, &sec_len); + + smb2_encode_header(con, SMB2_CMD_SESSETUP); + + encode_le16(con->outbuf, 25); // StructureSize + encode_u8(con->outbuf, 0); // Flags + encode_u8(con->outbuf, SMB2_NEGOTIATE_SIGNING_ENABLED); // SecurityMode + encode_le32(con->outbuf, 0); // Capabilities + encode_le32(con->outbuf, 0); // Channel + encode_le16(con->outbuf, 0); // SecurityBufferOffset + sec_off = (uint16_t*)(((uint8_t*)con->outbuf->get_dataptr()) + con->outbuf->get_len() - 2); + encode_le16(con->outbuf, sec_len); // SecurityBufferLength + encode_le64(con->outbuf, 0); // PreviousSessionId + *sec_off = htole16(con->outbuf->get_len() - 4); + con->outbuf->append(sec_buf, sec_len); + + smb2_prepend_length(con->outbuf); +} + +static uint32_t smb2_get_status(Connection *con) +{ + uint32_t *p = (uint32_t*)(((uint8_t*)con->inbuf->get_dataptr()) + 4 + 4 + 2 + 2); + return le32toh(*p); +} + +static void smb2_get_sessetup_sec_buf(Connection *con, unsigned char **buf, uint16_t *len) +{ + uint8_t *start = ((uint8_t*)con->inbuf->get_dataptr()) + 4; + uint8_t *rsp = start + 64; + uint16_t *sec_off = (uint16_t *)(rsp + 2 + 2); + uint16_t *sec_len = (uint16_t *)(rsp + 2 + 2 + 2); + *buf = (unsigned char*)(start + le16toh(*sec_off)); + *len = le16toh(*sec_len); +} + +static uint64_t smb2_get_ses_id(Connection *con) +{ + uint8_t *start = ((uint8_t*)con->inbuf->get_dataptr()) + 4; + return le64toh(*((uint64_t*)(start+4+2+2+4+2+2+4+4+8+4+4))); +} + + +void +ncrack_smb2(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + smb2_state *smb2 = (smb2_state*)con->misc_info; + //con->ops_free = &smb_free; + + switch (con->state) + { + case SMB2_INIT: + + con->state = SMB2_NEGPROT; + + con->misc_info = (smb2_state *)safe_zalloc(sizeof(smb2_state)); + con->outbuf = new Buf(); + smb2_encode_negprot_req(con); + + nsock_write(nsp, nsi, ncrack_write_handler, SMB2_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + + case SMB2_NEGPROT: + if (smb2_loop_read(nsp, con) < 0) + break; + con->state = SMB2_SESSETUP1; + + // smb_decode_header(con); + // smb_decode_negresp(con); + + /* Change state without any read or write */ + nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + break; + + case SMB2_SESSETUP1: + + if (smb2_loop_read(nsp, con) < 0) + break; + + con->state = SMB2_SESSETUP2; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + smb2->session_id = smb2_get_ses_id(con); + smb2_encode_sessetup_req(con); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, SMB2_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case SMB2_SESSETUP2: + + if (smb2_loop_read(nsp, con) < 0) + break; + + con->state = SMB2_FINI; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + { + unsigned char *buf; + uint16_t len; + smb2_get_sessetup_sec_buf(con, &buf, &len); + smb2->session_id = smb2_get_ses_id(con); + smb2_encode_sessetup_req(con, buf, len); + } + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, SMB2_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + + case SMB2_FINI: + + if (smb2_loop_read(nsp, con) < 0) + break; + + con->state = SMB2_SESSETUP1; + + if (smb2_get_status(con) == NT_STATUS_SUCCESS) + con->auth_success = true; + else if (smb2_get_status(con) == NT_STATUS_LOGON_FAILURE) + con->auth_success = false; + + ntlmssp_destroy_context(smb2->auth_data); + smb2->auth_data = NULL; + smb2->session_id = 0; + + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + } +} + + +#if 0 +static void +smb_free(Connection *con) +{ + + +} +#endif diff --git a/include/DomainExec/modules/ncrack_ssh.cc b/include/DomainExec/modules/ncrack_ssh.cc new file mode 100644 index 00000000..88f02f5f --- /dev/null +++ b/include/DomainExec/modules/ncrack_ssh.cc @@ -0,0 +1,596 @@ + +/*************************************************************************** + * ncrack_ssh.cc -- ncrack module for the SSH protocol * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include + +/* OpenSSH include-files */ +#include "opensshlib.h" + +#include "ssh2.h" +#include "openssl/dh.h" +#include "buffer.h" +#include "sshbuf.h" +#include "kex.h" +#include "sshconnect.h" +#include "packet.h" +#include "misc.h" +#include "cipher.h" +#include "compat.h" +#include "mac.h" + +#define SSH_TIMEOUT 20000 +#define CLIENT_VERSION "SSH-2.0-OpenSSH_7.1\n" + + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +enum states { SSH_INIT, SSH_ID_EX, SSH_KEY, SSH_KEY2, SSH_KEY3, SSH_KEY4, + SSH_AUTH, SSH_AUTH2, SSH_AUTH3, SSH_AUTH4, SSH_FINI }; + +static void ssh_free(Connection *con); + + + +static inline int +ssh_loop_read(nsock_pool nsp, Connection *con, ncrack_ssh_state *info) +{ + u_int packetlen = 0; + + /* If we have data in the I/O buffer, which means that we had previously + * scheduled an nsock read event, then append the new data we got inside + * the 'input' buffer which will be processed by the openssh library + */ + if (con->inbuf != NULL) { + packetlen = con->inbuf->get_len(); + + //printf("packetlen read by nsock: %d\n", packetlen); + if (packetlen > 0) { + buffer_append(info->input, con->inbuf->get_dataptr(), packetlen); + delete con->inbuf; + con->inbuf = NULL; + } + + //printf("info input length: %d \n", sshbuf_len(info->input)); + } + + //printf("ncrack state %d\n", con->state); + + info->type = ncrackssh_ssh_packet_read(info); + if (info->type == SSH_MSG_NONE) { + //printf("ssh loop MSG NONE\n"); + nsock_read(nsp, con->niod, ncrack_read_handler, SSH_TIMEOUT, con); + return -1; + } else if (info->type == SSH2_MSG_DISCONNECT) { + //printf("ssh loop MSG DISCONNECT\n"); + return -2; + } + + //printf("info->type: %d\n", info->type); + + //printf("final input packet length %d\n", sshbuf_len(info->input)); + + delete con->inbuf; + con->inbuf = NULL; + return 0; +} + + + +void +ncrack_ssh(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + Service *serv = con->service; + void *ioptr; + u_int buflen; + ncrack_ssh_state *info = NULL; + con->ops_free = &ssh_free; + int r = 0; + + if (con->misc_info) + info = (ncrack_ssh_state *) con->misc_info; + + switch (con->state) + { + case SSH_INIT: + + con->state = SSH_ID_EX; + con->misc_info = (ncrack_ssh_state *)safe_zalloc(sizeof(ncrack_ssh_state)); + nsock_read(nsp, nsi, ncrack_read_handler, SSH_TIMEOUT, con); + break; + + case SSH_ID_EX: + + buflen = con->inbuf->get_len(); + ioptr = con->inbuf->get_dataptr(); + if (!memsearch((const char *)ioptr, "\n", buflen)) { + con->state = SSH_ID_EX; + nsock_read(nsp, nsi, ncrack_read_handler, SSH_TIMEOUT, con); + break; + } + if (strncmp((const char *)ioptr, "SSH-", 4)) { + con->inbuf->clear(); + con->state = SSH_ID_EX; + nsock_read(nsp, nsi, ncrack_read_handler, SSH_TIMEOUT, con); + break; + } + con->state = SSH_KEY; + + info->server_version_string = Strndup((char *)ioptr, buflen); + ncrackssh_compat_datafellows(info); + + chop(info->server_version_string); + + /* NEVER forget to free allocated memory and also NULL-assign ptr */ + delete con->inbuf; + con->inbuf = NULL; + + if (con->outbuf) + delete con->outbuf; + + con->outbuf = new Buf(); + con->outbuf->append(CLIENT_VERSION, sizeof(CLIENT_VERSION)-1); + info->client_version_string = Strndup( + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + chop(info->client_version_string); + + nsock_write(nsp, nsi, ncrack_write_handler, SSH_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + break; + + case SSH_KEY: + + con->state = SSH_KEY2; + + /* sends "Key Exchange Init" */ + + /* Initialize cipher contexts and keys as well as internal opensshlib + * buffers (input, output, incoming_packet, outgoing_packet) + */ + ssh_packet_set_connection(info); + + ncrackssh_ssh_kex2(info, info->client_version_string, + info->server_version_string); + + nsock_write(nsp, nsi, ncrack_write_handler, SSH_TIMEOUT, con, + (const char *)buffer_ptr(info->output), + buffer_len(info->output)); + + buffer_consume(info->output, buffer_len(info->output)); + + break; + + + case SSH_KEY2: + + r = ssh_loop_read(nsp, con, info); + if (r == -1) + break; + else if (r == -2) { + con->force_close = true; + con->close_reason = MODULE_ERR; + return ncrack_module_end(nsp, con); + } + + + /* Receives: "Key Exchange Init" + * Sends: "Diffie-Hellman GEX Request" + */ + con->state = SSH_KEY3; + + ncrackssh_kex_input_kexinit(info); + + nsock_write(nsp, nsi, ncrack_write_handler, SSH_TIMEOUT, con, + (const char *)buffer_ptr(info->output), buffer_len(info->output)); + buffer_consume(info->output, buffer_len(info->output)); + + break; + + case SSH_KEY3: + + r = ssh_loop_read(nsp, con, info); + if (r == -1) + break; + else if (r == -2) { + con->force_close = true; + con->close_reason = MODULE_ERR; + return ncrack_module_end(nsp, con); + } + + /* Receives: "Diffie-Hellman Key Exchange Reply" and + * Sends: "Diffie-Hellman GEX Init" + */ + + con->state = SSH_KEY4; + + if (info->kex->kex_type == KEX_ECDH_SHA2) { + //printf("KEX ECDH SHA2 \n"); + ncrackssh_input_kex_ecdh_reply(info); + con->state = SSH_AUTH; + } else if (info->kex->kex_type == KEX_DH_GRP1_SHA1 + || info->kex->kex_type == KEX_DH_GRP14_SHA1) { + //printf("dh client\n"); + ncrackssh_input_kex_dh(info); + con->state = SSH_AUTH; + } else if (info->kex->kex_type == KEX_C25519_SHA256) { + //printf("c25519 client\n"); + ncrackssh_input_kex_c25519_reply(info); + con->state = SSH_AUTH; + } else { + //printf("dh gex sha\n"); + ncrackssh_input_kex_dh_gex_group(info); + } + + nsock_write(nsp, nsi, ncrack_write_handler, SSH_TIMEOUT, con, + (const char *)buffer_ptr(info->output), buffer_len(info->output)); + buffer_consume(info->output, buffer_len(info->output)); + + break; + + case SSH_KEY4: + + r = ssh_loop_read(nsp, con, info); + if (r == -1) + break; + else if (r == -2) { + con->force_close = true; + con->close_reason = MODULE_ERR; + return ncrack_module_end(nsp, con); + } + + /* Receives: "Diffie-Hellman GEX Reply" and + * Sends: "New keys" + */ + con->state = SSH_AUTH; + + ncrackssh_input_kex_dh_gex_reply(info); + + nsock_write(nsp, nsi, ncrack_write_handler, SSH_TIMEOUT, con, + (const char *)buffer_ptr(info->output), buffer_len(info->output)); + buffer_consume(info->output, buffer_len(info->output)); + + break; + + case SSH_AUTH: + + r = ssh_loop_read(nsp, con, info); + if (r == -1) + break; + else if (r == -2) { + con->force_close = true; + con->close_reason = MODULE_ERR; + return ncrack_module_end(nsp, con); + } + + /* Receives: "New keys" + * Sends "Encrypted Request 1" + */ + + con->state = SSH_AUTH2; + + ncrackssh_ssh_start_userauth2(info); + + nsock_write(nsp, nsi, ncrack_write_handler, SSH_TIMEOUT, con, + (const char *)buffer_ptr(info->output), buffer_len(info->output)); + buffer_consume(info->output, buffer_len(info->output)); + + break; + + case SSH_AUTH2: + +#if 0 + if (info->kex->kex_type == KEX_DH_GEX_SHA1 || info->kex->kex_type == KEX_DH_GEX_SHA256) { + //printf("SSH AUTH 2 loop read \n"); + if (ssh_loop_read(nsp, con, info) < 0) + break; + } +#endif + + r = ssh_loop_read(nsp, con, info); + if (r == -1) + break; + else if (r == -2) { + con->force_close = true; + con->close_reason = MODULE_ERR; + return ncrack_module_end(nsp, con); + } + + con->state = SSH_AUTH3; + + /* + * If server doesn't support "password" authentication method then + * there is no point in doing any more attempts, so we can mark the + * service as finished. + */ + if (ncrackssh_ssh_userauth2_service_rep(info) < 0) { + serv->end.orly = true; + if (con->outbuf) + delete con->outbuf; + + //printf("Server error\n"); + + con->outbuf = new Buf(); + Snprintf((char *)con->outbuf->get_dataptr(), DEFAULT_BUF_SIZE, + "Server denied authentication request: %d", info->type); + serv->end.reason = Strndup((const char *)con->outbuf->get_dataptr(), + (size_t)strlen((const char *)con->outbuf->get_dataptr())); + return ncrack_module_end(nsp, con); + } + + /* Jump straight to next state */ + nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + break; + + case SSH_AUTH3: + + /* + * Sends credentials + */ + con->state = SSH_FINI; + + //printf("SSH AUTH 3 \n"); + + /* compare the current user with the previously saved on, so that if + * we get another username in the same connection, we close the + * connection because ssh doesn't let us change the username midway + */ + if (info->prev_user == NULL) { + info->prev_user = con->user; + //printf("null user: %s \n", info->prev_user); + } else { + if (info->prev_user != con->user) { + //printf("CLOSING CONNECTION DUE TO DIFFERENT NAME\n"); + con->force_close = true; + con->close_reason = MODULE_ERR; + return ncrack_module_end(nsp, con); + } + + info->prev_user = con->user; + //printf("prev_user %d \n", con->user); + } + + ncrackssh_ssh_userauth2(info, con->user, con->pass); + + nsock_write(nsp, nsi, ncrack_write_handler, SSH_TIMEOUT, con, + (const char *)buffer_ptr(info->output), buffer_len(info->output)); + buffer_consume(info->output, buffer_len(info->output)); + + break; + + case SSH_FINI: + + r = ssh_loop_read(nsp, con, info); + if (r == -1) + break; +#if 0 + else if (r == -2) { + con->force_close = true; + con->close_reason = MODULE_ERR; + return ncrack_module_end(nsp, con); + } +#endif + + /* + * If we get a disconnect message at this stage, then it probably + * means that we reached the server's authentication limit per + * connection. + */ + if (info->type == SSH2_MSG_DISCONNECT) { + return ncrack_module_end(nsp, con); + } + + if (info->type == SSH2_MSG_USERAUTH_SUCCESS) { + //printf("succeed\n"); + con->auth_success = true; + con->force_close = true; + } else if (info->type == SSH2_MSG_USERAUTH_FAILURE) { + //printf("failed!\n"); + con->state = SSH_AUTH3; + } else if (info->type == SSH2_MSG_USERAUTH_BANNER) { + //printf("Got banner!\n"); + } + + + return ncrack_module_end(nsp, con); + } +} + + +static void +ssh_free(Connection *con) +{ + ncrack_ssh_state *p; + if (!con->misc_info) + return; + + p = (ncrack_ssh_state *)con->misc_info; + + if (p->kex) { + if (p->kex->peer->alloc > 0) + free(p->kex->peer->d); + if (p->kex->my->alloc > 0) + free(p->kex->my->d); + if (p->kex->session_id) + free(p->kex->session_id); + free(p->kex); + } + + /* Note that DH *dh has already been freed from + * the openssh library */ + + /* 2 keys */ + for (int i = 0; i < 2; i++) { + if (p->newkeys[i]) { + free(p->newkeys[i]->enc.iv); + free(p->newkeys[i]->enc.key); + free(p->newkeys[i]->mac.key); + /* Without this specific call to cleanup the mac environment there + * was a big memleak - reported by Valgrind to be starting from + * mac_init() (opensshlib/mac.c). For some reason, no proper cleanup + * was done and this explicit call for mac_clear() is needed. + */ + mac_clear(&p->newkeys[i]->mac); + if (p->newkeys[i]->comp.name) + free(p->newkeys[i]->comp.name); + if (p->newkeys[i]->enc.name) + free(p->newkeys[i]->enc.name); + if (p->newkeys[i]->mac.name) + free(p->newkeys[i]->mac.name); + free(p->newkeys[i]); + } + } + + EVP_CIPHER_CTX_free(p->receive_context.evp); + EVP_CIPHER_CTX_free(p->send_context.evp); + + buffer_free(p->input); + buffer_free(p->output); + buffer_free(p->incoming_packet); + buffer_free(p->outgoing_packet); + + if (p->client_version_string) + free(p->client_version_string); + if (p->server_version_string) + free(p->server_version_string); + if (p->disc_reason) + free(p->disc_reason); + +} + diff --git a/include/DomainExec/modules/ncrack_telnet.cc b/include/DomainExec/modules/ncrack_telnet.cc new file mode 100644 index 00000000..e6d37893 --- /dev/null +++ b/include/DomainExec/modules/ncrack_telnet.cc @@ -0,0 +1,463 @@ + +/*************************************************************************** + * ncrack_telnet.cc -- ncrack module for the TELNET protocol * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include + + +/* Telnet Commands */ +#define IAC 255 /* interpret as command: */ +#define DONT 254 /* you are not to use option */ +#define DO 253 /* please, you use option */ +#define WONT 252 /* I won't use option */ +#define WILL 251 /* I will use option */ +#define SB 250 /* interpret as subnegotiation */ +#define SE 240 /* end sub negotiation */ + +/* Telnet Options */ +#define LINEMODE 34 + +#define WILL_LINEMODE "\xff\xfb\x22" +#define DO_LINEMODE "\xff\xfd\x22" + + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_timer_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +typedef struct telnet_info { + bool linemode; /* true if peer supports linemode */ + /* Some devices don't even bother to answer our question of whether they + * support linemode or not, and thus we need a separate boolean to tell us + * if we sent a request, so we can try only once. + */ + bool asked_for_linemode; + bool linemode_not_supported; /* peer told us that he doesn't support linemode */ + bool can_start_auth; + char *userptr; + char *passptr; +} telnet_info; + + +enum states { TELNET_INIT, TELNET_OPTIONS_1, TELNET_OPTIONS_2, TELNET_AUTH, TELNET_ECHO_USER, + TELNET_PASS_R, TELNET_PASS_W, TELNET_FINI }; + +void +ncrack_telnet(nsock_pool nsp, Connection *con) +{ + char lbuf[BUFSIZE]; /* local buffer */ + /* We can't let nsock handle the size by looking at '\0' + * because telnet uses 0 as a valid value for options + * (e.g binary transmission option) */ + size_t lbufsize; + nsock_iod nsi = con->niod; + telnet_info *info = NULL; + size_t datasize; + char *recvbufptr = NULL; + size_t recvbuflen = 0; + char *localbufptr = lbuf; + if (con->misc_info) + info = (telnet_info *) con->misc_info; + + switch (con->state) + { + case TELNET_INIT: + con->peer_might_close = false; + con->misc_info = (telnet_info *)safe_zalloc(sizeof(telnet_info)); + con->state = TELNET_OPTIONS_1; + nsock_read(nsp, nsi, ncrack_read_handler, 50000, con); + break; + + case TELNET_OPTIONS_1: + + recvbufptr = (char *)con->inbuf->get_dataptr(); + recvbuflen = con->inbuf->get_len(); + + /* Telnet Option Parsing */ + while (*recvbufptr == (char) IAC + && ((size_t)(recvbufptr - (char *)con->inbuf->get_dataptr()) < recvbuflen) + && ((localbufptr - lbuf) < BUFSIZE - 3)) { + + /* For every option other than linemode we reject it */ + if (recvbufptr[1] == (char) WILL) { + if (recvbufptr[2] == (char) LINEMODE) { + /* reply is needed only when we haven't asked explicitly if the peer + * supports linemode itself + */ + if (info->asked_for_linemode == false) { + memcpy(localbufptr, WILL_LINEMODE, sizeof(WILL_LINEMODE)); + localbufptr += 3; + } + info->linemode = true; + } else { + snprintf(localbufptr, 4, "%c%c%c", IAC, DONT, recvbufptr[2]); + localbufptr += 3; + } + recvbufptr += 3; + + } else if (recvbufptr[1] == (char) WONT) { + if (recvbufptr[2] == LINEMODE) { + info->linemode = false; + info->linemode_not_supported = true; + } else { + snprintf(localbufptr, 4, "%c%c%c", IAC, DONT, recvbufptr[2]); + localbufptr += 3; + } + recvbufptr += 3; + + } else if (recvbufptr[1] == (char) DONT) { + if (recvbufptr[2] == LINEMODE) { + info->linemode = false; + info->linemode_not_supported = true; + } + snprintf(localbufptr, 4, "%c%c%c", IAC, WONT, recvbufptr[2]); + localbufptr += 3; + recvbufptr += 3; + + } else if (recvbufptr[1] == (char) DO) { + if (recvbufptr[2] == LINEMODE) { + if (info->asked_for_linemode == false) { + memcpy(localbufptr, WILL_LINEMODE, sizeof(WILL_LINEMODE)); + localbufptr += 3; + } + info->linemode = true; + } else { + snprintf(localbufptr, 4, "%c%c%c", IAC, WONT, recvbufptr[2]); + localbufptr += 3; + } + recvbufptr += 3; + + /* We just ignore any suboption we receive */ + } else if (recvbufptr[1] == (char) SB) { + while (*recvbufptr != (char) SE + && (size_t)((recvbufptr - (char *)con->inbuf->get_dataptr())) < recvbuflen) + recvbufptr++; + recvbufptr++; + } + } + + /* If peer didn't sent linemode as part of its options and didn't sent a + * command saying he doesn't support it and this is the first time we + * request it from him, then try to ask him explicitly if + * he supports it. + */ + if (info->linemode == false + && info->linemode_not_supported == false + && info->asked_for_linemode == false) { + if ((localbufptr - lbuf) < BUFSIZE - 3) { + memcpy(localbufptr, WILL_LINEMODE, sizeof(WILL_LINEMODE)); + info->asked_for_linemode = true; + localbufptr += 3; + } + } + + datasize = recvbuflen - (recvbufptr - (char *)con->inbuf->get_dataptr()); + + /* Now check for banner and login prompt */ + if (datasize > 0) { + if (o.debugging > 8) { + //memprint(recvbufptr, datasize); + //printf("\n"); + } + /* If we see a certain pattern that denotes that we can start + * authentication then we note that down. */ + if (memsearch(recvbufptr, "login", datasize) + || memsearch(recvbufptr, "username", datasize)) + info->can_start_auth = true; + } + + lbufsize = localbufptr - lbuf; + + con->state = TELNET_OPTIONS_2; + /* If we have something to send then do so. Else just wait until you + * receive a relevant authentication pattern to start cracking. + */ + if (localbufptr != lbuf) { + nsock_write(nsp, nsi, ncrack_write_handler, 10000, con, lbuf, lbufsize); + } else { + if (info->can_start_auth == true) + con->state = TELNET_AUTH; + /* That's a bit of a hack, but we need the module to be called again + * with a changed state without issuing a read or write this time. And + * thus we create a timer event with a timeout of 0 milliseconds */ + nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + } + break; + + case TELNET_OPTIONS_2: + delete con->inbuf; + con->inbuf = NULL; + + con->state = TELNET_OPTIONS_1; + nsock_read(nsp, nsi, ncrack_read_handler, 10000, con); + break; + + case TELNET_AUTH: + if (info->linemode) { + con->state = TELNET_PASS_R; + snprintf(lbuf, sizeof(lbuf), "%s\r", con->user); + nsock_write(nsp, nsi, ncrack_write_handler, 10000, con, lbuf, -1); + } else { + con->state = TELNET_ECHO_USER; + /* Since our peer doesn't support linemode, we need to send each + * character of the username in individual packets. We send 1 byte + * and wait for the server's echo and so on... + */ + if (con->inbuf) { + recvbufptr = (char *)con->inbuf->get_dataptr(); + recvbuflen = con->inbuf->get_len(); + } + + if (!info->userptr) + info->userptr = con->user; + + /* OK, here's the deal: we need to account for the fact that some + * telnet daemons (hint: cisco routers) send the initial login prompt + * and then start sending telnet options. Since we have already, sent + * the first username character by now, we will just have to ignore + * those options, and wait until we see our character echoed back in + * order to go on sending the rest of the username. + */ + if (con->inbuf && info->userptr > con->user + && (size_t)((info->userptr - con->user)) != strlen(con->user)) { + /* Some telnet daemons send the echo reply with a \0 byte in front of + * the echoed characted. Damn inconsistencies. */ + if ((recvbuflen > 2 && recvbufptr[1] != *(info->userptr - 1)) + || (recvbuflen == 1 && recvbufptr[0] != *(info->userptr - 1))) { + nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + break; + } + } + + /* we can move on to reading the password prompt */ + if (recvbufptr && info->userptr > con->user && + memsearch(recvbufptr, "\r", recvbuflen)) { + if (memsearch(recvbufptr, "password", recvbuflen)) + con->state = TELNET_PASS_W; + else + con->state = TELNET_PASS_R; + nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + break; + } + + if ((size_t)(info->userptr - con->user) == strlen(con->user)) { + lbuf[0] = '\r'; + lbuf[1] = '\0'; + nsock_write(nsp, nsi, ncrack_write_handler, 10000, con, lbuf, 2); + } else { + lbuf[0] = info->userptr[0]; + info->userptr++; + nsock_write(nsp, nsi, ncrack_write_handler, 10000, con, lbuf, 1); + } + } + break; + + case TELNET_ECHO_USER: + delete con->inbuf; + con->inbuf = NULL; + + con->state = TELNET_AUTH; + nsock_read(nsp, nsi, ncrack_read_handler, 10000, con); + break; + + case TELNET_PASS_R: + delete con->inbuf; + con->inbuf = NULL; + + con->state = TELNET_PASS_W; + nsock_read(nsp, nsi, ncrack_read_handler, 10000, con); + break; + + case TELNET_PASS_W: + /* After some testing, it seems that we can send the password + * as one packet, even if linemode is disabled. */ + con->state = TELNET_FINI; + snprintf(lbuf, sizeof(lbuf), "%s\r", con->pass); + con->peer_might_close = true; + nsock_write(nsp, nsi, ncrack_write_handler, 10000, con, lbuf, -1); + break; + + case TELNET_FINI: + if (con->inbuf) { + recvbufptr = (char *)con->inbuf->get_dataptr(); + recvbuflen = con->inbuf->get_len(); + } + + if (memsearch(recvbufptr, "incorrect", recvbuflen) + || memsearch(recvbufptr, "fail", recvbuflen)) { + con->auth_success = false; + con->state = TELNET_AUTH; + info->userptr = NULL; + info->passptr = NULL; + con->peer_might_close = false; + + /* + * If telnetd sent the final answer along with the new login prompt + * (something which happens with some daemons), then we don't need to + * check if the peer has closed the connection because obviously he hasn't! + */ + if (memsearch(recvbufptr, "login", recvbuflen) + || memsearch(recvbufptr, "username", recvbuflen)) + con->peer_alive = true; + + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + + } else if (memsearch(recvbufptr, ">", recvbuflen) + || memsearch(recvbufptr, "$", recvbuflen) + || memsearch(recvbufptr, "#", recvbuflen)) { + con->auth_success = true; + + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + + } else { /* wait for more replies */ + + delete con->inbuf; + con->inbuf = NULL; + + con->state = TELNET_FINI; + nsock_read(nsp, nsi, ncrack_read_handler, 10000, con); + } + } + +} + diff --git a/include/DomainExec/modules/ncrack_vnc.cc b/include/DomainExec/modules/ncrack_vnc.cc new file mode 100644 index 00000000..f02afae0 --- /dev/null +++ b/include/DomainExec/modules/ncrack_vnc.cc @@ -0,0 +1,386 @@ +/*************************************************************************** + * ncrack_vnc.cc -- ncrack module for the vnc protocol * + * Coded by rhh * + * http://rycon.hu/ * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include +#include + +#define TIMEOUT 20000 +#define MAXPWLEN 8 +#define CHALLENGESIZE 16 + +#define MAXMSPWLEN 32 +#define CHALLENGESIZEMS 64 + +#define BYTES_TO_READ 1024 + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_connect_handler(nsock_pool nsp, nsock_event nse, + void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +enum states { VNC_INIT, VNC_HANDSHAKE, VNC_SECURITY_TYPE, VNC_AUTH, VNC_SECURITY_RESULT }; + +/* + * Encrypt CHALLENGESIZE bytes in memory using a password. + */ +static void +vncEncryptBytes(unsigned char *bytes, char *passwd) +{ + unsigned char key[8]; + size_t i; + + /* key is simply password padded with nulls */ + + for (i = 0; i < 8; i++) { + if (i < strlen(passwd)) { + key[i] = passwd[i]; + } else { + key[i] = 0; + } + } + + deskey(key, EN0); + + for (i = 0; i < CHALLENGESIZE; i += 8) { + des(bytes+i, bytes+i); + } +} + + +static int +buf_check(int n, char* p) { + int i; + for(i=0; istr_length) + for(int i=str_length; i < uint_length; i++) + retme[i] = (uint8_t)0; + + return retme; +} + +void +ncrack_vnc(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + Service *serv = con->service; + char version_test[] = {2,0}; + + switch (con->state) + { + case VNC_INIT: + con->state = VNC_HANDSHAKE; + + break; + + case VNC_HANDSHAKE: + + /* Wait till we receive the server's input */ + if(con->inbuf == NULL) + break; + + //buf_print(con->inbuf->get_len(), (char*)con->inbuf->get_dataptr()); + + /* We may have hit our limit, so we need to check */ + if (memsearch((const char *)con->inbuf->get_dataptr(), "Too many authentication failures", con->inbuf->get_len())|| + memsearch((const char *)con->inbuf->get_dataptr(), "Too many security failures", con->inbuf->get_len())) { + if (o.debugging > 5) + error("%s Too many authentication failures (a)", serv->HostInfo()); + + con->close_reason = MODULE_ERR; + con->force_close = true; + return ncrack_module_end(nsp, con); + } + + /* vnc begins with the server sending a version like "RFB 003.008\n" or "RFB 003.003\n" + * determine which one to use, and then continue + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), "RFB 003.008", con->inbuf->get_len())) { + con->outbuf = new Buf(); + con->outbuf->snprintf(12 , "RFB 003.008\n"); + nsock_write(nsp, nsi, ncrack_write_handler, TIMEOUT, con, (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + con->state = VNC_SECURITY_TYPE; + } + else { + con->outbuf = new Buf(); + con->outbuf->snprintf(12 , "RFB 003.003\n"); + nsock_write(nsp, nsi, ncrack_write_handler, TIMEOUT, con, (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + con->state = VNC_AUTH; + } + /* We are now waiting for a SECURITY_TYPE response back, which could be several bytes */ + + break; + + case VNC_SECURITY_TYPE: + if(con->inbuf == NULL) + break; + + if (memsearch((const char *)con->inbuf->get_dataptr(), "Too many authentication failures", con->inbuf->get_len())|| + memsearch((const char *)con->inbuf->get_dataptr(), "Too many security failures", con->inbuf->get_len())) { + if (o.debugging > 5) + error("%s Too many authentication failures (b)", serv->HostInfo()); + + con->close_reason = MODULE_ERR; + con->force_close = true; + return ncrack_module_end(nsp, con); + } + + /* At this point in the game, we should have gotten the number of security protocols, + * and a list of those protocols (like 0x02, 0x0210) + * handling VNC Authentication, which is 0x02, so let's ship that back and be on our way. + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), version_test, con->inbuf->get_len())) { + uint8_t sec_version; sec_version = 0x02; + con->outbuf = new Buf(); + con->outbuf->append(&sec_version, sizeof(uint8_t)); + nsock_write(nsp, nsi, ncrack_write_handler, TIMEOUT, con, (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + con->state = VNC_AUTH; + } + /* + else { + error("%s This VNC server doesn't support VNC Auth.\n", serv->HostInfo()); + con->service->end.orly = true; + //con->service->end.reason = Strndup("This VNC server doesn't support VNC Auth.", 23); + + con->close_reason = MODULE_ERR; + con->force_close = true; + return ncrack_module_end(nsp, con); + } + */ + + /* Now we're waiting to hear back from the server whether we are good to go or not. 0 is go, 1 is fail */ + + break; + + case VNC_AUTH: + /* At this point, we should have gotten a 16-unsigned byte challenege */ + + if(con->inbuf == NULL) + break; + + /* des_data will hold the challenge before vncEncryptBytes() and the response after */ + uint8_t* des_data; + + /* if length is 20, we are in protocol version 003.003, which means we've gotten + * back a 4-byte security version number, as well as the challenge. + */ + if(con->inbuf->get_len() == 20) { + des_data = str2uint8((char*)con->inbuf->get_dataptr()+4, 16, 16); + vncEncryptBytes(des_data, con->pass); + } + /* if it's exactly 16, we're in 003.007 or 003.008, so we can encrypt the challenge + * and continue + */ + else if(con->inbuf->get_len() == 16) { + /* des_data will hold the challenge before vncEncryptBytes() and the response after */ + des_data = str2uint8((char*)con->inbuf->get_dataptr(), 16, 16); + vncEncryptBytes(des_data, con->pass); + } + /* If we have a 4 byte response, we've received only the version, but not the request yet. So + * just break, and get the response next go round. + */ + else if(con->inbuf->get_len() == 4) { + if (memsearch((const char *)con->inbuf->get_dataptr(), version_test, con->inbuf->get_len())) + break; + else { + if (o.debugging > 5) + error("%s The server claims not to support VNC Auth. (Can be an auth limit problem)\n", serv->HostInfo()); + return ncrack_module_end(nsp, con); + } + } + /* if we don't get 20, 16 or 4, then I'm confused as to what has happened. I suppose + * we should probably terminate this connection. Hasn't really come up in my tests. + */ + else { + if (o.debugging) + error("%s Challenge not the right length (%d, when 16 expected)!\n", serv->HostInfo(), con->inbuf->get_len()); + return ncrack_module_end(nsp, con); + } + + /* Ship our encrypted challenge back to the server, and await a result */ + con->outbuf = new Buf(); + con->outbuf->append(des_data, 16*sizeof(uint8_t)); + nsock_write(nsp, nsi, ncrack_write_handler, TIMEOUT, con, (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + con->state = VNC_SECURITY_RESULT; + + break; + + case VNC_SECURITY_RESULT: + + if(con->inbuf == NULL) + break; + + /* okay, at this point, we expect to have at least 4 bytes in response. If more, then we have a failure message + * However, we'll still check to make sure all bytes are 0 (the OK message) before we set auth_success to true + */ + if(con->inbuf->get_len() >= 4 && buf_check(con->inbuf->get_len(), (char*)con->inbuf->get_dataptr()) == 0) + con->auth_success = true; + + return ncrack_module_end(nsp, con); + + con->state = VNC_INIT; + + break; + + } + /* Clean up when we are done with our buffers. */ + if(con->inbuf) + delete con->inbuf; + con->inbuf = NULL; + if(con->outbuf) + delete con->outbuf; + con->outbuf = NULL; + + /* Read the next thrilling chapter from the server */ + nsock_read(nsp, nsi, ncrack_read_handler, BYTES_TO_READ, con); +} diff --git a/include/DomainExec/modules/ncrack_webform.cc b/include/DomainExec/modules/ncrack_webform.cc new file mode 100644 index 00000000..9bd5ecc3 --- /dev/null +++ b/include/DomainExec/modules/ncrack_webform.cc @@ -0,0 +1,343 @@ + +/*************************************************************************** + * ncrack_webform.cc -- ncrack module for web forms * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" + +using namespace std; + +#define USER_AGENT "Ncrack (https://nmap.org/ncrack)\r\n" +#define WEBFORM_TIMEOUT 10000 + +extern NcrackOps o; +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); +static int webform_loop_read(nsock_pool nsp, Connection *con); + +enum states { WEBFORM_INIT, WEBFORM_FINI }; + +typedef struct http_info { + /* true if Content-Length in received HTTP packet > 0 */ + int content_expected; + int chunk_expected; +} http_info; + + +void +ncrack_webform(nsock_pool nsp, Connection *con) +{ + Service *serv = con->service; + nsock_iod nsi = con->niod; + char tmp[16]; + size_t formlen; + + + switch (con->state) + { + case WEBFORM_INIT: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + con->outbuf->append("POST ", 5); + /* + * the following are almost exactly like the initial HTTP GET query we sent in WEBFORM_INIT + */ + if (strlen(serv->path) > 1) { + /* user provided path in command-line */ + con->outbuf->append("/", 1); + con->outbuf->snprintf(strlen(serv->path), "%s", serv->path); + } else { + /* default path */ + con->outbuf->append("/login", 6); + } + + con->outbuf->append(" HTTP/1.1\r\nHost: ", 17); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), strlen(serv->target->NameIP())); + con->outbuf->snprintf(48, "\r\nUser-Agent: %s", USER_AGENT); + con->outbuf->append("Keep-Alive: 300\r\nConnection: keep-alive\r\n", 41); + /* Up until this point, the data we put in the buffer were exactly the same as in the HTTP + * GET request, from hereon the data are different: + * We need to add the Content-Type and Content-Length along with the webform form + */ + con->outbuf->append("Content-Type: application/json\r\n", 32); + + /* Now we need to calculate the content-length of the form before we append the form + * to the buffer. The content-length is exactly the length of the form. + * The form is a string that is formed as follows in the HTTP packet: + * pwd=password&log=username + * where password is a placeholder for every password and username is a placeholder for + * every username + */ + formlen = strlen(con->user) + strlen(con->pass) + 10 + 14 + 2; + snprintf(tmp, sizeof(tmp) - 1, "%lu", formlen); + /* note this has two \r\n in the end - one for the end of Content-Length, the other + * for the end of the HTTP header - because after that the form (data) follows + */ + con->outbuf->snprintf(20 + strlen(tmp), "Content-Length: %s\r\n\r\n", tmp); + + /* Now append the form to the ougoing buffer */ + con->outbuf->append("{\"email\":\"", 10); + con->outbuf->append(con->user, strlen(con->user)); + con->outbuf->append("\"\,\"password\":\"", 14); + con->outbuf->append(con->pass, strlen(con->pass)); + con->outbuf->append("\"}", 2); + + /* That's it, we don't need to write anything else, just send the whole buffer out */ + con->state = WEBFORM_FINI; + + nsock_write(nsp, nsi, ncrack_write_handler, WEBFORM_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case WEBFORM_FINI: + + /* let's read the reply to our authentication attempt now */ + if (webform_loop_read(nsp, con) < 0) + break; + + /* we have to jump back to the WEBFORM_INIT after finishing with this one + * so that we continue the brute-forcing + */ + con->state = WEBFORM_INIT; + + // useful for debugging + //memprint((const char *)con->inbuf->get_dataptr(), con->inbuf->get_len()); + + /* + * If we get a "302" HTTP response then it's a redirect to wp-admin, meaning + * the credentials were sent were correct. Otherwise we can assume they were + * wrong. + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), "User logged in successfully", con->inbuf->get_len())) { + con->auth_success = true; + } + + /* don't forget to empty the inbuf */ + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + break; + } + +} + +static int +webform_loop_read(nsock_pool nsp, Connection *con) +{ + http_info *http_state; /* per connection state */ + char *ptr; + char tmp[2]; + long int num; + + if (con->misc_info) { + http_state = (http_info *)con->misc_info; + } else { + http_state = (http_info *)safe_zalloc(sizeof(http_info)); + } + + if (con->inbuf == NULL) { + nsock_read(nsp, con->niod, ncrack_read_handler, WEBFORM_TIMEOUT, con); + return -1; + } + + // Useful for debugging + //memprint((const char *)con->inbuf->get_dataptr(), con->inbuf->get_len()); + + /* Until when do we keep reading data? + * \n is a good indicator but keep in mind other implementations might send \r\n instead + * Since we observer in wireshark that in the first reply by webform when we send it a HTTP GET request + * the reply always ends in \n then we search for that as the end of the packet (to avoid any + * fancy HTTP parsing) - we do this only when we are in WEBFORM_GET state + */ + + if ((ptr = memsearch((const char *)con->inbuf->get_dataptr(), "Content-Length:", con->inbuf->get_len()))) { + /* make pointer point to the end of string "Content-Length:" (plus one space) */ + ptr += 16; /* it should now point to the Content-Length number */ + + tmp[0] = *ptr; + tmp[1] = '\0'; + num = strtol(tmp, NULL, 10); + /* if first character of Content-length is anything else other than 0, then we expect to + * see an HTTP payload */ + if (num != 0) { + http_state->content_expected = 1; + } + + } else if ((ptr = memsearch((const char *)con->inbuf->get_dataptr(), "Transfer-Encoding: chunked", con->inbuf->get_len()))) { + http_state->chunk_expected = 1; + } + + /* If you have content (content-length > 0) then you need to read until "} */ + if (http_state->content_expected) { + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\"}", con->inbuf->get_len())) { + http_state->content_expected = 0; + nsock_read(nsp, con->niod, ncrack_read_handler, WEBFORM_TIMEOUT, con); + return -1; + } + } else if (http_state->chunk_expected) { //TODO: this needs fixing + + if (con->state == WEBFORM_INIT && !memsearch((const char *)con->inbuf->get_dataptr(), "\n\t", con->inbuf->get_len())) { + http_state->chunk_expected = 0; + nsock_read(nsp, con->niod, ncrack_read_handler, WEBFORM_TIMEOUT, con); + return -1; + } + + if ((ptr = memsearch((const char *)con->inbuf->get_dataptr(), "\r\n\r\n", con->inbuf->get_len()))) { + ptr += 4; + if (memcmp(ptr, "\0", 1)) { + http_state->chunk_expected = 0; + return 0; + } + } + + } else { + /* + * For the rest of the cases - when we need an indicator for the replies from webform to our authentication + * attempts, we search for \r\n\r\n as the end of the packet + */ + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\r\n\r\n", con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, WEBFORM_TIMEOUT, con); + return -1; + } + } + + + return 0; +} + diff --git a/include/DomainExec/modules/ncrack_winrm.cc b/include/DomainExec/modules/ncrack_winrm.cc new file mode 100644 index 00000000..942f2698 --- /dev/null +++ b/include/DomainExec/modules/ncrack_winrm.cc @@ -0,0 +1,1422 @@ +/*************************************************************************** + * ncrack_winrm.cc -- ncrack module for the WinRM protocol * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" +#include "http.h" +#include + +#include +#include +#include +#include + +#include +#include + +#include +using namespace std; + +#define USER_AGENT "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1) Gecko/20090703 Shiretoko/3.5\r\n" +#define HTTP_LANG "Accept-Language: en-us,en;q=0.5\r\n" +#define HTTP_ENCODING "Accept-Encoding: gzip,deflate\r\n" +#define HTTP_CHARSET "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n" +#define HTTP_ACCEPT "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +#define HTTP_CACHE "Cache-Control: max-age=0, max-age=0, max-age=0, max-age=0\r\n" + +//#define USER_AGENT "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" +#define HTTP_UNKNOWN "Service might not be HTTP." +#define HTTP_NOAUTH_SCHEME "Service didn't reply with authentication scheme." +#define WINRM_TIMEOUT 10000 + +#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50" +#define SHORTPAIR(x) ((x) & 0xff), (((x) >> 8) & 0xff) +#define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8) & 0xff), \ + (((x) >> 16) & 0xff), (((x) >> 24) & 0xff) + +#define NEGOTIATE_UNICODE (1<<0) +#define NEGOTIATE_OEM (1<<1) +#define REQUEST_TARGET (1<<2) +#define NEGOTIATE_SEAL (1<<5) +#define NEGOTIATE_LM_KEY (1<<7) +#define NEGOTIATE_128 (1<<29) +#define NEGOTIATE_56 (1<<31) +#define NEGOTIATE_NTLM_KEY (1<<9) +#define NEGOTIATE_NTLM2_KEY (1<<19) +#define NEGOTIATE_TARGET_INFO (1<<23) + +#define USE_NTLM 0 +#define USE_LM 0 +#define USE_NTLMv2 0 + +#define NTTIME_EPOCH 0x019DB1DED53E8000LL + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +static void winrm_basic(nsock_pool nsp, Connection *con); +static void winrm_negotiate(nsock_pool nsp, Connection *con); +static int winrm_loop_read(nsock_pool nsp, Connection *con); +static void winrm_free(Connection *con); + +static void rand_str(char *dest, size_t length); +static void extend_key_56_to_64(const unsigned char *key_56, char *key); +static void setup_des_key(const unsigned char *key_56, DES_key_schedule *ks); +static uint64_t unix2nttime(time_t unix_time); + +enum states { WINRM_INIT, WINRM_GET_AUTH, WINRM_BASIC_AUTH, WINRM_NEGOTIATE_AUTH, + WINRM_KERBEROS_AUTH, WINRM_CREDSSP_AUTH, WINRM_FINI }; + +/* Method identification substates */ +enum { METHODS_SEND, METHODS_RESULTS }; + +/* Basic Authentication substates */ +enum { BASIC_SEND, BASIC_RESULTS }; + +/* Negotiate Authentication substates */ +enum { NEGOTIATE_CHALLENGE, NEGOTIATE_SEND, NEGOTIATE_RESULTS }; + + +typedef struct winrm_info { + char *auth_scheme; + int substate; +} winrm_info; + +typedef struct winrm_state { + bool reconnaissance; + char *auth_scheme; + int state; + int keep_alive; +} winrm_state; + +void +ncrack_winrm(nsock_pool nsp, Connection *con) +{ + nsock_iod nsi = con->niod; + Service *serv = con->service; + winrm_info *info = NULL; + winrm_state *hstate = NULL; + con->ops_free = &winrm_free; + const char *hostinfo = serv->HostInfo(); + + char *tmp; + size_t tmplen; + + srand(time(NULL)); + + if (con->misc_info) { + info = (winrm_info *) con->misc_info; + // printf("info substate: %d \n", info->substate); + } + + if (serv->module_data && con->misc_info == NULL) { + hstate = (winrm_state *)serv->module_data; + con->misc_info = (winrm_info *)safe_zalloc(sizeof(winrm_info)); + info = (winrm_info *)con->misc_info; + if (!strcmp(hstate->auth_scheme, "Basic") + || !strcmp(hstate->auth_scheme, "Negotiate") + ) { + // printf("setting connection state\n"); + con->state = hstate->state; + } + info->auth_scheme = Strndup(hstate->auth_scheme, + strlen(hstate->auth_scheme)); + } + + switch (con->state) + { + case WINRM_INIT: + con->state = WINRM_GET_AUTH; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + con->outbuf->append("POST ", 5); + con->outbuf->append("/wsman", 6); + con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ", + serv->path); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, + strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), + strlen(serv->target->NameIP())); + con->outbuf->snprintf(94, "\r\nUser-Agent: %s", USER_AGENT); + con->outbuf->append("Keep-Alive: 300\r\nConnection: keep-alive\r\n", 41); + con->outbuf->append("Content-Length: 8\r\n", 19); + con->outbuf->append("\r\n", 2); + + /* Send 5 random characters. The number of characters + * sent in this message is irrelevant. An empty request body is also valid. + */ + tmplen = 5 + 1; + tmp = (char *)safe_malloc(tmplen + 1); + rand_str(tmp, 5); + + con->outbuf->append(tmp, strlen(tmp)); + free(tmp); + + nsock_write(nsp, nsi, ncrack_write_handler, WINRM_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case WINRM_GET_AUTH: + if (winrm_loop_read(nsp, con) < 0) + break; + + /* We expect a 401 response which will contain all + * the accepted authentication methods in the + * WWW-Authenticate header. + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), + "401", con->inbuf->get_len()) + && memsearch((const char *)con->inbuf->get_dataptr(), + "WWW-Authenticate", con->inbuf->get_len())) { + + /* The response may contain more than one WWW-Authenticate + * header. + */ + if (info == NULL) { + con->misc_info = (winrm_info *)safe_zalloc(sizeof(winrm_info)); + info = (winrm_info *)con->misc_info; + } + if (memsearch((const char *)con->inbuf->get_dataptr(), + "WWW-Authenticate: Basic", con->inbuf->get_len())) + { + info->auth_scheme = Strndup("Basic", strlen("Basic")); + serv->module_data = (winrm_state *)safe_zalloc(sizeof(winrm_state)); + hstate = (winrm_state *)serv->module_data; + hstate->auth_scheme = Strndup(info->auth_scheme, + strlen(info->auth_scheme)); + hstate->state = WINRM_BASIC_AUTH; + hstate->reconnaissance = true; + winrm_basic(nsp, con); + + } else if (memsearch((const char *)con->inbuf->get_dataptr(), + "WWW-Authenticate: Negotiate", con->inbuf->get_len())) + { + info->auth_scheme = Strndup("Negotiate", strlen("Negotiate")); + serv->module_data = (winrm_state *)safe_zalloc(sizeof(winrm_state)); + hstate = (winrm_state *)serv->module_data; + hstate->auth_scheme = Strndup(info->auth_scheme, + strlen(info->auth_scheme)); + hstate->state = WINRM_NEGOTIATE_AUTH; + hstate->reconnaissance = true; + winrm_negotiate(nsp, con); + } + } + break; + + case WINRM_BASIC_AUTH: + winrm_basic(nsp, con); + break; + + case WINRM_NEGOTIATE_AUTH: + winrm_negotiate(nsp, con); + break; + + case WINRM_KERBEROS_AUTH: + error("%s Kerberos authentication technique not implemented yet.", hostinfo); + break; + + case WINRM_CREDSSP_AUTH: + error("%s CREDSSP authentication technique not implemented yet.", hostinfo); + break; + + } +} + +static int +winrm_loop_read(nsock_pool nsp, Connection *con) +{ + if (con->inbuf == NULL) { + nsock_read(nsp, con->niod, ncrack_read_handler, WINRM_TIMEOUT, con); + return -1; + } + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\r\n\r\n", + con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, WINRM_TIMEOUT, con); + return -1; + } + return 0; +} + +static void +winrm_basic(nsock_pool nsp, Connection *con) +{ + char *tmp; + char *b64; + size_t tmplen; + Service *serv = con->service; + nsock_iod nsi = con->niod; + winrm_info *info = (winrm_info *)con->misc_info; + + switch (info->substate) { + case BASIC_SEND: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + con->outbuf->append("POST ", 5); + con->outbuf->append("/wsman", 6); + con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ", + serv->path); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, + strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), + strlen(serv->target->NameIP())); + con->outbuf->snprintf(94, "\r\nUser-Agent: %s", USER_AGENT); + +#if 0 + con->outbuf->append(HTTP_ACCEPT, sizeof(HTTP_ACCEPT) - 1); + con->outbuf->append(HTTP_LANG, sizeof(HTTP_LANG) - 1); + con->outbuf->append(HTTP_ENCODING, sizeof(HTTP_ENCODING) - 1); + con->outbuf->append(HTTP_CHARSET, sizeof(HTTP_CHARSET) - 1); +#endif + + /* Try sending keep-alive values and see how much authentication attempts + * we can do in that time-period. + */ + //con->outbuf->append(HTTP_CACHE, sizeof(HTTP_CACHE) - 1); + con->outbuf->append("Keep-Alive: 300\r\nConnection: keep-alive\r\n", 41); + con->outbuf->append("Content-Length: 0\r\n", 19); + con->outbuf->append("Authorization: Basic ", 21); + + tmplen = strlen(con->user) + strlen(con->pass) + 1; + tmp = (char *)safe_malloc(tmplen + 1); + sprintf(tmp, "%s:%s", con->user, con->pass); + + b64 = (char *)safe_malloc(BASE64_LENGTH(tmplen) + 1); + base64_encode(tmp, tmplen, b64); + + con->outbuf->append(b64, strlen(b64)); + free(b64); + free(tmp); + con->outbuf->append("\r\n\r\n", sizeof("\r\n\r\n")-1); + + nsock_write(nsp, nsi, ncrack_write_handler, WINRM_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + info->substate = BASIC_RESULTS; + break; + + case BASIC_RESULTS: + if (winrm_loop_read(nsp, con) < 0) + break; + + info->substate = BASIC_SEND; + + /* If we get a "200 OK" HTTP response or a "301 Moved Permanently" + * OR 411 (which is the server's way of telling us we didn't issue + * any command because the Content-Length was 0 */ + if (memsearch((const char *)con->inbuf->get_dataptr(), + "200 OK", con->inbuf->get_len()) + || memsearch((const char *)con->inbuf->get_dataptr(), + "301", con->inbuf->get_len()) + || memsearch((const char *)con->inbuf->get_dataptr(), + "411", con->inbuf->get_len())) { + con->auth_success = true; + } + /* The in buffer has to be cleared out because we are expecting + * possibly new answers in the same connection. + */ + delete con->inbuf; + con->inbuf = NULL; + + ncrack_module_end(nsp, con); + break; + } +} + +static void +winrm_negotiate(nsock_pool nsp, Connection *con) +{ + char *tmp; + char __attribute__ ((nonstring)) *tmp2; + char *tmp3; + char *b64; + char *start, *end; + char *challenge; + char *type2; + char *target_info; + size_t i; + size_t domainlen; + size_t hostlen; + size_t tmplen; + size_t tmplen2; + size_t tmplen3; + size_t tmpsize; + size_t domain_tmplen; + int targetinfo_offset; + int targetinfo_length; + + char *ntlm_sig; + int ntlm_flags; + unsigned char tmp_challenge[8]; + unsigned char tmp_buf[4]; + + Service *serv = con->service; + nsock_iod nsi = con->niod; + winrm_info *info = (winrm_info *)con->misc_info; + static const char type2_marker[] = { 0x02, 0x00, 0x00, 0x00 }; + + + ntlm_sig = (char *)safe_malloc(strlen(NTLMSSP_SIGNATURE) + 1); + + switch (info->substate) { + case NEGOTIATE_CHALLENGE: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + con->outbuf->append("POST ", 5); + con->outbuf->append("/wsman", 6); + con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ", + serv->path); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, + strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), + strlen(serv->target->NameIP())); + con->outbuf->snprintf(94, "\r\nUser-Agent: %s", USER_AGENT); + con->outbuf->append("Keep-Alive: 300\r\nConnection: keep-alive\r\n", 41); + con->outbuf->append("Authorization: Negotiate ", 25); + + tmplen = strlen(NTLMSSP_SIGNATURE) + 5 + + 4 /* NTLM flags */ + + 2 + 2 + 2 + 2 /* domain */ + + 2 + 2 + 2 + 2 /* host */ + //+ strlen(host) + + strlen(serv->domain) + 1; + + tmp = (char *)safe_malloc(tmplen + 1); + + snprintf((char *)tmp, tmplen, + NTLMSSP_SIGNATURE "%c" + "\x01%c%c%c" /* 32-bit type = 1 */ + "%c%c%c%c"//"\x37\x82\x08\xe0" /* 32-bit NTLM flag field */ + "%c%c" /* domain length */ + "%c%c" /* domain allocated space */ + "\x20%c" /* domain name offset offset 32*/ + "%c%c" /* 2 zeroes */ + "%c%c" /* host length */ + "%c%c" /* host allocated space */ + "%c%c" /* host name offset offset 32 (0x20) + domain length*/ + "%c%c" /* 2 zeroes */ + // "%s" /* host name */ + "%s", /* domain string */ + 0,0,0,0, + /* We need to send flags for all the available + * authentication realms. This includes LM, NTLM + * and NTLMv2. Usually, the server-client should + * agree on the strongest common realm. We will + * use the lightest bandwidth-wise. + * We will send LM_KEY, NTLM_KEY, and NTLM2_KEY. + * In most cases all three realms will be available. + */ + LONGQUARTET(NEGOTIATE_UNICODE | + NEGOTIATE_LM_KEY | + NEGOTIATE_NTLM_KEY | + NEGOTIATE_NTLM2_KEY + ), + SHORTPAIR((int) strlen(serv->domain)), + SHORTPAIR((int) strlen(serv->domain)), 0, + 0x0,0x0, + 0x0,0x0, /*We do not include the host */ + 0x0,0x0, /*We do not include the host */ + + SHORTPAIR(32 + (int) strlen(serv->domain)), + 0x0,0x0, + serv->domain); /*this is domain/workstation name */ + + /* Setting the domain or the host seems to be useless. + * A Windows Server 2012 negotiate request does not contain + * those fields. It did contain OS version though. + * We shouldn't rely on the host and domain values heavily + * for type 1 messages. + */ + b64 = (char *)safe_malloc(BASE64_LENGTH(tmplen) + 1); + base64_encode(tmp, tmplen, b64); + + con->outbuf->append(b64, strlen(b64)); + free(tmp); + free(b64); + + /* Content-Length should be last as the packet will not + * be recognized by Wireshark as NTLM. + */ + con->outbuf->append("\r\nContent-Length: 0", 19); + con->outbuf->append("\r\n\r\n", sizeof("\r\n\r\n")-1); + + delete con->inbuf; + con->inbuf = NULL; + + nsock_write(nsp, nsi, ncrack_write_handler, WINRM_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + info->substate = NEGOTIATE_SEND; + break; + + case NEGOTIATE_SEND: + + if (winrm_loop_read(nsp, con) < 0) + break; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + /* If the response has the code 401 and the header + * WWW-Authenticate probably we have received the challenge + * response. + */ + if (!memsearch((const char *)con->inbuf->get_dataptr(), + "401", con->inbuf->get_len())) { + serv->end.orly = true; + tmpsize = sizeof("Invalid response code.\n"); + serv->end.reason = (char *)safe_malloc(tmpsize); + snprintf(serv->end.reason, tmpsize, + "Invalid response code.\n"); + return ncrack_module_end(nsp, con); + } + if ((start = memsearch((const char *)con->inbuf->get_dataptr(), + "WWW-Authenticate: Negotiate", con->inbuf->get_len()))) { + /* Extract the challenge, craft next request and send + */ + start += sizeof("WWW-Authenticate: Negotiate ") - 1; + end = start; + i = 0; + while (*end != ' ' && i != con->inbuf->get_len()) { + end++; + i++; + } + challenge = Strndup(start, i); + tmp = strtok (challenge,"\r\n"); + type2 = (char *)safe_malloc((strlen(tmp) + 1)); + + /* Base64 decode the type2 message (challenge) + */ + tmplen = strlen(tmp); + base64_decode(tmp, tmplen, type2); + + if (!type2) { + /* Type2 message decoding failed. + */ + free(type2); + serv->end.orly = true; + tmpsize = sizeof("Invalid type2 message.\n"); + serv->end.reason = (char *)safe_malloc(tmpsize); + snprintf(serv->end.reason, tmpsize, + "Invalid type2 message.\n"); + return ncrack_module_end(nsp, con); + } + + /* NTLM type-2 message structure: + * Index Description Content + * 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" + * (0x4e544c4d53535000) + * 8 NTLM Message Type long (0x02000000) + * 12 Target Name security buffer + * 20 Flags long + * 24 Challenge 8 bytes + * (32) Context 8 bytes (two consecutive longs) + * (40) Target Information security buffer + * (48) OS Version Structure 8 bytes + * 32 (48) (56) Start of data block + */ + + /* The first 7 bytes are the string NTLMSSP + * followed by a null byte. + */ + for (i = 0; i < strlen(NTLMSSP_SIGNATURE) + 1; i++) { + ntlm_sig[i] = *type2++; + } + + if (strncmp(ntlm_sig, NTLMSSP_SIGNATURE, strlen(NTLMSSP_SIGNATURE))) { + /* In this case, the NTLMSSP flag is not present. + * Exit gracefully. + */ + free(ntlm_sig); + serv->end.orly = true; + tmpsize = sizeof("Invalid type2 message.\n"); + serv->end.reason = (char *)safe_malloc(tmpsize); + snprintf(serv->end.reason, tmpsize, + "Invalid type2 message.\n"); + + return ncrack_module_end(nsp, con); + } + free(ntlm_sig); + /* Checking for type 2 message flag + * The next four bytes should contain the value + * \x02\x00\x00\x00 + */ + char type2_marker_check[4]; + for (i = 0; i < 4; i++) { + type2_marker_check[i] = *type2++; + } + + if (strncmp(type2_marker_check, type2_marker, strlen(type2_marker))) { + /* In this case, the type2 message flag is not present. + * Exit gracefully. + */ + free(type2); + serv->end.orly = true; + tmpsize = sizeof("Invalid type2 message.\n"); + serv->end.reason = (char *)safe_malloc(tmpsize); + snprintf(serv->end.reason, tmpsize, + "Invalid type2 message.\n"); + + return ncrack_module_end(nsp, con); + } + + /* Next 8 bytes are the target name. In case of NTLMv2 + * authentication we will need them. + * 2 bytes target name length + * 2 bytes target name length (we skip that) + * 4 bytes target name offset + */ + + for (i = 0; i < 4; i++) { + type2++; + } + + /* We want to read 4 bytes and translate them as decimal + * The values are literals. They are written as decimals + * not as hex. + */ + for (i = 0; i < 4; i++) { + type2++; + } + + /* Next 4 bytes are the NTLM flags + */ + for (i = 0; i < 4; i++) { + tmp_buf[i] = (unsigned char) *type2++; + } + + /* Convert to big endian + */ + ntlm_flags = ((unsigned int)tmp_buf[0]) | ((unsigned int)tmp_buf[1] << 8) | + ((unsigned int)tmp_buf[2] << 16) | ((unsigned int)tmp_buf[3] << 24); + + /* Next 8 bytes are the NTLM flags + */ + for (i = 0; i < 8; i++) { + tmp_challenge[i] = (unsigned char) *type2++; + } + + for (i = 0; i < 8; i++) { + type2++; + } + /* The snprintf() solution is not optimal. If hex if signed the value + * will be negative. + */ + + /* Next 8 bytes are the Target info buffer + * 2 bytes target info length + * 2 bytes target info length (we skip that) + * 4 bytes target info offset + */ + + tmp_buf[0] = (int) (unsigned char) *type2++; + + for (i = 0; i < 3; i++) { + type2++; + } + + targetinfo_length = (int) tmp_buf[0]; + + tmp_buf[0] = (int) (unsigned char) *type2++; + for (i = 0; i < 3; i++) { + type2++; + } + + targetinfo_offset = (int) tmp_buf[0]; + + + target_info = (char *)safe_malloc(targetinfo_length + 1); + + if (ntlm_flags & NEGOTIATE_TARGET_INFO) { + + /* If the server sends target info we will need it + * if we use NTLMv2 authentication. For this purpose + * we read Target Information. + */ + /* We read from type2 at offset - 40. 40 are the bytes + * we have already read from the buffer. + */ + tmp3 = (char *)safe_malloc((strlen(tmp) + 1)); + base64_decode(tmp, tmplen, tmp3); + memcpy(target_info, &tmp3[targetinfo_offset], targetinfo_length); + free(tmp); + free(tmp3); + + } + + /* The challenge is extracted, we can now safely + * proceed in the construction of type 3 message. + */ + + /* + * + * Description Content + * 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" + * 8 NTLM Message Type long (0x03000000) + * 12 LM/LMv2 Response security buffer + * 20 NTLM/NTLMv2 Response security buffer + * 28 Target Name security buffer + * 36 User Name security buffer + * 44 Workstation Name security buffer + * (52) Session Key (optional) security buffer + * (60) Flags (optional) long + * (64) OS Version Structure (Optional) 8 bytes + * 52 (64) (72) start of data block + */ + + con->outbuf->append("POST ", 5); + con->outbuf->append("/wsman", 6); + con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ", + serv->path); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, + strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), + strlen(serv->target->NameIP())); + con->outbuf->snprintf(94, "\r\nUser-Agent: %s", USER_AGENT); + con->outbuf->append("Keep-Alive: 300\r\nConnection: keep-alive\r\n", 41); + con->outbuf->append("Authorization: Negotiate ", 25); + + /* Let's create LM response + */ + unsigned char lmbuffer[0x18]; + unsigned char lmresp[24]; /* fixed-size */ + int lmrespoff; + int ntrespoff; + unsigned int ntresplen = 0; + size_t userlen; + size_t hostoff = 0; + size_t useroff = 0; + size_t domoff = 0; + + + static const unsigned char magic[] = { + 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* KGS!@#$% */ + }; + unsigned char pw_upper[14]; + size_t pw_len = 14; + tmplen = strlen(con->pass) + 1; + tmp = (char *)safe_zalloc(pw_len + 1); + + sprintf(tmp, "%s", con->pass); + + /* First convert password to upper case and pad it + * to 14 characters with zeros. + */ + char *s = tmp; + while (*s) { + *s = toupper((unsigned char) *s); + s++; + } + + for (i=0; i < pw_len; i++){ + pw_upper[i] = (unsigned char) tmp[i]; + } + + free(tmp); + + DES_key_schedule ks; + + DES_key_schedule ks2; + + + if (ntlm_flags & NEGOTIATE_LM_KEY && + !(ntlm_flags & NEGOTIATE_NTLM2_KEY)){ + + /* The "fixed" password at 14 bytes length must be split + * in two equal length keys. + */ + + /* Two DES keys (one from each 7-byte half) are used to + * DES-encrypt the constant ASCII string "KGS!@#$%" + * (resulting in two 8-byte ciphertext values). + * + * The two ciphertext values are concatenated to form a 16 + * byte value - The LM hash. + * + * The LM hash is then padded with zeros to 21 bytes. + */ + setup_des_key(pw_upper, &ks); + DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer, + &ks, DES_ENCRYPT); + + setup_des_key(pw_upper + 7, &ks); + DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer + 8), + &ks, DES_ENCRYPT); + + memset(lmbuffer + 16, 0, 21 - 16); + + + + setup_des_key(lmbuffer, &ks2); + DES_ecb_encrypt((DES_cblock*) tmp_challenge, (DES_cblock*) lmresp, + &ks2, DES_ENCRYPT); + + setup_des_key(lmbuffer + 7, &ks2); + DES_ecb_encrypt((DES_cblock*) tmp_challenge, (DES_cblock*) (lmresp + 8), + &ks2, DES_ENCRYPT); + + setup_des_key(lmbuffer + 14, &ks2); + DES_ecb_encrypt((DES_cblock*) tmp_challenge, (DES_cblock*) (lmresp + 16), + &ks2, DES_ENCRYPT); + } + + char *domain_unicode; + domain_unicode = (char *)safe_malloc(2*strlen(serv->domain) + 1); + + + domainlen = 2*strlen(serv->domain); + /* Transform ascii to unicode + */ + for(i = 0; i < strlen(serv->domain); i++) { + domain_unicode[2 * i] = (unsigned char)serv->domain[i]; + domain_unicode[2 * i + 1] = '\0'; + } + + + char *user_unicode; + user_unicode = (char *)safe_malloc(2*strlen(con->user) + 1); + + userlen = 2*strlen(con->user); + + /* Transform ascii to unicode + */ + for(i = 0; i < strlen(con->user); i++) { + user_unicode[2 * i] = (unsigned char)con->user[i]; + user_unicode[2 * i + 1] = '\0'; + } + + hostlen = 0; + lmrespoff = 64; + ntrespoff = lmrespoff + 0x18; + + /* The following part is NM response. + */ + + unsigned char ntbuffer[0x18]; + unsigned char ntresp[24]; /* fixed-size */ + unsigned char *ptr_ntresp = &ntresp[0]; + + char *pass_unicode; + + pass_unicode = (char *)safe_malloc(2*strlen(con->pass) + 1); + + /* Transform ascii to unicode + */ + for(i = 0; i < strlen(con->pass); i++) { + pass_unicode[2 * i] = (unsigned char)con->pass[i]; + pass_unicode[2 * i + 1] = '\0'; + } + + /* Create NT hashed password. + */ + MD4_CTX MD4pw; + + if (ntlm_flags & NEGOTIATE_NTLM_KEY && + !(ntlm_flags & NEGOTIATE_NTLM2_KEY) && 0) { + + ntresplen = 24; + MD4_Init(&MD4pw); + MD4_Update(&MD4pw, pass_unicode, 2*strlen(con->pass)); + MD4_Final(ntbuffer, &MD4pw); + memset(ntbuffer + 16, 0, 21 - 16); + + setup_des_key(ntbuffer, &ks2); + DES_ecb_encrypt((DES_cblock*) tmp_challenge, (DES_cblock*) ntresp, + &ks2, DES_ENCRYPT); + + setup_des_key(ntbuffer + 7, &ks2); + DES_ecb_encrypt((DES_cblock*) tmp_challenge, (DES_cblock*) (ntresp + 8), + &ks2, DES_ENCRYPT); + + setup_des_key(ntbuffer + 14, &ks2); + DES_ecb_encrypt((DES_cblock*) tmp_challenge, (DES_cblock*) (ntresp + 16), + &ks2, DES_ENCRYPT); + + ptr_ntresp = ntresp; + } + + if (ntlm_flags & NEGOTIATE_NTLM2_KEY) { + + /* Crafting NTLMv2 response + */ + ntresplen = 24; + MD4_Init(&MD4pw); + MD4_Update(&MD4pw, pass_unicode, 2*strlen(con->pass)); + MD4_Final(ntbuffer, &MD4pw); + memset(ntbuffer + 16, 0, 21 - 16); + + char entropy[8]; + unsigned char ntlmv2hash[0x18]; + unsigned char tmphash[0x18]; + + /* Generate 8 random characters for NTLMv2 and LMv2 + * hashes. + */ + rand_str(entropy, 8); + + /* Calculate NTLM hash as we did before for v1. + * After calculating the NTLM hash we concatenate + * the Unicode form of username and Target name + * (which is retrieved from the type 2 message). + * At this point, we have the username and password + * in Unicode encoding from LM and NTLM v1 calculations. + * If we change the current state of the script we need + * to take care of that. + */ + + /* From the conducted tests if the server supports Unicode + * it will send the Target Name in Unicode encoding. + * I'll leave it as is for the moment but we might need + * to check if the value is Unicode and if not, convert it + * to Unicode. + */ + + /* Now we concatenate Unicode upper case username with + * Unicode domain. + * Let's say we have username "user" and domain "TEST" + * the result will be USERTEST. + */ + + /* First we convert username to uppercase string. + */ + unsigned char *user_upper; + user_upper = (unsigned char *)safe_malloc(strlen(con->user) + 1); + tmplen = strlen(con->user) + 1; + tmp = (char *)safe_zalloc(strlen(con->user) + 1); + + sprintf(tmp, "%s", con->user); + + char *s = tmp; + while (*s) { + *s = toupper((unsigned char) *s); + s++; + } + + for (i=0; i < strlen(con->user); i++){ + user_upper[i] = (unsigned char) tmp[i]; + } + free(tmp); + + /* And then transform it into Unicode. + */ + char *user_upper_unicode; + user_upper_unicode = (char *)safe_malloc(2*strlen(con->user) + 1); + userlen = 2*strlen(con->user); + + for(i = 0; i < tmplen; i++) { + user_upper_unicode[2 * i] = (unsigned char)user_upper[i]; + user_upper_unicode[2 * i + 1] = '\0'; + } + + free(user_upper); + + /* And then transform it into Unicode. + */ + char *domain_temp_unicode; + domain_temp_unicode = (char *)safe_malloc(2*strlen(serv->domain) + 1); + domain_tmplen = 2*strlen(serv->domain); + + for(i = 0; i < strlen(serv->domain); i++) { + domain_temp_unicode[2 * i] = (unsigned char)serv->domain[i]; + domain_temp_unicode[2 * i + 1] = '\0'; + } + + /* Concatenate the two strings. + */ + char *userdomain; + userdomain = (char *)safe_malloc(userlen + domain_tmplen + 1); + + for (i=0; i > 8); + tmp3[10+8] = (char)((t & 0x00FF0000) >> 16); + tmp3[11+8] = (char)((t & 0xFF000000) >> 24); + tmp3[12+8] = (char)((t >> 32) & 0x000000FF); + tmp3[13+8] = (char)(((t >> 32) & 0x0000FF00) >> 8); + tmp3[14+8] = (char)(((t >> 32) & 0x00FF0000) >> 16); + tmp3[15+8] = (char)(((t >> 32) & 0xFF000000) >> 24); + + + snprintf((char *)tmp3 + 8, 5, + "\x01\x01%c%c", /* Blob Signature */ + 0, 0); + + + memcpy(tmp3, tmp_challenge, 8); + memcpy(tmp3 + 16 + 8, entropy, 8); + memcpy(tmp3 + 28 + 8, target_info, targetinfo_length); + + free(target_info); + + HMAC(EVP_md5(), ntlmv2hash, 16, (unsigned const char*) tmp3, + tmplen3, tmphash, NULL); + + /* Now we want the same blob but without the concatenated + * nonce at the beginning. Instead, the first 16 bytes will + * be the ntlmv2hash which was calculated just now. + */ + + ntresplen = 28 + 4 + targetinfo_length + 16; + tmp = (char *)safe_malloc(ntresplen + 1); + memcpy(tmp, tmphash, 16); + memcpy(tmp + 16, tmp3 + 8, tmplen3 - 8); + ptr_ntresp = (unsigned char *) tmp; + free(tmp3); + + /* LMv2 response + * 1. Calculate NTLM hash. (Already calculated) + * 2. Unicode uppercase username and target name. (Already calculated) + * HMAC-MD5 on the above string and NTLM hash as key (16 bytes) + * 3. Random 8 byte nonce. (Already calculated) + * 4. Concatenate challenge with nonce from #3. + * HMAC-MD5 the above string and NTLMv2 hash as key (16 bytes) + * NTLMv2 hash is the output of step 2. + * 5. Concatenate output of step 4 with nonce (24 bytes) + * + */ + char chall_nonce [16]; + for (i=0; i outbuf->append(b64, strlen(b64)); + /* Content-length should be last as the packet will not + * be recognized by Wireshark as NTLM. + */ + con->outbuf->append("\r\nContent-Length: 0", 19); + + free(tmp2); + free(b64); + free(domain_unicode); + //printf("lol\n"); + con->outbuf->append("\r\n\r\n", sizeof("\r\n\r\n")-1); + + nsock_write(nsp, nsi, ncrack_write_handler, WINRM_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + + delete con->inbuf; + con->inbuf = NULL; + + info->substate = NEGOTIATE_RESULTS; + break; + } + + /* The in buffer has to be cleared out because we are expecting + * possibly new answers in the same connection. + */ + delete con->inbuf; + con->inbuf = NULL; + + ncrack_module_end(nsp, con); + break; + + case NEGOTIATE_RESULTS: + if (winrm_loop_read(nsp, con) < 0) + break; + + info->substate = NEGOTIATE_CHALLENGE; + + /* Successful login attempt results in empty 200 response. + * Else a 401 response will appear containing the authentication + * methods. + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), + "200", con->inbuf->get_len())) { + con->auth_success = true; + } + + /* The in buffer has to be cleared out because we are expecting + * possibly new answers in the same connection. + */ + // delete con->inbuf; + // con->inbuf = NULL; + + ncrack_module_end(nsp, con); + break; + } +} + +static void +winrm_free(Connection *con) +{ + + winrm_info *p = NULL; + if (con->misc_info == NULL) + return; + + p = (winrm_info *)con->misc_info; + free(p->auth_scheme); + +} + + +static void +rand_str(char *dest, size_t length) +{ + char charset[] = "0123456789" + "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + + while (length-- > 0) { + size_t index = (double) rand() / RAND_MAX * (sizeof charset - 1); + *dest++ = charset[index]; + } + *dest = '\0'; +} + +/* +* Turns a 56-bit key into being 64-bit wide. +*/ +static void extend_key_56_to_64(const unsigned char *key_56, char *key) +{ + key[0] = key_56[0]; + key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1)); + key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2)); + key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3)); + key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4)); + key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5)); + key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6)); + key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF); +} + +static void +setup_des_key(const unsigned char *key_56, + DES_key_schedule *ks) +{ + DES_cblock key; + + /* Expand the 56-bit key to 64-bits */ + extend_key_56_to_64(key_56, (char *) &key); + + /* Set the key parity to odd */ + DES_set_odd_parity(&key); + + /* Set the key */ + DES_set_key(&key, ks); +} + +static uint64_t +unix2nttime(time_t unix_time) +{ + long long wt; + wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH; + return wt; +} diff --git a/include/DomainExec/modules/ncrack_wordpress.cc b/include/DomainExec/modules/ncrack_wordpress.cc new file mode 100644 index 00000000..59a59f9d --- /dev/null +++ b/include/DomainExec/modules/ncrack_wordpress.cc @@ -0,0 +1,451 @@ + +/*************************************************************************** + * ncrack_wordpress.cc -- ncrack module for wordpress * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "nsock.h" +#include "NcrackOps.h" +#include "Service.h" +#include "modules.h" + +using namespace std; + +#define USER_AGENT "Ncrack (https://nmap.org/ncrack)\r\n" +#define WORDPRESS_TIMEOUT 10000 + +extern NcrackOps o; + +extern void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +extern void ncrack_module_end(nsock_pool nsp, void *mydata); + +static int wordpress_loop_read(nsock_pool nsp, Connection *con); + +enum states { WORDPRESS_INIT, WORDPRESS_GET, WORDPRESS_AUTH, WORDPRESS_FINI }; + +typedef struct wordpress_info { + int wpadmin_ok; +} wp_info; + + +typedef struct http_info { + /* true if Content-Length in received HTTP packet > 0 */ + int content_expected; + int chunk_expected; +} http_info; + + +void +ncrack_wordpress(nsock_pool nsp, Connection *con) +{ + Service *serv = con->service; + nsock_iod nsi = con->niod; + wp_info *info; + char tmp[16]; + size_t formlen; + info = NULL; + + + if (serv->module_data) { + info = (wp_info *) serv->module_data; + /* Check if we have already verified existence for the wp-login panel + * the serv->module_data carries data across all connections because it is + * in the Service variable, not the Connection one. + * If we have verified the existence and we just started this connection, + * then jump straight to the WORDPRESS_AUTH state - so we only need to do this + * once for this particular service (not once per connection) */ + if (info->wpadmin_ok && con->state == WORDPRESS_INIT) + con->state = WORDPRESS_AUTH; + } + + if (serv->module_data == NULL) { + serv->module_data = (wp_info *)safe_zalloc(sizeof(wp_info)); + info = (wp_info *)serv->module_data; + } + + switch (con->state) + { + case WORDPRESS_INIT: + + /* + * You only have to verify the existence of the login panel once when + * the module begins. That's why we need to keep track of this amongst + * all the connections of the module against this particular host. + */ + info->wpadmin_ok = 1; + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + con->outbuf->append("GET ", 4); + + if (strlen(serv->path) > 1) { + /* user provided path in command-line */ + con->outbuf->append("/", 1); + con->outbuf->snprintf(strlen(serv->path), "%s", serv->path); + } else { + /* default path - /wp-login.php */ + con->outbuf->append("/wp-login.php", 13); + } + + con->outbuf->append(" HTTP/1.1\r\nHost: ", 17); + + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), strlen(serv->target->NameIP())); + + con->outbuf->snprintf(48, "\r\nUser-Agent: %s", USER_AGENT); + /* We want to "keep-alive" the connection as long as possible, because the time cost + * of a new TCP connection is usually higher than the waiting time for a response for + * each authentication attempt. + * This is a general concept in network authentication cracking and that Ncrack tries + * to abide by: we want to have as many connections as optimally possible + * without DoS-ing the service while at the same time maximizing the number of + * authentication attempts per connection. + */ + con->outbuf->append("Keep-Alive: 300\r\nConnection: keep-alive\r\n", 41); + + /* mark end of HTTP packet */ + con->outbuf->append("\r\n", 2); + + /* + * after the write operation, the module will start at the WORDPRESS_GET state + */ + con->state = WORDPRESS_GET; + + nsock_write(nsp, nsi, ncrack_write_handler, WORDPRESS_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case WORDPRESS_GET: + + if (wordpress_loop_read(nsp, con) < 0) + break; + + /* + * If we get a "200 OK" HTTP response OR a "301 Moved Permanently" which + * happpens when we request access to a directory without an ending '/', + * then it means the page exists. + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), "200 OK", con->inbuf->get_len()) + || memsearch((const char *)con->inbuf->get_dataptr(), "301", con->inbuf->get_len())) { + con->state = WORDPRESS_AUTH; + } else { + /* + * If service replies with an error, then there is no point in pursuing further + * Mark the service as finished and call ncrack_module_end to exit the module. + * Setting the end.orly value to true will acknowledge to the Ncrack core engine that + * it should no longer call this module against this particular target. + */ + serv->end.orly = true; + serv->end.reason = Strndup("No service available on that URL.", 68); + return ncrack_module_end(nsp, con); + } + + delete con->inbuf; + con->inbuf = NULL; + /* Jump straight to next state */ + nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + break; + + case WORDPRESS_AUTH: + + if (con->outbuf) + delete con->outbuf; + con->outbuf = new Buf(); + + con->outbuf->append("POST ", 5); + /* + * the following are almost exactly like the initial HTTP GET query we sent in WORDPRESS_INIT + */ + if (strlen(serv->path) > 1) { + /* user provided path in command-line */ + con->outbuf->append("/", 1); + con->outbuf->snprintf(strlen(serv->path), "%s", serv->path); + } else { + /* default path */ + con->outbuf->append("/wp-login.php", 13); + } + con->outbuf->append(" HTTP/1.1\r\nHost: ", 17); + if (serv->target->targetname) + con->outbuf->append(serv->target->targetname, strlen(serv->target->targetname)); + else + con->outbuf->append(serv->target->NameIP(), strlen(serv->target->NameIP())); + con->outbuf->snprintf(48, "\r\nUser-Agent: %s", USER_AGENT); + con->outbuf->append("Keep-Alive: 300\r\nConnection: keep-alive\r\n", 41); + /* Up until this point, the data we put in the buffer were exactly the same as in the HTTP + * GET request, from hereon the data are different: + * We need to add the Content-Type and Content-Length along with the wordpress form + */ + con->outbuf->append("Content-Type: application/x-www-form-urlencoded\r\n", 49); + + /* Now we need to calculate the content-length of the form before we append the form + * to the buffer. The content-length is exactly the length of the form. + * The form is a string that is formed as follows in the HTTP packet: + * pwd=password&log=username + * where password is a placeholder for every password and username is a placeholder for + * every username + */ + formlen = strlen(con->user) + strlen(con->pass) + sizeof("log&log==") - 1; + snprintf(tmp, sizeof(tmp) - 1, "%lu", formlen); + /* note this has two \r\n in the end - one for the end of Content-Length, the other + * for the end of the HTTP header - because after that the form (data) follows + */ + con->outbuf->snprintf(20 + strlen(tmp), "Content-Length: %s\r\n\r\n", tmp); + + /* Now append the form to the ougoing buffer */ + con->outbuf->append("pwd=", 4); + con->outbuf->append(con->pass, strlen(con->pass)); + con->outbuf->append("&log=", 5); + con->outbuf->append(con->user, strlen(con->user)); + + /* That's it, we don't need to write anything else, just send the whole buffer out */ + con->state = WORDPRESS_FINI; + + nsock_write(nsp, nsi, ncrack_write_handler, WORDPRESS_TIMEOUT, con, + (const char *)con->outbuf->get_dataptr(), con->outbuf->get_len()); + break; + + case WORDPRESS_FINI: + + /* let's read the reply to our authentication attempt now */ + if (wordpress_loop_read(nsp, con) < 0) + break; + + /* we have to jump back to the WORDPRESS_AUTH after finishing with this one + * so that we continue the brute-forcing + */ + con->state = WORDPRESS_AUTH; + + // useful for debugging + //memprint((const char *)con->inbuf->get_dataptr(), con->inbuf->get_len()); + + /* + * If we get a "302" HTTP response then it's a redirect to wp-admin, meaning + * the credentials were sent were correct. Otherwise we can assume they were + * wrong. + */ + if (memsearch((const char *)con->inbuf->get_dataptr(), "302 Found", con->inbuf->get_len())) { + con->auth_success = true; + } + + /* don't forget to empty the inbuf */ + delete con->inbuf; + con->inbuf = NULL; + + return ncrack_module_end(nsp, con); + break; + } + +} + +static int +wordpress_loop_read(nsock_pool nsp, Connection *con) +{ + http_info *http_state; /* per connection state */ + char *ptr; + char tmp[2]; + long int num; + + if (con->misc_info) { + http_state = (http_info *)con->misc_info; + } else { + http_state = (http_info *)safe_zalloc(sizeof(http_info)); + } + + if (con->inbuf == NULL) { + nsock_read(nsp, con->niod, ncrack_read_handler, WORDPRESS_TIMEOUT, con); + return -1; + } + + // Useful for debugging + //memprint((const char *)con->inbuf->get_dataptr(), con->inbuf->get_len()); + + /* Until when do we keep reading data? + * \n is a good indicator but keep in mind other implementations might send \r\n instead + * Since we observer in wireshark that in the first reply by wordpress when we send it a HTTP GET request + * the reply always ends in \n then we search for that as the end of the packet (to avoid any + * fancy HTTP parsing) - we do this only when we are in WORDPRESS_GET state + */ + + if ((ptr = memsearch((const char *)con->inbuf->get_dataptr(), "Content-Length:", con->inbuf->get_len()))) { + /* make pointer point to the end of string "Content-Length:" (plus one space) */ + ptr += 16; /* it should now point to the Content-Length number */ + + tmp[0] = *ptr; + tmp[1] = '\0'; + num = strtol(tmp, NULL, 10); + /* if first character of Content-length is anything else other than 0, then we expect to + * see an HTTP payload */ + if (num != 0) { + http_state->content_expected = 1; + } + } else if ((ptr = memsearch((const char *)con->inbuf->get_dataptr(), "Transfer-Encoding: chunked", con->inbuf->get_len()))) { + http_state->chunk_expected = 1; + } + + /* If you have content (content-length > 0) then you need to read until */ + if (http_state->content_expected) { + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\n", con->inbuf->get_len())) { + http_state->content_expected = 0; + nsock_read(nsp, con->niod, ncrack_read_handler, WORDPRESS_TIMEOUT, con); + return -1; + } + } else if (http_state->chunk_expected) { + + if (con->state == WORDPRESS_GET && !memsearch((const char *)con->inbuf->get_dataptr(), "\n\t", con->inbuf->get_len())) { + http_state->chunk_expected = 0; + nsock_read(nsp, con->niod, ncrack_read_handler, WORDPRESS_TIMEOUT, con); + return -1; + } + + if ((ptr = memsearch((const char *)con->inbuf->get_dataptr(), "\r\n\r\n", con->inbuf->get_len()))) { + ptr += 4; + if (memcmp(ptr, "\0", 1)) { + http_state->chunk_expected = 0; + return 0; + } + } + + } else { + /* + * For the rest of the cases - when we need an indicator for the replies from wordpress to our authentication + * attempts, we search for \r\n\r\n as the end of the packet + */ + if (!memsearch((const char *)con->inbuf->get_dataptr(), "\r\n\r\n", con->inbuf->get_len())) { + nsock_read(nsp, con->niod, ncrack_read_handler, WORDPRESS_TIMEOUT, con); + return -1; + } + } + + + return 0; +} + diff --git a/include/DomainExec/mswin32/LICENSE b/include/DomainExec/mswin32/LICENSE new file mode 100644 index 00000000..4db82528 --- /dev/null +++ b/include/DomainExec/mswin32/LICENSE @@ -0,0 +1,192 @@ + +COPYING -- Describes the terms under which Nmap is distributed. + +IMPORTANT NMAP LICENSE TERMS + +The Nmap Security Scanner is (C) 1996-2016 Insecure.Com LLC. Nmap is also a registered trademark of Insecure.Com LLC. This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your right to use, modify, and redistribute this software under certain conditions. If you wish to embed Nmap technology into proprietary software, we sell alternative licenses (contact sales@nmap.com). Dozens of software vendors already license Nmap technology such as host discovery, port scanning, OS detection, version detection, and the Nmap Scripting Engine. + +Note that the GPL places important restrictions on "derivative works", yet it does not provide a detailed definition of that term. To avoid misunderstandings, we interpret that term as broadly as copyright law allows. For example, we consider an application to constitute a derivative work for the purpose of this license if it does any of the following with any software or content covered by this license ("Covered Software"): + + +o Integrates source code from Covered Software. + + +o Reads or includes copyrighted data files, such as Nmap's nmap-os-db or nmap-service-probes. + + +o Is designed specifically to execute Covered Software and parse the results (as opposed to typical shell or execution-menu apps, which will execute anything you tell them to). + + +o Includes Covered Software in a proprietary executable installer. The installers produced by InstallShield are an example of this. Including Nmap with other software in compressed or archival form does not trigger this provision, provided appropriate open source decompression or de-archiving software is widely available for no charge. For the purposes of this license, an installer is considered to include Covered Software even if it actually retrieves a copy of Covered Software from another source during runtime (such as by downloading it from the Internet). + + +o Links (statically or dynamically) to a library which does any of the above. + + +o Executes a helper program, module, or script to do any of the above. + +This list is not exclusive, but is meant to clarify our interpretation of derived works with some common examples. Other people may interpret the plain GPL differently, so we consider this a special exception to the GPL that we apply to Covered Software. Works which meet any of these conditions must conform to all of the terms of this license, particularly including the GPL Section 3 requirements of providing source code and allowing free redistribution of the work as a whole. + +As another special exception to the GPL terms, Insecure.Com LLC grants permission to link the code of this program with any version of the OpenSSL library which is distributed under a license identical to that listed in the included docs/licenses/OpenSSL.txt file, and distribute linked combinations including the two. + +Any redistribution of Covered Software, including any derived works, must obey and carry forward all of the terms of this license, including obeying all GPL rules and restrictions. For example, source code of the whole work must be provided and free redistribution must be allowed. All GPL references to "this License", are to be treated as including the terms and conditions of this license text as well. + +Because this license imposes special exceptions to the GPL, Covered Work may not be combined (even as part of a larger work) with plain GPL software. The terms, conditions, and exceptions of this license must be included as well. This license is incompatible with some other open source licenses as well. In some cases we can relicense portions of Nmap or grant special permissions to use it in other open source software. Please contact fyodor@nmap.org with any such requests. Similarly, we don't incorporate incompatible open source software into Covered Software without special permission from the copyright holders. + +If you have any questions about the licensing restrictions on using Nmap in other works, are happy to help. As mentioned above, we also offer alternative license to integrate Nmap into proprietary applications and appliances. These contracts have been sold to dozens of software vendors, and generally include a perpetual license as well as providing for priority support and updates. They also fund the continued development of Nmap. Please email sales@nmap.com for further information. + +If you have received a written license agreement or contract for Covered Software stating terms other than these, you may choose to use and redistribute Covered Software under those terms instead of these. + +Source is provided to this software because we believe users have a right to know exactly what a program is going to do before they run it. This also allows you to audit the software for security holes. + +Source code also allows you to port Nmap to new platforms, fix bugs, and add new features. You are highly encouraged to send your changes to the dev@nmap.org mailing list for possible incorporation into the main distribution. By sending these changes to Fyodor or one of the Insecure.Org development mailing lists, or checking them into the Nmap source code repository, it is understood (unless you specify otherwise) that you are offering the Nmap Project (Insecure.Com LLC) the unlimited, non-exclusive right to reuse, modify, and relicense the code. Nmap will always be available Open Source, but this is important because the inability to relicense code has caused devastating problems for other Free Software projects (such as KDE and NASM). We also occasionally relicense the code to third parties as discussed above. If you wish to specify special license conditions of your contributions, just say so when you send them. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap license file for more details (it's in a COPYING file included with Nmap, and also available from https://svn.nmap.org/nmap/COPYING) + + + + + +GNU General Public License + + + + + +Table of Contents + +GNU GENERAL PUBLIC LICENSE +o Preamble +o TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION +o How to Apply These Terms to Your New Programs + + + + + +GNU GENERAL PUBLIC LICENSE + +Version 2, June 1991 + + +Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. + +Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. + +Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. + +The precise terms and conditions for copying, distribution and modification follow. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. + +1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. + +You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + +a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. + +b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. + +c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + +3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: + +a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + +b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + +c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + +If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. + +4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + +5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. + +6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. + +7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + +This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + +8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + +9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. + +10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + +NO WARRANTY + +11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + +one line to give the program's name and an idea of what it does. +Copyright (C) 19yy name of author + +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this when it starts in an interactive mode: + +Gnomovision version 69, +Copyright (C) 19yy name of author +Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. + +signature of Ty Coon, 1 April 1989 +Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. \ No newline at end of file diff --git a/include/DomainExec/mswin32/Makefile b/include/DomainExec/mswin32/Makefile new file mode 100644 index 00000000..7a43ded1 --- /dev/null +++ b/include/DomainExec/mswin32/Makefile @@ -0,0 +1,41 @@ +MAKENSIS="/cygdrive/c/Program Files (x86)/NSIS/makensis.exe" +#VCEXPRESS := $(shell reg query "HKEY_CLASSES_ROOT\\Applications\\devenv.exe\\shell\\edit\\command" | egrep -i '[A-Z]:\\' | cut -d\" -f2 | sed 's%\\%/%g' | tr -d '\n') +VCEXPRESS="/cygdrive/c/Program Files (x86)/Microsoft Visual Studio 14.0/Common7/IDE/devenv.exe" +export NCRACK_VERSION := $(shell grep '^\#[ \t]*define[ \t]\+NCRACK_VERSION' ../ncrack.h | sed -e 's/.*"\(.*\)".*/\1/' -e 'q') +export NCRACK_NUM_VERSION := $(shell grep '^\#[ \t]*define[ \t]\+NCRACK_NUM_VERSION' ../ncrack.h | sed -e 's/.*"\(.*\)".*/\1/' -e 'q') +COMMA_VERSION=$(shell echo $(NCRACK_NUM_VERSION) | tr '.' ',') +LOGLOC=c:ncrackbuild.log + +winbuild: nsis/Ncrack.nsi LICENSE +# VCExpress.exe is devenv.com with the commercial Visual Studio suite instead of VC++ Express + + @./license-format/licformat.sh ../COPYING > LICENSE + + $(VCEXPRESS) ncrack.sln /build release /out $(LOGLOC) + rm -rf ncrack-$(NCRACK_VERSION) + mkdir ncrack-$(NCRACK_VERSION) + cd Release && cp -r ../../COPYING ncrack-services ncrack.exe ../ncrack-$(NCRACK_VERSION)/ +# Use "cmd /c copy" rather than "cp" to preserve Windows ACLs. Using +# "cp" means that the copied DLLs don't have the same ACL and cause an +# error on startup: 0xc0000022. + cmd /c copy .\\OpenSSL\\bin\\*.dll ncrack-$(NCRACK_VERSION)\ + + cp nsis/AddToPath.nsh nsis/Ncrack.nsi nsis/final.ini ncrack-$(NCRACK_VERSION) + $(MAKENSIS) ncrack-$(NCRACK_VERSION)/Ncrack.nsi + mv ncrack-$(NCRACK_VERSION)/NcrackInstaller.exe ncrack-$(NCRACK_VERSION)-setup.exe + + +nsis/Ncrack.nsi: nsis/Ncrack.nsi.in + sed -e '1i; Automatically generated from $<.' \ + -e 's/@@VIPRODUCTVERSION@@/"$(NCRACK_NUM_VERSION)"/' \ + -e 's/@@VERSION@@/"$(NCRACK_VERSION)"/' \ + "$<" > "$@" + + +LICENSE: ../COPYING + ./license-format/licformat.sh "$<" > "$@" + + +clean: + $(VCEXPRESS) ncrack.sln /clean + rm -rf Debug Release ncrackbuild.log LICENSE diff --git a/include/DomainExec/mswin32/OpenSSL/bin/c_rehash.pl b/include/DomainExec/mswin32/OpenSSL/bin/c_rehash.pl new file mode 100644 index 00000000..98b18eb1 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/bin/c_rehash.pl @@ -0,0 +1,232 @@ +#!/usr/bin/env perl + +# WARNING: do not edit! +# Generated by makefile from ..\tools\c_rehash.in +# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $dir = "ssl"; +my $prefix = "E:\\projects\\firedaemon\\openssl-1.1"; + +my $errorcount = 0; +my $openssl = $ENV{OPENSSL} || "openssl"; +my $pwd; +my $x509hash = "-subject_hash"; +my $crlhash = "-hash"; +my $verbose = 0; +my $symlink_exists=eval {symlink("",""); 1}; +my $removelinks = 1; + +## Parse flags. +while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); + if ( $flag eq '-old') { + $x509hash = "-subject_hash_old"; + $crlhash = "-hash_old"; + } elsif ( $flag eq '-h' || $flag eq '-help' ) { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; + } elsif ( $flag eq '-v' ) { + $verbose++; + } + else { + print STDERR "Usage error; try -h.\n"; + exit 1; + } +} + +sub help { + print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n"; + print " -old use old-style digest\n"; + print " -h or -help print this help text\n"; + print " -v print files removed and linked\n"; + exit 0; +} + +eval "require Cwd"; +if (defined(&Cwd::getcwd)) { + $pwd=Cwd::getcwd(); +} else { + $pwd=`pwd`; + chomp($pwd); +} + +# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. +my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); + +if (! -x $openssl) { + my $found = 0; + foreach (split /$path_delim/, $ENV{PATH}) { + if (-x "$_/$openssl") { + $found = 1; + $openssl = "$_/$openssl"; + last; + } + } + if ($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if (@ARGV) { + @dirlist = @ARGV; +} elsif ($ENV{SSL_CERT_DIR}) { + @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + +if (-d $dirlist[0]) { + chdir $dirlist[0]; + $openssl="$pwd/$openssl" if (!-x $openssl); + chdir $pwd; +} + +foreach (@dirlist) { + if (-d $_ ) { + if ( -w $_) { + hash_dir($_); + } else { + print "Skipping $_, can't write\n"; + $errorcount++; + } + } +} +exit($errorcount); + +sub hash_dir { + my %hashlist; + print "Doing $_[0]\n"; + chdir $_[0]; + opendir(DIR, "."); + my @flist = sort readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if (-l $_) { + print "unlink $_" if $verbose; + unlink $_ || warn "Can't unlink $_, $!\n"; + } + } + } + FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if (!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if ($cert); + link_hash_crl($fname) if ($crl); + } +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + open IN, $fname; + while() { + if (/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if ($is_crl); + } elsif ($hdr eq "X509 CRL") { + $is_crl = 1; + last if ($is_cert); + } + } + } + close IN; + return ($is_cert, $is_crl); +} + + +# Link a certificate to its subject name hash value, each hash is of +# the form . where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate certificate $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "copy $fname -> $hash\n" if $verbose; + if (open($in, "<", $fname)) { + if (open($out,">", $hash)) { + print $out $_ while (<$in>); + close $out; + } else { + warn "can't open $hash for write, $!"; + } + close $in; + } else { + warn "can't open $fname for read, $!"; + } + } + $hashlist{$hash} = $fprint; +} + +# Same as above except for a CRL. CRL links are of the form .r + +sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.r$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.r$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate CRL $fname\n"; + return; + } + $suffix++; + } + $hash .= ".r$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "cp $fname -> $hash\n" if $verbose; + system ("cp", $fname, $hash); + warn "Can't copy, $!" if ($? >> 8) != 0; + } + $hashlist{$hash} = $fprint; +} diff --git a/include/DomainExec/mswin32/OpenSSL/bin/libcrypto-1_1.dll b/include/DomainExec/mswin32/OpenSSL/bin/libcrypto-1_1.dll new file mode 100644 index 00000000..a1bdd7a7 Binary files /dev/null and b/include/DomainExec/mswin32/OpenSSL/bin/libcrypto-1_1.dll differ diff --git a/include/DomainExec/mswin32/OpenSSL/bin/libcrypto-1_1.pdb b/include/DomainExec/mswin32/OpenSSL/bin/libcrypto-1_1.pdb new file mode 100644 index 00000000..57f096c1 Binary files /dev/null and b/include/DomainExec/mswin32/OpenSSL/bin/libcrypto-1_1.pdb differ diff --git a/include/DomainExec/mswin32/OpenSSL/bin/libssl-1_1.dll b/include/DomainExec/mswin32/OpenSSL/bin/libssl-1_1.dll new file mode 100644 index 00000000..6c1c1c2b Binary files /dev/null and b/include/DomainExec/mswin32/OpenSSL/bin/libssl-1_1.dll differ diff --git a/include/DomainExec/mswin32/OpenSSL/bin/libssl-1_1.pdb b/include/DomainExec/mswin32/OpenSSL/bin/libssl-1_1.pdb new file mode 100644 index 00000000..289252f2 Binary files /dev/null and b/include/DomainExec/mswin32/OpenSSL/bin/libssl-1_1.pdb differ diff --git a/include/DomainExec/mswin32/OpenSSL/bin/openssl.exe b/include/DomainExec/mswin32/OpenSSL/bin/openssl.exe new file mode 100644 index 00000000..0df8d802 Binary files /dev/null and b/include/DomainExec/mswin32/OpenSSL/bin/openssl.exe differ diff --git a/include/DomainExec/mswin32/OpenSSL/bin/openssl.pdb b/include/DomainExec/mswin32/OpenSSL/bin/openssl.pdb new file mode 100644 index 00000000..3ed36465 Binary files /dev/null and b/include/DomainExec/mswin32/OpenSSL/bin/openssl.pdb differ diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/aes.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/aes.h new file mode 100644 index 00000000..245c552a --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/aes.h @@ -0,0 +1,92 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_AES_H +# define HEADER_AES_H + +# include + +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define AES_ENCRYPT 1 +# define AES_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ +# define AES_MAXNR 14 +# define AES_BLOCK_SIZE 16 + +/* This should be a hidden type, but EVP requires that the size be known */ +struct aes_key_st { +# ifdef AES_LONG + unsigned long rd_key[4 * (AES_MAXNR + 1)]; +# else + unsigned int rd_key[4 * (AES_MAXNR + 1)]; +# endif + int rounds; +}; +typedef struct aes_key_st AES_KEY; + +const char *AES_options(void); + +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc); +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); +/* NB: the IV is _two_ blocks long */ +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +/* NB: the IV is _four_ blocks long */ +void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc); + +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/applink.c b/include/DomainExec/mswin32/OpenSSL/include/openssl/applink.c new file mode 100644 index 00000000..238dbff3 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/applink.c @@ -0,0 +1,138 @@ +/* + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define APPLINK_STDIN 1 +#define APPLINK_STDOUT 2 +#define APPLINK_STDERR 3 +#define APPLINK_FPRINTF 4 +#define APPLINK_FGETS 5 +#define APPLINK_FREAD 6 +#define APPLINK_FWRITE 7 +#define APPLINK_FSETMOD 8 +#define APPLINK_FEOF 9 +#define APPLINK_FCLOSE 10 /* should not be used */ + +#define APPLINK_FOPEN 11 /* solely for completeness */ +#define APPLINK_FSEEK 12 +#define APPLINK_FTELL 13 +#define APPLINK_FFLUSH 14 +#define APPLINK_FERROR 15 +#define APPLINK_CLEARERR 16 +#define APPLINK_FILENO 17 /* to be used with below */ + +#define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */ +#define APPLINK_READ 19 +#define APPLINK_WRITE 20 +#define APPLINK_LSEEK 21 +#define APPLINK_CLOSE 22 +#define APPLINK_MAX 22 /* always same as last macro */ + +#ifndef APPMACROS_ONLY +# include +# include +# include + +static void *app_stdin(void) +{ + return stdin; +} + +static void *app_stdout(void) +{ + return stdout; +} + +static void *app_stderr(void) +{ + return stderr; +} + +static int app_feof(FILE *fp) +{ + return feof(fp); +} + +static int app_ferror(FILE *fp) +{ + return ferror(fp); +} + +static void app_clearerr(FILE *fp) +{ + clearerr(fp); +} + +static int app_fileno(FILE *fp) +{ + return _fileno(fp); +} + +static int app_fsetmod(FILE *fp, char mod) +{ + return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT); +} + +#ifdef __cplusplus +extern "C" { +#endif + +__declspec(dllexport) +void ** +# if defined(__BORLANDC__) +/* + * __stdcall appears to be the only way to get the name + * decoration right with Borland C. Otherwise it works + * purely incidentally, as we pass no parameters. + */ +__stdcall +# else +__cdecl +# endif +OPENSSL_Applink(void) +{ + static int once = 1; + static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] = + { (void *)APPLINK_MAX }; + + if (once) { + OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin; + OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout; + OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr; + OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf; + OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets; + OPENSSL_ApplinkTable[APPLINK_FREAD] = fread; + OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite; + OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod; + OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof; + OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose; + + OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen; + OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek; + OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell; + OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush; + OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror; + OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr; + OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno; + + OPENSSL_ApplinkTable[APPLINK_OPEN] = _open; + OPENSSL_ApplinkTable[APPLINK_READ] = _read; + OPENSSL_ApplinkTable[APPLINK_WRITE] = _write; + OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek; + OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close; + + once = 0; + } + + return OPENSSL_ApplinkTable; +} + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1.h new file mode 100644 index 00000000..9522eec1 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1.h @@ -0,0 +1,886 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1_H +# define HEADER_ASN1_H + +# include +# include +# include +# include +# include +# include +# include + +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define V_ASN1_UNIVERSAL 0x00 +# define V_ASN1_APPLICATION 0x40 +# define V_ASN1_CONTEXT_SPECIFIC 0x80 +# define V_ASN1_PRIVATE 0xc0 + +# define V_ASN1_CONSTRUCTED 0x20 +# define V_ASN1_PRIMITIVE_TAG 0x1f +# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG + +# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ +# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ +# define V_ASN1_ANY -4/* used in ASN1 template code */ + +# define V_ASN1_UNDEF -1 +/* ASN.1 tag values */ +# define V_ASN1_EOC 0 +# define V_ASN1_BOOLEAN 1 /**/ +# define V_ASN1_INTEGER 2 +# define V_ASN1_BIT_STRING 3 +# define V_ASN1_OCTET_STRING 4 +# define V_ASN1_NULL 5 +# define V_ASN1_OBJECT 6 +# define V_ASN1_OBJECT_DESCRIPTOR 7 +# define V_ASN1_EXTERNAL 8 +# define V_ASN1_REAL 9 +# define V_ASN1_ENUMERATED 10 +# define V_ASN1_UTF8STRING 12 +# define V_ASN1_SEQUENCE 16 +# define V_ASN1_SET 17 +# define V_ASN1_NUMERICSTRING 18 /**/ +# define V_ASN1_PRINTABLESTRING 19 +# define V_ASN1_T61STRING 20 +# define V_ASN1_TELETEXSTRING 20/* alias */ +# define V_ASN1_VIDEOTEXSTRING 21 /**/ +# define V_ASN1_IA5STRING 22 +# define V_ASN1_UTCTIME 23 +# define V_ASN1_GENERALIZEDTIME 24 /**/ +# define V_ASN1_GRAPHICSTRING 25 /**/ +# define V_ASN1_ISO64STRING 26 /**/ +# define V_ASN1_VISIBLESTRING 26/* alias */ +# define V_ASN1_GENERALSTRING 27 /**/ +# define V_ASN1_UNIVERSALSTRING 28 /**/ +# define V_ASN1_BMPSTRING 30 + +/* + * NB the constants below are used internally by ASN1_INTEGER + * and ASN1_ENUMERATED to indicate the sign. They are *not* on + * the wire tag values. + */ + +# define V_ASN1_NEG 0x100 +# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* For use with d2i_ASN1_type_bytes() */ +# define B_ASN1_NUMERICSTRING 0x0001 +# define B_ASN1_PRINTABLESTRING 0x0002 +# define B_ASN1_T61STRING 0x0004 +# define B_ASN1_TELETEXSTRING 0x0004 +# define B_ASN1_VIDEOTEXSTRING 0x0008 +# define B_ASN1_IA5STRING 0x0010 +# define B_ASN1_GRAPHICSTRING 0x0020 +# define B_ASN1_ISO64STRING 0x0040 +# define B_ASN1_VISIBLESTRING 0x0040 +# define B_ASN1_GENERALSTRING 0x0080 +# define B_ASN1_UNIVERSALSTRING 0x0100 +# define B_ASN1_OCTET_STRING 0x0200 +# define B_ASN1_BIT_STRING 0x0400 +# define B_ASN1_BMPSTRING 0x0800 +# define B_ASN1_UNKNOWN 0x1000 +# define B_ASN1_UTF8STRING 0x2000 +# define B_ASN1_UTCTIME 0x4000 +# define B_ASN1_GENERALIZEDTIME 0x8000 +# define B_ASN1_SEQUENCE 0x10000 +/* For use with ASN1_mbstring_copy() */ +# define MBSTRING_FLAG 0x1000 +# define MBSTRING_UTF8 (MBSTRING_FLAG) +# define MBSTRING_ASC (MBSTRING_FLAG|1) +# define MBSTRING_BMP (MBSTRING_FLAG|2) +# define MBSTRING_UNIV (MBSTRING_FLAG|4) +# define SMIME_OLDMIME 0x400 +# define SMIME_CRLFEOL 0x800 +# define SMIME_STREAM 0x1000 + struct X509_algor_st; +DEFINE_STACK_OF(X509_ALGOR) + +# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +/* + * This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should be + * inserted in the memory buffer + */ +# define ASN1_STRING_FLAG_NDEF 0x010 + +/* + * This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been accessed. + * The flag will be reset when content has been written to it. + */ + +# define ASN1_STRING_FLAG_CONT 0x020 +/* + * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +# define ASN1_STRING_FLAG_MSTRING 0x040 +/* String is embedded and only content should be freed */ +# define ASN1_STRING_FLAG_EMBED 0x080 +/* String should be parsed in RFC 5280's time format */ +# define ASN1_STRING_FLAG_X509_TIME 0x100 +/* This is the base type that holds just about everything :-) */ +struct asn1_string_st { + int length; + int type; + unsigned char *data; + /* + * The value of the following field depends on the type being held. It + * is mostly being used for BIT_STRING so if the input data has a + * non-zero 'unused bits' value, it will be handled correctly + */ + long flags; +}; + +/* + * ASN1_ENCODING structure: this is used to save the received encoding of an + * ASN1 type. This is useful to get round problems with invalid encodings + * which can break signatures. + */ + +typedef struct ASN1_ENCODING_st { + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ +} ASN1_ENCODING; + +/* Used with ASN1 LONG type: if a long is set to this it is omitted */ +# define ASN1_LONG_UNDEF 0x7fffffffL + +# define STABLE_FLAGS_MALLOC 0x01 +/* + * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted + * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting + * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias + * STABLE_FLAGS_CLEAR to reflect this. + */ +# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC +# define STABLE_NO_MASK 0x02 +# define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +typedef struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +} ASN1_STRING_TABLE; + +DEFINE_STACK_OF(ASN1_STRING_TABLE) + +/* size limits: this stuff is taken straight from RFC2459 */ + +# define ub_name 32768 +# define ub_common_name 64 +# define ub_locality_name 128 +# define ub_state_name 128 +# define ub_organization_name 64 +# define ub_organization_unit_name 64 +# define ub_title 64 +# define ub_email_address 128 + +/* + * Declarations for template structures: for full definitions see asn1t.h + */ +typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +typedef struct ASN1_TLC_st ASN1_TLC; +/* This is just an opaque pointer */ +typedef struct ASN1_VALUE_st ASN1_VALUE; + +/* Declare ASN1 functions: the implement macro in in asn1t.h */ + +# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + +# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(itname) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(const type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(name) + +# define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(name *a, unsigned char **out); + +# define DECLARE_ASN1_FUNCTIONS_const(name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); + +# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +# define I2D_OF(type) int (*)(type *,unsigned char **) +# define I2D_OF_const(type) int (*)(const type *,unsigned char **) + +# define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +# define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +# define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +# define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +TYPEDEF_D2I2D_OF(void); + +/*- + * The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in + * different forms. On platforms that support it the + * ASN1_ITEM structure itself will be globally exported. + * Other platforms will export a function that returns + * an ASN1_ITEM pointer. + * + * To handle both cases transparently the macros below + * should be used instead of hard coding an ASN1_ITEM + * pointer in a structure. + * + * The structure will look like this: + * + * typedef struct SOMETHING_st { + * ... + * ASN1_ITEM_EXP *iptr; + * ... + * } SOMETHING; + * + * It would be initialised as e.g.: + * + * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; + * + * and the actual pointer extracted with: + * + * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); + * + * Finally an ASN1_ITEM pointer can be extracted from an + * appropriate reference with: ASN1_ITEM_rptr(X509). This + * would be used when a function takes an ASN1_ITEM * argument. + * + */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM ASN1_ITEM_EXP; + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (&(iptr##_it)) + +# define ASN1_ITEM_rptr(ref) (&(ref##_it)) + +# define DECLARE_ASN1_ITEM(name) \ + OPENSSL_EXTERN const ASN1_ITEM name##_it; + +# else + +/* + * Platforms that can't easily handle shared global variables are declared as + * functions returning ASN1_ITEM pointers. + */ + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr()) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (iptr##_it) + +# define ASN1_ITEM_rptr(ref) (ref##_it()) + +# define DECLARE_ASN1_ITEM(name) \ + const ASN1_ITEM * name##_it(void); + +# endif + +/* Parameters used by ASN1_STRING_print_ex() */ + +/* + * These determine which characters to escape: RFC2253 special characters, + * control characters and MSB set characters + */ + +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 + +/* + * This flag determines how we do escaping: normally RC2253 backslash only, + * set this to use backslash and quote. + */ + +# define ASN1_STRFLGS_ESC_QUOTE 8 + +/* These three flags are internal use only. */ + +/* Character is a valid PrintableString character */ +# define CHARTYPE_PRINTABLESTRING 0x10 +/* Character needs escaping if it is the first character */ +# define CHARTYPE_FIRST_ESC_2253 0x20 +/* Character needs escaping if it is the last character */ +# define CHARTYPE_LAST_ESC_2253 0x40 + +/* + * NB the internal flags are safely reused below by flags handled at the top + * level. + */ + +/* + * If this is set we convert all character strings to UTF8 first + */ + +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +/* + * If this is set we don't attempt to interpret content: just assume all + * strings are 1 byte per character. This will produce some pretty odd + * looking output! + */ + +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 + +/* If this is set we include the string type in the output */ +# define ASN1_STRFLGS_SHOW_TYPE 0x40 + +/* + * This determines which strings to display and which to 'dump' (hex dump of + * content octets or DER encoding). We can only dump non character strings or + * everything. If we don't dump 'unknown' they are interpreted as character + * strings with 1 octet per character and are subject to the usual escaping + * options. + */ + +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +/* + * These determine what 'dumping' does, we can dump the content octets or the + * DER encoding: both use the RFC2253 #XXXXX notation. + */ + +# define ASN1_STRFLGS_DUMP_DER 0x200 + +/* + * This flag specifies that RC2254 escaping shall be performed. + */ +#define ASN1_STRFLGS_ESC_2254 0x400 + +/* + * All the string flags consistent with RFC2253, escaping control characters + * isn't essential in RFC2253 but it is advisable anyway. + */ + +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +DEFINE_STACK_OF(ASN1_INTEGER) + +DEFINE_STACK_OF(ASN1_GENERALSTRING) + +DEFINE_STACK_OF(ASN1_UTF8STRING) + +typedef struct asn1_type_st { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING *asn1_string; + ASN1_OBJECT *object; + ASN1_INTEGER *integer; + ASN1_ENUMERATED *enumerated; + ASN1_BIT_STRING *bit_string; + ASN1_OCTET_STRING *octet_string; + ASN1_PRINTABLESTRING *printablestring; + ASN1_T61STRING *t61string; + ASN1_IA5STRING *ia5string; + ASN1_GENERALSTRING *generalstring; + ASN1_BMPSTRING *bmpstring; + ASN1_UNIVERSALSTRING *universalstring; + ASN1_UTCTIME *utctime; + ASN1_GENERALIZEDTIME *generalizedtime; + ASN1_VISIBLESTRING *visiblestring; + ASN1_UTF8STRING *utf8string; + /* + * set and sequence are left complete and still contain the set or + * sequence bytes + */ + ASN1_STRING *set; + ASN1_STRING *sequence; + ASN1_VALUE *asn1_value; + } value; +} ASN1_TYPE; + +DEFINE_STACK_OF(ASN1_TYPE) + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + +# define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME + +# define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ + B_ASN1_UNKNOWN + +# define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING + +# define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING| \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + +DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + +int ASN1_TYPE_get(const ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); +void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); + +ASN1_OBJECT *ASN1_OBJECT_new(void); +void ASN1_OBJECT_free(ASN1_OBJECT *a); +int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); +ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); + +DECLARE_ASN1_ITEM(ASN1_OBJECT) + +DEFINE_STACK_OF(ASN1_OBJECT) + +ASN1_STRING *ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); +ASN1_STRING *ASN1_STRING_type_new(int type); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); +void ASN1_STRING_length_set(ASN1_STRING *x, int n); +int ASN1_STRING_type(const ASN1_STRING *x); +DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x)) +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + +DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, + const unsigned char *flags, int flags_len); + +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl); + +DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, + long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + +int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); + +DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_NULL) +DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) +DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + +DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_TIME_check(const ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_normalize(ASN1_TIME *s); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); + +int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); +int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + +int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(const unsigned char *s, int max); + +unsigned long ASN1_tag2bit(int tag); + +/* SPECIALS */ +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p, long len); +int ASN1_const_check_infinite_end(const unsigned char **p, long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, + int tag, int xclass); +int ASN1_put_eoc(unsigned char **pp); +int ASN1_object_size(int constructed, int length, int tag); + +/* Used to implement other functions */ +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); + +# define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_dup_of_const(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) + +void *ASN1_item_dup(const ASN1_ITEM *it, void *x); + +/* ASN1 alloc/free macros for when a type is only used internally */ + +# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +# define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +# ifndef OPENSSL_NO_STDIO +void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); + +# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); + +# define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_fp_of_const(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); +int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +# endif + +int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); + +void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); + +# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); + +# define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_bio_of_const(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, + int dump); +const char *ASN1_tag2str(int tag); + +/* Used to load and write Netscape format cert */ + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(const char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, + int inform, int nid); +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); +int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +void ASN1_STRING_TABLE_cleanup(void); + +/* ASN1 template functions */ + +/* Old API compatible functions */ +ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); +int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it); + +void ASN1_add_oid_module(void); +void ASN1_add_stable_module(void); + +ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +int ASN1_str2mask(const char *str, unsigned long *pmask); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +void ASN1_SCTX_free(ASN1_SCTX *p); +const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); +const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); +unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p); +void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data); +void *ASN1_SCTX_get_app_data(ASN1_SCTX *p); + +const BIO_METHOD *BIO_f_asn1(void); + +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it); +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + +const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +const ASN1_ITEM *ASN1_ITEM_get(size_t i); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1_mac.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1_mac.h new file mode 100644 index 00000000..7ac1782a --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1_mac.h @@ -0,0 +1,10 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#error "This file is obsolete; please update your software." diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1err.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1err.h new file mode 100644 index 00000000..faed5a55 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1err.h @@ -0,0 +1,256 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1ERR_H +# define HEADER_ASN1ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASN1_strings(void); + +/* + * ASN1 function codes. + */ +# define ASN1_F_A2D_ASN1_OBJECT 100 +# define ASN1_F_A2I_ASN1_INTEGER 102 +# define ASN1_F_A2I_ASN1_STRING 103 +# define ASN1_F_APPEND_EXP 176 +# define ASN1_F_ASN1_BIO_INIT 113 +# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +# define ASN1_F_ASN1_CB 177 +# define ASN1_F_ASN1_CHECK_TLEN 104 +# define ASN1_F_ASN1_COLLECT 106 +# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 +# define ASN1_F_ASN1_D2I_FP 109 +# define ASN1_F_ASN1_D2I_READ_BIO 107 +# define ASN1_F_ASN1_DIGEST 184 +# define ASN1_F_ASN1_DO_ADB 110 +# define ASN1_F_ASN1_DO_LOCK 233 +# define ASN1_F_ASN1_DUP 111 +# define ASN1_F_ASN1_ENC_SAVE 115 +# define ASN1_F_ASN1_EX_C2I 204 +# define ASN1_F_ASN1_FIND_END 190 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 +# define ASN1_F_ASN1_GENERATE_V3 178 +# define ASN1_F_ASN1_GET_INT64 224 +# define ASN1_F_ASN1_GET_OBJECT 114 +# define ASN1_F_ASN1_GET_UINT64 225 +# define ASN1_F_ASN1_I2D_BIO 116 +# define ASN1_F_ASN1_I2D_FP 117 +# define ASN1_F_ASN1_ITEM_D2I_FP 206 +# define ASN1_F_ASN1_ITEM_DUP 191 +# define ASN1_F_ASN1_ITEM_EMBED_D2I 120 +# define ASN1_F_ASN1_ITEM_EMBED_NEW 121 +# define ASN1_F_ASN1_ITEM_FLAGS_I2D 118 +# define ASN1_F_ASN1_ITEM_I2D_BIO 192 +# define ASN1_F_ASN1_ITEM_I2D_FP 193 +# define ASN1_F_ASN1_ITEM_PACK 198 +# define ASN1_F_ASN1_ITEM_SIGN 195 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 220 +# define ASN1_F_ASN1_ITEM_UNPACK 199 +# define ASN1_F_ASN1_ITEM_VERIFY 197 +# define ASN1_F_ASN1_MBSTRING_NCOPY 122 +# define ASN1_F_ASN1_OBJECT_NEW 123 +# define ASN1_F_ASN1_OUTPUT_DATA 214 +# define ASN1_F_ASN1_PCTX_NEW 205 +# define ASN1_F_ASN1_PRIMITIVE_NEW 119 +# define ASN1_F_ASN1_SCTX_NEW 221 +# define ASN1_F_ASN1_SIGN 128 +# define ASN1_F_ASN1_STR2TYPE 179 +# define ASN1_F_ASN1_STRING_GET_INT64 227 +# define ASN1_F_ASN1_STRING_GET_UINT64 230 +# define ASN1_F_ASN1_STRING_SET 186 +# define ASN1_F_ASN1_STRING_TABLE_ADD 129 +# define ASN1_F_ASN1_STRING_TO_BN 228 +# define ASN1_F_ASN1_STRING_TYPE_NEW 130 +# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 +# define ASN1_F_ASN1_TEMPLATE_NEW 133 +# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +# define ASN1_F_ASN1_TIME_ADJ 217 +# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 +# define ASN1_F_ASN1_UTCTIME_ADJ 218 +# define ASN1_F_ASN1_VERIFY 137 +# define ASN1_F_B64_READ_ASN1 209 +# define ASN1_F_B64_WRITE_ASN1 210 +# define ASN1_F_BIO_NEW_NDEF 208 +# define ASN1_F_BITSTR_CB 180 +# define ASN1_F_BN_TO_ASN1_STRING 229 +# define ASN1_F_C2I_ASN1_BIT_STRING 189 +# define ASN1_F_C2I_ASN1_INTEGER 194 +# define ASN1_F_C2I_ASN1_OBJECT 196 +# define ASN1_F_C2I_IBUF 226 +# define ASN1_F_C2I_UINT64_INT 101 +# define ASN1_F_COLLECT_DATA 140 +# define ASN1_F_D2I_ASN1_OBJECT 147 +# define ASN1_F_D2I_ASN1_UINTEGER 150 +# define ASN1_F_D2I_AUTOPRIVATEKEY 207 +# define ASN1_F_D2I_PRIVATEKEY 154 +# define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_DO_BUF 142 +# define ASN1_F_DO_CREATE 124 +# define ASN1_F_DO_DUMP 125 +# define ASN1_F_DO_TCREATE 222 +# define ASN1_F_I2A_ASN1_OBJECT 126 +# define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_OBJECT 143 +# define ASN1_F_I2D_DSA_PUBKEY 161 +# define ASN1_F_I2D_EC_PUBKEY 181 +# define ASN1_F_I2D_PRIVATEKEY 163 +# define ASN1_F_I2D_PUBLICKEY 164 +# define ASN1_F_I2D_RSA_PUBKEY 165 +# define ASN1_F_LONG_C2I 166 +# define ASN1_F_NDEF_PREFIX 127 +# define ASN1_F_NDEF_SUFFIX 136 +# define ASN1_F_OID_MODULE_INIT 174 +# define ASN1_F_PARSE_TAGGING 182 +# define ASN1_F_PKCS5_PBE2_SET_IV 167 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 +# define ASN1_F_PKCS5_PBE_SET 202 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +# define ASN1_F_PKCS5_PBKDF2_SET 219 +# define ASN1_F_PKCS5_SCRYPT_SET 232 +# define ASN1_F_SMIME_READ_ASN1 212 +# define ASN1_F_SMIME_TEXT 213 +# define ASN1_F_STABLE_GET 138 +# define ASN1_F_STBL_MODULE_INIT 223 +# define ASN1_F_UINT32_C2I 105 +# define ASN1_F_UINT32_NEW 139 +# define ASN1_F_UINT64_C2I 112 +# define ASN1_F_UINT64_NEW 141 +# define ASN1_F_X509_CRL_ADD0_REVOKED 169 +# define ASN1_F_X509_INFO_NEW 170 +# define ASN1_F_X509_NAME_ENCODE 203 +# define ASN1_F_X509_NAME_EX_D2I 158 +# define ASN1_F_X509_NAME_EX_NEW 171 +# define ASN1_F_X509_PKEY_NEW 173 + +/* + * ASN1 reason codes. + */ +# define ASN1_R_ADDING_OBJECT 171 +# define ASN1_R_ASN1_PARSE_ERROR 203 +# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +# define ASN1_R_AUX_ERROR 100 +# define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +# define ASN1_R_BN_LIB 105 +# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +# define ASN1_R_BUFFER_TOO_SMALL 107 +# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +# define ASN1_R_CONTEXT_NOT_INITIALISED 217 +# define ASN1_R_DATA_IS_WRONG 109 +# define ASN1_R_DECODE_ERROR 110 +# define ASN1_R_DEPTH_EXCEEDED 174 +# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +# define ASN1_R_ENCODE_ERROR 112 +# define ASN1_R_ERROR_GETTING_TIME 173 +# define ASN1_R_ERROR_LOADING_SECTION 172 +# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +# define ASN1_R_EXPECTING_AN_INTEGER 115 +# define ASN1_R_EXPECTING_AN_OBJECT 116 +# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +# define ASN1_R_FIELD_MISSING 121 +# define ASN1_R_FIRST_NUM_TOO_LARGE 122 +# define ASN1_R_HEADER_TOO_LONG 123 +# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +# define ASN1_R_ILLEGAL_BOOLEAN 176 +# define ASN1_R_ILLEGAL_CHARACTERS 124 +# define ASN1_R_ILLEGAL_FORMAT 177 +# define ASN1_R_ILLEGAL_HEX 178 +# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +# define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 +# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +# define ASN1_R_ILLEGAL_NULL 125 +# define ASN1_R_ILLEGAL_NULL_VALUE 182 +# define ASN1_R_ILLEGAL_OBJECT 183 +# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_PADDING 221 +# define ASN1_R_ILLEGAL_TAGGED_ANY 127 +# define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 +# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +# define ASN1_R_INVALID_DIGIT 130 +# define ASN1_R_INVALID_MIME_TYPE 205 +# define ASN1_R_INVALID_MODIFIER 186 +# define ASN1_R_INVALID_NUMBER 187 +# define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 +# define ASN1_R_INVALID_SEPARATOR 131 +# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 +# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +# define ASN1_R_INVALID_UTF8STRING 134 +# define ASN1_R_INVALID_VALUE 219 +# define ASN1_R_LIST_ERROR 188 +# define ASN1_R_MIME_NO_CONTENT_TYPE 206 +# define ASN1_R_MIME_PARSE_ERROR 207 +# define ASN1_R_MIME_SIG_PARSE_ERROR 208 +# define ASN1_R_MISSING_EOC 137 +# define ASN1_R_MISSING_SECOND_NUMBER 138 +# define ASN1_R_MISSING_VALUE 189 +# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +# define ASN1_R_MSTRING_WRONG_TAG 140 +# define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 201 +# define ASN1_R_NON_HEX_CHARACTERS 141 +# define ASN1_R_NOT_ASCII_FORMAT 190 +# define ASN1_R_NOT_ENOUGH_DATA 142 +# define ASN1_R_NO_CONTENT_TYPE 209 +# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +# define ASN1_R_NO_MULTIPART_BOUNDARY 211 +# define ASN1_R_NO_SIG_CONTENT_TYPE 212 +# define ASN1_R_NULL_IS_WRONG_LENGTH 144 +# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +# define ASN1_R_ODD_NUMBER_OF_CHARS 145 +# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +# define ASN1_R_SHORT_LINE 150 +# define ASN1_R_SIG_INVALID_MIME_TYPE 213 +# define ASN1_R_STREAMING_NOT_SUPPORTED 202 +# define ASN1_R_STRING_TOO_LONG 151 +# define ASN1_R_STRING_TOO_SHORT 152 +# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LARGE 223 +# define ASN1_R_TOO_LONG 155 +# define ASN1_R_TOO_SMALL 224 +# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +# define ASN1_R_TYPE_NOT_PRIMITIVE 195 +# define ASN1_R_UNEXPECTED_EOC 159 +# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +# define ASN1_R_UNKNOWN_FORMAT 160 +# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +# define ASN1_R_UNKNOWN_TAG 194 +# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +# define ASN1_R_UNSUPPORTED_CIPHER 228 +# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +# define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_INTEGER_TYPE 225 +# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +# define ASN1_R_WRONG_TAG 168 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1t.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1t.h new file mode 100644 index 00000000..a450ba0d --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/asn1t.h @@ -0,0 +1,945 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1T_H +# define HEADER_ASN1T_H + +# include +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +/* ASN1 template defines, structures and functions */ + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM itname##_it = { + +# define static_ASN1_ITEM_start(itname) \ + static const ASN1_ITEM itname##_it = { + +# define ASN1_ITEM_end(itname) \ + }; + +# else + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM * itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { + +# define static_ASN1_ITEM_start(itname) \ + static ASN1_ITEM_start(itname) + +# define ASN1_ITEM_end(itname) \ + }; \ + return &local_it; \ + } + +# endif + +/* Macros to aid ASN1 template writing */ + +# define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +# define ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + +/* This is a ASN1 type which just embeds a template */ + +/*- + * This pair helps declare a SEQUENCE. We can do: + * + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) + * + * This will produce an ASN1_ITEM called stname_it + * for a structure called stname. + * + * If you want the same structure but a different + * name then use: + * + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) + * + * This will create an item called itname_it using + * a structure called stname. + */ + +# define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + +# define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +# define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_BROKEN_SEQUENCE(tname) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) +# define static_ASN1_BROKEN_SEQUENCE_END(stname) \ + static_ASN1_SEQUENCE_END_ref(stname, stname) + +# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/*- + * This pair helps declare a CHOICE type. We can do: + * + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) + * + * This will produce an ASN1_ITEM called chname_it + * for a structure called chname. The structure + * definition must look like this: + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + * + * the name of the selector must be 'type'. + * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +# define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +# define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_CHOICE(tname) + +# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + +# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + +# define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/* This helps with the template wrapper form of ASN1_ITEM */ + +# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0,\ + #name, ASN1_ITEM_ref(type) } + +/* These help with SEQUENCE or CHOICE components */ + +/* used to declare other types */ + +# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + +/* implicit and explicit helper macros */ + +# define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) + +# define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) + +/* Any defined by macros: the field used is in the table itself */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# else +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } +# endif +/* Plain simple type */ +# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +/* Embedded simple type */ +# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) + +/* OPTIONAL simple type */ +# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type) + +/* IMPLICIT tagged simple type */ +# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) + +/* IMPLICIT tagged OPTIONAL simple type */ +# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* Same as above but EXPLICIT */ + +# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* SEQUENCE OF type */ +# define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + +/* OPTIONAL SEQUENCE OF */ +# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Same as above but for SET OF */ + +# define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +# define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +# define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +/* EXPLICIT using indefinite length constructed form */ +# define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + +/* Macros for the ASN1_ADB structure */ + +# define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ADB name##_adb = {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + } + +# else + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = \ + {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + }; \ + return (const ASN1_ITEM *) &internal_adb; \ + } \ + void dummy_function(void) + +# endif + +# define ADB_ENTRY(val, template) {val, template} + +# define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt + +/* + * This is the ASN1 template structure that defines a wrapper round the + * actual type. It determines the actual position of the field in the value + * structure, various flags such as OPTIONAL and the field name. + */ + +struct ASN1_TEMPLATE_st { + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ +}; + +/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +# define ASN1_TEMPLATE_item(t) (t->item_ptr) +# define ASN1_TEMPLATE_adb(t) (t->item_ptr) + +typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; +typedef struct ASN1_ADB_st ASN1_ADB; + +struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + int (*adb_cb)(long *psel); /* Application callback */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ +}; + +struct ASN1_ADB_TABLE_st { + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ +}; + +/* template flags */ + +/* Field is optional */ +# define ASN1_TFLG_OPTIONAL (0x1) + +/* Field is a SET OF */ +# define ASN1_TFLG_SET_OF (0x1 << 1) + +/* Field is a SEQUENCE OF */ +# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +/* + * Special case: this refers to a SET OF that will be sorted into DER order + * when encoded *and* the corresponding STACK will be modified to match the + * new order. + */ +# define ASN1_TFLG_SET_ORDER (0x3 << 1) + +/* Mask for SET OF or SEQUENCE OF */ +# define ASN1_TFLG_SK_MASK (0x3 << 1) + +/* + * These flags mean the tag should be taken from the tag field. If EXPLICIT + * then the underlying type is used for the inner tag. + */ + +/* IMPLICIT tagging */ +# define ASN1_TFLG_IMPTAG (0x1 << 3) + +/* EXPLICIT tagging, inner tag from underlying type */ +# define ASN1_TFLG_EXPTAG (0x2 << 3) + +# define ASN1_TFLG_TAG_MASK (0x3 << 3) + +/* context specific IMPLICIT */ +# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT) + +/* context specific EXPLICIT */ +# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT) + +/* + * If tagging is in force these determine the type of tag to use. Otherwise + * the tag is determined by the underlying type. These values reflect the + * actual octet format. + */ + +/* Universal tag */ +# define ASN1_TFLG_UNIVERSAL (0x0<<6) +/* Application tag */ +# define ASN1_TFLG_APPLICATION (0x1<<6) +/* Context specific tag */ +# define ASN1_TFLG_CONTEXT (0x2<<6) +/* Private tag */ +# define ASN1_TFLG_PRIVATE (0x3<<6) + +# define ASN1_TFLG_TAG_CLASS (0x3<<6) + +/* + * These are for ANY DEFINED BY type. In this case the 'item' field points to + * an ASN1_ADB structure which contains a table of values to decode the + * relevant type + */ + +# define ASN1_TFLG_ADB_MASK (0x3<<8) + +# define ASN1_TFLG_ADB_OID (0x1<<8) + +# define ASN1_TFLG_ADB_INT (0x1<<9) + +/* + * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes + * indefinite length constructed encoding to be used if required. + */ + +# define ASN1_TFLG_NDEF (0x1<<11) + +/* Field is embedded and not a pointer */ +# define ASN1_TFLG_EMBED (0x1 << 12) + +/* This is the actual ASN1 item itself */ + +struct ASN1_ITEM_st { + char itype; /* The item type, primitive, SEQUENCE, CHOICE + * or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains + * the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually) */ + const char *sname; /* Structure name */ +}; + +/*- + * These are values for the itype field and + * determine how the type is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * + * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * + * For SEQUENCE types the templates field points + * to the members, the size field is the + * structure size. + * + * For CHOICE types the templates field points + * to each possible member (typically a union) + * and the 'size' field is the offset of the + * selector. + * + * The 'funcs' field is used for application + * specific functions. + * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT + * hack. + * + * MSTRING is a multiple string type, it is used + * for a CHOICE of character strings where the + * actual strings all occupy an ASN1_STRING + * structure. In this case the 'utype' field + * has a special meaning, it is used as a mask + * of acceptable types using the B_ASN1 constants. + * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * + */ + +# define ASN1_ITYPE_PRIMITIVE 0x0 + +# define ASN1_ITYPE_SEQUENCE 0x1 + +# define ASN1_ITYPE_CHOICE 0x2 + +# define ASN1_ITYPE_EXTERN 0x4 + +# define ASN1_ITYPE_MSTRING 0x5 + +# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +/* + * Cache for ASN1 tag and length, so we don't keep re-reading it for things + * like CHOICE + */ + +struct ASN1_TLC_st { + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ +}; + +/* Typedefs for ASN1 function pointers */ +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + +typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, + int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, + int len, int utype, char *free_cont, + const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); + +typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; +} ASN1_EXTERN_FUNCS; + +typedef struct ASN1_PRIMITIVE_FUNCS_st { + void *app_data; + unsigned long flags; + ASN1_ex_new_func *prim_new; + ASN1_ex_free_func *prim_free; + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; +} ASN1_PRIMITIVE_FUNCS; + +/* + * This is the ASN1_AUX structure: it handles various miscellaneous + * requirements. For example the use of reference counts and an informational + * callback. The "informational callback" is called at various points during + * the ASN1 encoding and decoding. It can be used to provide minor + * customisation of the structures used. This is most useful where the + * supplied routines *almost* do the right thing but need some extra help at + * a few points. If the callback returns zero then it is assumed a fatal + * error has occurred and the main operation should be abandoned. If major + * changes in the default behaviour are required then an external type is + * more appropriate. + */ + +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); + +typedef struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Lock type to use */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ +} ASN1_AUX; + +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + +/* Flags in ASN1_AUX */ + +/* Use a reference count */ +# define ASN1_AFLG_REFCOUNT 1 +/* Save the encoding of structure (useful for signatures) */ +# define ASN1_AFLG_ENCODING 2 +/* The Sequence length is invalid */ +# define ASN1_AFLG_BROKEN 4 + +/* operation values for asn1_cb */ + +# define ASN1_OP_NEW_PRE 0 +# define ASN1_OP_NEW_POST 1 +# define ASN1_OP_FREE_PRE 2 +# define ASN1_OP_FREE_POST 3 +# define ASN1_OP_D2I_PRE 4 +# define ASN1_OP_D2I_POST 5 +# define ASN1_OP_I2D_PRE 6 +# define ASN1_OP_I2D_POST 7 +# define ASN1_OP_PRINT_PRE 8 +# define ASN1_OP_PRINT_POST 9 +# define ASN1_OP_STREAM_PRE 10 +# define ASN1_OP_STREAM_POST 11 +# define ASN1_OP_DETACHED_PRE 12 +# define ASN1_OP_DETACHED_POST 13 + +/* Macro to implement a primitive type */ +# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement a multi string type */ +# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) + +# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +/* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ + static stname *d2i_##stname(stname **a, \ + const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(stname)); \ + } \ + static int i2d_##stname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, \ + ASN1_ITEM_rptr(stname)); \ + } + +/* + * This includes evil casts to remove const: they will go away when full ASN1 + * constification is done. + */ +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname * stname##_dup(stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + +# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +/* external definitions for primitive types */ + +DECLARE_ASN1_ITEM(ASN1_BOOLEAN) +DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_SEQUENCE) +DECLARE_ASN1_ITEM(CBIGNUM) +DECLARE_ASN1_ITEM(BIGNUM) +DECLARE_ASN1_ITEM(INT32) +DECLARE_ASN1_ITEM(ZINT32) +DECLARE_ASN1_ITEM(UINT32) +DECLARE_ASN1_ITEM(ZUINT32) +DECLARE_ASN1_ITEM(INT64) +DECLARE_ASN1_ITEM(ZINT64) +DECLARE_ASN1_ITEM(UINT64) +DECLARE_ASN1_ITEM(ZUINT64) + +# if OPENSSL_API_COMPAT < 0x10200000L +/* + * LONG and ZLONG are strongly discouraged for use as stored data, as the + * underlying C type (long) differs in size depending on the architecture. + * They are designed with 32-bit longs in mind. + */ +DECLARE_ASN1_ITEM(LONG) +DECLARE_ASN1_ITEM(ZLONG) +# endif + +DEFINE_STACK_OF(ASN1_VALUE) + +/* Functions used internally by the ASN1 code */ + +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/async.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/async.h new file mode 100644 index 00000000..7052b890 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/async.h @@ -0,0 +1,76 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef HEADER_ASYNC_H +# define HEADER_ASYNC_H + +#if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include to use this */ +#define OSSL_ASYNC_FD HANDLE +#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +# endif +#else +#define OSSL_ASYNC_FD int +#define OSSL_BAD_ASYNC_FD -1 +#endif +# include + + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct async_job_st ASYNC_JOB; +typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; + +#define ASYNC_ERR 0 +#define ASYNC_NO_JOBS 1 +#define ASYNC_PAUSE 2 +#define ASYNC_FINISH 3 + +int ASYNC_init_thread(size_t max_size, size_t init_size); +void ASYNC_cleanup_thread(void); + +#ifdef OSSL_ASYNC_FD +ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD fd, + void *custom_data, + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, + OSSL_ASYNC_FD, void *)); +int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD *fd, void **custom_data); +int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, + size_t *numfds); +int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +#endif + +int ASYNC_is_capable(void); + +int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, + int (*func)(void *), void *args, size_t size); +int ASYNC_pause_job(void); + +ASYNC_JOB *ASYNC_get_current_job(void); +ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +void ASYNC_block_pause(void); +void ASYNC_unblock_pause(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/asyncerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/asyncerr.h new file mode 100644 index 00000000..91afbbb2 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/asyncerr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASYNCERR_H +# define HEADER_ASYNCERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASYNC_strings(void); + +/* + * ASYNC function codes. + */ +# define ASYNC_F_ASYNC_CTX_NEW 100 +# define ASYNC_F_ASYNC_INIT_THREAD 101 +# define ASYNC_F_ASYNC_JOB_NEW 102 +# define ASYNC_F_ASYNC_PAUSE_JOB 103 +# define ASYNC_F_ASYNC_START_FUNC 104 +# define ASYNC_F_ASYNC_START_JOB 105 +# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 106 + +/* + * ASYNC reason codes. + */ +# define ASYNC_R_FAILED_TO_SET_POOL 101 +# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +# define ASYNC_R_INIT_FAILED 105 +# define ASYNC_R_INVALID_POOL_SIZE 103 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/bio.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/bio.h new file mode 100644 index 00000000..d67117a1 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/bio.h @@ -0,0 +1,800 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BIO_H +# define HEADER_BIO_H + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* There are the classes of BIOs */ +# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +# define BIO_TYPE_FILTER 0x0200 +# define BIO_TYPE_SOURCE_SINK 0x0400 + +/* These are the 'types' of BIOs */ +# define BIO_TYPE_NONE 0 +# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) + +# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) +# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) +# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) +# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) +# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) +# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) + +# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ +# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) +# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ +# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) +# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) +# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) +# ifndef OPENSSL_NO_SCTP +# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# endif + +#define BIO_TYPE_START 128 + +/* + * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. + * BIO_set_fp(in,stdin,BIO_NOCLOSE); + */ +# define BIO_NOCLOSE 0x00 +# define BIO_CLOSE 0x01 + +/* + * These are used in the following macros and are passed to BIO_ctrl() + */ +# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ +# define BIO_CTRL_EOF 2/* opt - are we at the eof */ +# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ +# define BIO_CTRL_SET 4/* man - set the 'IO' type */ +# define BIO_CTRL_GET 5/* man - get the 'IO' type */ +# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ +# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ +# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ +# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ +# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ +# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ +# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ +# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ +# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ +# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ + +# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */ +# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ + +/* dgram BIO stuff */ +# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ +# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected + * socket to be passed in */ +# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ +# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ + +# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ +/* #endif */ + +# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ +# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ +# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. + * want to use this if asking + * the kernel fails */ + +# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was + * exceed in the previous write + * operation */ + +# define BIO_CTRL_DGRAM_GET_PEER 46 +# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ + +# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout + * to adjust socket timeouts */ +# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 + +# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +# ifndef OPENSSL_NO_SCTP +/* SCTP stuff */ +# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +# endif + +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 + +/* modifiers */ +# define BIO_FP_READ 0x02 +# define BIO_FP_WRITE 0x04 +# define BIO_FP_APPEND 0x08 +# define BIO_FP_TEXT 0x10 + +# define BIO_FLAGS_READ 0x01 +# define BIO_FLAGS_WRITE 0x02 +# define BIO_FLAGS_IO_SPECIAL 0x04 +# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +# define BIO_FLAGS_SHOULD_RETRY 0x08 +# ifndef BIO_FLAGS_UPLINK +/* + * "UPLINK" flag denotes file descriptors provided by application. It + * defaults to 0, as most platforms don't require UPLINK interface. + */ +# define BIO_FLAGS_UPLINK 0 +# endif + +# define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* + * This is used with memory BIOs: + * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; + * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset. + */ +# define BIO_FLAGS_MEM_RDONLY 0x200 +# define BIO_FLAGS_NONCLEAR_RST 0x400 + +typedef union bio_addr_st BIO_ADDR; +typedef struct bio_addrinfo_st BIO_ADDRINFO; + +int BIO_get_new_index(void); +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +# define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + +/* These are normally used internally in BIOs */ +# define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + +/* These should be used by the application to tell why we should retry */ +# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) + +/* + * The next three are used in conjunction with the BIO_should_io_special() + * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int + * *reason); will walk the BIO stack and return the 'reason' for the special + * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return + * the code. + */ +/* + * Returned from the SSL bio when the certificate retrieval code had an error + */ +# define BIO_RR_SSL_X509_LOOKUP 0x01 +/* Returned from the connect BIO when a connect would have blocked */ +# define BIO_RR_CONNECT 0x02 +/* Returned from the accept BIO when an accept would have blocked */ +# define BIO_RR_ACCEPT 0x03 + +/* These are passed by the BIO callback */ +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 + +/* + * The callback is called before and after the underling operation, The + * BIO_CB_RETURN flag indicates if it is after the call + */ +# define BIO_CB_RETURN 0x80 +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) +# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, + long argl, long ret); +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, + long argl, int ret, size_t *processed); +BIO_callback_fn BIO_get_callback(const BIO *b); +void BIO_set_callback(BIO *b, BIO_callback_fn callback); + +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); + +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); + +typedef struct bio_method_st BIO_METHOD; + +const char *BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); + +typedef int BIO_info_cb(BIO *, int, int); +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ + +DEFINE_STACK_OF(BIO) + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, + void *parg); + +# ifndef OPENSSL_NO_SCTP +/* SCTP parameter structs */ +struct bio_dgram_sctp_sndinfo { + uint16_t snd_sid; + uint16_t snd_flags; + uint32_t snd_ppid; + uint32_t snd_context; +}; + +struct bio_dgram_sctp_rcvinfo { + uint16_t rcv_sid; + uint16_t rcv_ssn; + uint16_t rcv_flags; + uint32_t rcv_ppid; + uint32_t rcv_tsn; + uint32_t rcv_cumtsn; + uint32_t rcv_context; +}; + +struct bio_dgram_sctp_prinfo { + uint16_t pr_policy; + uint32_t pr_value; +}; +# endif + +/* + * #define BIO_CONN_get_param_hostname BIO_ctrl + */ + +# define BIO_C_SET_CONNECT 100 +# define BIO_C_DO_STATE_MACHINE 101 +# define BIO_C_SET_NBIO 102 +/* # define BIO_C_SET_PROXY_PARAM 103 */ +# define BIO_C_SET_FD 104 +# define BIO_C_GET_FD 105 +# define BIO_C_SET_FILE_PTR 106 +# define BIO_C_GET_FILE_PTR 107 +# define BIO_C_SET_FILENAME 108 +# define BIO_C_SET_SSL 109 +# define BIO_C_GET_SSL 110 +# define BIO_C_SET_MD 111 +# define BIO_C_GET_MD 112 +# define BIO_C_GET_CIPHER_STATUS 113 +# define BIO_C_SET_BUF_MEM 114 +# define BIO_C_GET_BUF_MEM_PTR 115 +# define BIO_C_GET_BUFF_NUM_LINES 116 +# define BIO_C_SET_BUFF_SIZE 117 +# define BIO_C_SET_ACCEPT 118 +# define BIO_C_SSL_MODE 119 +# define BIO_C_GET_MD_CTX 120 +/* # define BIO_C_GET_PROXY_PARAM 121 */ +# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ +# define BIO_C_GET_CONNECT 123 +# define BIO_C_GET_ACCEPT 124 +# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +# define BIO_C_FILE_SEEK 128 +# define BIO_C_GET_CIPHER_CTX 129 +# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input + * value */ +# define BIO_C_SET_BIND_MODE 131 +# define BIO_C_GET_BIND_MODE 132 +# define BIO_C_FILE_TELL 133 +# define BIO_C_GET_SOCKS 134 +# define BIO_C_SET_SOCKS 135 + +# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +# define BIO_C_GET_WRITE_BUF_SIZE 137 +# define BIO_C_MAKE_BIO_PAIR 138 +# define BIO_C_DESTROY_BIO_PAIR 139 +# define BIO_C_GET_WRITE_GUARANTEE 140 +# define BIO_C_GET_READ_REQUEST 141 +# define BIO_C_SHUTDOWN_WR 142 +# define BIO_C_NREAD0 143 +# define BIO_C_NREAD 144 +# define BIO_C_NWRITE0 145 +# define BIO_C_NWRITE 146 +# define BIO_C_RESET_READ_REQUEST 147 +# define BIO_C_SET_MD_CTX 148 + +# define BIO_C_SET_PREFIX 149 +# define BIO_C_GET_PREFIX 150 +# define BIO_C_SET_SUFFIX 151 +# define BIO_C_GET_SUFFIX 152 + +# define BIO_C_SET_EX_ARG 153 +# define BIO_C_GET_EX_ARG 154 + +# define BIO_C_SET_CONNECT_MODE 155 + +# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +# define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + +# ifndef OPENSSL_NO_SOCK +/* IP families we support, for BIO_s_connect() and BIO_s_accept() */ +/* Note: the underlying operating system may not support some of them */ +# define BIO_FAMILY_IPV4 4 +# define BIO_FAMILY_IPV6 6 +# define BIO_FAMILY_IPANY 256 + +/* BIO_s_connect() */ +# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \ + (char *)(name)) +# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \ + (char *)(port)) +# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \ + (char *)(addr)) +# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) +# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) +# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) +# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) +# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) + +/* BIO_s_accept() */ +# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ + (char *)(name)) +# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \ + (char *)(port)) +# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) +# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) +# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) +# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) +/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) +# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \ + (char *)(bio)) +# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) +# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) + +/* Aliases kept for backward compatibility */ +# define BIO_BIND_NORMAL 0 +# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR +# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + +/* BIO_s_accept() and BIO_s_connect() */ +# define BIO_do_connect(b) BIO_do_handshake(b) +# define BIO_do_accept(b) BIO_do_handshake(b) +# endif /* OPENSSL_NO_SOCK */ + +# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ +# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c)) + +/* BIO_s_file() */ +# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp)) +# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp)) + +/* BIO_s_fd() and BIO_s_file() */ +# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +/* + * name is cast to lose const, but might be better to route through a + * function so we can do it safely + */ +# ifdef CONST_STRICT +/* + * If you are wondering why this isn't defined, its because CONST_STRICT is + * purely a compile-time kludge to allow const to be checked. + */ +int BIO_read_filename(BIO *b, const char *name); +# else +# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)(name)) +# endif +# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + +/* + * WARNING WARNING, this ups the reference count on the read bio of the SSL + * structure. This is because the ssl read BIO is now pointed to by the + * next_bio field in the bio. So when you free the BIO, make sure you are + * doing a BIO_free_all() to catch the underlying BIO. + */ +# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl)) +# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp)) +# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +# define BIO_set_ssl_renegotiate_bytes(b,num) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) +# define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) +# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) + +/* defined in evp.h */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */ + +# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp)) +# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm)) +# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \ + (char *)(pp)) +# define BIO_set_mem_eof_return(b,v) \ + BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + +/* For the BIO_f_buffer() type */ +# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + +/* Don't use the next one unless you know what you are doing :-) */ +# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) + +# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +/* ...pending macros have inappropriate return type */ +size_t BIO_ctrl_pending(BIO *b); +size_t BIO_ctrl_wpending(BIO *b); +# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ + cbp) +# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + +/* For the BIO_f_buffer() type */ +# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) +# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s)) + +/* For BIO_s_bio() */ +# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +/* macros with inappropriate type -- but ...pending macros use int too: */ +# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +size_t BIO_ctrl_get_write_guarantee(BIO *b); +size_t BIO_ctrl_get_read_request(BIO *b); +int BIO_ctrl_reset_read_request(BIO *b); + +/* ctrl macros for dgram */ +# define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer)) +# define BIO_ctrl_set_connected(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) +# define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +# define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +# define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) +# define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) + +#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) +int BIO_set_ex_data(BIO *bio, int idx, void *data); +void *BIO_get_ex_data(BIO *bio, int idx); +uint64_t BIO_number_read(BIO *bio); +uint64_t BIO_number_written(BIO *bio); + +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + +const BIO_METHOD *BIO_s_file(void); +BIO *BIO_new_file(const char *filename, const char *mode); +# ifndef OPENSSL_NO_STDIO +BIO *BIO_new_fp(FILE *stream, int close_flag); +# endif +BIO *BIO_new(const BIO_METHOD *type); +int BIO_free(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +void *BIO_get_data(BIO *a); +void BIO_set_init(BIO *a, int init); +int BIO_get_init(BIO *a); +void BIO_set_shutdown(BIO *a, int shut); +int BIO_get_shutdown(BIO *a); +void BIO_vfree(BIO *a); +int BIO_up_ref(BIO *a); +int BIO_read(BIO *b, void *data, int dlen); +int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +int BIO_gets(BIO *bp, char *buf, int size); +int BIO_write(BIO *b, const void *data, int dlen); +int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +int BIO_puts(BIO *bp, const char *buf); +int BIO_indent(BIO *b, int indent, int max); +long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); +void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +BIO *BIO_push(BIO *b, BIO *append); +BIO *BIO_pop(BIO *b); +void BIO_free_all(BIO *a); +BIO *BIO_find_type(BIO *b, int bio_type); +BIO *BIO_next(BIO *b); +void BIO_set_next(BIO *b, BIO *next); +BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +int BIO_get_retry_reason(BIO *bio); +void BIO_set_retry_reason(BIO *bio, int reason); +BIO *BIO_dup_chain(BIO *in); + +int BIO_nread0(BIO *bio, char **buf); +int BIO_nread(BIO *bio, char **buf, int num); +int BIO_nwrite0(BIO *bio, char **buf); +int BIO_nwrite(BIO *bio, char **buf, int num); + +long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); + +const BIO_METHOD *BIO_s_mem(void); +const BIO_METHOD *BIO_s_secmem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); +# ifndef OPENSSL_NO_SOCK +const BIO_METHOD *BIO_s_socket(void); +const BIO_METHOD *BIO_s_connect(void); +const BIO_METHOD *BIO_s_accept(void); +# endif +const BIO_METHOD *BIO_s_fd(void); +const BIO_METHOD *BIO_s_log(void); +const BIO_METHOD *BIO_s_bio(void); +const BIO_METHOD *BIO_s_null(void); +const BIO_METHOD *BIO_f_null(void); +const BIO_METHOD *BIO_f_buffer(void); +const BIO_METHOD *BIO_f_linebuffer(void); +const BIO_METHOD *BIO_f_nbio_test(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_datagram(void); +int BIO_dgram_non_fatal_error(int error); +BIO *BIO_new_dgram(int fd, int close_flag); +# ifndef OPENSSL_NO_SCTP +const BIO_METHOD *BIO_s_datagram_sctp(void); +BIO *BIO_new_dgram_sctp(int fd, int close_flag); +int BIO_dgram_is_sctp(BIO *bio); +int BIO_dgram_sctp_notification_cb(BIO *b, + void (*handle_notifications) (BIO *bio, + void *context, + void *buf), + void *context); +int BIO_dgram_sctp_wait_for_dry(BIO *b); +int BIO_dgram_sctp_msg_waiting(BIO *b); +# endif +# endif + +# ifndef OPENSSL_NO_SOCK +int BIO_sock_should_retry(int i); +int BIO_sock_non_fatal_error(int error); +# endif + +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int error); +int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len); +int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len, int indent); +int BIO_dump(BIO *b, const char *bytes, int len); +int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); +# ifndef OPENSSL_NO_STDIO +int BIO_dump_fp(FILE *fp, const char *s, int len); +int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); +# endif +int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, + int datalen); + +# ifndef OPENSSL_NO_SOCK +BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, + const void *where, size_t wherelen, unsigned short port); +void BIO_ADDR_free(BIO_ADDR *); +void BIO_ADDR_clear(BIO_ADDR *ap); +int BIO_ADDR_family(const BIO_ADDR *ap); +int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_path_string(const BIO_ADDR *ap); + +const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); + +enum BIO_hostserv_priorities { + BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +}; +int BIO_parse_hostserv(const char *hostserv, char **host, char **service, + enum BIO_hostserv_priorities hostserv_prio); +enum BIO_lookup_type { + BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +}; +int BIO_lookup(const char *host, const char *service, + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res); +int BIO_lookup_ex(const char *host, const char *service, + int lookup_type, int family, int socktype, int protocol, + BIO_ADDRINFO **res); +int BIO_sock_error(int sock); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd, int mode); +int BIO_sock_init(void); +# if OPENSSL_API_COMPAT < 0x10100000L +# define BIO_sock_cleanup() while(0) continue +# endif +int BIO_set_tcp_ndelay(int sock, int turn_on); + +DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) +DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) +DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip)) +DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode)) +DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port)) + +union BIO_sock_info_u { + BIO_ADDR *addr; +}; +enum BIO_sock_info_type { + BIO_SOCK_INFO_ADDRESS +}; +int BIO_sock_info(int sock, + enum BIO_sock_info_type type, union BIO_sock_info_u *info); + +# define BIO_SOCK_REUSEADDR 0x01 +# define BIO_SOCK_V6_ONLY 0x02 +# define BIO_SOCK_KEEPALIVE 0x04 +# define BIO_SOCK_NONBLOCK 0x08 +# define BIO_SOCK_NODELAY 0x10 + +int BIO_socket(int domain, int socktype, int protocol, int options); +int BIO_connect(int sock, const BIO_ADDR *addr, int options); +int BIO_bind(int sock, const BIO_ADDR *addr, int options); +int BIO_listen(int sock, const BIO_ADDR *addr, int options); +int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); +int BIO_closesocket(int sock); + +BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); +# endif /* OPENSSL_NO_SOCK*/ + +BIO *BIO_new_fd(int fd, int close_flag); + +int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +/* + * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. + * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default + * value. + */ + +void BIO_copy_next_retry(BIO *b); + +/* + * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); + */ + +# define ossl_bio__attr__(x) +# if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__APPLE__) + /* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +# if __STDC_VERSION__ >= 199901L +# undef ossl_bio__attr__ +# define ossl_bio__attr__ __attribute__ +# if __GNUC__*10 + __GNUC_MINOR__ >= 44 +# define ossl_bio__printf__ __gnu_printf__ +# else +# define ossl_bio__printf__ __printf__ +# endif +# endif +# endif +int BIO_printf(BIO *bio, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); +# undef ossl_bio__attr__ +# undef ossl_bio__printf__ + + +BIO_METHOD *BIO_meth_new(int type, const char *name); +void BIO_meth_free(BIO_METHOD *biom); +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, + size_t *); +int BIO_meth_set_write(BIO_METHOD *biom, + int (*write) (BIO *, const char *, int)); +int BIO_meth_set_write_ex(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); +int BIO_meth_set_read(BIO_METHOD *biom, + int (*read) (BIO *, char *, int)); +int BIO_meth_set_read_ex(BIO_METHOD *biom, + int (*bread) (BIO *, char *, size_t, size_t *)); +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); +int BIO_meth_set_puts(BIO_METHOD *biom, + int (*puts) (BIO *, const char *)); +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); +int BIO_meth_set_gets(BIO_METHOD *biom, + int (*gets) (BIO *, char *, int)); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); +int BIO_meth_set_ctrl(BIO_METHOD *biom, + long (*ctrl) (BIO *, int, long, void *)); +int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) + (BIO *, int, BIO_info_cb *); +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, + long (*callback_ctrl) (BIO *, int, + BIO_info_cb *)); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/bioerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/bioerr.h new file mode 100644 index 00000000..46e2c96e --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/bioerr.h @@ -0,0 +1,124 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BIOERR_H +# define HEADER_BIOERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BIO_strings(void); + +/* + * BIO function codes. + */ +# define BIO_F_ACPT_STATE 100 +# define BIO_F_ADDRINFO_WRAP 148 +# define BIO_F_ADDR_STRINGS 134 +# define BIO_F_BIO_ACCEPT 101 +# define BIO_F_BIO_ACCEPT_EX 137 +# define BIO_F_BIO_ACCEPT_NEW 152 +# define BIO_F_BIO_ADDR_NEW 144 +# define BIO_F_BIO_BIND 147 +# define BIO_F_BIO_CALLBACK_CTRL 131 +# define BIO_F_BIO_CONNECT 138 +# define BIO_F_BIO_CONNECT_NEW 153 +# define BIO_F_BIO_CTRL 103 +# define BIO_F_BIO_GETS 104 +# define BIO_F_BIO_GET_HOST_IP 106 +# define BIO_F_BIO_GET_NEW_INDEX 102 +# define BIO_F_BIO_GET_PORT 107 +# define BIO_F_BIO_LISTEN 139 +# define BIO_F_BIO_LOOKUP 135 +# define BIO_F_BIO_LOOKUP_EX 143 +# define BIO_F_BIO_MAKE_PAIR 121 +# define BIO_F_BIO_METH_NEW 146 +# define BIO_F_BIO_NEW 108 +# define BIO_F_BIO_NEW_DGRAM_SCTP 145 +# define BIO_F_BIO_NEW_FILE 109 +# define BIO_F_BIO_NEW_MEM_BUF 126 +# define BIO_F_BIO_NREAD 123 +# define BIO_F_BIO_NREAD0 124 +# define BIO_F_BIO_NWRITE 125 +# define BIO_F_BIO_NWRITE0 122 +# define BIO_F_BIO_PARSE_HOSTSERV 136 +# define BIO_F_BIO_PUTS 110 +# define BIO_F_BIO_READ 111 +# define BIO_F_BIO_READ_EX 105 +# define BIO_F_BIO_READ_INTERN 120 +# define BIO_F_BIO_SOCKET 140 +# define BIO_F_BIO_SOCKET_NBIO 142 +# define BIO_F_BIO_SOCK_INFO 141 +# define BIO_F_BIO_SOCK_INIT 112 +# define BIO_F_BIO_WRITE 113 +# define BIO_F_BIO_WRITE_EX 119 +# define BIO_F_BIO_WRITE_INTERN 128 +# define BIO_F_BUFFER_CTRL 114 +# define BIO_F_CONN_CTRL 127 +# define BIO_F_CONN_STATE 115 +# define BIO_F_DGRAM_SCTP_NEW 149 +# define BIO_F_DGRAM_SCTP_READ 132 +# define BIO_F_DGRAM_SCTP_WRITE 133 +# define BIO_F_DOAPR_OUTCH 150 +# define BIO_F_FILE_CTRL 116 +# define BIO_F_FILE_READ 130 +# define BIO_F_LINEBUFFER_CTRL 129 +# define BIO_F_LINEBUFFER_NEW 151 +# define BIO_F_MEM_WRITE 117 +# define BIO_F_NBIOF_NEW 154 +# define BIO_F_SLG_WRITE 155 +# define BIO_F_SSL_NEW 118 + +/* + * BIO reason codes. + */ +# define BIO_R_ACCEPT_ERROR 100 +# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 +# define BIO_R_BAD_FOPEN_MODE 101 +# define BIO_R_BROKEN_PIPE 124 +# define BIO_R_CONNECT_ERROR 103 +# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +# define BIO_R_GETSOCKNAME_ERROR 132 +# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +# define BIO_R_GETTING_SOCKTYPE 134 +# define BIO_R_INVALID_ARGUMENT 125 +# define BIO_R_INVALID_SOCKET 135 +# define BIO_R_IN_USE 123 +# define BIO_R_LENGTH_TOO_LONG 102 +# define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOOKUP_RETURNED_NOTHING 142 +# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 +# define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 +# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 +# define BIO_R_NO_PORT_DEFINED 113 +# define BIO_R_NO_SUCH_FILE 128 +# define BIO_R_NULL_PARAMETER 115 +# define BIO_R_UNABLE_TO_BIND_SOCKET 117 +# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +# define BIO_R_UNABLE_TO_KEEPALIVE 137 +# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +# define BIO_R_UNABLE_TO_NODELAY 138 +# define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNAVAILABLE_IP_FAMILY 145 +# define BIO_R_UNINITIALIZED 120 +# define BIO_R_UNKNOWN_INFO_TYPE 140 +# define BIO_R_UNSUPPORTED_IP_FAMILY 146 +# define BIO_R_UNSUPPORTED_METHOD 121 +# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 +# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +# define BIO_R_WSASTARTUP 122 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/blowfish.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/blowfish.h new file mode 100644 index 00000000..cd3e460e --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/blowfish.h @@ -0,0 +1,61 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BLOWFISH_H +# define HEADER_BLOWFISH_H + +# include + +# ifndef OPENSSL_NO_BF +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define BF_ENCRYPT 1 +# define BF_DECRYPT 0 + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define BF_LONG unsigned int + +# define BF_ROUNDS 16 +# define BF_BLOCK 8 + +typedef struct bf_key_st { + BF_LONG P[BF_ROUNDS + 2]; + BF_LONG S[4 * 256]; +} BF_KEY; + +void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + +void BF_encrypt(BF_LONG *data, const BF_KEY *key); +void BF_decrypt(BF_LONG *data, const BF_KEY *key); + +void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, + const BF_KEY *key, int enc); +void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int enc); +void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num); +const char *BF_options(void); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/bn.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/bn.h new file mode 100644 index 00000000..8af05d00 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/bn.h @@ -0,0 +1,539 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BN_H +# define HEADER_BN_H + +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULONG unsigned long +# define BN_BYTES 8 +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# define BN_ULONG unsigned long long +# define BN_BYTES 8 +# endif + +# ifdef THIRTY_TWO_BIT +# define BN_ULONG unsigned int +# define BN_BYTES 4 +# endif + +# define BN_BITS2 (BN_BYTES * 8) +# define BN_BITS (BN_BITS2 * 2) +# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) + +# define BN_FLG_MALLOCED 0x01 +# define BN_FLG_STATIC_DATA 0x02 + +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ +# define BN_FLG_CONSTTIME 0x04 +# define BN_FLG_SECURE 0x08 + +# if OPENSSL_API_COMPAT < 0x00908000L +/* deprecated name for the flag */ +# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +# define BN_FLG_FREE 0x8000 /* used for debugging */ +# endif + +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); + +/* Values for |top| in BN_rand() */ +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 + +/* Values for |bottom| in BN_rand() */ +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 + +/* + * get a clone of a BIGNUM with changed flags, for *temporary* use only (the + * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The + * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that + * has not been otherwise initialised or used. + */ +void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); + +/* Wrapper function to make using BN_GENCB easier */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); + +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); + +# define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ + +/* + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit + */ + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) + +# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); + +# define BN_one(a) (BN_set_word((a),1)) + +void BN_zero_ex(BIGNUM *a); + +# if OPENSSL_API_COMPAT >= 0x00908000L +# define BN_zero(a) BN_zero_ex(a) +# else +# define BN_zero(a) (BN_set_word((a),0)) +# endif + +const BIGNUM *BN_value_one(void); +char *BN_options(void); +BN_CTX *BN_CTX_new(void); +BN_CTX *BN_CTX_secure_new(void); +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG l); +int BN_security_bits(int L, int N); +BIGNUM *BN_new(void); +BIGNUM *BN_secure_new(void); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param b pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +int BN_is_negative(const BIGNUM *b); + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a, int n); +# ifndef OPENSSL_NO_STDIO +int BN_print_fp(FILE *fp, const BIGNUM *a); +# endif +int BN_print(BIO *bio, const BIGNUM *a); +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char *BN_bn2hex(const BIGNUM *a); +char *BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns + * -2 for + * error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, + const BIGNUM *rem, + void (*callback) (int, int, + void *), + void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg, + int do_trial_division)) + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, + BN_CTX *ctx, BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +# define BN_BLINDING_NO_UPDATE 0x00000001 +# define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); + +int BN_BLINDING_is_current_thread(BN_BLINDING *b); +void BN_BLINDING_set_current_thread(BN_BLINDING *b); +int BN_BLINDING_lock(BN_BLINDING *b); +int BN_BLINDING_unlock(BN_BLINDING *b); + +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) +DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 + * mont */ + +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M + +/* + * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. Note that input arguments are not const so that their bit arrays + * can be expanded to the appropriate size if needed. + */ + +/* + * r = a + b + */ +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +/* + * r=a mod p + */ +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/*- + * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +/* r = a mod p */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +# endif + +/* + * faster mod functions for the 'NIST primes' 0 <= a < p^2 + */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx); + +int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx); + +/* Primes from RFC 2409 */ +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 +# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 +# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 +# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 +# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 +# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 +# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 +# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 +# endif + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/bnerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/bnerr.h new file mode 100644 index 00000000..9f3c7cfa --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/bnerr.h @@ -0,0 +1,100 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BNERR_H +# define HEADER_BNERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BN_strings(void); + +/* + * BN function codes. + */ +# define BN_F_BNRAND 127 +# define BN_F_BNRAND_RANGE 138 +# define BN_F_BN_BLINDING_CONVERT_EX 100 +# define BN_F_BN_BLINDING_CREATE_PARAM 128 +# define BN_F_BN_BLINDING_INVERT_EX 101 +# define BN_F_BN_BLINDING_NEW 102 +# define BN_F_BN_BLINDING_UPDATE 103 +# define BN_F_BN_BN2DEC 104 +# define BN_F_BN_BN2HEX 105 +# define BN_F_BN_COMPUTE_WNAF 142 +# define BN_F_BN_CTX_GET 116 +# define BN_F_BN_CTX_NEW 106 +# define BN_F_BN_CTX_START 129 +# define BN_F_BN_DIV 107 +# define BN_F_BN_DIV_RECP 130 +# define BN_F_BN_EXP 123 +# define BN_F_BN_EXPAND_INTERNAL 120 +# define BN_F_BN_GENCB_NEW 143 +# define BN_F_BN_GENERATE_DSA_NONCE 140 +# define BN_F_BN_GENERATE_PRIME_EX 141 +# define BN_F_BN_GF2M_MOD 131 +# define BN_F_BN_GF2M_MOD_EXP 132 +# define BN_F_BN_GF2M_MOD_MUL 133 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +# define BN_F_BN_GF2M_MOD_SQR 136 +# define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 +# define BN_F_BN_MOD_EXP2_MONT 118 +# define BN_F_BN_MOD_EXP_MONT 109 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +# define BN_F_BN_MOD_EXP_MONT_WORD 117 +# define BN_F_BN_MOD_EXP_RECP 125 +# define BN_F_BN_MOD_EXP_SIMPLE 126 +# define BN_F_BN_MOD_INVERSE 110 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +# define BN_F_BN_MOD_LSHIFT_QUICK 119 +# define BN_F_BN_MOD_SQRT 121 +# define BN_F_BN_MONT_CTX_NEW 149 +# define BN_F_BN_MPI2BN 112 +# define BN_F_BN_NEW 113 +# define BN_F_BN_POOL_GET 147 +# define BN_F_BN_RAND 114 +# define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RECP_CTX_NEW 150 +# define BN_F_BN_RSHIFT 146 +# define BN_F_BN_SET_WORDS 144 +# define BN_F_BN_STACK_PUSH 148 +# define BN_F_BN_USUB 115 + +/* + * BN reason codes. + */ +# define BN_R_ARG2_LT_ARG3 100 +# define BN_R_BAD_RECIPROCAL 101 +# define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 +# define BN_R_CALLED_WITH_EVEN_MODULUS 102 +# define BN_R_DIV_BY_ZERO 103 +# define BN_R_ENCODING_ERROR 104 +# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +# define BN_R_INPUT_NOT_REDUCED 110 +# define BN_R_INVALID_LENGTH 106 +# define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 +# define BN_R_NOT_A_SQUARE 111 +# define BN_R_NOT_INITIALIZED 107 +# define BN_R_NO_INVERSE 108 +# define BN_R_NO_SOLUTION 116 +# define BN_R_PRIVATE_KEY_TOO_LARGE 117 +# define BN_R_P_IS_NOT_PRIME 112 +# define BN_R_TOO_MANY_ITERATIONS 113 +# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/buffer.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/buffer.h new file mode 100644 index 00000000..d2765766 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/buffer.h @@ -0,0 +1,58 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BUFFER_H +# define HEADER_BUFFER_H + +# include +# ifndef HEADER_CRYPTO_H +# include +# endif +# include + + +#ifdef __cplusplus +extern "C" { +#endif + +# include +# include + +/* + * These names are outdated as of OpenSSL 1.1; a future release + * will move them to be deprecated. + */ +# define BUF_strdup(s) OPENSSL_strdup(s) +# define BUF_strndup(s, size) OPENSSL_strndup(s, size) +# define BUF_memdup(data, size) OPENSSL_memdup(data, size) +# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) +# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) +# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) + +struct buf_mem_st { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ + unsigned long flags; +}; + +# define BUF_MEM_FLAG_SECURE 0x01 + +BUF_MEM *BUF_MEM_new(void); +BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +void BUF_MEM_free(BUF_MEM *a); +size_t BUF_MEM_grow(BUF_MEM *str, size_t len); +size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/buffererr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/buffererr.h new file mode 100644 index 00000000..04f6ff7a --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/buffererr.h @@ -0,0 +1,34 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BUFERR_H +# define HEADER_BUFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BUF_strings(void); + +/* + * BUF function codes. + */ +# define BUF_F_BUF_MEM_GROW 100 +# define BUF_F_BUF_MEM_GROW_CLEAN 105 +# define BUF_F_BUF_MEM_NEW 101 + +/* + * BUF reason codes. + */ + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/camellia.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/camellia.h new file mode 100644 index 00000000..151f3c13 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/camellia.h @@ -0,0 +1,83 @@ +/* + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CAMELLIA_H +# define HEADER_CAMELLIA_H + +# include + +# ifndef OPENSSL_NO_CAMELLIA +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define CAMELLIA_ENCRYPT 1 +# define CAMELLIA_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ + +/* This should be a hidden type, but EVP requires that the size be known */ + +# define CAMELLIA_BLOCK_SIZE 16 +# define CAMELLIA_TABLE_BYTE_LEN 272 +# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match + * with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc); +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc); +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num); +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/cast.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/cast.h new file mode 100644 index 00000000..2cc89ae0 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/cast.h @@ -0,0 +1,53 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CAST_H +# define HEADER_CAST_H + +# include + +# ifndef OPENSSL_NO_CAST +# ifdef __cplusplus +extern "C" { +# endif + +# define CAST_ENCRYPT 1 +# define CAST_DECRYPT 0 + +# define CAST_LONG unsigned int + +# define CAST_BLOCK 8 +# define CAST_KEY_LENGTH 16 + +typedef struct cast_key_st { + CAST_LONG data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAST_KEY *key, int enc); +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *ks, unsigned char *iv, + int enc); +void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/cmac.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/cmac.h new file mode 100644 index 00000000..3535a9ab --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/cmac.h @@ -0,0 +1,41 @@ +/* + * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMAC_H +# define HEADER_CMAC_H + +# ifndef OPENSSL_NO_CMAC + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; + +CMAC_CTX *CMAC_CTX_new(void); +void CMAC_CTX_cleanup(CMAC_CTX *ctx); +void CMAC_CTX_free(CMAC_CTX *ctx); +EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); +int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); + +int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); +int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); +int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); +int CMAC_resume(CMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif + +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/cms.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/cms.h new file mode 100644 index 00000000..72d45d8c --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/cms.h @@ -0,0 +1,339 @@ +/* + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMS_H +# define HEADER_CMS_H + +# include + +# ifndef OPENSSL_NO_CMS +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +DEFINE_STACK_OF(CMS_SignerInfo) +DEFINE_STACK_OF(CMS_RecipientEncryptedKey) +DEFINE_STACK_OF(CMS_RecipientInfo) +DEFINE_STACK_OF(CMS_RevocationInfoChoice) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + +# define CMS_SIGNERINFO_ISSUER_SERIAL 0 +# define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +# define CMS_RECIPINFO_NONE -1 +# define CMS_RECIPINFO_TRANS 0 +# define CMS_RECIPINFO_AGREE 1 +# define CMS_RECIPINFO_KEK 2 +# define CMS_RECIPINFO_PASS 3 +# define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +# define CMS_TEXT 0x1 +# define CMS_NOCERTS 0x2 +# define CMS_NO_CONTENT_VERIFY 0x4 +# define CMS_NO_ATTR_VERIFY 0x8 +# define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +# define CMS_NOINTERN 0x10 +# define CMS_NO_SIGNER_CERT_VERIFY 0x20 +# define CMS_NOVERIFY 0x20 +# define CMS_DETACHED 0x40 +# define CMS_BINARY 0x80 +# define CMS_NOATTR 0x100 +# define CMS_NOSMIMECAP 0x200 +# define CMS_NOOLDMIMETYPE 0x400 +# define CMS_CRLFEOL 0x800 +# define CMS_STREAM 0x1000 +# define CMS_NOCRL 0x2000 +# define CMS_PARTIAL 0x4000 +# define CMS_REUSE_DIGEST 0x8000 +# define CMS_USE_KEYID 0x10000 +# define CMS_DEBUG_DECRYPT 0x20000 +# define CMS_KEY_PARAM 0x40000 +# define CMS_ASCIICRLF 0x80000 + +const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +# ifdef HEADER_PEM_H +DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) +# endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, + unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, + size_t keylen, unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + const unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, + unsigned char *pass, + ossl_ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); +EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); +ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) + *receiptList, STACK_OF(GENERAL_NAMES) + *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); +int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); +STACK_OF(CMS_RecipientEncryptedKey) +*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); + +int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); + +int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, + X509 *cert); +int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); +EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); +int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + +/* Backward compatibility for spelling errors. */ +# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ + CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/cmserr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/cmserr.h new file mode 100644 index 00000000..7dbc13dc --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/cmserr.h @@ -0,0 +1,202 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMSERR_H +# define HEADER_CMSERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_CMS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CMS_strings(void); + +/* + * CMS function codes. + */ +# define CMS_F_CHECK_CONTENT 99 +# define CMS_F_CMS_ADD0_CERT 164 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +# define CMS_F_CMS_ADD1_SIGNER 102 +# define CMS_F_CMS_ADD1_SIGNINGTIME 103 +# define CMS_F_CMS_COMPRESS 104 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +# define CMS_F_CMS_COPY_CONTENT 107 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +# define CMS_F_CMS_DATA 109 +# define CMS_F_CMS_DATAFINAL 110 +# define CMS_F_CMS_DATAINIT 111 +# define CMS_F_CMS_DECRYPT 112 +# define CMS_F_CMS_DECRYPT_SET1_KEY 113 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +# define CMS_F_CMS_DIGEST_VERIFY 118 +# define CMS_F_CMS_ENCODE_RECEIPT 161 +# define CMS_F_CMS_ENCRYPT 119 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +# define CMS_F_CMS_ENV_ASN1_CTRL 171 +# define CMS_F_CMS_FINAL 127 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +# define CMS_F_CMS_GET0_CONTENT 129 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +# define CMS_F_CMS_GET0_ENVELOPED 131 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +# define CMS_F_CMS_GET0_SIGNED 133 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +# define CMS_F_CMS_RECEIPT_VERIFY 160 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +# define CMS_F_CMS_SD_ASN1_CTRL 170 +# define CMS_F_CMS_SET1_IAS 176 +# define CMS_F_CMS_SET1_KEYID 177 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +# define CMS_F_CMS_SET_DETACHED 147 +# define CMS_F_CMS_SIGN 148 +# define CMS_F_CMS_SIGNED_DATA_INIT 149 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +# define CMS_F_CMS_SIGNERINFO_SIGN 151 +# define CMS_F_CMS_SIGNERINFO_VERIFY 152 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +# define CMS_F_CMS_SIGN_RECEIPT 163 +# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 183 +# define CMS_F_CMS_STREAM 155 +# define CMS_F_CMS_UNCOMPRESS 156 +# define CMS_F_CMS_VERIFY 157 +# define CMS_F_KEK_UNWRAP_KEY 180 + +/* + * CMS reason codes. + */ +# define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_ATTRIBUTE_ERROR 161 +# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_INITIALISATION_ERROR 101 +# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +# define CMS_R_CMS_DATAFINAL_ERROR 103 +# define CMS_R_CMS_LIB 104 +# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +# define CMS_R_CONTENT_NOT_FOUND 105 +# define CMS_R_CONTENT_TYPE_MISMATCH 171 +# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +# define CMS_R_CONTENT_VERIFY_ERROR 109 +# define CMS_R_CTRL_ERROR 110 +# define CMS_R_CTRL_FAILURE 111 +# define CMS_R_DECRYPT_ERROR 112 +# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +# define CMS_R_ERROR_SETTING_KEY 115 +# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +# define CMS_R_INVALID_KEY_LENGTH 118 +# define CMS_R_MD_BIO_INIT_ERROR 119 +# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +# define CMS_R_MSGSIGDIGEST_ERROR 172 +# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +# define CMS_R_NEED_ONE_SIGNER 164 +# define CMS_R_NOT_A_SIGNED_RECEIPT 165 +# define CMS_R_NOT_ENCRYPTED_DATA 122 +# define CMS_R_NOT_KEK 123 +# define CMS_R_NOT_KEY_AGREEMENT 181 +# define CMS_R_NOT_KEY_TRANSPORT 124 +# define CMS_R_NOT_PWRI 177 +# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +# define CMS_R_NO_CIPHER 126 +# define CMS_R_NO_CONTENT 127 +# define CMS_R_NO_CONTENT_TYPE 173 +# define CMS_R_NO_DEFAULT_DIGEST 128 +# define CMS_R_NO_DIGEST_SET 129 +# define CMS_R_NO_KEY 130 +# define CMS_R_NO_KEY_OR_CERT 174 +# define CMS_R_NO_MATCHING_DIGEST 131 +# define CMS_R_NO_MATCHING_RECIPIENT 132 +# define CMS_R_NO_MATCHING_SIGNATURE 166 +# define CMS_R_NO_MSGSIGDIGEST 167 +# define CMS_R_NO_PASSWORD 178 +# define CMS_R_NO_PRIVATE_KEY 133 +# define CMS_R_NO_PUBLIC_KEY 134 +# define CMS_R_NO_RECEIPT_REQUEST 168 +# define CMS_R_NO_SIGNERS 135 +# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +# define CMS_R_RECEIPT_DECODE_ERROR 169 +# define CMS_R_RECIPIENT_ERROR 137 +# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +# define CMS_R_SIGNFINAL_ERROR 139 +# define CMS_R_SMIME_TEXT_ERROR 140 +# define CMS_R_STORE_INIT_ERROR 141 +# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +# define CMS_R_TYPE_NOT_DATA 143 +# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +# define CMS_R_UNKNOWN_CIPHER 148 +# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 +# define CMS_R_UNKNOWN_ID 150 +# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 +# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_TYPE 156 +# define CMS_R_UNWRAP_ERROR 157 +# define CMS_R_UNWRAP_FAILURE 180 +# define CMS_R_VERIFICATION_FAILURE 158 +# define CMS_R_WRAP_ERROR 159 + +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/comp.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/comp.h new file mode 100644 index 00000000..d814d3cf --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/comp.h @@ -0,0 +1,53 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_COMP_H +# define HEADER_COMP_H + +# include + +# ifndef OPENSSL_NO_COMP +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); + +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + +COMP_METHOD *COMP_zlib(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +#define COMP_zlib_cleanup() while(0) continue +#endif + +# ifdef HEADER_BIO_H +# ifdef ZLIB +const BIO_METHOD *BIO_f_zlib(void); +# endif +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/comperr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/comperr.h new file mode 100644 index 00000000..90231e9a --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/comperr.h @@ -0,0 +1,44 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_COMPERR_H +# define HEADER_COMPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_COMP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_COMP_strings(void); + +/* + * COMP function codes. + */ +# define COMP_F_BIO_ZLIB_FLUSH 99 +# define COMP_F_BIO_ZLIB_NEW 100 +# define COMP_F_BIO_ZLIB_READ 101 +# define COMP_F_BIO_ZLIB_WRITE 102 +# define COMP_F_COMP_CTX_NEW 103 + +/* + * COMP reason codes. + */ +# define COMP_R_ZLIB_DEFLATE_ERROR 99 +# define COMP_R_ZLIB_INFLATE_ERROR 100 +# define COMP_R_ZLIB_NOT_SUPPORTED 101 + +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/conf.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/conf.h new file mode 100644 index 00000000..7336cd2f --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/conf.h @@ -0,0 +1,168 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONF_H +# define HEADER_CONF_H + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + char *section; + char *name; + char *value; +} CONF_VALUE; + +DEFINE_STACK_OF(CONF_VALUE) +DEFINE_LHASH_OF(CONF_VALUE); + +struct conf_st; +struct conf_method_st; +typedef struct conf_method_st CONF_METHOD; + +struct conf_method_st { + const char *name; + CONF *(*create) (CONF_METHOD *meth); + int (*init) (CONF *conf); + int (*destroy) (CONF *conf); + int (*destroy_data) (CONF *conf); + int (*load_bio) (CONF *conf, BIO *bp, long *eline); + int (*dump) (const CONF *conf, BIO *bp); + int (*is_number) (const CONF *conf, char c); + int (*to_int) (const CONF *conf, char c); + int (*load) (CONF *conf, const char *name, long *eline); +}; + +/* Module definitions */ + +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +DEFINE_STACK_OF(CONF_MODULE) +DEFINE_STACK_OF(CONF_IMODULE) + +/* DSO module function typedefs */ +typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func (CONF_IMODULE *md); + +# define CONF_MFLAGS_IGNORE_ERRORS 0x1 +# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +# define CONF_MFLAGS_SILENT 0x4 +# define CONF_MFLAGS_NO_DSO 0x8 +# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +# define CONF_MFLAGS_DEFAULT_SECTION 0x20 + +int CONF_set_default_method(CONF_METHOD *meth); +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); +# ifndef OPENSSL_NO_STDIO +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); +# endif +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +#ifndef OPENSSL_NO_STDIO +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +#endif +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); + +DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) + +#if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_no_config() \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +#endif + +/* + * New conf code. The semantics are different from the functions above. If + * that wasn't the case, the above functions would have been replaced + */ + +struct conf_st { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; +}; + +CONF *NCONF_new(CONF_METHOD *meth); +CONF_METHOD *NCONF_default(void); +CONF_METHOD *NCONF_WIN32(void); +void NCONF_free(CONF *conf); +void NCONF_free_data(CONF *conf); + +int NCONF_load(CONF *conf, const char *file, long *eline); +# ifndef OPENSSL_NO_STDIO +int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); +# endif +int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, + const char *section); +char *NCONF_get_string(const CONF *conf, const char *group, const char *name); +int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); +#ifndef OPENSSL_NO_STDIO +int NCONF_dump_fp(const CONF *conf, FILE *out); +#endif +int NCONF_dump_bio(const CONF *conf, BIO *out); + +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) + +/* Module functions */ + +int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); +int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +#if OPENSSL_API_COMPAT < 0x10100000L +# define CONF_modules_free() while(0) continue +#endif +int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +const char *CONF_imodule_get_name(const CONF_IMODULE *md); +const char *CONF_imodule_get_value(const CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + +char *CONF_get1_default_config_file(void); + +int CONF_parse_list(const char *list, int sep, int nospc, + int (*list_cb) (const char *elem, int len, void *usr), + void *arg); + +void OPENSSL_load_builtin_modules(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/conf_api.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/conf_api.h new file mode 100644 index 00000000..a0275ad7 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/conf_api.h @@ -0,0 +1,40 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONF_API_H +# define HEADER_CONF_API_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Up until OpenSSL 0.9.5a, this was new_section */ +CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was get_section */ +CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was CONF_get_section */ +STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, + const char *section); + +int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); +char *_CONF_get_string(const CONF *conf, const char *section, + const char *name); +long _CONF_get_number(const CONF *conf, const char *section, + const char *name); + +int _CONF_new_data(CONF *conf); +void _CONF_free_data(CONF *conf); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/conferr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/conferr.h new file mode 100644 index 00000000..32b92291 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/conferr.h @@ -0,0 +1,76 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONFERR_H +# define HEADER_CONFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CONF_strings(void); + +/* + * CONF function codes. + */ +# define CONF_F_CONF_DUMP_FP 104 +# define CONF_F_CONF_LOAD 100 +# define CONF_F_CONF_LOAD_FP 103 +# define CONF_F_CONF_PARSE_LIST 119 +# define CONF_F_DEF_LOAD 120 +# define CONF_F_DEF_LOAD_BIO 121 +# define CONF_F_GET_NEXT_FILE 107 +# define CONF_F_MODULE_ADD 122 +# define CONF_F_MODULE_INIT 115 +# define CONF_F_MODULE_LOAD_DSO 117 +# define CONF_F_MODULE_RUN 118 +# define CONF_F_NCONF_DUMP_BIO 105 +# define CONF_F_NCONF_DUMP_FP 106 +# define CONF_F_NCONF_GET_NUMBER_E 112 +# define CONF_F_NCONF_GET_SECTION 108 +# define CONF_F_NCONF_GET_STRING 109 +# define CONF_F_NCONF_LOAD 113 +# define CONF_F_NCONF_LOAD_BIO 110 +# define CONF_F_NCONF_LOAD_FP 114 +# define CONF_F_NCONF_NEW 111 +# define CONF_F_PROCESS_INCLUDE 116 +# define CONF_F_SSL_MODULE_INIT 123 +# define CONF_F_STR_COPY 101 + +/* + * CONF reason codes. + */ +# define CONF_R_ERROR_LOADING_DSO 110 +# define CONF_R_LIST_CANNOT_BE_NULL 115 +# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +# define CONF_R_MISSING_EQUAL_SIGN 101 +# define CONF_R_MISSING_INIT_FUNCTION 112 +# define CONF_R_MODULE_INITIALIZATION_ERROR 109 +# define CONF_R_NO_CLOSE_BRACE 102 +# define CONF_R_NO_CONF 105 +# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +# define CONF_R_NO_SECTION 107 +# define CONF_R_NO_SUCH_FILE 114 +# define CONF_R_NO_VALUE 108 +# define CONF_R_NUMBER_TOO_LARGE 121 +# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 +# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +# define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +# define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/crypto.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/crypto.h new file mode 100644 index 00000000..7d0b5262 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/crypto.h @@ -0,0 +1,445 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CRYPTO_H +# define HEADER_CRYPTO_H + +# include +# include + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif + +# include +# include +# include +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +/* + * Resolve problems on some operating systems with symbol names that clash + * one way or another + */ +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSLeay OpenSSL_version_num +# define SSLeay_version OpenSSL_version +# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +# define SSLEAY_VERSION OPENSSL_VERSION +# define SSLEAY_CFLAGS OPENSSL_CFLAGS +# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +# define SSLEAY_PLATFORM OPENSSL_PLATFORM +# define SSLEAY_DIR OPENSSL_DIR + +/* + * Old type for allocating dynamic locks. No longer used. Use the new thread + * API instead. + */ +typedef struct { + int dummy; +} CRYPTO_dynlock; + +# endif /* OPENSSL_API_COMPAT */ + +typedef void CRYPTO_RWLOCK; + +CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); + +int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); + +/* + * The following can be used to detect memory leaks in the library. If + * used, it turns on malloc checking + */ +# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ + +struct crypto_ex_data_st { + STACK_OF(void) *sk; +}; +DEFINE_STACK_OF(void) + +/* + * Per class, we have a STACK of function pointers. + */ +# define CRYPTO_EX_INDEX_SSL 0 +# define CRYPTO_EX_INDEX_SSL_CTX 1 +# define CRYPTO_EX_INDEX_SSL_SESSION 2 +# define CRYPTO_EX_INDEX_X509 3 +# define CRYPTO_EX_INDEX_X509_STORE 4 +# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +# define CRYPTO_EX_INDEX_DH 6 +# define CRYPTO_EX_INDEX_DSA 7 +# define CRYPTO_EX_INDEX_EC_KEY 8 +# define CRYPTO_EX_INDEX_RSA 9 +# define CRYPTO_EX_INDEX_ENGINE 10 +# define CRYPTO_EX_INDEX_UI 11 +# define CRYPTO_EX_INDEX_BIO 12 +# define CRYPTO_EX_INDEX_APP 13 +# define CRYPTO_EX_INDEX_UI_METHOD 14 +# define CRYPTO_EX_INDEX_DRBG 15 +# define CRYPTO_EX_INDEX__COUNT 16 + +/* No longer needed, so this is a no-op */ +#define OPENSSL_malloc_init() while(0) continue + +int CRYPTO_mem_ctrl(int mode); + +# define OPENSSL_malloc(num) \ + CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_zalloc(num) \ + CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_realloc(addr, num) \ + CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_realloc(addr, old_num, num) \ + CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_free(addr) \ + CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_memdup(str, s) \ + CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strdup(str) \ + CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strndup(str, n) \ + CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_malloc(num) \ + CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_free(addr) \ + CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_actual_size(ptr) \ + CRYPTO_secure_actual_size(ptr) + +size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); +size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); +size_t OPENSSL_strnlen(const char *str, size_t maxlen); +char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); +unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +int OPENSSL_hexchar2int(unsigned char c); + +# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) + +unsigned long OpenSSL_version_num(void); +const char *OpenSSL_version(int type); +# define OPENSSL_VERSION 0 +# define OPENSSL_CFLAGS 1 +# define OPENSSL_BUILT_ON 2 +# define OPENSSL_PLATFORM 3 +# define OPENSSL_DIR 4 +# define OPENSSL_ENGINES_DIR 5 + +int OPENSSL_issetugid(void); + +typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); +__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* No longer use an index. */ +int CRYPTO_free_ex_index(int class_index, int idx); + +/* + * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a + * given class (invokes whatever per-class callbacks are applicable) + */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + const CRYPTO_EX_DATA *from); + +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + +/* + * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular + * index (relative to the class type involved) + */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); + +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. + */ +# define CRYPTO_cleanup_all_ex_data() while(0) continue + +/* + * The old locking functions have been removed completely without compatibility + * macros. This is because the old functions either could not properly report + * errors, or the returned error values were not clearly documented. + * Replacing the locking functions with no-ops would cause race condition + * issues in the affected applications. It is far better for them to fail at + * compile time. + * On the other hand, the locking callbacks are no longer used. Consequently, + * the callback management functions can be safely replaced with no-op macros. + */ +# define CRYPTO_num_locks() (1) +# define CRYPTO_set_locking_callback(func) +# define CRYPTO_get_locking_callback() (NULL) +# define CRYPTO_set_add_lock_callback(func) +# define CRYPTO_get_add_lock_callback() (NULL) + +/* + * These defines where used in combination with the old locking callbacks, + * they are not called anymore, but old code that's not called might still + * use them. + */ +# define CRYPTO_LOCK 1 +# define CRYPTO_UNLOCK 2 +# define CRYPTO_READ 4 +# define CRYPTO_WRITE 8 + +/* This structure is no longer used */ +typedef struct crypto_threadid_st { + int dummy; +} CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +# define CRYPTO_THREADID_set_numeric(id, val) +# define CRYPTO_THREADID_set_pointer(id, ptr) +# define CRYPTO_THREADID_set_callback(threadid_func) (0) +# define CRYPTO_THREADID_get_callback() (NULL) +# define CRYPTO_THREADID_current(id) +# define CRYPTO_THREADID_cmp(a, b) (-1) +# define CRYPTO_THREADID_cpy(dest, src) +# define CRYPTO_THREADID_hash(id) (0UL) + +# if OPENSSL_API_COMPAT < 0x10000000L +# define CRYPTO_set_id_callback(func) +# define CRYPTO_get_id_callback() (NULL) +# define CRYPTO_thread_id() (0UL) +# endif /* OPENSSL_API_COMPAT < 0x10000000L */ + +# define CRYPTO_set_dynlock_create_callback(dyn_create_function) +# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +# define CRYPTO_get_dynlock_create_callback() (NULL) +# define CRYPTO_get_dynlock_lock_callback() (NULL) +# define CRYPTO_get_dynlock_destroy_callback() (NULL) +# endif /* OPENSSL_API_COMPAT < 0x10100000L */ + +int CRYPTO_set_mem_functions( + void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, int), + void (*f) (void *, const char *, int)); +int CRYPTO_set_mem_debug(int flag); +void CRYPTO_get_mem_functions( + void *(**m) (size_t, const char *, int), + void *(**r) (void *, size_t, const char *, int), + void (**f) (void *, const char *, int)); + +void *CRYPTO_malloc(size_t num, const char *file, int line); +void *CRYPTO_zalloc(size_t num, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void CRYPTO_free(void *ptr, const char *file, int line); +void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); +void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); +void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, + const char *file, int line); + +int CRYPTO_secure_malloc_init(size_t sz, int minsize); +int CRYPTO_secure_malloc_done(void); +void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +void CRYPTO_secure_free(void *ptr, const char *file, int line); +void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line); +int CRYPTO_secure_allocated(const void *ptr); +int CRYPTO_secure_malloc_initialized(void); +size_t CRYPTO_secure_actual_size(void *ptr); +size_t CRYPTO_secure_used(void); + +void OPENSSL_cleanse(void *ptr, size_t len); + +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +int CRYPTO_mem_debug_pop(void); +void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); + +/*- + * Debugging functions (enabled by CRYPTO_set_mem_debug(1)) + * The flag argument has the following significance: + * 0: called before the actual memory allocation has taken place + * 1: called after the actual memory allocation has taken place + */ +void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_free(void *addr, int flag, + const char *file, int line); + +int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +int CRYPTO_mem_leaks_fp(FILE *); +# endif +int CRYPTO_mem_leaks(BIO *bio); +# endif + +/* die if we have to */ +ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); +# if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) +# endif +# define OPENSSL_assert(e) \ + (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) + +int OPENSSL_isservice(void); + +int FIPS_mode(void); +int FIPS_mode_set(int r); + +void OPENSSL_init(void); +# ifdef OPENSSL_SYS_UNIX +void OPENSSL_fork_prepare(void); +void OPENSSL_fork_parent(void); +void OPENSSL_fork_child(void); +# endif + +struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, + const struct tm *from, const struct tm *to); + +/* + * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. + * It takes an amount of time dependent on |len|, but independent of the + * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements + * into a defined order as the return value when a != b is undefined, other + * than to be non-zero. + */ +int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); + +/* Standard initialisation options */ +# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +# define OPENSSL_INIT_ASYNC 0x00000100L +# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L +/* OPENSSL_INIT_ZLIB 0x00010000L */ +# define OPENSSL_INIT_ATFORK 0x00020000L +/* OPENSSL_INIT_BASE_ONLY 0x00040000L */ +# define OPENSSL_INIT_NO_ATEXIT 0x00080000L +/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ +/* Max OPENSSL_INIT flag value is 0x80000000 */ + +/* openssl and dasync not counted as builtin */ +# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ + (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ + OPENSSL_INIT_ENGINE_PADLOCK) + + +/* Library initialisation functions */ +void OPENSSL_cleanup(void); +int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +int OPENSSL_atexit(void (*handler)(void)); +void OPENSSL_thread_stop(void); + +/* Low-level control of initialization */ +OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +# ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_filename); +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags); +int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, + const char *config_appname); +# endif +void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); + +# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +# if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include in order to use this */ +typedef DWORD CRYPTO_THREAD_LOCAL; +typedef DWORD CRYPTO_THREAD_ID; + +typedef LONG CRYPTO_ONCE; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif +# else +# include +typedef pthread_once_t CRYPTO_ONCE; +typedef pthread_key_t CRYPTO_THREAD_LOCAL; +typedef pthread_t CRYPTO_THREAD_ID; + +# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +# endif +# endif + +# if !defined(CRYPTO_ONCE_STATIC_INIT) +typedef unsigned int CRYPTO_ONCE; +typedef unsigned int CRYPTO_THREAD_LOCAL; +typedef unsigned int CRYPTO_THREAD_ID; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif + +int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); + +int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)); +void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key); +int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val); +int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); + +CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); +int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/cryptoerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/cryptoerr.h new file mode 100644 index 00000000..3db5a4ee --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/cryptoerr.h @@ -0,0 +1,57 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CRYPTOERR_H +# define HEADER_CRYPTOERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CRYPTO_strings(void); + +/* + * CRYPTO function codes. + */ +# define CRYPTO_F_CMAC_CTX_NEW 120 +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +# define CRYPTO_F_CRYPTO_MEMDUP 115 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 +# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 121 +# define CRYPTO_F_CRYPTO_OCB128_INIT 122 +# define CRYPTO_F_CRYPTO_SET_EX_DATA 102 +# define CRYPTO_F_FIPS_MODE_SET 109 +# define CRYPTO_F_GET_AND_LOCK 113 +# define CRYPTO_F_OPENSSL_ATEXIT 114 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR 117 +# define CRYPTO_F_OPENSSL_FOPEN 119 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 +# define CRYPTO_F_OPENSSL_LH_NEW 126 +# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 127 +# define CRYPTO_F_OPENSSL_SK_DUP 128 +# define CRYPTO_F_PKEY_HMAC_INIT 123 +# define CRYPTO_F_PKEY_POLY1305_INIT 124 +# define CRYPTO_F_PKEY_SIPHASH_INIT 125 +# define CRYPTO_F_SK_RESERVE 129 + +/* + * CRYPTO reason codes. + */ +# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ct.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ct.h new file mode 100644 index 00000000..d4262fa0 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ct.h @@ -0,0 +1,476 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CT_H +# define HEADER_CT_H + +# include + +# ifndef OPENSSL_NO_CT +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + +/* Minimum RSA key size, from RFC6962 */ +# define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +DEFINE_STACK_OF(SCT) +DEFINE_STACK_OF(CTLOG) + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* + * Creates a new, empty policy evaluation context. + * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished + * with the CT_POLICY_EVAL_CTX. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context and anything it owns. */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the certificate associated with the received SCTs. + * Increments the reference count of cert. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the issuer of the certificate associated with the received SCTs. + * Increments the reference count of issuer. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * Gets the time, in milliseconds since the Unix epoch, that will be used as the + * current time when checking whether an SCT was issued in the future. + * Such SCTs will fail validation, as required by RFC6962. + */ +uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * whose timestamp is in the future", so an SCT will not validate in this case. + */ +void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, + const char *logid_base64, + ct_log_entry_type_t entry_type, + uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +__owur int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Returns a text string describing the validation status of |sct|. + */ +const char *SCT_validation_status_string(const SCT *sct); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Sets the "validation_status" field of each SCT. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialisation * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +__owur int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string containing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name|. + * Takes ownership of |public_key| but copies |name|. + * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER + * in |pkey_base64|. The |name| is a string to help users identify this log. + * Returns 1 on success, 0 on failure. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +int CTLOG_new_from_base64(CTLOG ** ct_log, + const char *pkey_base64, const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, + size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * See internal/cryptlib.h for the environment variable and file path that are + * consulted to find the default file. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/cterr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/cterr.h new file mode 100644 index 00000000..feb7bc56 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/cterr.h @@ -0,0 +1,80 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CTERR_H +# define HEADER_CTERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_CT + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# define CT_F_CTLOG_NEW 117 +# define CT_F_CTLOG_NEW_FROM_BASE64 118 +# define CT_F_CTLOG_NEW_FROM_CONF 119 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +# define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CTLOG_STORE_LOAD_LOG 130 +# define CT_F_CTLOG_STORE_NEW 131 +# define CT_F_CT_BASE64_DECODE 124 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +# define CT_F_I2O_SCT 107 +# define CT_F_I2O_SCT_LIST 108 +# define CT_F_I2O_SCT_SIGNATURE 109 +# define CT_F_O2I_SCT 110 +# define CT_F_O2I_SCT_LIST 111 +# define CT_F_O2I_SCT_SIGNATURE 112 +# define CT_F_SCT_CTX_NEW 126 +# define CT_F_SCT_CTX_VERIFY 128 +# define CT_F_SCT_NEW 100 +# define CT_F_SCT_NEW_FROM_BASE64 127 +# define CT_F_SCT_SET0_LOG_ID 101 +# define CT_F_SCT_SET1_EXTENSIONS 114 +# define CT_F_SCT_SET1_LOG_ID 115 +# define CT_F_SCT_SET1_SIGNATURE 116 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +# define CT_F_SCT_SET_SIGNATURE_NID 103 +# define CT_F_SCT_SET_VERSION 104 + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/des.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/des.h new file mode 100644 index 00000000..be4abbdf --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/des.h @@ -0,0 +1,174 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DES_H +# define HEADER_DES_H + +# include + +# ifndef OPENSSL_NO_DES +# ifdef __cplusplus +extern "C" { +# endif +# include + +typedef unsigned int DES_LONG; + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* + * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and + * const_DES_cblock * are incompatible pointer types. + */ + +typedef struct DES_ks { + union { + DES_cblock cblock; + /* + * make sure things are correct size on machines with 8 byte longs + */ + DES_LONG deslong[2]; + } ks[16]; +} DES_key_schedule; + +# define DES_KEY_SZ (sizeof(DES_cblock)) +# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +# define DES_ENCRYPT 1 +# define DES_DECRYPT 0 + +# define DES_CBC_MODE 0 +# define DES_PCBC_MODE 1 + +# define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */ +# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) + +const char *DES_options(void); +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc); +DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, + long length, DES_key_schedule *schedule, + const_DES_cblock *ivec); +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, const_DES_cblock *inw, + const_DES_cblock *outw, int enc); +void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int enc); + +/* + * This is the DES encryption function that gets called by just about every + * other DES routine in the library. You should not use this function except + * to implement 'modes' of DES. I say this because the functions that call + * this routine do the conversion from 'char *' to long, and this needs to be + * done to make sure 'non-aligned' memory access do not occur. The + * characters are loaded 'little endian'. Data is a pointer to 2 unsigned + * long's and ks is the DES_key_schedule to use. enc, is non zero specifies + * encryption, zero if decryption. + */ +void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc); + +/* + * This functions is the same as DES_encrypt1() except that the DES initial + * permutation (IP) and final permutation (FP) have been left out. As for + * DES_encrypt1(), you should not use this function. It is used by the + * routines in the library that implement triple DES. IP() DES_encrypt2() + * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() + * DES_encrypt1() DES_encrypt1() except faster :-). + */ +void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc); + +void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, DES_cblock *ivec, int enc); +void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num, int enc); +void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, + int numbits, long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc); +void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num); +char *DES_fcrypt(const char *buf, const char *salt, char *ret); +char *DES_crypt(const char *buf, const char *salt); +void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec); +void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], + long length, int out_count, DES_cblock *seed); +int DES_random_key(DES_cblock *ret); +void DES_set_odd_parity(DES_cblock *key); +int DES_check_key_parity(const_DES_cblock *key); +int DES_is_weak_key(const_DES_cblock *key); +/* + * DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked if global variable DES_check_key is set, + * DES_set_key_unchecked otherwise. + */ +int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_string_to_key(const char *str, DES_cblock *key); +void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc); +void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num); + +# define DES_fixup_key_parity DES_set_odd_parity + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/dh.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/dh.h new file mode 100644 index 00000000..3527540c --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/dh.h @@ -0,0 +1,340 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DH_H +# define HEADER_DH_H + +# include + +# ifndef OPENSSL_NO_DH +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +# define DH_FLAG_CACHE_MONT_P 0x01 + +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DH_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +/* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DH_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DH_FLAG_NON_FIPS_ALLOW 0x0400 + +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ + +DECLARE_ASN1_ITEM(DHparams) + +# define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +# define DH_GENERATOR_5 5 + +/* DH_check error codes */ +# define DH_CHECK_P_NOT_PRIME 0x01 +# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +# define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_Q_NOT_PRIME 0x10 +# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_J_VALUE 0x40 + +/* DH_check_pub_key error codes */ +# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_INVALID 0x04 + +/* + * primes p where (p-1)/2 is prime too are called "safe"; we define this for + * backward compatibility: + */ +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +# define d2i_DHparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x) + +DH *DHparams_dup(DH *); + +const DH_METHOD *DH_OpenSSL(void); + +void DH_set_default_method(const DH_METHOD *meth); +const DH_METHOD *DH_get_default_method(void); +int DH_set_method(DH *dh, const DH_METHOD *meth); +DH *DH_new_method(ENGINE *engine); + +DH *DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +int DH_bits(const DH *dh); +int DH_size(const DH *dh); +int DH_security_bits(const DH *dh); +#define DH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) +int DH_set_ex_data(DH *d, int idx, void *arg); +void *DH_get_ex_data(DH *d, int idx); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, + BN_GENCB *cb); + +int DH_check_params_ex(const DH *dh); +int DH_check_ex(const DH *dh); +int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); +int DH_check_params(const DH *dh, int *ret); +int DH_check(const DH *dh, int *codes); +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); +DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); +int i2d_DHparams(const DH *a, unsigned char **pp); +DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); +int i2d_DHxparams(const DH *a, unsigned char **pp); +# ifndef OPENSSL_NO_STDIO +int DHparams_print_fp(FILE *fp, const DH *x); +# endif +int DHparams_print(BIO *bp, const DH *x); + +/* RFC 5114 parameters */ +DH *DH_get_1024_160(void); +DH *DH_get_2048_224(void); +DH *DH_get_2048_256(void); + +/* Named parameters, currently RFC7919 */ +DH *DH_new_by_nid(int nid); +int DH_get_nid(const DH *dh); + +# ifndef OPENSSL_NO_CMS +/* RFC2631 KDF */ +int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif + +void DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DH_get0_key(const DH *dh, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); +void DH_clear_flags(DH *dh, int flags); +int DH_test_flags(const DH *dh, int flags); +void DH_set_flags(DH *dh, int flags); +ENGINE *DH_get0_engine(DH *d); +long DH_get_length(const DH *dh); +int DH_set_length(DH *dh, long length); + +DH_METHOD *DH_meth_new(const char *name, int flags); +void DH_meth_free(DH_METHOD *dhm); +DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +const char *DH_meth_get0_name(const DH_METHOD *dhm); +int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +int DH_meth_get_flags(const DH_METHOD *dhm); +int DH_meth_set_flags(DH_METHOD *dhm, int flags); +void *DH_meth_get0_app_data(const DH_METHOD *dhm); +int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *); +int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)); +int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) + (unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_meth_set_compute_key(DH_METHOD *dhm, + int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)); +int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) + (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, + int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *); +int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)); +int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) + (DH *, int, int, BN_GENCB *); +int DH_meth_set_generate_params(DH_METHOD *dhm, + int (*generate_params) (DH *, int, int, BN_GENCB *)); + + +# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \ + EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_DH_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_PAD, pad, NULL) + +# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid)) + +# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid)) + +# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen)) + +# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p)) + +# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) +# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15) +# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16) + +/* KDF types */ +# define EVP_PKEY_DH_KDF_NONE 1 +# ifndef OPENSSL_NO_CMS +# define EVP_PKEY_DH_KDF_X9_42 2 +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/dherr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/dherr.h new file mode 100644 index 00000000..916b3bed --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/dherr.h @@ -0,0 +1,88 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DHERR_H +# define HEADER_DHERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_DH + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DH_strings(void); + +/* + * DH function codes. + */ +# define DH_F_COMPUTE_KEY 102 +# define DH_F_DHPARAMS_PRINT_FP 101 +# define DH_F_DH_BUILTIN_GENPARAMS 106 +# define DH_F_DH_CHECK_EX 121 +# define DH_F_DH_CHECK_PARAMS_EX 122 +# define DH_F_DH_CHECK_PUB_KEY_EX 123 +# define DH_F_DH_CMS_DECRYPT 114 +# define DH_F_DH_CMS_SET_PEERKEY 115 +# define DH_F_DH_CMS_SET_SHARED_INFO 116 +# define DH_F_DH_METH_DUP 117 +# define DH_F_DH_METH_NEW 118 +# define DH_F_DH_METH_SET1_NAME 119 +# define DH_F_DH_NEW_BY_NID 104 +# define DH_F_DH_NEW_METHOD 105 +# define DH_F_DH_PARAM_DECODE 107 +# define DH_F_DH_PKEY_PUBLIC_CHECK 124 +# define DH_F_DH_PRIV_DECODE 110 +# define DH_F_DH_PRIV_ENCODE 111 +# define DH_F_DH_PUB_DECODE 108 +# define DH_F_DH_PUB_ENCODE 109 +# define DH_F_DO_DH_PRINT 100 +# define DH_F_GENERATE_KEY 103 +# define DH_F_PKEY_DH_CTRL_STR 120 +# define DH_F_PKEY_DH_DERIVE 112 +# define DH_F_PKEY_DH_INIT 125 +# define DH_F_PKEY_DH_KEYGEN 113 + +/* + * DH reason codes. + */ +# define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_CHECK_INVALID_J_VALUE 115 +# define DH_R_CHECK_INVALID_Q_VALUE 116 +# define DH_R_CHECK_PUBKEY_INVALID 122 +# define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +# define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +# define DH_R_CHECK_P_NOT_PRIME 117 +# define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +# define DH_R_CHECK_Q_NOT_PRIME 119 +# define DH_R_DECODE_ERROR 104 +# define DH_R_INVALID_PARAMETER_NAME 110 +# define DH_R_INVALID_PARAMETER_NID 114 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_MISSING_PUBKEY 125 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_NOT_SUITABLE_GENERATOR 120 +# define DH_R_NO_PARAMETERS_SET 107 +# define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 111 +# define DH_R_SHARED_INFO_ERROR 113 +# define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/dsa.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/dsa.h new file mode 100644 index 00000000..822eff34 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/dsa.h @@ -0,0 +1,238 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSA_H +# define HEADER_DSA_H + +# include + +# ifndef OPENSSL_NO_DSA +# ifdef __cplusplus +extern "C" { +# endif +# include +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include + +# ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + +# define DSA_FLAG_CACHE_MONT_P 0x01 +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DSA_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +/* + * If this flag is set the DSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 +# define DSA_FLAG_FIPS_CHECKED 0x0800 + +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ + +typedef struct DSA_SIG_st DSA_SIG; + +# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) +# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ + (unsigned char *)(x)) +# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) +# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) + +DSA *DSAparams_dup(DSA *x); +DSA_SIG *DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +int DSA_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + +const DSA_METHOD *DSA_OpenSSL(void); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD *DSA_get_default_method(void); +int DSA_set_method(DSA *dsa, const DSA_METHOD *); +const DSA_METHOD *DSA_get_method(DSA *d); + +DSA *DSA_new(void); +DSA *DSA_new_method(ENGINE *engine); +void DSA_free(DSA *r); +/* "up" the DSA object's reference count */ +int DSA_up_ref(DSA *r); +int DSA_size(const DSA *); +int DSA_bits(const DSA *d); +int DSA_security_bits(const DSA *d); + /* next 4 return -1 on error */ +DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)) +int DSA_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa); +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa); +#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) +int DSA_set_ex_data(DSA *d, int idx, void *arg); +void *DSA_get_ex_data(DSA *d, int idx); + +DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, + unsigned char *seed, + int seed_len, + int *counter_ret, + unsigned long *h_ret, void + (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + +int DSA_generate_key(DSA *a); +int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +int i2d_DSAparams(const DSA *a, unsigned char **pp); + +int DSAparams_print(BIO *bp, const DSA *x); +int DSA_print(BIO *bp, const DSA *x, int off); +# ifndef OPENSSL_NO_STDIO +int DSAparams_print_fp(FILE *fp, const DSA *x); +int DSA_print_fp(FILE *bp, const DSA *x, int off); +# endif + +# define DSS_prime_checks 64 +/* + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. + */ +# define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) + +# ifndef OPENSSL_NO_DH +/* + * Convert DSA structure (key or just parameters) into DH structure (be + * careful to avoid small subgroup attacks when using this!) + */ +DH *DSA_dup_DH(const DSA *r); +# endif + +# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) + +# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +void DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); +void DSA_clear_flags(DSA *d, int flags); +int DSA_test_flags(const DSA *d, int flags); +void DSA_set_flags(DSA *d, int flags); +ENGINE *DSA_get0_engine(DSA *d); + +DSA_METHOD *DSA_meth_new(const char *name, int flags); +void DSA_meth_free(DSA_METHOD *dsam); +DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); +const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); +int DSA_meth_get_flags(const DSA_METHOD *dsam); +int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); +DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA *); +int DSA_meth_set_sign(DSA_METHOD *dsam, + DSA_SIG *(*sign) (const unsigned char *, int, DSA *)); +int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) + (DSA *, BN_CTX *, BIGNUM **, BIGNUM **); +int DSA_meth_set_sign_setup(DSA_METHOD *dsam, + int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); +int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA_SIG *, DSA *); +int DSA_meth_set_verify(DSA_METHOD *dsam, + int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); +int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); +int DSA_meth_set_mod_exp(DSA_METHOD *dsam, + int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)); +int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, + int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); +int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *); +int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)); +int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) + (DSA *, int, const unsigned char *, int, int *, unsigned long *, + BN_GENCB *); +int DSA_meth_set_paramgen(DSA_METHOD *dsam, + int (*paramgen) (DSA *, int, const unsigned char *, int, int *, + unsigned long *, BN_GENCB *)); +int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *); +int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)); + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/dsaerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/dsaerr.h new file mode 100644 index 00000000..495a1ac8 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/dsaerr.h @@ -0,0 +1,72 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSAERR_H +# define HEADER_DSAERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_DSA + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DSA_strings(void); + +/* + * DSA function codes. + */ +# define DSA_F_DSAPARAMS_PRINT 100 +# define DSA_F_DSAPARAMS_PRINT_FP 101 +# define DSA_F_DSA_BUILTIN_PARAMGEN 125 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 +# define DSA_F_DSA_DO_SIGN 112 +# define DSA_F_DSA_DO_VERIFY 113 +# define DSA_F_DSA_METH_DUP 127 +# define DSA_F_DSA_METH_NEW 128 +# define DSA_F_DSA_METH_SET1_NAME 129 +# define DSA_F_DSA_NEW_METHOD 103 +# define DSA_F_DSA_PARAM_DECODE 119 +# define DSA_F_DSA_PRINT_FP 105 +# define DSA_F_DSA_PRIV_DECODE 115 +# define DSA_F_DSA_PRIV_ENCODE 116 +# define DSA_F_DSA_PUB_DECODE 117 +# define DSA_F_DSA_PUB_ENCODE 118 +# define DSA_F_DSA_SIGN 106 +# define DSA_F_DSA_SIGN_SETUP 107 +# define DSA_F_DSA_SIG_NEW 102 +# define DSA_F_OLD_DSA_PRIV_DECODE 122 +# define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_CTRL_STR 104 +# define DSA_F_PKEY_DSA_KEYGEN 121 + +/* + * DSA reason codes. + */ +# define DSA_R_BAD_Q_VALUE 102 +# define DSA_R_BN_DECODE_ERROR 108 +# define DSA_R_BN_ERROR 109 +# define DSA_R_DECODE_ERROR 104 +# define DSA_R_INVALID_DIGEST_TYPE 106 +# define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MISSING_PRIVATE_KEY 111 +# define DSA_R_MODULUS_TOO_LARGE 103 +# define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_Q_NOT_PRIME 113 +# define DSA_R_SEED_LEN_SMALL 110 + +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/dtls1.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/dtls1.h new file mode 100644 index 00000000..a312e386 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/dtls1.h @@ -0,0 +1,55 @@ +/* + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DTLS1_H +# define HEADER_DTLS1_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define DTLS1_VERSION 0xFEFF +# define DTLS1_2_VERSION 0xFEFD +# define DTLS_MIN_VERSION DTLS1_VERSION +# define DTLS_MAX_VERSION DTLS1_2_VERSION +# define DTLS1_VERSION_MAJOR 0xFE + +# define DTLS1_BAD_VER 0x0100 + +/* Special value for method supporting multiple versions */ +# define DTLS_ANY_VERSION 0x1FFFF + +/* lengths of messages */ +/* + * Actually the max cookie length in DTLS is 255. But we can't change this now + * due to compatibility concerns. + */ +# define DTLS1_COOKIE_LENGTH 256 + +# define DTLS1_RT_HEADER_LENGTH 13 + +# define DTLS1_HM_HEADER_LENGTH 12 + +# define DTLS1_HM_BAD_FRAGMENT -2 +# define DTLS1_HM_FRAGMENT_RETRY -3 + +# define DTLS1_CCS_HEADER_LENGTH 1 + +# define DTLS1_AL_HEADER_LENGTH 2 + +/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ +# define DTLS1_TMO_READ_COUNT 2 +# define DTLS1_TMO_WRITE_COUNT 2 + +# define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/e_os2.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/e_os2.h new file mode 100644 index 00000000..97a776cd --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/e_os2.h @@ -0,0 +1,300 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_E_OS2_H +# define HEADER_E_OS2_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/****************************************************************************** + * Detect operating systems. This probably needs completing. + * The result is that at least one OPENSSL_SYS_os macro should be defined. + * However, if none is defined, Unix is assumed. + **/ + +# define OPENSSL_SYS_UNIX + +/* --------------------- Microsoft operating systems ---------------------- */ + +/* + * Note that MSDOS actually denotes 32-bit environments running on top of + * MS-DOS, such as DJGPP one. + */ +# if defined(OPENSSL_SYS_MSDOS) +# undef OPENSSL_SYS_UNIX +# endif + +/* + * For 32 bit environment, there seems to be the CygWin environment and then + * all the others that try to do the same thing Microsoft does... + */ +/* + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +# if defined(OPENSSL_SYS_UEFI) +# undef OPENSSL_SYS_UNIX +# elif defined(OPENSSL_SYS_UWIN) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_UWIN +# else +# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) +# define OPENSSL_SYS_WIN32_CYGWIN +# else +# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN32) +# define OPENSSL_SYS_WIN32 +# endif +# endif +# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif +# if defined(OPENSSL_SYS_WINNT) +# undef OPENSSL_SYS_UNIX +# endif +# if defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# endif +# endif +# endif + +/* Anything that tries to look like Microsoft is "Windows" */ +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +# endif + +/* + * DLL settings. This part is a bit tough, because it's up to the + * application implementor how he or she will link the application, so it + * requires some macro to be used. + */ +# ifdef OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_OPT_WINDLL +# if defined(_WINDLL) /* This is used when building OpenSSL to + * indicate that DLL linkage should be used */ +# define OPENSSL_OPT_WINDLL +# endif +# endif +# endif + +/* ------------------------------- OpenVMS -------------------------------- */ +# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS) +# if !defined(OPENSSL_SYS_VMS) +# undef OPENSSL_SYS_UNIX +# endif +# define OPENSSL_SYS_VMS +# if defined(__DECC) +# define OPENSSL_SYS_VMS_DECC +# elif defined(__DECCXX) +# define OPENSSL_SYS_VMS_DECC +# define OPENSSL_SYS_VMS_DECCXX +# else +# define OPENSSL_SYS_VMS_NODECC +# endif +# endif + +/* -------------------------------- Unix ---------------------------------- */ +# ifdef OPENSSL_SYS_UNIX +# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) +# define OPENSSL_SYS_LINUX +# endif +# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) +# define OPENSSL_SYS_AIX +# endif +# endif + +/* -------------------------------- VOS ----------------------------------- */ +# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) +# define OPENSSL_SYS_VOS +# ifdef __HPPA__ +# define OPENSSL_SYS_VOS_HPPA +# endif +# ifdef __IA32__ +# define OPENSSL_SYS_VOS_IA32 +# endif +# endif + +/** + * That's it for OS-specific stuff + *****************************************************************************/ + +/* Specials for I/O an exit */ +# ifdef OPENSSL_SYS_MSDOS +# define OPENSSL_UNISTD_IO +# define OPENSSL_DECLARE_EXIT extern void exit(int); +# else +# define OPENSSL_UNISTD_IO OPENSSL_UNISTD +# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ +# endif + +/*- + * OPENSSL_EXTERN is normally used to declare a symbol with possible extra + * attributes to handle its presence in a shared library. + * OPENSSL_EXPORT is used to define a symbol with extra possible attributes + * to make it visible in a shared library. + * Care needs to be taken when a header file is used both to declare and + * define symbols. Basically, for any library that exports some global + * variables, the following code must be present in the header file that + * declares them, before OPENSSL_EXTERN is used: + * + * #ifdef SOME_BUILD_FLAG_MACRO + * # undef OPENSSL_EXTERN + * # define OPENSSL_EXTERN OPENSSL_EXPORT + * #endif + * + * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN + * have some generally sensible values. + */ + +# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +# define OPENSSL_EXPORT extern __declspec(dllexport) +# define OPENSSL_EXTERN extern __declspec(dllimport) +# else +# define OPENSSL_EXPORT extern +# define OPENSSL_EXTERN extern +# endif + +/*- + * Macros to allow global variables to be reached through function calls when + * required (if a shared library version requires it, for example. + * The way it's done allows definitions like this: + * + * // in foobar.c + * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0) + * // in foobar.h + * OPENSSL_DECLARE_GLOBAL(int,foobar); + * #define foobar OPENSSL_GLOBAL_REF(foobar) + */ +# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \ + type *_shadow_##name(void) \ + { static type _hide_##name=value; return &_hide_##name; } +# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) +# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) +# else +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value; +# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name +# define OPENSSL_GLOBAL_REF(name) _shadow_##name +# endif + +# ifdef _WIN32 +# ifdef _WIN64 +# define ossl_ssize_t __int64 +# define OSSL_SSIZE_MAX _I64_MAX +# else +# define ossl_ssize_t int +# define OSSL_SSIZE_MAX INT_MAX +# endif +# endif + +# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t) +# define ossl_ssize_t INTN +# define OSSL_SSIZE_MAX MAX_INTN +# endif + +# ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +# if defined(SSIZE_MAX) +# define OSSL_SSIZE_MAX SSIZE_MAX +# elif defined(_POSIX_SSIZE_MAX) +# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +# else +# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1)) +# endif +# endif + +# ifdef DEBUG_UNUSED +# define __owur __attribute__((__warn_unused_result__)) +# else +# define __owur +# endif + +/* Standard integer types */ +# if defined(OPENSSL_SYS_UEFI) +typedef INT8 int8_t; +typedef UINT8 uint8_t; +typedef INT16 int16_t; +typedef UINT16 uint16_t; +typedef INT32 int32_t; +typedef UINT32 uint32_t; +typedef INT64 int64_t; +typedef UINT64 uint64_t; +# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + defined(__osf__) || defined(__sgi) || defined(__hpux) || \ + defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) +# include +# elif defined(_MSC_VER) && _MSC_VER<=1500 +/* + * minimally required typdefs for systems not supporting inttypes.h or + * stdint.h: currently just older VC++ + */ +typedef signed char int8_t; +typedef unsigned char uint8_t; +typedef short int16_t; +typedef unsigned short uint16_t; +typedef int int32_t; +typedef unsigned int uint32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; +# else +# include +# endif + +/* ossl_inline: portable inline definition usable in public headers */ +# if !defined(inline) && !defined(__cplusplus) +# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L + /* just use inline */ +# define ossl_inline inline +# elif defined(__GNUC__) && __GNUC__>=2 +# define ossl_inline __inline__ +# elif defined(_MSC_VER) + /* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +# define ossl_inline __inline +# else +# define ossl_inline +# endif +# else +# define ossl_inline inline +# endif + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L +# define ossl_noreturn _Noreturn +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define ossl_noreturn __attribute__((noreturn)) +# else +# define ossl_noreturn +# endif + +/* ossl_unused: portable unused attribute for use in public headers */ +# if defined(__GNUC__) +# define ossl_unused __attribute__((unused)) +# else +# define ossl_unused +# endif + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ebcdic.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ebcdic.h new file mode 100644 index 00000000..aa012855 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ebcdic.h @@ -0,0 +1,33 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EBCDIC_H +# define HEADER_EBCDIC_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Avoid name clashes with other applications */ +# define os_toascii _openssl_os_toascii +# define os_toebcdic _openssl_os_toebcdic +# define ebcdic2ascii _openssl_ebcdic2ascii +# define ascii2ebcdic _openssl_ascii2ebcdic + +extern const unsigned char os_toascii[256]; +extern const unsigned char os_toebcdic[256]; +void *ebcdic2ascii(void *dest, const void *srce, size_t count); +void *ascii2ebcdic(void *dest, const void *srce, size_t count); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ec.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ec.h new file mode 100644 index 00000000..9d1d152b --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ec.h @@ -0,0 +1,1479 @@ +/* + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EC_H +# define HEADER_EC_H + +# include + +# ifndef OPENSSL_NO_EC +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +# endif + +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ +typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x04 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + +typedef struct ec_method_st EC_METHOD; +typedef struct ec_group_st EC_GROUP; +typedef struct ec_point_st EC_POINT; +typedef struct ecpk_parameters_st ECPKPARAMETERS; +typedef struct ec_parameters_st ECPARAMETERS; + +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nist_method(void); + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp521_method(void); +# endif + +# ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object + */ +const EC_METHOD *EC_GF2m_simple_method(void); + +# endif + +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ + +/** Creates a new EC_GROUP object + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +void EC_GROUP_clear_free(EC_GROUP *group); + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and its order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object + * \return the currently used montgomery data (possibly NULL). +*/ +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the order of an EC_GROUP + * \param group EC_GROUP object + * \return the group order + */ +const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); + +/** Gets the number of bits of the order of an EC_GROUP + * \param group EC_GROUP object + * \return number of bits of group order. + */ +int EC_GROUP_order_bits(const EC_GROUP *group); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, + BN_CTX *ctx); + +/** Gets the cofactor of an EC_GROUP + * \param group EC_GROUP object + * \return the group cofactor + */ +const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) + +# ifndef OPENSSL_NO_EC2M +/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) +# endif +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); + +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise + */ +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if the groups are equal, 1 if not, or -1 on error + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +/* + * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after + * choosing an appropriate EC_METHOD + */ + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# endif + +/** Creates a EC_GROUP object with a curve specified by a NID + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + +/** Creates a new EC_GROUP object from an ECPARAMETERS object + * \param params pointer to the ECPARAMETERS object + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); + +/** Creates an ECPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPARAMETERS object or NULL + * \return pointer to the new ECPARAMETERS object or NULL + * if an error occurred. + */ +ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECPARAMETERS *params); + +/** Creates a new EC_GROUP object from an ECPKPARAMETERS object + * \param params pointer to an existing ECPKPARAMETERS object, or NULL + * \return newly created EC_GROUP object with specified curve, or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); + +/** Creates an ECPKPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPKPARAMETERS object or NULL + * \return pointer to the new ECPKPARAMETERS object or NULL + * if an error occurred. + */ +ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params); + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + +typedef struct { + int nid; + const char *comment; +} EC_builtin_curve; + +/* + * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all + * available curves or zero if a error occurred. In case r is not zero, + * nitems EC_builtin_curve structures are filled with the data of the first + * nitems internal groups + */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); + +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + +/** Gets the affine coordinates of an EC_POINT. + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# endif +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Encodes an EC_POINT object to an allocated octet string + * \param group underlying EC_GROUP object + * \param point EC_POINT object + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if the point is on the curve, 0 if not, or -1 on error + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 if the points are not equal, 0 if they are, or -1 on error + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number further summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + size_t num, const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ + +DECLARE_ASN1_ITEM(ECPKPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS) +DECLARE_ASN1_ITEM(ECPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) + +/* + * EC_GROUP_get_basis_type() returns the NID of the basis type used to + * represent the field elements + */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +# ifndef OPENSSL_NO_EC2M +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); +# endif + +# define OPENSSL_EC_EXPLICIT_CURVE 0x000 +# define OPENSSL_EC_NAMED_CURVE 0x001 + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) +# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) +# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) +# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +# ifndef OPENSSL_NO_STDIO +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +# endif + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + +/* some values for the encoding_flag */ +# define EC_PKEY_NO_PARAMETERS 0x001 +# define EC_PKEY_NO_PUBKEY 0x002 + +/* some values for the flags field */ +# define EC_FLAG_NON_FIPS_ALLOW 0x1 +# define EC_FLAG_FIPS_CHECKED 0x2 +# define EC_FLAG_COFACTOR_ECDH 0x1000 + +/** Creates a new EC_KEY object. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new(void); + +int EC_KEY_get_flags(const EC_KEY *key); + +void EC_KEY_set_flags(EC_KEY *key, int flags); + +void EC_KEY_clear_flags(EC_KEY *key, int flags); + +/** Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name(int nid); + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the ENGINE object of a EC_KEY object + * \param eckey EC_KEY object + * \return the ENGINE object (possibly NULL). + */ +ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + +#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + +/** Indicates if an EC_KEY can be used for signing. + * \param eckey the EC_KEY object + * \return 1 if can can sign and 0 otherwise. + */ +int EC_KEY_can_sign(const EC_KEY *eckey); + +/** Sets a public key from affine coordinates performing + * necessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, + BIGNUM *y); + +/** Encodes an EC_KEY public key to an allocated octet string + * \param key key to encode + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/** Decodes a EC_KEY public key from a octet string + * \param key key to decode + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, + BN_CTX *ctx); + +/** Decodes an EC_KEY private key from an octet string + * \param key key to decode + * \param buf memory buffer with the encoded private key + * \param len length of the encoded key + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); + +/** Encodes a EC_KEY private key to an octet string + * \param key key to encode + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ + +size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); + +/** Encodes an EC_KEY private key to an allocated octet string + * \param eckey key to encode + * \param pbuf returns pointer to allocated buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec parameters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); + +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +# ifndef OPENSSL_NO_STDIO +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + +# endif + +const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +const EC_KEY_METHOD *EC_KEY_get_default_method(void); +void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +EC_KEY *EC_KEY_new_method(ENGINE *engine); + +/** The old name for ecdh_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, + void *out, size_t *outlen)); + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or a negative value + * on error + */ +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); + +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +/** Accessor for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param pr pointer to BIGNUM pointer for r (may be NULL) + * \param ps pointer to BIGNUM pointer for s (may be NULL) + */ +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + +/** Accessor for r field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + +/** Accessor for s field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + +/** Setter for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param r pointer to BIGNUM for r (may be NULL) + * \param s pointer to BIGNUM for s (may be NULL) + */ +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey); + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +int ECDSA_size(const EC_KEY *eckey); + +/********************************************************************/ +/* EC_KEY_METHOD constructors, destructors, writers and accessors */ +/********************************************************************/ + +EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key)); + +void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, + const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key)); + +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, + int (**pck)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + +# ifndef __cplusplus +# if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +# endif + +# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) + +# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) + +# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \ + (void *)(plen)) + +# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p)) + +/* SM2 will skip the operation check so no need to pass operation here */ +# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id(ctx, id) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) + +# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) +/* KDF types */ +# define EVP_PKEY_ECDH_KDF_NONE 1 +# define EVP_PKEY_ECDH_KDF_X9_63 2 +/** The old name for EVP_PKEY_ECDH_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ecdh.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ecdh.h new file mode 100644 index 00000000..681f3d5e --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ecdh.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ecdsa.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ecdsa.h new file mode 100644 index 00000000..681f3d5e --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ecdsa.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ecerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ecerr.h new file mode 100644 index 00000000..f7b91834 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ecerr.h @@ -0,0 +1,275 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ECERR_H +# define HEADER_ECERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_EC + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EC_strings(void); + +/* + * EC function codes. + */ +# define EC_F_BN_TO_FELEM 224 +# define EC_F_D2I_ECPARAMETERS 144 +# define EC_F_D2I_ECPKPARAMETERS 145 +# define EC_F_D2I_ECPRIVATEKEY 146 +# define EC_F_DO_EC_KEY_PRINT 221 +# define EC_F_ECDH_CMS_DECRYPT 238 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 239 +# define EC_F_ECDH_COMPUTE_KEY 246 +# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257 +# define EC_F_ECDSA_DO_SIGN_EX 251 +# define EC_F_ECDSA_DO_VERIFY 252 +# define EC_F_ECDSA_SIGN_EX 254 +# define EC_F_ECDSA_SIGN_SETUP 248 +# define EC_F_ECDSA_SIG_NEW 265 +# define EC_F_ECDSA_VERIFY 253 +# define EC_F_ECD_ITEM_VERIFY 270 +# define EC_F_ECKEY_PARAM2TYPE 223 +# define EC_F_ECKEY_PARAM_DECODE 212 +# define EC_F_ECKEY_PRIV_DECODE 213 +# define EC_F_ECKEY_PRIV_ENCODE 214 +# define EC_F_ECKEY_PUB_DECODE 215 +# define EC_F_ECKEY_PUB_ENCODE 216 +# define EC_F_ECKEY_TYPE2PARAM 220 +# define EC_F_ECPARAMETERS_PRINT 147 +# define EC_F_ECPARAMETERS_PRINT_FP 148 +# define EC_F_ECPKPARAMETERS_PRINT 149 +# define EC_F_ECPKPARAMETERS_PRINT_FP 150 +# define EC_F_ECP_NISTZ256_GET_AFFINE 240 +# define EC_F_ECP_NISTZ256_INV_MOD_ORD 275 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +# define EC_F_ECP_NISTZ256_POINTS_MUL 241 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 +# define EC_F_ECX_KEY_OP 266 +# define EC_F_ECX_PRIV_ENCODE 267 +# define EC_F_ECX_PUB_ENCODE 268 +# define EC_F_EC_ASN1_GROUP2CURVE 153 +# define EC_F_EC_ASN1_GROUP2FIELDID 154 +# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 296 +# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 285 +# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 288 +# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 289 +# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 +# define EC_F_EC_GFP_MONT_FIELD_DECODE 133 +# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +# define EC_F_EC_GFP_MONT_FIELD_INV 297 +# define EC_F_EC_GFP_MONT_FIELD_MUL 131 +# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 +# define EC_F_EC_GFP_MONT_FIELD_SQR 132 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 +# define EC_F_EC_GFP_NIST_FIELD_MUL 200 +# define EC_F_EC_GFP_NIST_FIELD_SQR 201 +# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 287 +# define EC_F_EC_GFP_SIMPLE_FIELD_INV 298 +# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 +# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 +# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 +# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 +# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 +# define EC_F_EC_GROUP_CHECK 170 +# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 +# define EC_F_EC_GROUP_COPY 106 +# define EC_F_EC_GROUP_GET_CURVE 291 +# define EC_F_EC_GROUP_GET_CURVE_GF2M 172 +# define EC_F_EC_GROUP_GET_CURVE_GFP 130 +# define EC_F_EC_GROUP_GET_DEGREE 173 +# define EC_F_EC_GROUP_GET_ECPARAMETERS 261 +# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262 +# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 +# define EC_F_EC_GROUP_NEW 108 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +# define EC_F_EC_GROUP_NEW_FROM_DATA 175 +# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 +# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 +# define EC_F_EC_GROUP_SET_CURVE 292 +# define EC_F_EC_GROUP_SET_CURVE_GF2M 176 +# define EC_F_EC_GROUP_SET_CURVE_GFP 109 +# define EC_F_EC_GROUP_SET_GENERATOR 111 +# define EC_F_EC_GROUP_SET_SEED 286 +# define EC_F_EC_KEY_CHECK_KEY 177 +# define EC_F_EC_KEY_COPY 178 +# define EC_F_EC_KEY_GENERATE_KEY 179 +# define EC_F_EC_KEY_NEW 182 +# define EC_F_EC_KEY_NEW_METHOD 245 +# define EC_F_EC_KEY_OCT2PRIV 255 +# define EC_F_EC_KEY_PRINT 180 +# define EC_F_EC_KEY_PRINT_FP 181 +# define EC_F_EC_KEY_PRIV2BUF 279 +# define EC_F_EC_KEY_PRIV2OCT 256 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 +# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 +# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259 +# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 260 +# define EC_F_EC_PKEY_CHECK 273 +# define EC_F_EC_PKEY_PARAM_CHECK 274 +# define EC_F_EC_POINTS_MAKE_AFFINE 136 +# define EC_F_EC_POINTS_MUL 290 +# define EC_F_EC_POINT_ADD 112 +# define EC_F_EC_POINT_BN2POINT 280 +# define EC_F_EC_POINT_CMP 113 +# define EC_F_EC_POINT_COPY 114 +# define EC_F_EC_POINT_DBL 115 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 293 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 +# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +# define EC_F_EC_POINT_INVERT 210 +# define EC_F_EC_POINT_IS_AT_INFINITY 118 +# define EC_F_EC_POINT_IS_ON_CURVE 119 +# define EC_F_EC_POINT_MAKE_AFFINE 120 +# define EC_F_EC_POINT_NEW 121 +# define EC_F_EC_POINT_OCT2POINT 122 +# define EC_F_EC_POINT_POINT2BUF 281 +# define EC_F_EC_POINT_POINT2OCT 123 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 294 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 295 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 +# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 +# define EC_F_EC_POINT_SET_TO_INFINITY 127 +# define EC_F_EC_PRE_COMP_NEW 196 +# define EC_F_EC_SCALAR_MUL_LADDER 284 +# define EC_F_EC_WNAF_MUL 187 +# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +# define EC_F_I2D_ECPARAMETERS 190 +# define EC_F_I2D_ECPKPARAMETERS 191 +# define EC_F_I2D_ECPRIVATEKEY 192 +# define EC_F_I2O_ECPUBLICKEY 151 +# define EC_F_NISTP224_PRE_COMP_NEW 227 +# define EC_F_NISTP256_PRE_COMP_NEW 236 +# define EC_F_NISTP521_PRE_COMP_NEW 237 +# define EC_F_O2I_ECPUBLICKEY 152 +# define EC_F_OLD_EC_PRIV_DECODE 222 +# define EC_F_OSSL_ECDH_COMPUTE_KEY 247 +# define EC_F_OSSL_ECDSA_SIGN_SIG 249 +# define EC_F_OSSL_ECDSA_VERIFY_SIG 250 +# define EC_F_PKEY_ECD_CTRL 271 +# define EC_F_PKEY_ECD_DIGESTSIGN 272 +# define EC_F_PKEY_ECD_DIGESTSIGN25519 276 +# define EC_F_PKEY_ECD_DIGESTSIGN448 277 +# define EC_F_PKEY_ECX_DERIVE 269 +# define EC_F_PKEY_EC_CTRL 197 +# define EC_F_PKEY_EC_CTRL_STR 198 +# define EC_F_PKEY_EC_DERIVE 217 +# define EC_F_PKEY_EC_INIT 282 +# define EC_F_PKEY_EC_KDF_DERIVE 283 +# define EC_F_PKEY_EC_KEYGEN 199 +# define EC_F_PKEY_EC_PARAMGEN 219 +# define EC_F_PKEY_EC_SIGN 218 +# define EC_F_VALIDATE_ECX_DERIVE 278 + +/* + * EC reason codes. + */ +# define EC_R_ASN1_ERROR 115 +# define EC_R_BAD_SIGNATURE 156 +# define EC_R_BIGNUM_OUT_OF_RANGE 144 +# define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_CANNOT_INVERT 165 +# define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +# define EC_R_DECODE_ERROR 142 +# define EC_R_DISCRIMINANT_IS_ZERO 118 +# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +# define EC_R_FIELD_TOO_LARGE 143 +# define EC_R_GF2M_NOT_SUPPORTED 147 +# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +# define EC_R_INCOMPATIBLE_OBJECTS 101 +# define EC_R_INVALID_ARGUMENT 112 +# define EC_R_INVALID_COMPRESSED_POINT 110 +# define EC_R_INVALID_COMPRESSION_BIT 109 +# define EC_R_INVALID_CURVE 141 +# define EC_R_INVALID_DIGEST 151 +# define EC_R_INVALID_DIGEST_TYPE 138 +# define EC_R_INVALID_ENCODING 102 +# define EC_R_INVALID_FIELD 103 +# define EC_R_INVALID_FORM 104 +# define EC_R_INVALID_GROUP_ORDER 122 +# define EC_R_INVALID_KEY 116 +# define EC_R_INVALID_OUTPUT_LENGTH 161 +# define EC_R_INVALID_PEER_KEY 133 +# define EC_R_INVALID_PENTANOMIAL_BASIS 132 +# define EC_R_INVALID_PRIVATE_KEY 123 +# define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_PARAMETER_ERROR 148 +# define EC_R_KEYS_NOT_SET 140 +# define EC_R_LADDER_POST_FAILURE 136 +# define EC_R_LADDER_PRE_FAILURE 153 +# define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_PARAMETERS 124 +# define EC_R_MISSING_PRIVATE_KEY 125 +# define EC_R_NEED_NEW_SETUP_VALUES 157 +# define EC_R_NOT_A_NIST_PRIME 135 +# define EC_R_NOT_IMPLEMENTED 126 +# define EC_R_NOT_INITIALIZED 111 +# define EC_R_NO_PARAMETERS_SET 139 +# define EC_R_NO_PRIVATE_VALUE 154 +# define EC_R_OPERATION_NOT_SUPPORTED 152 +# define EC_R_PASSED_NULL_PARAMETER 134 +# define EC_R_PEER_KEY_ERROR 149 +# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +# define EC_R_POINT_ARITHMETIC_FAILURE 155 +# define EC_R_POINT_AT_INFINITY 106 +# define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 +# define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 +# define EC_R_SHARED_INFO_ERROR 150 +# define EC_R_SLOT_FULL 108 +# define EC_R_UNDEFINED_GENERATOR 113 +# define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 164 +# define EC_R_UNKNOWN_GROUP 129 +# define EC_R_UNKNOWN_ORDER 114 +# define EC_R_UNSUPPORTED_FIELD 131 +# define EC_R_WRONG_CURVE_PARAMETERS 145 +# define EC_R_WRONG_ORDER 130 + +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/engine.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/engine.h new file mode 100644 index 00000000..0780f0fb --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/engine.h @@ -0,0 +1,751 @@ +/* + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENGINE_H +# define HEADER_ENGINE_H + +# include + +# ifndef OPENSSL_NO_ENGINE +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# include +# include +# include +# include +# include +# endif +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * These flags are used to control combinations of algorithm (methods) by + * bitwise "OR"ing. + */ +# define ENGINE_METHOD_RSA (unsigned int)0x0001 +# define ENGINE_METHOD_DSA (unsigned int)0x0002 +# define ENGINE_METHOD_DH (unsigned int)0x0004 +# define ENGINE_METHOD_RAND (unsigned int)0x0008 +# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +# define ENGINE_METHOD_EC (unsigned int)0x0800 +/* Obvious all-or-nothing cases. */ +# define ENGINE_METHOD_ALL (unsigned int)0xFFFF +# define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* + * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be + * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. + */ +# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + +/* ENGINE flags that can be set by ENGINE_set_flags(). */ +/* Not used */ +/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ + +/* + * This flag is for ENGINEs that wish to handle the various 'CMD'-related + * control commands on their own. Without this flag, ENGINE_ctrl() handles + * these control commands on behalf of the ENGINE using their "cmd_defns" + * data. + */ +# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 + +/* + * This flag is for ENGINEs who return new duplicate structures when found + * via "ENGINE_by_id()". When an ENGINE must store state (eg. if + * ENGINE_ctrl() commands are called in sequence as part of some stateful + * process like key-generation setup and execution), it can set this flag - + * then each attempt to obtain the ENGINE will result in it being copied into + * a new structure. Normally, ENGINEs don't declare this flag so + * ENGINE_by_id() just increments the existing ENGINE's structural reference + * count. + */ +# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + +/* + * This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are not + * usable as default methods. + */ + +# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + +/* + * ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input + * each command expects. Currently only numeric and string input is + * supported. If a control command supports none of the _NUMERIC, _STRING, or + * _NO_INPUT options, then it is regarded as an "internal" control command - + * and not for use in config setting situations. As such, they're not + * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() + * access. Changes to this list of 'command types' should be reflected + * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). + */ + +/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +/* + * accepts string input (cast from 'void*' to 'const char *', 4th parameter + * to ENGINE_ctrl) + */ +# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +/* + * Indicates that the control command takes *no* input. Ie. the control + * command is unparameterised. + */ +# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* + * Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. + */ +# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 + +/* + * NB: These 3 control commands are deprecated and should not be used. + * ENGINEs relying on these commands should compile conditional support for + * compatibility (eg. if these symbols are defined) but should also migrate + * the same functionality to their own ENGINE-specific control functions that + * can be "discovered" by calling applications. The fact these control + * commands wouldn't be "executable" (ie. usable by text-based config) + * doesn't change the fact that application code can find and use them + * without requiring per-ENGINE hacking. + */ + +/* + * These flags are used to tell the ctrl function what should be done. All + * command numbers are shared between all engines, even if some don't make + * sense to some engines. In such a case, they do nothing but return the + * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. + */ +# define ENGINE_CTRL_SET_LOGSTREAM 1 +# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +# define ENGINE_CTRL_HUP 3/* Close and reinitialise + * any handles/connections + * etc. */ +# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ +# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used + * when calling the password + * callback and the user + * interface */ +# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, + * given a string that + * represents a file name + * or so */ +# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given + * section in the already + * loaded configuration */ + +/* + * These control commands allow an application to deal with an arbitrary + * engine in a dynamic way. Warn: Negative return values indicate errors FOR + * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other + * commands, including ENGINE-specific command types, return zero for an + * error. An ENGINE can choose to implement these ctrl functions, and can + * internally manage things however it chooses - it does so by setting the + * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise + * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the + * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's + * ctrl() handler need only implement its own commands - the above "meta" + * commands will be taken care of. + */ + +/* + * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", + * then all the remaining control commands will return failure, so it is + * worth checking this first if the caller is trying to "discover" the + * engine's capabilities and doesn't want errors generated unnecessarily. + */ +# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +/* + * Returns a positive command number for the first command supported by the + * engine. Returns zero if no ctrl commands are supported. + */ +# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +/* + * The 'long' argument specifies a command implemented by the engine, and the + * return value is the next command supported, or zero if there are no more. + */ +# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +/* + * The 'void*' argument is a command name (cast from 'const char *'), and the + * return value is the command that corresponds to it. + */ +# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +/* + * The next two allow a command to be converted into its corresponding string + * form. In each case, the 'long' argument supplies the command. In the + * NAME_LEN case, the return value is the length of the command name (not + * counting a trailing EOL). In the NAME case, the 'void*' argument must be a + * string buffer large enough, and it will be populated with the name of the + * command (WITH a trailing EOL). + */ +# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +/* The next two are similar but give a "short description" of a command. */ +# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +/* + * With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given + * engine-specific ctrl command expects. + */ +# define ENGINE_CTRL_GET_CMD_FLAGS 18 + +/* + * ENGINE implementations should start the numbering of their own control + * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). + */ +# define ENGINE_CMD_BASE 200 + +/* + * NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 + * commands should be migrated to the more general command handling before + * these are removed. + */ + +/* Flags specific to the nCipher "chil" engine */ +# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* + * Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +# define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* + * This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. + */ + +/* + * If an ENGINE supports its own specific control commands and wishes the + * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on + * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN + * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() + * handler that supports the stated commands (ie. the "cmd_num" entries as + * described by the array). NB: The array must be ordered in increasing order + * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element + * has cmd_num set to zero and/or cmd_name set to NULL. + */ +typedef struct ENGINE_CMD_DEFN_st { + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ +} ENGINE_CMD_DEFN; + +/* Generic function pointer */ +typedef int (*ENGINE_GEN_FUNC_PTR) (void); +/* Generic function pointer taking no arguments */ +typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); +/* Specific control function pointer */ +typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, + void (*f) (void)); +/* Generic load_key function pointer */ +typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, + void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); +/*- + * These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); + * Looking at how to implement these handlers in the case of cipher support, if + * the framework wants the EVP_CIPHER for 'nid', it will call; + * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +/* + * Returns to a pointer to the array of supported cipher 'nid's. If the + * second parameter is non-NULL it is set to the size of the returned array. + */ +typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, + const int **, int); +typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, + int); +typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); +/* + * STRUCTURE functions ... all of these functions deal with pointers to + * ENGINE structures where the pointers have a "structural reference". This + * means that their reference is to allowed access to the structure but it + * does not imply that the structure is functional. To simply increment or + * decrement the structural reference count, use ENGINE_by_id and + * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next + * as it will automatically decrement the structural reference count of the + * "current" ENGINE and increment the structural reference count of the + * ENGINE it returns (unless it is NULL). + */ + +/* Get the first/last "ENGINE" type available. */ +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +ENGINE *ENGINE_get_next(ENGINE *e); +ENGINE *ENGINE_get_prev(ENGINE *e); +/* Add another "ENGINE" type into the array. */ +int ENGINE_add(ENGINE *e); +/* Remove an existing "ENGINE" type from the array. */ +int ENGINE_remove(ENGINE *e); +/* Retrieve an engine from the list by its unique "id" value. */ +ENGINE *ENGINE_by_id(const char *id); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +# define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) +# ifndef OPENSSL_NO_STATIC_ENGINE +# define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +# define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +# define ENGINE_load_afalg() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) +# endif +# define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +# define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +#endif +void ENGINE_load_builtin_engines(void); + +/* + * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. + */ +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int flags); + +/*- Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required. + */ + +int ENGINE_register_RSA(ENGINE *e); +void ENGINE_unregister_RSA(ENGINE *e); +void ENGINE_register_all_RSA(void); + +int ENGINE_register_DSA(ENGINE *e); +void ENGINE_unregister_DSA(ENGINE *e); +void ENGINE_register_all_DSA(void); + +int ENGINE_register_EC(ENGINE *e); +void ENGINE_unregister_EC(ENGINE *e); +void ENGINE_register_all_EC(void); + +int ENGINE_register_DH(ENGINE *e); +void ENGINE_unregister_DH(ENGINE *e); +void ENGINE_register_all_DH(void); + +int ENGINE_register_RAND(ENGINE *e); +void ENGINE_unregister_RAND(ENGINE *e); +void ENGINE_register_all_RAND(void); + +int ENGINE_register_ciphers(ENGINE *e); +void ENGINE_unregister_ciphers(ENGINE *e); +void ENGINE_register_all_ciphers(void); + +int ENGINE_register_digests(ENGINE *e); +void ENGINE_unregister_digests(ENGINE *e); +void ENGINE_register_all_digests(void); + +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + +/* + * These functions register all support from the above categories. Note, use + * of these functions can result in static linkage of code your application + * may not need. If you only need a subset of functionality, consider using + * more selective initialisation. + */ +int ENGINE_register_complete(ENGINE *e); +int ENGINE_register_all_complete(void); + +/* + * Send parameterised control commands to the engine. The possibilities to + * send down an integer, a pointer to data or a function pointer are + * provided. Any of the parameters may or may not be NULL, depending on the + * command number. In actuality, this function only requires a structural + * (rather than functional) reference to an engine, but many control commands + * may require the engine be functional. The caller should be aware of trying + * commands that require an operational ENGINE, and only use functional + * references in such situations. + */ +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); + +/* + * This function tests if an ENGINE-specific command is usable as a + * "setting". Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to + * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). + */ +int ENGINE_cmd_is_executable(ENGINE *e, int cmd); + +/* + * This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional + * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation + * on how to use the cmd_name and cmd_optional. + */ +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f) (void), int cmd_optional); + +/* + * This function passes a command-name and argument to an ENGINE. The + * cmd_name is converted to a command number and the control command is + * called using 'arg' as an argument (unless the ENGINE doesn't support such + * a command, in which case no control command is called). The command is + * checked for input flags, and if necessary the argument will be converted + * to a numeric value. If cmd_optional is non-zero, then if the ENGINE + * doesn't support the given cmd_name the return value will be success + * anyway. This function is intended for applications to use so that users + * (or config files) can supply engine-specific config data to the ENGINE at + * run-time to control behaviour of specific engines. As such, it shouldn't + * be used for calling ENGINE_ctrl() functions that return data, deal with + * binary data, or that are otherwise supposed to be used directly through + * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() + * operation in this function will be lost - the return value is interpreted + * as failure if the return value is zero, success otherwise, and this + * function returns a boolean value as a result. In other words, vendors of + * 'ENGINE'-enabled devices should write ENGINE implementations with + * parameterisations that work in this scheme, so that compliant ENGINE-based + * applications can work consistently with the same configuration for the + * same ENGINE-enabled devices, across applications. + */ +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional); + +/* + * These functions are useful for manufacturing new ENGINE structures. They + * don't address reference counting at all - one uses them to populate an + * ENGINE structure with personalised implementations of things prior to + * using it directly or adding it to the builtin ENGINE list in OpenSSL. + * These are also here so that the ENGINE structure doesn't have to be + * exposed and break binary compatibility! + */ +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); +int ENGINE_set_id(ENGINE *e, const char *id); +int ENGINE_set_name(ENGINE *e, const char *name); +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +int ENGINE_set_load_privkey_function(ENGINE *e, + ENGINE_LOAD_KEY_PTR loadpriv_f); +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR + loadssl_f); +int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); +int ENGINE_set_flags(ENGINE *e, int flags); +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +/* These functions allow control over any per-structure ENGINE data. */ +#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +#if OPENSSL_API_COMPAT < 0x10100000L +/* + * This function previously cleaned up anything that needs it. Auto-deinit will + * now take care of it so it is no longer required to call this function. + */ +# define ENGINE_cleanup() while(0) continue +#endif + +/* + * These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only + * obtained a structural reference may be problematic! + */ +const char *ENGINE_get_id(const ENGINE *e); +const char *ENGINE_get_name(const ENGINE *e); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); +const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE + *e); +ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, + int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, + int len); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +int ENGINE_get_flags(const ENGINE *e); + +/* + * FUNCTIONAL functions. These functions deal with ENGINE structures that + * have (or will) be initialised for use. Broadly speaking, the structural + * functions are useful for iterating the list of available engine types, + * creating new engine types, and other "list" operations. These functions + * actually deal with ENGINEs that are to be used. As such these functions + * can fail (if applicable) when particular engines are unavailable - eg. if + * a hardware accelerator is not attached or not functioning correctly. Each + * ENGINE has 2 reference counts; structural and functional. Every time a + * functional reference is obtained or released, a corresponding structural + * reference is automatically obtained or released too. + */ + +/* + * Initialise a engine type for use (or up its reference count if it's + * already in use). This will fail if the engine is not currently operational + * and cannot initialise. + */ +int ENGINE_init(ENGINE *e); +/* + * Free a functional reference to a engine type. This does not require a + * corresponding call to ENGINE_free as it also releases a structural + * reference. + */ +int ENGINE_finish(ENGINE *e); + +/* + * The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. + */ +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **ppkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); + +/* + * This returns a pointer for the current ENGINE structure that is (by + * default) performing any RSA operations. The value returned is an + * incremented reference, so it should be free'd (ENGINE_finish) before it is + * discarded. + */ +ENGINE *ENGINE_get_default_RSA(void); +/* Same for the other "methods" */ +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_EC(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +/* + * These functions can be used to get a functional reference to perform + * ciphering or digesting corresponding to "nid". + */ +ENGINE *ENGINE_get_cipher_engine(int nid); +ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); + +/* + * This sets a new default ENGINE structure for performing RSA operations. If + * the result is non-zero (success) then the ENGINE structure will have had + * its reference count up'd so the caller should still free their own + * reference 'e'. + */ +int ENGINE_set_default_RSA(ENGINE *e); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); +/* Same for the other "methods" */ +int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_EC(ENGINE *e); +int ENGINE_set_default_DH(ENGINE *e); +int ENGINE_set_default_RAND(ENGINE *e); +int ENGINE_set_default_ciphers(ENGINE *e); +int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); + +/* + * The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. + */ +int ENGINE_set_default(ENGINE *e, unsigned int flags); + +void ENGINE_add_conf_module(void); + +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 +/* + * Binary versions older than this are too old for us (whether we're a loader + * or a loadee) + */ +# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 + +/* + * When compiling an ENGINE entirely as an external shared library, loadable + * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' + * structure type provides the calling application's (or library's) error + * functionality and memory management function pointers to the loaded + * library. These should be used/set in the loaded library code so that the + * loading application's 'state' will be used/changed in all operations. The + * 'static_state' pointer allows the loaded library to know if it shares the + * same static data as the calling application (or library), and thus whether + * these callbacks need to be set or not. + */ +typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); +typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); +typedef void (*dyn_MEM_free_fn) (void *, const char *, int); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_fn malloc_fn; + dyn_MEM_realloc_fn realloc_fn; + dyn_MEM_free_fn free_fn; +} dynamic_MEM_fns; +/* + * FIXME: Perhaps the memory and locking code (crypto.h) should declare and + * use these types so we (and any other dependent code) can simplify a bit?? + */ +/* The top-level structure */ +typedef struct st_dynamic_fns { + void *static_state; + dynamic_MEM_fns mem_fns; +} dynamic_fns; + +/* + * The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading + * code. If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's + * version is unsatisfactory and could veto the load. The function is + * expected to be implemented with the symbol name "v_check", and a default + * implementation can be fully instantiated with + * IMPLEMENT_DYNAMIC_CHECK_FN(). + */ +typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); +# define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* + * This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load + * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto + * the structure, and (c) the shared library will be unloaded. So + * implementations should do their own internal cleanup in failure + * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, + * represents the ENGINE id that the loader is looking for. If this is NULL, + * the shared library can choose to return failure or to initialise a + * 'default' ENGINE. If non-NULL, the shared library must initialise only an + * ENGINE matching the passed 'id'. The function is expected to be + * implemented with the symbol name "bind_engine". A standard implementation + * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter + * 'fn' is a callback function that populates the ENGINE structure and + * returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); + */ +typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + const dynamic_fns *fns); +# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ + skip_cbs: \ + if (!fn(e, id)) return 0; \ + return 1; } + +/* + * If the loading application (or library) and the loaded ENGINE library + * share the same static data (eg. they're both dynamically linked to the + * same libcrypto.so) we need a way to avoid trying to set system callbacks - + * this would fail, and for the same reason that it's unnecessary to try. If + * the loaded ENGINE has (or gets from through the loader) its own copy of + * the libcrypto static data, we will need to set the callbacks. The easiest + * way to detect this is to have a function that returns a pointer to some + * static data and let the loading application and loaded ENGINE compare + * their respective values. + */ +void *ENGINE_get_static_state(void); + +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) +DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/engineerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/engineerr.h new file mode 100644 index 00000000..05e84bd2 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/engineerr.h @@ -0,0 +1,111 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENGINEERR_H +# define HEADER_ENGINEERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_ENGINE + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ENGINE_strings(void); + +/* + * ENGINE function codes. + */ +# define ENGINE_F_DIGEST_UPDATE 198 +# define ENGINE_F_DYNAMIC_CTRL 180 +# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +# define ENGINE_F_DYNAMIC_LOAD 182 +# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 +# define ENGINE_F_ENGINE_ADD 105 +# define ENGINE_F_ENGINE_BY_ID 106 +# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 +# define ENGINE_F_ENGINE_CTRL 142 +# define ENGINE_F_ENGINE_CTRL_CMD 178 +# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 +# define ENGINE_F_ENGINE_FINISH 107 +# define ENGINE_F_ENGINE_GET_CIPHER 185 +# define ENGINE_F_ENGINE_GET_DIGEST 186 +# define ENGINE_F_ENGINE_GET_FIRST 195 +# define ENGINE_F_ENGINE_GET_LAST 196 +# define ENGINE_F_ENGINE_GET_NEXT 115 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +# define ENGINE_F_ENGINE_GET_PKEY_METH 192 +# define ENGINE_F_ENGINE_GET_PREV 116 +# define ENGINE_F_ENGINE_INIT 119 +# define ENGINE_F_ENGINE_LIST_ADD 120 +# define ENGINE_F_ENGINE_LIST_REMOVE 121 +# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 +# define ENGINE_F_ENGINE_NEW 122 +# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197 +# define ENGINE_F_ENGINE_REMOVE 123 +# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +# define ENGINE_F_ENGINE_SET_ID 129 +# define ENGINE_F_ENGINE_SET_NAME 130 +# define ENGINE_F_ENGINE_TABLE_REGISTER 184 +# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +# define ENGINE_F_ENGINE_UP_REF 190 +# define ENGINE_F_INT_CLEANUP_ITEM 199 +# define ENGINE_F_INT_CTRL_HELPER 172 +# define ENGINE_F_INT_ENGINE_CONFIGURE 188 +# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 +# define ENGINE_F_OSSL_HMAC_INIT 200 + +/* + * ENGINE reason codes. + */ +# define ENGINE_R_ALREADY_LOADED 100 +# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +# define ENGINE_R_CMD_NOT_EXECUTABLE 134 +# define ENGINE_R_COMMAND_TAKES_INPUT 135 +# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +# define ENGINE_R_CONFLICTING_ENGINE_ID 103 +# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +# define ENGINE_R_DSO_FAILURE 104 +# define ENGINE_R_DSO_NOT_FOUND 132 +# define ENGINE_R_ENGINES_SECTION_ERROR 148 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +# define ENGINE_R_ENGINE_SECTION_ERROR 149 +# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +# define ENGINE_R_FINISH_FAILED 106 +# define ENGINE_R_ID_OR_NAME_MISSING 108 +# define ENGINE_R_INIT_FAILED 109 +# define ENGINE_R_INTERNAL_LIST_ERROR 110 +# define ENGINE_R_INVALID_ARGUMENT 143 +# define ENGINE_R_INVALID_CMD_NAME 137 +# define ENGINE_R_INVALID_CMD_NUMBER 138 +# define ENGINE_R_INVALID_INIT_VALUE 151 +# define ENGINE_R_INVALID_STRING 150 +# define ENGINE_R_NOT_INITIALISED 117 +# define ENGINE_R_NOT_LOADED 112 +# define ENGINE_R_NO_CONTROL_FUNCTION 120 +# define ENGINE_R_NO_INDEX 144 +# define ENGINE_R_NO_LOAD_FUNCTION 125 +# define ENGINE_R_NO_REFERENCE 130 +# define ENGINE_R_NO_SUCH_ENGINE 116 +# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +# define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/err.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/err.h new file mode 100644 index 00000000..b49f8812 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/err.h @@ -0,0 +1,274 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ERR_H +# define HEADER_ERR_H + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# include +# endif + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_ERR +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) +# else +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) +# endif + +# include + +# define ERR_TXT_MALLOCED 0x01 +# define ERR_TXT_STRING 0x02 + +# define ERR_FLAG_MARK 0x01 +# define ERR_FLAG_CLEAR 0x02 + +# define ERR_NUM_ERRORS 16 +typedef struct err_state_st { + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + const char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + int top, bottom; +} ERR_STATE; + +/* library */ +# define ERR_LIB_NONE 1 +# define ERR_LIB_SYS 2 +# define ERR_LIB_BN 3 +# define ERR_LIB_RSA 4 +# define ERR_LIB_DH 5 +# define ERR_LIB_EVP 6 +# define ERR_LIB_BUF 7 +# define ERR_LIB_OBJ 8 +# define ERR_LIB_PEM 9 +# define ERR_LIB_DSA 10 +# define ERR_LIB_X509 11 +/* #define ERR_LIB_METH 12 */ +# define ERR_LIB_ASN1 13 +# define ERR_LIB_CONF 14 +# define ERR_LIB_CRYPTO 15 +# define ERR_LIB_EC 16 +# define ERR_LIB_SSL 20 +/* #define ERR_LIB_SSL23 21 */ +/* #define ERR_LIB_SSL2 22 */ +/* #define ERR_LIB_SSL3 23 */ +/* #define ERR_LIB_RSAREF 30 */ +/* #define ERR_LIB_PROXY 31 */ +# define ERR_LIB_BIO 32 +# define ERR_LIB_PKCS7 33 +# define ERR_LIB_X509V3 34 +# define ERR_LIB_PKCS12 35 +# define ERR_LIB_RAND 36 +# define ERR_LIB_DSO 37 +# define ERR_LIB_ENGINE 38 +# define ERR_LIB_OCSP 39 +# define ERR_LIB_UI 40 +# define ERR_LIB_COMP 41 +# define ERR_LIB_ECDSA 42 +# define ERR_LIB_ECDH 43 +# define ERR_LIB_OSSL_STORE 44 +# define ERR_LIB_FIPS 45 +# define ERR_LIB_CMS 46 +# define ERR_LIB_TS 47 +# define ERR_LIB_HMAC 48 +/* # define ERR_LIB_JPAKE 49 */ +# define ERR_LIB_CT 50 +# define ERR_LIB_ASYNC 51 +# define ERR_LIB_KDF 52 +# define ERR_LIB_SM2 53 + +# define ERR_LIB_USER 128 + +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + +# define ERR_PACK(l,f,r) ( \ + (((unsigned int)(l) & 0x0FF) << 24L) | \ + (((unsigned int)(f) & 0xFFF) << 12L) | \ + (((unsigned int)(r) & 0xFFF) ) ) +# define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL) +# define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL) +# define ERR_GET_REASON(l) (int)( (l) & 0xFFFL) +# define ERR_FATAL_ERROR(l) (int)( (l) & ERR_R_FATAL) + +/* OS functions */ +# define SYS_F_FOPEN 1 +# define SYS_F_CONNECT 2 +# define SYS_F_GETSERVBYNAME 3 +# define SYS_F_SOCKET 4 +# define SYS_F_IOCTLSOCKET 5 +# define SYS_F_BIND 6 +# define SYS_F_LISTEN 7 +# define SYS_F_ACCEPT 8 +# define SYS_F_WSASTARTUP 9/* Winsock stuff */ +# define SYS_F_OPENDIR 10 +# define SYS_F_FREAD 11 +# define SYS_F_GETADDRINFO 12 +# define SYS_F_GETNAMEINFO 13 +# define SYS_F_SETSOCKOPT 14 +# define SYS_F_GETSOCKOPT 15 +# define SYS_F_GETSOCKNAME 16 +# define SYS_F_GETHOSTBYNAME 17 +# define SYS_F_FFLUSH 18 +# define SYS_F_OPEN 19 +# define SYS_F_CLOSE 20 +# define SYS_F_IOCTL 21 +# define SYS_F_STAT 22 +# define SYS_F_FCNTL 23 +# define SYS_F_FSTAT 24 + +/* reasons */ +# define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ +# define ERR_R_BN_LIB ERR_LIB_BN/* 3 */ +# define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */ +# define ERR_R_DH_LIB ERR_LIB_DH/* 5 */ +# define ERR_R_EVP_LIB ERR_LIB_EVP/* 6 */ +# define ERR_R_BUF_LIB ERR_LIB_BUF/* 7 */ +# define ERR_R_OBJ_LIB ERR_LIB_OBJ/* 8 */ +# define ERR_R_PEM_LIB ERR_LIB_PEM/* 9 */ +# define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ +# define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ +# define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ +# define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ +# define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ +# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ +# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ +# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ +# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ +# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ +# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ + +# define ERR_R_NESTED_ASN1_ERROR 58 +# define ERR_R_MISSING_ASN1_EOS 63 + +/* fatal error */ +# define ERR_R_FATAL 64 +# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) +# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) +# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) +# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +# define ERR_R_DISABLED (5|ERR_R_FATAL) +# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) +# define ERR_R_PASSED_INVALID_ARGUMENT (7) +# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL) + +/* + * 99 is the maximum possible ERR_R_... code, higher values are reserved for + * the individual libraries + */ + +typedef struct ERR_string_data_st { + unsigned long error; + const char *string; +} ERR_STRING_DATA; + +DEFINE_LHASH_OF(ERR_STRING_DATA); + +void ERR_put_error(int lib, int func, int reason, const char *file, int line); +void ERR_set_error_data(char *data, int flags); + +unsigned long ERR_get_error(void); +unsigned long ERR_get_error_line(const char **file, int *line); +unsigned long ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_error_line(const char **file, int *line); +unsigned long ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_last_error(void); +unsigned long ERR_peek_last_error_line(const char **file, int *line); +unsigned long ERR_peek_last_error_line_data(const char **file, int *line, + const char **data, int *flags); +void ERR_clear_error(void); +char *ERR_error_string(unsigned long e, char *buf); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +const char *ERR_lib_error_string(unsigned long e); +const char *ERR_func_error_string(unsigned long e); +const char *ERR_reason_error_string(unsigned long e); +void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +void ERR_print_errors_fp(FILE *fp); +# endif +void ERR_print_errors(BIO *bp); +void ERR_add_error_data(int num, ...); +void ERR_add_error_vdata(int num, va_list args); +int ERR_load_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_strings_const(const ERR_STRING_DATA *str); +int ERR_unload_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_ERR_strings(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ERR_load_crypto_strings() \ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# define ERR_free_strings() while(0) continue +#endif + +DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *)) +DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) +ERR_STATE *ERR_get_state(void); + +int ERR_get_next_error_library(void); + +int ERR_set_mark(void); +int ERR_pop_to_mark(void); +int ERR_clear_last_mark(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/evp.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/evp.h new file mode 100644 index 00000000..deca16eb --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/evp.h @@ -0,0 +1,1667 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENVELOPE_H +# define HEADER_ENVELOPE_H + +# include +# include +# include +# include +# include + +# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ +# define EVP_MAX_KEY_LENGTH 64 +# define EVP_MAX_IV_LENGTH 16 +# define EVP_MAX_BLOCK_LENGTH 32 + +# define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +# define PKCS5_DEFAULT_ITER 2048 + +# include + +# define EVP_PK_RSA 0x0001 +# define EVP_PK_DSA 0x0002 +# define EVP_PK_DH 0x0004 +# define EVP_PK_EC 0x0008 +# define EVP_PKT_SIGN 0x0010 +# define EVP_PKT_ENC 0x0020 +# define EVP_PKT_EXCH 0x0040 +# define EVP_PKS_RSA 0x0100 +# define EVP_PKS_DSA 0x0200 +# define EVP_PKS_EC 0x0400 + +# define EVP_PKEY_NONE NID_undef +# define EVP_PKEY_RSA NID_rsaEncryption +# define EVP_PKEY_RSA2 NID_rsa +# define EVP_PKEY_RSA_PSS NID_rsassaPss +# define EVP_PKEY_DSA NID_dsa +# define EVP_PKEY_DSA1 NID_dsa_2 +# define EVP_PKEY_DSA2 NID_dsaWithSHA +# define EVP_PKEY_DSA3 NID_dsaWithSHA1 +# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +# define EVP_PKEY_DH NID_dhKeyAgreement +# define EVP_PKEY_DHX NID_dhpublicnumber +# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +# define EVP_PKEY_SM2 NID_sm2 +# define EVP_PKEY_HMAC NID_hmac +# define EVP_PKEY_CMAC NID_cmac +# define EVP_PKEY_SCRYPT NID_id_scrypt +# define EVP_PKEY_TLS1_PRF NID_tls1_prf +# define EVP_PKEY_HKDF NID_hkdf +# define EVP_PKEY_POLY1305 NID_poly1305 +# define EVP_PKEY_SIPHASH NID_siphash +# define EVP_PKEY_X25519 NID_X25519 +# define EVP_PKEY_ED25519 NID_ED25519 +# define EVP_PKEY_X448 NID_X448 +# define EVP_PKEY_ED448 NID_ED448 + +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_MO_SIGN 0x0001 +# define EVP_PKEY_MO_VERIFY 0x0002 +# define EVP_PKEY_MO_ENCRYPT 0x0004 +# define EVP_PKEY_MO_DECRYPT 0x0008 + +# ifndef EVP_MD +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +void EVP_MD_meth_free(EVP_MD *md); + +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)); +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)); +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)); +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)); + +int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +int EVP_MD_meth_get_result_size(const EVP_MD *md); +int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count); +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md); +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from); +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2); + +/* digest can only handle a single block */ +# define EVP_MD_FLAG_ONESHOT 0x0001 + +/* digest is extensible-output function, XOF */ +# define EVP_MD_FLAG_XOF 0x0002 + +/* DigestAlgorithmIdentifier flags... */ + +# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +/* Note if suitable for use in FIPS mode */ +# define EVP_MD_FLAG_FIPS 0x0400 + +/* Digest ctrls */ + +# define EVP_MD_CTRL_DIGALGID 0x1 +# define EVP_MD_CTRL_MICALG 0x2 +# define EVP_MD_CTRL_XOF_LEN 0x3 + +/* Minimum Algorithm specific ctrl value */ + +# define EVP_MD_CTRL_ALG_CTRL 0x1000 + +# endif /* !EVP_MD */ + +/* values for EVP_MD_CTX flags */ + +# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be + * called once only */ +# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been + * cleaned */ +# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data + * in EVP_MD_CTX_reset */ +/* + * FIPS and pad options are ignored in 1.0.0, definitions are here so we + * don't accidentally reuse the values for other purposes. + */ + +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS + * digest in FIPS mode */ + +/* + * The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ +# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ +# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ +# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ + +# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ +/* + * Some functions such as EVP_DigestSign only finalise copies of internal + * contexts so additional data can be included after the finalisation call. + * This is inefficient if this functionality is not required: it is disabled + * if the following flag is set. + */ +# define EVP_MD_CTX_FLAG_FINALISE 0x0200 +/* NOTE: 0x0400 is reserved for internal usage in evp_int.h */ + +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); + +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init) (EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)); +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)); +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup) (EVP_CIPHER_CTX *)); +int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl) (EVP_CIPHER_CTX *, int type, + int arg, void *ptr)); + +int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc); +int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl); +int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + int type, int arg, + void *ptr); + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +# define EVP_CIPH_STREAM_CIPHER 0x0 +# define EVP_CIPH_ECB_MODE 0x1 +# define EVP_CIPH_CBC_MODE 0x2 +# define EVP_CIPH_CFB_MODE 0x3 +# define EVP_CIPH_OFB_MODE 0x4 +# define EVP_CIPH_CTR_MODE 0x5 +# define EVP_CIPH_GCM_MODE 0x6 +# define EVP_CIPH_CCM_MODE 0x7 +# define EVP_CIPH_XTS_MODE 0x10001 +# define EVP_CIPH_WRAP_MODE 0x10002 +# define EVP_CIPH_OCB_MODE 0x10003 +# define EVP_CIPH_MODE 0xF0007 +/* Set if variable length cipher */ +# define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +# define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +# define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +# define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +# define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +# define EVP_CIPH_CUSTOM_COPY 0x400 +/* Don't use standard iv length function */ +# define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 +/* Allow use default ASN1 get/set iv */ +# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Buffer length in bits not bytes: CFB1 mode only */ +# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +# define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* + * Cipher handles any and all padding logic as well as finalisation. + */ +# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 +/* Cipher can handle pipeline operations */ +# define EVP_CIPH_FLAG_PIPELINE 0X800000 + +/* + * Cipher context flag to indicate we can handle wrap mode: if allowed in + * older applications it could overflow buffers. + */ + +# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 + +/* ctrl() values */ + +# define EVP_CTRL_INIT 0x0 +# define EVP_CTRL_SET_KEY_LENGTH 0x1 +# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +# define EVP_CTRL_GET_RC5_ROUNDS 0x4 +# define EVP_CTRL_SET_RC5_ROUNDS 0x5 +# define EVP_CTRL_RAND_KEY 0x6 +# define EVP_CTRL_PBE_PRF_NID 0x7 +# define EVP_CTRL_COPY 0x8 +# define EVP_CTRL_AEAD_SET_IVLEN 0x9 +# define EVP_CTRL_AEAD_GET_TAG 0x10 +# define EVP_CTRL_AEAD_SET_TAG 0x11 +# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_GCM_IV_GEN 0x13 +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_CCM_SET_L 0x14 +# define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* + * AEAD cipher deduces payload length and returns number of bytes required to + * store MAC and eventual padding. Subsequent call to EVP_Cipher even + * appends/verifies MAC. + */ +# define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +# define EVP_CTRL_GCM_SET_IV_INV 0x18 + +# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d + +/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ +# define EVP_CTRL_SET_SBOX 0x1e +/* + * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a + * pre-allocated buffer with specified size + */ +# define EVP_CTRL_SBOX_USED 0x1f +/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, + * 0 switches meshing off + */ +# define EVP_CTRL_KEY_MESH 0x20 +/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ +# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 + +/* Set the output buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 +/* Set the input buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 +/* Set the input buffer lengths to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 + +# define EVP_CTRL_GET_IVLEN 0x25 + +/* Padding modes */ +#define EVP_PADDING_PKCS7 1 +#define EVP_PADDING_ISO7816_4 2 +#define EVP_PADDING_ANSI923 3 +#define EVP_PADDING_ISO10126 4 +#define EVP_PADDING_ZERO 5 + +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + +typedef struct { + unsigned char *out; + const unsigned char *inp; + size_t len; + unsigned int interleave; +} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +# define EVP_GCM_TLS_TAG_LEN 16 + +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +# define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +# define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +# define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +# define EVP_CHACHAPOLY_TLS_TAG_LEN 16 + +typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; +} EVP_CIPHER_INFO; + + +struct evp_cipher_st { + int nid; + int block_size; + /* Default value for variable length ciphers */ + int key_len; + int iv_len; + /* Various flags */ + unsigned long flags; + /* init key */ + int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + /* encrypt/decrypt data */ + int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); + /* cleanup ctx */ + int (*cleanup) (EVP_CIPHER_CTX *); + /* how big ctx->cipher_data needs to be */ + int ctx_size; + /* Populate a ASN1_TYPE with parameters */ + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Get parameters from a ASN1_TYPE */ + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Miscellaneous operations */ + int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); + /* Application data */ + void *app_data; +} /* EVP_CIPHER */ ; + + +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +# ifndef OPENSSL_NO_RSA +# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) +# endif + +# ifndef OPENSSL_NO_DSA +# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) +# endif + +# ifndef OPENSSL_NO_DH +# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ + (char *)(dh)) +# endif + +# ifndef OPENSSL_NO_EC +# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +# endif +# ifndef OPENSSL_NO_SIPHASH +# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),EVP_PKEY_SIPHASH,\ + (char *)(shkey)) +# endif + +# ifndef OPENSSL_NO_POLY1305 +# define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),EVP_PKEY_POLY1305,\ + (char *)(polykey)) +# endif + +/* Add some extra combinations */ +# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +int EVP_MD_type(const EVP_MD *md); +# define EVP_MD_nid(e) EVP_MD_type(e) +# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)); +# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); +# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + +const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) +# endif +# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) + +# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80) +# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80) + +# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_SignInit(a,b) EVP_DigestInit(a,b) +# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +# define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) + +# ifdef CONST_STRICT +void BIO_set_md(BIO *, const EVP_MD *md); +# else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)(md)) +# endif +# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)(mdp)) +# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0, \ + (char *)(c_pp)) + +/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, unsigned int inl); + +# define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +# define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +EVP_MD_CTX *EVP_MD_CTX_new(void); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +# define EVP_MD_CTX_create() EVP_MD_CTX_new() +# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, + ENGINE *impl); +__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, + size_t cnt); +__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, + const EVP_MD *type, ENGINE *impl); + +__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, + size_t len); + +int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); +void EVP_set_pw_prompt(const char *prompt); +char *EVP_get_pw_prompt(void); + +__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, + const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); +/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc); +/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv, int enc); +__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + +__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen, const unsigned char *tbs, + size_t tbslen); + +__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + +__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + +/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen); + +__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); + +# ifndef OPENSSL_NO_RSA +__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, + const unsigned char *iv, EVP_PKEY *priv); +__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); +__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +# endif + +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); +int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) +# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) +# endif +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); + +const BIO_METHOD *BIO_f_md(void); +const BIO_METHOD *BIO_f_base64(void); +const BIO_METHOD *BIO_f_cipher(void); +const BIO_METHOD *BIO_f_reliable(void); +__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); + +const EVP_MD *EVP_md_null(void); +# ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +# endif +# ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +# endif +# ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5_sha1(void); +# endif +# ifndef OPENSSL_NO_BLAKE2 +const EVP_MD *EVP_blake2b512(void); +const EVP_MD *EVP_blake2s256(void); +# endif +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +const EVP_MD *EVP_sha512_224(void); +const EVP_MD *EVP_sha512_256(void); +const EVP_MD *EVP_sha3_224(void); +const EVP_MD *EVP_sha3_256(void); +const EVP_MD *EVP_sha3_384(void); +const EVP_MD *EVP_sha3_512(void); +const EVP_MD *EVP_shake128(void); +const EVP_MD *EVP_shake256(void); +# ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +# endif +# ifndef OPENSSL_NO_RMD160 +const EVP_MD *EVP_ripemd160(void); +# endif +# ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +# endif +# ifndef OPENSSL_NO_SM3 +const EVP_MD *EVP_sm3(void); +# endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +# ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ede3_wrap(void); +/* + * This should now be supported through the dev_crypto ENGINE. But also, why + * are rc4 and md5 declarations made here inside a "NO_DES" precompiler + * branch? + */ +# endif +# ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +# ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +# endif +# endif +# ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +# endif +# ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 +const EVP_CIPHER *EVP_rc2_ofb(void); +# endif +# ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 +const EVP_CIPHER *EVP_bf_ofb(void); +# endif +# ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 +const EVP_CIPHER *EVP_cast5_ofb(void); +# endif +# ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +# endif +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 +const EVP_CIPHER *EVP_aes_128_ofb(void); +const EVP_CIPHER *EVP_aes_128_ctr(void); +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_128_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 +const EVP_CIPHER *EVP_aes_192_ofb(void); +const EVP_CIPHER *EVP_aes_192_ctr(void); +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_192_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_192_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 +const EVP_CIPHER *EVP_aes_256_ofb(void); +const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +const EVP_CIPHER *EVP_aes_256_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_256_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# ifndef OPENSSL_NO_ARIA +const EVP_CIPHER *EVP_aria_128_ecb(void); +const EVP_CIPHER *EVP_aria_128_cbc(void); +const EVP_CIPHER *EVP_aria_128_cfb1(void); +const EVP_CIPHER *EVP_aria_128_cfb8(void); +const EVP_CIPHER *EVP_aria_128_cfb128(void); +# define EVP_aria_128_cfb EVP_aria_128_cfb128 +const EVP_CIPHER *EVP_aria_128_ctr(void); +const EVP_CIPHER *EVP_aria_128_ofb(void); +const EVP_CIPHER *EVP_aria_128_gcm(void); +const EVP_CIPHER *EVP_aria_128_ccm(void); +const EVP_CIPHER *EVP_aria_192_ecb(void); +const EVP_CIPHER *EVP_aria_192_cbc(void); +const EVP_CIPHER *EVP_aria_192_cfb1(void); +const EVP_CIPHER *EVP_aria_192_cfb8(void); +const EVP_CIPHER *EVP_aria_192_cfb128(void); +# define EVP_aria_192_cfb EVP_aria_192_cfb128 +const EVP_CIPHER *EVP_aria_192_ctr(void); +const EVP_CIPHER *EVP_aria_192_ofb(void); +const EVP_CIPHER *EVP_aria_192_gcm(void); +const EVP_CIPHER *EVP_aria_192_ccm(void); +const EVP_CIPHER *EVP_aria_256_ecb(void); +const EVP_CIPHER *EVP_aria_256_cbc(void); +const EVP_CIPHER *EVP_aria_256_cfb1(void); +const EVP_CIPHER *EVP_aria_256_cfb8(void); +const EVP_CIPHER *EVP_aria_256_cfb128(void); +# define EVP_aria_256_cfb EVP_aria_256_cfb128 +const EVP_CIPHER *EVP_aria_256_ctr(void); +const EVP_CIPHER *EVP_aria_256_ofb(void); +const EVP_CIPHER *EVP_aria_256_gcm(void); +const EVP_CIPHER *EVP_aria_256_ccm(void); +# endif +# ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_128_ctr(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ctr(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ctr(void); +# endif +# ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +# ifndef OPENSSL_NO_POLY1305 +const EVP_CIPHER *EVP_chacha20_poly1305(void); +# endif +# endif + +# ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +# endif + +# ifndef OPENSSL_NO_SM4 +const EVP_CIPHER *EVP_sm4_ecb(void); +const EVP_CIPHER *EVP_sm4_cbc(void); +const EVP_CIPHER *EVP_sm4_cfb128(void); +# define EVP_sm4_cfb EVP_sm4_cfb128 +const EVP_CIPHER *EVP_sm4_ofb(void); +const EVP_CIPHER *EVP_sm4_ctr(void); +# endif + +# if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_add_all_algorithms_conf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OPENSSL_add_all_algorithms_noconf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# ifdef OPENSSL_LOAD_CONF +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() +# else +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() +# endif + +# define OpenSSL_add_all_ciphers() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) +# define OpenSSL_add_all_digests() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# define EVP_cleanup() while(0) continue +# endif + +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); + +void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn) + (const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); + +void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_MD_do_all_sorted(void (*fn) + (const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); + +int EVP_PKEY_decrypt_old(unsigned char *dec_key, + const unsigned char *enc_key, int enc_key_len, + EVP_PKEY *private_key); +int EVP_PKEY_encrypt_old(unsigned char *enc_key, + const unsigned char *key, int key_len, + EVP_PKEY *pub_key); +int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); +int EVP_PKEY_bits(const EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +int EVP_PKEY_size(const EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +# ifndef OPENSSL_NO_ENGINE +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +# endif +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +void *EVP_PKEY_get0(const EVP_PKEY *pkey); +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +# ifndef OPENSSL_NO_POLY1305 +const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +# endif +# ifndef OPENSSL_NO_SIPHASH +const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +# endif + +# ifndef OPENSSL_NO_RSA +struct rsa_st; +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DSA +struct dsa_st; +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DH +struct dh_st; +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +# endif + +EVP_PKEY *EVP_PKEY_new(void); +int EVP_PKEY_up_ref(EVP_PKEY *pkey); +void EVP_PKEY_free(EVP_PKEY *pkey); + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + +int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const unsigned char *pt, size_t ptlen); +size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); + +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + +/* calls methods */ +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* These are used by EVP_CIPHER methods */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); + +#ifndef OPENSSL_NO_SCRYPT +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen); + +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de); +#endif + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +# define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +# define EVP_PBE_TYPE_PRF 0x1 +/* Is a PKCS#5 v2.0 KDF */ +# define EVP_PBE_TYPE_KDF 0x2 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); +void EVP_PBE_cleanup(void); +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); + +# define ASN1_PKEY_ALIAS 0x1 +# define ASN1_PKEY_DYNAMIC 0x2 +# define ASN1_PKEY_SIGPARAM_NULL 0x4 + +# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 +# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode) (EVP_PKEY *pk, + X509_PUBKEY *pub), + int (*pub_encode) (X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size) (const EVP_PKEY *pk), + int (*pkey_bits) (const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode) (const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing) (const EVP_PKEY *pk), + int (*param_copy) (EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free) (EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, + long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + +void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, + int (*siginf_set) (X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)); + +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_pub_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_priv_key) (EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)); +void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_pub_key) (EVP_PKEY *pk, + const unsigned char *pub, + size_t len)); +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); + +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits) (const EVP_PKEY + *pk)); + +# define EVP_PKEY_OP_UNDEFINED 0 +# define EVP_PKEY_OP_PARAMGEN (1<<1) +# define EVP_PKEY_OP_KEYGEN (1<<2) +# define EVP_PKEY_OP_SIGN (1<<3) +# define EVP_PKEY_OP_VERIFY (1<<4) +# define EVP_PKEY_OP_VERIFYRECOVER (1<<5) +# define EVP_PKEY_OP_SIGNCTX (1<<6) +# define EVP_PKEY_OP_VERIFYCTX (1<<7) +# define EVP_PKEY_OP_ENCRYPT (1<<8) +# define EVP_PKEY_OP_DECRYPT (1<<9) +# define EVP_PKEY_OP_DERIVE (1<<10) + +# define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +# define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +# define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) + +# define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +# define EVP_PKEY_CTX_set_signature_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key)) + +# define EVP_PKEY_CTRL_MD 1 +# define EVP_PKEY_CTRL_PEER_KEY 2 + +# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +# define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +# define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +# define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +# define EVP_PKEY_CTRL_SET_IV 8 + +# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +# define EVP_PKEY_CTRL_CMS_DECRYPT 10 +# define EVP_PKEY_CTRL_CMS_SIGN 11 + +# define EVP_PKEY_CTRL_CIPHER 12 + +# define EVP_PKEY_CTRL_GET_MD 13 + +# define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 + +# define EVP_PKEY_ALG_CTRL 0x1000 + +# define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* + * Method handles all operations: don't assume any digest related defaults. + */ +# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +size_t EVP_PKEY_meth_get_count(void); +const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); +int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value); + +int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); +int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); + +int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + const unsigned char *key, int keylen); +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, + int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); +void EVP_add_alg_module(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/evperr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/evperr.h new file mode 100644 index 00000000..6a651f55 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/evperr.h @@ -0,0 +1,204 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EVPERR_H +# define HEADER_EVPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EVP_strings(void); + +/* + * EVP function codes. + */ +# define EVP_F_AESNI_INIT_KEY 165 +# define EVP_F_AESNI_XTS_INIT_KEY 207 +# define EVP_F_AES_GCM_CTRL 196 +# define EVP_F_AES_INIT_KEY 133 +# define EVP_F_AES_OCB_CIPHER 169 +# define EVP_F_AES_T4_INIT_KEY 178 +# define EVP_F_AES_T4_XTS_INIT_KEY 208 +# define EVP_F_AES_WRAP_CIPHER 170 +# define EVP_F_AES_XTS_INIT_KEY 209 +# define EVP_F_ALG_MODULE_INIT 177 +# define EVP_F_ARIA_CCM_INIT_KEY 175 +# define EVP_F_ARIA_GCM_CTRL 197 +# define EVP_F_ARIA_GCM_INIT_KEY 176 +# define EVP_F_ARIA_INIT_KEY 185 +# define EVP_F_B64_NEW 198 +# define EVP_F_CAMELLIA_INIT_KEY 159 +# define EVP_F_CHACHA20_POLY1305_CTRL 182 +# define EVP_F_CMLL_T4_INIT_KEY 179 +# define EVP_F_DES_EDE3_WRAP_CIPHER 171 +# define EVP_F_DO_SIGVER_INIT 161 +# define EVP_F_ENC_NEW 199 +# define EVP_F_EVP_CIPHERINIT_EX 123 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 204 +# define EVP_F_EVP_CIPHER_CTX_COPY 163 +# define EVP_F_EVP_CIPHER_CTX_CTRL 124 +# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 205 +# define EVP_F_EVP_DECRYPTFINAL_EX 101 +# define EVP_F_EVP_DECRYPTUPDATE 166 +# define EVP_F_EVP_DIGESTFINALXOF 174 +# define EVP_F_EVP_DIGESTINIT_EX 128 +# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 +# define EVP_F_EVP_ENCRYPTFINAL_EX 127 +# define EVP_F_EVP_ENCRYPTUPDATE 167 +# define EVP_F_EVP_MD_CTX_COPY_EX 110 +# define EVP_F_EVP_MD_SIZE 162 +# define EVP_F_EVP_OPENINIT 102 +# define EVP_F_EVP_PBE_ALG_ADD 115 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 +# define EVP_F_EVP_PBE_CIPHERINIT 116 +# define EVP_F_EVP_PBE_SCRYPT 181 +# define EVP_F_EVP_PKCS82PKEY 111 +# define EVP_F_EVP_PKEY2PKCS8 113 +# define EVP_F_EVP_PKEY_ASN1_ADD0 188 +# define EVP_F_EVP_PKEY_CHECK 186 +# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +# define EVP_F_EVP_PKEY_CTX_CTRL 137 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +# define EVP_F_EVP_PKEY_CTX_DUP 156 +# define EVP_F_EVP_PKEY_CTX_MD 168 +# define EVP_F_EVP_PKEY_DECRYPT 104 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +# define EVP_F_EVP_PKEY_DERIVE 153 +# define EVP_F_EVP_PKEY_DERIVE_INIT 154 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 +# define EVP_F_EVP_PKEY_ENCRYPT 105 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 +# define EVP_F_EVP_PKEY_GET0_DH 119 +# define EVP_F_EVP_PKEY_GET0_DSA 120 +# define EVP_F_EVP_PKEY_GET0_EC_KEY 131 +# define EVP_F_EVP_PKEY_GET0_HMAC 183 +# define EVP_F_EVP_PKEY_GET0_POLY1305 184 +# define EVP_F_EVP_PKEY_GET0_RSA 121 +# define EVP_F_EVP_PKEY_GET0_SIPHASH 172 +# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 202 +# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 203 +# define EVP_F_EVP_PKEY_KEYGEN 146 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +# define EVP_F_EVP_PKEY_METH_ADD0 194 +# define EVP_F_EVP_PKEY_METH_NEW 195 +# define EVP_F_EVP_PKEY_NEW 106 +# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193 +# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191 +# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 192 +# define EVP_F_EVP_PKEY_PARAMGEN 148 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +# define EVP_F_EVP_PKEY_PARAM_CHECK 189 +# define EVP_F_EVP_PKEY_PUBLIC_CHECK 190 +# define EVP_F_EVP_PKEY_SET1_ENGINE 187 +# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 206 +# define EVP_F_EVP_PKEY_SIGN 140 +# define EVP_F_EVP_PKEY_SIGN_INIT 141 +# define EVP_F_EVP_PKEY_VERIFY 142 +# define EVP_F_EVP_PKEY_VERIFY_INIT 143 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 +# define EVP_F_EVP_SIGNFINAL 107 +# define EVP_F_EVP_VERIFYFINAL 108 +# define EVP_F_INT_CTX_NEW 157 +# define EVP_F_OK_NEW 200 +# define EVP_F_PKCS5_PBE_KEYIVGEN 117 +# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 +# define EVP_F_PKEY_SET_TYPE 158 +# define EVP_F_RC2_MAGIC_TO_METH 109 +# define EVP_F_RC5_CTRL 125 +# define EVP_F_R_32_12_16_INIT_KEY 242 +# define EVP_F_S390X_AES_GCM_CTRL 201 +# define EVP_F_UPDATE 173 + +/* + * EVP reason codes. + */ +# define EVP_R_AES_KEY_SETUP_FAILED 143 +# define EVP_R_ARIA_KEY_SETUP_FAILED 176 +# define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 195 +# define EVP_R_BUFFER_TOO_SMALL 155 +# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CIPHER_PARAMETER_ERROR 122 +# define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_COPY_ERROR 173 +# define EVP_R_CTRL_NOT_IMPLEMENTED 132 +# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +# define EVP_R_DECODE_ERROR 114 +# define EVP_R_DIFFERENT_KEY_TYPES 101 +# define EVP_R_DIFFERENT_PARAMETERS 153 +# define EVP_R_ERROR_LOADING_SECTION 165 +# define EVP_R_ERROR_SETTING_FIPS_MODE 166 +# define EVP_R_EXPECTING_AN_HMAC_KEY 174 +# define EVP_R_EXPECTING_AN_RSA_KEY 127 +# define EVP_R_EXPECTING_A_DH_KEY 128 +# define EVP_R_EXPECTING_A_DSA_KEY 129 +# define EVP_R_EXPECTING_A_EC_KEY 142 +# define EVP_R_EXPECTING_A_POLY1305_KEY 164 +# define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_GET_RAW_KEY_FAILED 182 +# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 +# define EVP_R_INITIALIZATION_ERROR 134 +# define EVP_R_INPUT_NOT_INITIALIZED 111 +# define EVP_R_INVALID_DIGEST 152 +# define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_KEY 163 +# define EVP_R_INVALID_KEY_LENGTH 130 +# define EVP_R_INVALID_OPERATION 148 +# define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_KEY_SETUP_FAILED 180 +# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 +# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +# define EVP_R_METHOD_NOT_SUPPORTED 144 +# define EVP_R_MISSING_PARAMETERS 103 +# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 +# define EVP_R_NO_CIPHER_SET 131 +# define EVP_R_NO_DEFAULT_DIGEST 158 +# define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_KEY_SET 154 +# define EVP_R_NO_OPERATION_SET 149 +# define EVP_R_ONLY_ONESHOT_SUPPORTED 177 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 181 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 +# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +# define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_UNKNOWN_CIPHER 160 +# define EVP_R_UNKNOWN_DIGEST 161 +# define EVP_R_UNKNOWN_OPTION 169 +# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNSUPPORTED_ALGORITHM 156 +# define EVP_R_UNSUPPORTED_CIPHER 107 +# define EVP_R_UNSUPPORTED_KEYLENGTH 123 +# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +# define EVP_R_UNSUPPORTED_KEY_SIZE 108 +# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 +# define EVP_R_UNSUPPORTED_PRF 125 +# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +# define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +# define EVP_R_XTS_DUPLICATED_KEYS 183 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/hmac.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/hmac.h new file mode 100644 index 00000000..458efc1d --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/hmac.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_HMAC_H +# define HEADER_HMAC_H + +# include + +# include + +# if OPENSSL_API_COMPAT < 0x10200000L +# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +size_t HMAC_size(const HMAC_CTX *e); +HMAC_CTX *HMAC_CTX_new(void); +int HMAC_CTX_reset(HMAC_CTX *ctx); +void HMAC_CTX_free(HMAC_CTX *ctx); + +DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md)) + +/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl); +/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, + size_t len); +/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, + unsigned int *len); +unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len); +__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); + +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/idea.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/idea.h new file mode 100644 index 00000000..4334f3ea --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/idea.h @@ -0,0 +1,64 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_IDEA_H +# define HEADER_IDEA_H + +# include + +# ifndef OPENSSL_NO_IDEA +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned int IDEA_INT; + +# define IDEA_ENCRYPT 1 +# define IDEA_DECRYPT 0 + +# define IDEA_BLOCK 8 +# define IDEA_KEY_LENGTH 16 + +typedef struct idea_key_st { + IDEA_INT data[9][6]; +} IDEA_KEY_SCHEDULE; + +const char *IDEA_options(void); +void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int enc); +void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num, int enc); +void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num); +void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define idea_options IDEA_options +# define idea_ecb_encrypt IDEA_ecb_encrypt +# define idea_set_encrypt_key IDEA_set_encrypt_key +# define idea_set_decrypt_key IDEA_set_decrypt_key +# define idea_cbc_encrypt IDEA_cbc_encrypt +# define idea_cfb64_encrypt IDEA_cfb64_encrypt +# define idea_ofb64_encrypt IDEA_ofb64_encrypt +# define idea_encrypt IDEA_encrypt +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/kdf.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/kdf.h new file mode 100644 index 00000000..5abd4c37 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/kdf.h @@ -0,0 +1,97 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_KDF_H +# define HEADER_KDF_H + +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_PASS (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_SCRYPT_SALT (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_SCRYPT_N (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SCRYPT_R (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 + +# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec)) + +# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed)) + +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)) + +# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL) + +# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_PASS, passlen, (void *)(pass)) + +# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_N, n) + +# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_R, r) + +# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_P, p) + +# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/kdferr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/kdferr.h new file mode 100644 index 00000000..3f51bd02 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/kdferr.h @@ -0,0 +1,55 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_KDFERR_H +# define HEADER_KDFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_KDF_strings(void); + +/* + * KDF function codes. + */ +# define KDF_F_PKEY_HKDF_CTRL_STR 103 +# define KDF_F_PKEY_HKDF_DERIVE 102 +# define KDF_F_PKEY_HKDF_INIT 108 +# define KDF_F_PKEY_SCRYPT_CTRL_STR 104 +# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 105 +# define KDF_F_PKEY_SCRYPT_DERIVE 109 +# define KDF_F_PKEY_SCRYPT_INIT 106 +# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 107 +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 +# define KDF_F_PKEY_TLS1_PRF_INIT 110 +# define KDF_F_TLS1_PRF_ALG 111 + +/* + * KDF reason codes. + */ +# define KDF_R_INVALID_DIGEST 100 +# define KDF_R_MISSING_ITERATION_COUNT 109 +# define KDF_R_MISSING_KEY 104 +# define KDF_R_MISSING_MESSAGE_DIGEST 105 +# define KDF_R_MISSING_PARAMETER 101 +# define KDF_R_MISSING_PASS 110 +# define KDF_R_MISSING_SALT 111 +# define KDF_R_MISSING_SECRET 107 +# define KDF_R_MISSING_SEED 106 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 +# define KDF_R_VALUE_ERROR 108 +# define KDF_R_VALUE_MISSING 102 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/lhash.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/lhash.h new file mode 100644 index 00000000..47b99d17 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/lhash.h @@ -0,0 +1,242 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Header for dynamic hash table routines Author - Eric Young + */ + +#ifndef HEADER_LHASH_H +# define HEADER_LHASH_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct lhash_node_st OPENSSL_LH_NODE; +typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); +typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); +typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); +typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +typedef struct lhash_st OPENSSL_LHASH; + +/* + * Macros for declaring and implementing type-safe wrappers for LHASH + * callbacks. This way, callbacks can be provided to LHASH structures without + * function pointer casting and the macro-defined callbacks provide + * per-variable casting before deferring to the underlying type-specific + * callbacks. NB: It is possible to place a "static" in front of both the + * DECLARE and IMPLEMENT macros if the functions are strictly internal. + */ + +/* First: "hash" functions */ +# define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +# define LHASH_HASH_FN(name) name##_LHASH_HASH + +/* Second: "compare" functions */ +# define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +# define LHASH_COMP_FN(name) name##_LHASH_COMP + +/* Fourth: "doall_arg" functions */ +# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + + +# define LH_LOAD_MULT 256 + +int OPENSSL_LH_error(OPENSSL_LHASH *lh); +OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); +void OPENSSL_LH_free(OPENSSL_LHASH *lh); +void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); +void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); +void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); +void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); +void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); +unsigned long OPENSSL_LH_strhash(const char *c); +unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh); +unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); +void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); + +# ifndef OPENSSL_NO_STDIO +void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); +# endif +void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define _LHASH OPENSSL_LHASH +# define LHASH_NODE OPENSSL_LH_NODE +# define lh_error OPENSSL_LH_error +# define lh_new OPENSSL_LH_new +# define lh_free OPENSSL_LH_free +# define lh_insert OPENSSL_LH_insert +# define lh_delete OPENSSL_LH_delete +# define lh_retrieve OPENSSL_LH_retrieve +# define lh_doall OPENSSL_LH_doall +# define lh_doall_arg OPENSSL_LH_doall_arg +# define lh_strhash OPENSSL_LH_strhash +# define lh_num_items OPENSSL_LH_num_items +# ifndef OPENSSL_NO_STDIO +# define lh_stats OPENSSL_LH_stats +# define lh_node_stats OPENSSL_LH_node_stats +# define lh_node_usage_stats OPENSSL_LH_node_usage_stats +# endif +# define lh_stats_bio OPENSSL_LH_stats_bio +# define lh_node_stats_bio OPENSSL_LH_node_stats_bio +# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio +# endif + +/* Type checking... */ + +# define LHASH_OF(type) struct lhash_st_##type + +# define DEFINE_LHASH_OF(type) \ + LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ + static ossl_inline LHASH_OF(type) * \ + lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *) \ + OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ + } \ + static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + { \ + return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + { \ + OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ + } \ + static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ + void (*doall)(type *)) \ + { \ + OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ + } \ + LHASH_OF(type) + +#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ + int_implement_lhash_doall(type, argtype, const type) + +#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ + int_implement_lhash_doall(type, argtype, type) + +#define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ + void (*fn)(cbargtype *, argtype *), \ + argtype *arg) \ + { \ + OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ + } \ + LHASH_OF(type) + +DEFINE_LHASH_OF(OPENSSL_STRING); +# ifdef _MSC_VER +/* + * push and pop this warning: + * warning C4090: 'function': different 'const' qualifiers + */ +# pragma warning (push) +# pragma warning (disable: 4090) +# endif + +DEFINE_LHASH_OF(OPENSSL_CSTRING); + +# ifdef _MSC_VER +# pragma warning (pop) +# endif + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_LH_new +# pragma weak OPENSSL_LH_free +# pragma weak OPENSSL_LH_insert +# pragma weak OPENSSL_LH_delete +# pragma weak OPENSSL_LH_retrieve +# pragma weak OPENSSL_LH_error +# pragma weak OPENSSL_LH_num_items +# pragma weak OPENSSL_LH_node_stats_bio +# pragma weak OPENSSL_LH_node_usage_stats_bio +# pragma weak OPENSSL_LH_stats_bio +# pragma weak OPENSSL_LH_get_down_load +# pragma weak OPENSSL_LH_set_down_load +# pragma weak OPENSSL_LH_doall +# pragma weak OPENSSL_LH_doall_arg +# endif /* __SUNPRO_C */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/md2.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/md2.h new file mode 100644 index 00000000..7faf8e3d --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/md2.h @@ -0,0 +1,44 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD2_H +# define HEADER_MD2_H + +# include + +# ifndef OPENSSL_NO_MD2 +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned char MD2_INT; + +# define MD2_DIGEST_LENGTH 16 +# define MD2_BLOCK 16 + +typedef struct MD2state_st { + unsigned int num; + unsigned char data[MD2_BLOCK]; + MD2_INT cksm[MD2_BLOCK]; + MD2_INT state[MD2_BLOCK]; +} MD2_CTX; + +const char *MD2_options(void); +int MD2_Init(MD2_CTX *c); +int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); +int MD2_Final(unsigned char *md, MD2_CTX *c); +unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/md4.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/md4.h new file mode 100644 index 00000000..940e29db --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/md4.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD4_H +# define HEADER_MD4_H + +# include + +# ifndef OPENSSL_NO_MD4 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD4_LONG unsigned int + +# define MD4_CBLOCK 64 +# define MD4_LBLOCK (MD4_CBLOCK/4) +# define MD4_DIGEST_LENGTH 16 + +typedef struct MD4state_st { + MD4_LONG A, B, C, D; + MD4_LONG Nl, Nh; + MD4_LONG data[MD4_LBLOCK]; + unsigned int num; +} MD4_CTX; + +int MD4_Init(MD4_CTX *c); +int MD4_Update(MD4_CTX *c, const void *data, size_t len); +int MD4_Final(unsigned char *md, MD4_CTX *c); +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); +void MD4_Transform(MD4_CTX *c, const unsigned char *b); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/md5.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/md5.h new file mode 100644 index 00000000..2deb7721 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/md5.h @@ -0,0 +1,50 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD5_H +# define HEADER_MD5_H + +# include + +# ifndef OPENSSL_NO_MD5 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD5_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD5_LONG unsigned int + +# define MD5_CBLOCK 64 +# define MD5_LBLOCK (MD5_CBLOCK/4) +# define MD5_DIGEST_LENGTH 16 + +typedef struct MD5state_st { + MD5_LONG A, B, C, D; + MD5_LONG Nl, Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; +} MD5_CTX; + +int MD5_Init(MD5_CTX *c); +int MD5_Update(MD5_CTX *c, const void *data, size_t len); +int MD5_Final(unsigned char *md, MD5_CTX *c); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); +void MD5_Transform(MD5_CTX *c, const unsigned char *b); +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/mdc2.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/mdc2.h new file mode 100644 index 00000000..aabd2bfa --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/mdc2.h @@ -0,0 +1,42 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MDC2_H +# define HEADER_MDC2_H + +# include + +#ifndef OPENSSL_NO_MDC2 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MDC2_BLOCK 8 +# define MDC2_DIGEST_LENGTH 16 + +typedef struct mdc2_ctx_st { + unsigned int num; + unsigned char data[MDC2_BLOCK]; + DES_cblock h, hh; + int pad_type; /* either 1 or 2, default 1 */ +} MDC2_CTX; + +int MDC2_Init(MDC2_CTX *c); +int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); +int MDC2_Final(unsigned char *md, MDC2_CTX *c); +unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/modes.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/modes.h new file mode 100644 index 00000000..d544f98d --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/modes.h @@ -0,0 +1,208 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MODES_H +# define HEADER_MODES_H + +# include + +# ifdef __cplusplus +extern "C" { +# endif +typedef void (*block128_f) (const unsigned char in[16], + unsigned char out[16], const void *key); + +typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key, + block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, + size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, + size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + +size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); +size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); +size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); + +# ifndef OPENSSL_NO_OCB +typedef struct ocb128_context OCB128_CONTEXT; + +typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); + +OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, + void *keyenc, void *keydec); +int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, + size_t len, size_t taglen); +int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); +# endif /* OPENSSL_NO_OCB */ + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/obj_mac.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/obj_mac.h new file mode 100644 index 00000000..47dafe48 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/obj_mac.h @@ -0,0 +1,5198 @@ +/* + * WARNING: do not edit! + * Generated by crypto/objects/objects.pl + * + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define NID_ccitt 404 +#define OBJ_ccitt OBJ_itu_t + +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body OBJ_iso,2L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +#define SN_x509ExtAdmission "x509ExtAdmission" +#define LN_x509ExtAdmission "Professional Information or basis for Admission" +#define NID_x509ExtAdmission 1093 +#define OBJ_x509ExtAdmission OBJ_identified_organization,36L,8L,3L,3L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_ieee "ieee" +#define NID_ieee 1170 +#define OBJ_ieee OBJ_identified_organization,111L + +#define SN_ieee_siswg "ieee-siswg" +#define LN_ieee_siswg "IEEE Security in Storage Working Group" +#define NID_ieee_siswg 1171 +#define OBJ_ieee_siswg OBJ_ieee,2L,1619L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,1L + +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US OBJ_member_body,840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 OBJ_ISO_US,10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm OBJ_X9_57,4L + +#define SN_ISO_CN "ISO-CN" +#define LN_ISO_CN "ISO CN Member Body" +#define NID_ISO_CN 1140 +#define OBJ_ISO_CN OBJ_member_body,156L + +#define SN_oscca "oscca" +#define NID_oscca 1141 +#define OBJ_oscca OBJ_ISO_CN,10197L + +#define SN_sm_scheme "sm-scheme" +#define NID_sm_scheme 1142 +#define OBJ_sm_scheme OBJ_oscca,1L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa OBJ_X9cm,1L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 OBJ_X9cm,3L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L + +#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi OBJ_ISO_US,113549L + +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 OBJ_pkcs,1L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs1,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L + +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 935 +#define OBJ_pSpecified OBJ_pkcs1,9L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + +#define SN_sha512_224WithRSAEncryption "RSA-SHA512/224" +#define LN_sha512_224WithRSAEncryption "sha512-224WithRSAEncryption" +#define NID_sha512_224WithRSAEncryption 1145 +#define OBJ_sha512_224WithRSAEncryption OBJ_pkcs1,15L + +#define SN_sha512_256WithRSAEncryption "RSA-SHA512/256" +#define LN_sha512_256WithRSAEncryption "sha512-256WithRSAEncryption" +#define NID_sha512_256WithRSAEncryption 1146 +#define OBJ_sha512_256WithRSAEncryption OBJ_pkcs1,16L + +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 OBJ_pkcs,5L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L + +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L + +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs5,12L + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs5,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs5,14L + +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_SMIME "SMIME" +#define LN_SMIME "S/MIME" +#define NID_SMIME 188 +#define OBJ_SMIME OBJ_pkcs9,16L + +#define SN_id_smime_mod "id-smime-mod" +#define NID_id_smime_mod 189 +#define OBJ_id_smime_mod OBJ_SMIME,0L + +#define SN_id_smime_ct "id-smime-ct" +#define NID_id_smime_ct 190 +#define OBJ_id_smime_ct OBJ_SMIME,1L + +#define SN_id_smime_aa "id-smime-aa" +#define NID_id_smime_aa 191 +#define OBJ_id_smime_aa OBJ_SMIME,2L + +#define SN_id_smime_alg "id-smime-alg" +#define NID_id_smime_alg 192 +#define OBJ_id_smime_alg OBJ_SMIME,3L + +#define SN_id_smime_cd "id-smime-cd" +#define NID_id_smime_cd 193 +#define OBJ_id_smime_cd OBJ_SMIME,4L + +#define SN_id_smime_spq "id-smime-spq" +#define NID_id_smime_spq 194 +#define OBJ_id_smime_spq OBJ_SMIME,5L + +#define SN_id_smime_cti "id-smime-cti" +#define NID_id_smime_cti 195 +#define OBJ_id_smime_cti OBJ_SMIME,6L + +#define SN_id_smime_mod_cms "id-smime-mod-cms" +#define NID_id_smime_mod_cms 196 +#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +#define SN_id_smime_mod_ess "id-smime-mod-ess" +#define NID_id_smime_mod_ess 197 +#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +#define SN_id_smime_mod_oid "id-smime-mod-oid" +#define NID_id_smime_mod_oid 198 +#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +#define NID_id_smime_mod_msg_v3 199 +#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +#define NID_id_smime_mod_ets_eSignature_88 200 +#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +#define NID_id_smime_mod_ets_eSignature_97 201 +#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +#define NID_id_smime_mod_ets_eSigPolicy_88 202 +#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +#define NID_id_smime_mod_ets_eSigPolicy_97 203 +#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +#define NID_id_smime_ct_receipt 204 +#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +#define SN_id_smime_ct_authData "id-smime-ct-authData" +#define NID_id_smime_ct_authData 205 +#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +#define NID_id_smime_ct_publishCert 206 +#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +#define NID_id_smime_ct_TSTInfo 207 +#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +#define NID_id_smime_ct_TDTInfo 208 +#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +#define NID_id_smime_ct_contentInfo 209 +#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +#define NID_id_smime_ct_DVCSRequestData 210 +#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +#define NID_id_smime_ct_DVCSResponseData 211 +#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection" +#define NID_id_smime_ct_contentCollection 1058 +#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L + +#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData" +#define NID_id_smime_ct_authEnvelopedData 1059 +#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +#define SN_id_ct_xml "id-ct-xml" +#define NID_id_ct_xml 1060 +#define OBJ_id_ct_xml OBJ_id_smime_ct,28L + +#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +#define NID_id_smime_aa_receiptRequest 212 +#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +#define NID_id_smime_aa_securityLabel 213 +#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +#define NID_id_smime_aa_mlExpandHistory 214 +#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +#define NID_id_smime_aa_contentHint 215 +#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +#define NID_id_smime_aa_msgSigDigest 216 +#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +#define NID_id_smime_aa_encapContentType 217 +#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +#define NID_id_smime_aa_contentIdentifier 218 +#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +#define NID_id_smime_aa_macValue 219 +#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +#define NID_id_smime_aa_equivalentLabels 220 +#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +#define NID_id_smime_aa_contentReference 221 +#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +#define NID_id_smime_aa_encrypKeyPref 222 +#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +#define NID_id_smime_aa_signingCertificate 223 +#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +#define NID_id_smime_aa_smimeEncryptCerts 224 +#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +#define NID_id_smime_aa_timeStampToken 225 +#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +#define NID_id_smime_aa_ets_sigPolicyId 226 +#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +#define NID_id_smime_aa_ets_commitmentType 227 +#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +#define NID_id_smime_aa_ets_signerLocation 228 +#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +#define NID_id_smime_aa_ets_signerAttr 229 +#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +#define NID_id_smime_aa_ets_otherSigCert 230 +#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +#define NID_id_smime_aa_ets_contentTimestamp 231 +#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +#define NID_id_smime_aa_ets_CertificateRefs 232 +#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +#define NID_id_smime_aa_ets_RevocationRefs 233 +#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +#define NID_id_smime_aa_ets_certValues 234 +#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +#define NID_id_smime_aa_ets_revocationValues 235 +#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +#define NID_id_smime_aa_ets_escTimeStamp 236 +#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +#define NID_id_smime_aa_ets_certCRLTimestamp 237 +#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +#define NID_id_smime_aa_ets_archiveTimeStamp 238 +#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +#define NID_id_smime_aa_signatureType 239 +#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +#define NID_id_smime_aa_dvcs_dvc 240 +#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1086 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + +#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +#define NID_id_smime_alg_ESDHwith3DES 241 +#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +#define NID_id_smime_alg_ESDHwithRC2 242 +#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +#define NID_id_smime_alg_3DESwrap 243 +#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +#define NID_id_smime_alg_RC2wrap 244 +#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +#define NID_id_smime_alg_ESDH 245 +#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +#define NID_id_smime_alg_CMS3DESwrap 246 +#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +#define NID_id_smime_alg_CMSRC2wrap 247 +#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + +#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +#define NID_id_smime_cd_ldap 248 +#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +#define NID_id_smime_spq_ets_sqt_uri 249 +#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +#define NID_id_smime_spq_ets_sqt_unotice 250 +#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +#define NID_id_smime_cti_ets_proofOfOrigin 251 +#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +#define NID_id_smime_cti_ets_proofOfReceipt 252 +#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +#define NID_id_smime_cti_ets_proofOfDelivery 253 +#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +#define NID_id_smime_cti_ets_proofOfSender 254 +#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +#define NID_id_smime_cti_ets_proofOfApproval 255 +#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +#define NID_id_smime_cti_ets_proofOfCreation 256 +#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9,20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9,21L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L + +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + +#define OBJ_certTypes OBJ_pkcs9,22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes,1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes,2L + +#define OBJ_crlTypes OBJ_pkcs9,23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes,1L + +#define OBJ_pkcs12 OBJ_pkcs,12L + +#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md4 "MD4" +#define LN_md4 "md4" +#define NID_md4 257 +#define OBJ_md4 OBJ_rsadsi,2L,4L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +#define SN_sm2 "SM2" +#define LN_sm2 "sm2" +#define NID_sm2 1172 +#define OBJ_sm2 OBJ_sm_scheme,301L + +#define SN_sm3 "SM3" +#define LN_sm3 "sm3" +#define NID_sm3 1143 +#define OBJ_sm3 OBJ_sm_scheme,401L + +#define SN_sm3WithRSAEncryption "RSA-SM3" +#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" +#define NID_sm3WithRSAEncryption 1144 +#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + +#define LN_hmacWithSHA512_224 "hmacWithSHA512-224" +#define NID_hmacWithSHA512_224 1193 +#define OBJ_hmacWithSHA512_224 OBJ_rsadsi,2L,12L + +#define LN_hmacWithSHA512_256 "hmacWithSHA512-256" +#define NID_hmacWithSHA512_256 1194 +#define OBJ_hmacWithSHA512_256 OBJ_rsadsi,2L,13L + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcardlogin" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft Universal Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_pkix_mod "id-pkix-mod" +#define NID_id_pkix_mod 258 +#define OBJ_id_pkix_mod OBJ_id_pkix,0L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_qt "id-qt" +#define NID_id_qt 259 +#define OBJ_id_qt OBJ_id_pkix,2L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +#define SN_id_it "id-it" +#define NID_id_it 260 +#define OBJ_id_it OBJ_id_pkix,4L + +#define SN_id_pkip "id-pkip" +#define NID_id_pkip 261 +#define OBJ_id_pkip OBJ_id_pkix,5L + +#define SN_id_alg "id-alg" +#define NID_id_alg 262 +#define OBJ_id_alg OBJ_id_pkix,6L + +#define SN_id_cmc "id-cmc" +#define NID_id_cmc 263 +#define OBJ_id_cmc OBJ_id_pkix,7L + +#define SN_id_on "id-on" +#define NID_id_on 264 +#define OBJ_id_on OBJ_id_pkix,8L + +#define SN_id_pda "id-pda" +#define NID_id_pda 265 +#define OBJ_id_pda OBJ_id_pkix,9L + +#define SN_id_aca "id-aca" +#define NID_id_aca 266 +#define OBJ_id_aca OBJ_id_pkix,10L + +#define SN_id_qcs "id-qcs" +#define NID_id_qcs 267 +#define OBJ_id_qcs OBJ_id_pkix,11L + +#define SN_id_cct "id-cct" +#define NID_id_cct 268 +#define OBJ_id_cct OBJ_id_pkix,12L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +#define NID_id_pkix1_explicit_88 269 +#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L + +#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +#define NID_id_pkix1_implicit_88 270 +#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L + +#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +#define NID_id_pkix1_explicit_93 271 +#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L + +#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +#define NID_id_pkix1_implicit_93 272 +#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L + +#define SN_id_mod_crmf "id-mod-crmf" +#define NID_id_mod_crmf 273 +#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L + +#define SN_id_mod_cmc "id-mod-cmc" +#define NID_id_mod_cmc 274 +#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L + +#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +#define NID_id_mod_kea_profile_88 275 +#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L + +#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +#define NID_id_mod_kea_profile_93 276 +#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L + +#define SN_id_mod_cmp "id-mod-cmp" +#define NID_id_mod_cmp 277 +#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L + +#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +#define NID_id_mod_qualified_cert_88 278 +#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L + +#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +#define NID_id_mod_qualified_cert_93 279 +#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L + +#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +#define NID_id_mod_attribute_cert 280 +#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L + +#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +#define NID_id_mod_timestamp_protocol 281 +#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L + +#define SN_id_mod_ocsp "id-mod-ocsp" +#define NID_id_mod_ocsp 282 +#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L + +#define SN_id_mod_dvcs "id-mod-dvcs" +#define NID_id_mod_dvcs 283 +#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L + +#define SN_id_mod_cmp2000 "id-mod-cmp2000" +#define NID_id_mod_cmp2000 284 +#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_biometricInfo "biometricInfo" +#define LN_biometricInfo "Biometric Info" +#define NID_biometricInfo 285 +#define OBJ_biometricInfo OBJ_id_pe,2L + +#define SN_qcStatements "qcStatements" +#define NID_qcStatements 286 +#define OBJ_qcStatements OBJ_id_pe,3L + +#define SN_ac_auditEntity "ac-auditEntity" +#define NID_ac_auditEntity 287 +#define OBJ_ac_auditEntity OBJ_id_pe,4L + +#define SN_ac_targeting "ac-targeting" +#define NID_ac_targeting 288 +#define OBJ_ac_targeting OBJ_id_pe,5L + +#define SN_aaControls "aaControls" +#define NID_aaControls 289 +#define OBJ_aaControls OBJ_id_pe,6L + +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L + +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L + +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L + +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1020 +#define OBJ_tlsfeature OBJ_id_pe,24L + +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_qt,1L + +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_qt,2L + +#define SN_textNotice "textNotice" +#define NID_textNotice 293 +#define OBJ_textNotice OBJ_id_qt,3L + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_ipsecEndSystem "ipsecEndSystem" +#define LN_ipsecEndSystem "IPSec End System" +#define NID_ipsecEndSystem 294 +#define OBJ_ipsecEndSystem OBJ_id_kp,5L + +#define SN_ipsecTunnel "ipsecTunnel" +#define LN_ipsecTunnel "IPSec Tunnel" +#define NID_ipsecTunnel 295 +#define OBJ_ipsecTunnel OBJ_id_kp,6L + +#define SN_ipsecUser "ipsecUser" +#define LN_ipsecUser "IPSec User" +#define NID_ipsecUser 296 +#define OBJ_ipsecUser OBJ_id_kp,7L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_dvcs "DVCS" +#define LN_dvcs "dvcs" +#define NID_dvcs 297 +#define OBJ_dvcs OBJ_id_kp,10L + +#define SN_ipsec_IKE "ipsecIKE" +#define LN_ipsec_IKE "ipsec Internet Key Exchange" +#define NID_ipsec_IKE 1022 +#define OBJ_ipsec_IKE OBJ_id_kp,17L + +#define SN_capwapAC "capwapAC" +#define LN_capwapAC "Ctrl/provision WAP Access" +#define NID_capwapAC 1023 +#define OBJ_capwapAC OBJ_id_kp,18L + +#define SN_capwapWTP "capwapWTP" +#define LN_capwapWTP "Ctrl/Provision WAP Termination" +#define NID_capwapWTP 1024 +#define OBJ_capwapWTP OBJ_id_kp,19L + +#define SN_sshClient "secureShellClient" +#define LN_sshClient "SSH Client" +#define NID_sshClient 1025 +#define OBJ_sshClient OBJ_id_kp,21L + +#define SN_sshServer "secureShellServer" +#define LN_sshServer "SSH Server" +#define NID_sshServer 1026 +#define OBJ_sshServer OBJ_id_kp,22L + +#define SN_sendRouter "sendRouter" +#define LN_sendRouter "Send Router" +#define NID_sendRouter 1027 +#define OBJ_sendRouter OBJ_id_kp,23L + +#define SN_sendProxiedRouter "sendProxiedRouter" +#define LN_sendProxiedRouter "Send Proxied Router" +#define NID_sendProxiedRouter 1028 +#define OBJ_sendProxiedRouter OBJ_id_kp,24L + +#define SN_sendOwner "sendOwner" +#define LN_sendOwner "Send Owner" +#define NID_sendOwner 1029 +#define OBJ_sendOwner OBJ_id_kp,25L + +#define SN_sendProxiedOwner "sendProxiedOwner" +#define LN_sendProxiedOwner "Send Proxied Owner" +#define NID_sendProxiedOwner 1030 +#define OBJ_sendProxiedOwner OBJ_id_kp,26L + +#define SN_cmcCA "cmcCA" +#define LN_cmcCA "CMC Certificate Authority" +#define NID_cmcCA 1131 +#define OBJ_cmcCA OBJ_id_kp,27L + +#define SN_cmcRA "cmcRA" +#define LN_cmcRA "CMC Registration Authority" +#define NID_cmcRA 1132 +#define OBJ_cmcRA OBJ_id_kp,28L + +#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +#define NID_id_it_caProtEncCert 298 +#define OBJ_id_it_caProtEncCert OBJ_id_it,1L + +#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +#define NID_id_it_signKeyPairTypes 299 +#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L + +#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +#define NID_id_it_encKeyPairTypes 300 +#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L + +#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +#define NID_id_it_preferredSymmAlg 301 +#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L + +#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +#define NID_id_it_caKeyUpdateInfo 302 +#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L + +#define SN_id_it_currentCRL "id-it-currentCRL" +#define NID_id_it_currentCRL 303 +#define OBJ_id_it_currentCRL OBJ_id_it,6L + +#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +#define NID_id_it_unsupportedOIDs 304 +#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L + +#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +#define NID_id_it_subscriptionRequest 305 +#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L + +#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +#define NID_id_it_subscriptionResponse 306 +#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L + +#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +#define NID_id_it_keyPairParamReq 307 +#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L + +#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +#define NID_id_it_keyPairParamRep 308 +#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L + +#define SN_id_it_revPassphrase "id-it-revPassphrase" +#define NID_id_it_revPassphrase 309 +#define OBJ_id_it_revPassphrase OBJ_id_it,12L + +#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +#define NID_id_it_implicitConfirm 310 +#define OBJ_id_it_implicitConfirm OBJ_id_it,13L + +#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +#define NID_id_it_confirmWaitTime 311 +#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L + +#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +#define NID_id_it_origPKIMessage 312 +#define OBJ_id_it_origPKIMessage OBJ_id_it,15L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + +#define SN_id_regCtrl "id-regCtrl" +#define NID_id_regCtrl 313 +#define OBJ_id_regCtrl OBJ_id_pkip,1L + +#define SN_id_regInfo "id-regInfo" +#define NID_id_regInfo 314 +#define OBJ_id_regInfo OBJ_id_pkip,2L + +#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +#define NID_id_regCtrl_regToken 315 +#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L + +#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +#define NID_id_regCtrl_authenticator 316 +#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +#define NID_id_regCtrl_pkiPublicationInfo 317 +#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +#define NID_id_regCtrl_pkiArchiveOptions 318 +#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +#define NID_id_regCtrl_oldCertID 319 +#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +#define NID_id_regCtrl_protocolEncrKey 320 +#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +#define NID_id_regInfo_utf8Pairs 321 +#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +#define SN_id_regInfo_certReq "id-regInfo-certReq" +#define NID_id_regInfo_certReq 322 +#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +#define SN_id_alg_des40 "id-alg-des40" +#define NID_id_alg_des40 323 +#define OBJ_id_alg_des40 OBJ_id_alg,1L + +#define SN_id_alg_noSignature "id-alg-noSignature" +#define NID_id_alg_noSignature 324 +#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +#define NID_id_alg_dh_sig_hmac_sha1 325 +#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +#define SN_id_alg_dh_pop "id-alg-dh-pop" +#define NID_id_alg_dh_pop 326 +#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +#define NID_id_cmc_statusInfo 327 +#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +#define SN_id_cmc_identification "id-cmc-identification" +#define NID_id_cmc_identification 328 +#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +#define SN_id_cmc_identityProof "id-cmc-identityProof" +#define NID_id_cmc_identityProof 329 +#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +#define NID_id_cmc_dataReturn 330 +#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +#define SN_id_cmc_transactionId "id-cmc-transactionId" +#define NID_id_cmc_transactionId 331 +#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +#define NID_id_cmc_senderNonce 332 +#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +#define NID_id_cmc_recipientNonce 333 +#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +#define NID_id_cmc_addExtensions 334 +#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +#define NID_id_cmc_encryptedPOP 335 +#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +#define NID_id_cmc_decryptedPOP 336 +#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +#define NID_id_cmc_lraPOPWitness 337 +#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +#define SN_id_cmc_getCert "id-cmc-getCert" +#define NID_id_cmc_getCert 338 +#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +#define SN_id_cmc_getCRL "id-cmc-getCRL" +#define NID_id_cmc_getCRL 339 +#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +#define NID_id_cmc_revokeRequest 340 +#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +#define SN_id_cmc_regInfo "id-cmc-regInfo" +#define NID_id_cmc_regInfo 341 +#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +#define NID_id_cmc_responseInfo 342 +#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +#define SN_id_cmc_queryPending "id-cmc-queryPending" +#define NID_id_cmc_queryPending 343 +#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L + +#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +#define NID_id_cmc_popLinkRandom 344 +#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L + +#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +#define NID_id_cmc_popLinkWitness 345 +#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L + +#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +#define NID_id_cmc_confirmCertAcceptance 346 +#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L + +#define SN_id_on_personalData "id-on-personalData" +#define NID_id_on_personalData 347 +#define OBJ_id_on_personalData OBJ_id_on,1L + +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L + +#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +#define NID_id_pda_dateOfBirth 348 +#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L + +#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +#define NID_id_pda_placeOfBirth 349 +#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L + +#define SN_id_pda_gender "id-pda-gender" +#define NID_id_pda_gender 351 +#define OBJ_id_pda_gender OBJ_id_pda,3L + +#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +#define NID_id_pda_countryOfCitizenship 352 +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L + +#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +#define NID_id_pda_countryOfResidence 353 +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L + +#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +#define NID_id_aca_authenticationInfo 354 +#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L + +#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +#define NID_id_aca_accessIdentity 355 +#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L + +#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +#define NID_id_aca_chargingIdentity 356 +#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L + +#define SN_id_aca_group "id-aca-group" +#define NID_id_aca_group 357 +#define OBJ_id_aca_group OBJ_id_aca,4L + +#define SN_id_aca_role "id-aca-role" +#define NID_id_aca_role 358 +#define OBJ_id_aca_role OBJ_id_aca,5L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + +#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +#define NID_id_qcs_pkixQCSyntax_v1 359 +#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L + +#define SN_id_cct_crs "id-cct-crs" +#define NID_id_cct_crs 360 +#define OBJ_id_cct_crs OBJ_id_cct,1L + +#define SN_id_cct_PKIData "id-cct-PKIData" +#define NID_id_cct_PKIData 361 +#define OBJ_id_cct_PKIData OBJ_id_cct,2L + +#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +#define NID_id_cct_PKIResponse 362 +#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_ad_timeStamping "ad_timestamping" +#define LN_ad_timeStamping "AD Time Stamping" +#define NID_ad_timeStamping 363 +#define OBJ_ad_timeStamping OBJ_id_ad,3L + +#define SN_ad_dvcs "AD_DVCS" +#define LN_ad_dvcs "ad dvcs" +#define NID_ad_dvcs 364 +#define OBJ_ad_dvcs OBJ_id_ad,4L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + +#define OBJ_id_pkix_OCSP OBJ_ad_OCSP + +#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +#define NID_id_pkix_OCSP_basic 365 +#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L + +#define SN_id_pkix_OCSP_Nonce "Nonce" +#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +#define NID_id_pkix_OCSP_Nonce 366 +#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L + +#define SN_id_pkix_OCSP_CrlID "CrlID" +#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +#define NID_id_pkix_OCSP_CrlID 367 +#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L + +#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +#define NID_id_pkix_OCSP_acceptableResponses 368 +#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L + +#define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +#define NID_id_pkix_OCSP_noCheck 369 +#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L + +#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +#define NID_id_pkix_OCSP_archiveCutoff 370 +#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L + +#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +#define NID_id_pkix_OCSP_serviceLocator 371 +#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L + +#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +#define NID_id_pkix_OCSP_extendedStatus 372 +#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L + +#define SN_id_pkix_OCSP_valid "valid" +#define NID_id_pkix_OCSP_valid 373 +#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L + +#define SN_id_pkix_OCSP_path "path" +#define NID_id_pkix_OCSP_path 374 +#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L + +#define SN_id_pkix_OCSP_trustRoot "trustRoot" +#define LN_id_pkix_OCSP_trustRoot "Trust Root" +#define NID_id_pkix_OCSP_trustRoot 375 +#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L + +#define SN_algorithm "algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 376 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_rsaSignature "rsaSignature" +#define NID_rsaSignature 377 +#define OBJ_rsaSignature OBJ_algorithm,11L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +#define SN_blake2b512 "BLAKE2b512" +#define LN_blake2b512 "blake2b512" +#define NID_blake2b512 1056 +#define OBJ_blake2b512 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L + +#define SN_blake2s256 "BLAKE2s256" +#define LN_blake2s256 "blake2s256" +#define NID_blake2s256 1057 +#define OBJ_blake2s256 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier OBJ_X509,44L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + +#define LN_organizationIdentifier "organizationIdentifier" +#define NID_organizationIdentifier 1089 +#define OBJ_organizationIdentifier OBJ_X509,97L + +#define SN_countryCode3c "c3" +#define LN_countryCode3c "countryCode3c" +#define NID_countryCode3c 1090 +#define OBJ_countryCode3c OBJ_X509,98L + +#define SN_countryCode3n "n3" +#define LN_countryCode3n "countryCode3n" +#define NID_countryCode3n 1091 +#define OBJ_countryCode3n OBJ_X509,99L + +#define LN_dnsName "dnsName" +#define NID_dnsName 1092 +#define OBJ_dnsName OBJ_X509,100L + +#define SN_X500algorithms "X500algorithms" +#define LN_X500algorithms "directory services - algorithms" +#define NID_X500algorithms 378 +#define OBJ_X500algorithms OBJ_X500,8L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500algorithms,1L,1L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 OBJ_X500algorithms,3L,101L + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce OBJ_X500,29L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37L + +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_org "ORG" +#define LN_org "org" +#define NID_org 379 +#define OBJ_org OBJ_iso,3L + +#define SN_dod "DOD" +#define LN_dod "dod" +#define NID_dod 380 +#define OBJ_dod OBJ_org,6L + +#define SN_iana "IANA" +#define LN_iana "iana" +#define NID_iana 381 +#define OBJ_iana OBJ_dod,1L + +#define OBJ_internet OBJ_iana + +#define SN_Directory "directory" +#define LN_Directory "Directory" +#define NID_Directory 382 +#define OBJ_Directory OBJ_internet,1L + +#define SN_Management "mgmt" +#define LN_Management "Management" +#define NID_Management 383 +#define OBJ_Management OBJ_internet,2L + +#define SN_Experimental "experimental" +#define LN_Experimental "Experimental" +#define NID_Experimental 384 +#define OBJ_Experimental OBJ_internet,3L + +#define SN_Private "private" +#define LN_Private "Private" +#define NID_Private 385 +#define OBJ_Private OBJ_internet,4L + +#define SN_Security "security" +#define LN_Security "Security" +#define NID_Security 386 +#define OBJ_Security OBJ_internet,5L + +#define SN_SNMPv2 "snmpv2" +#define LN_SNMPv2 "SNMPv2" +#define NID_SNMPv2 387 +#define OBJ_SNMPv2 OBJ_internet,6L + +#define LN_Mail "Mail" +#define NID_Mail 388 +#define OBJ_Mail OBJ_internet,7L + +#define SN_Enterprises "enterprises" +#define LN_Enterprises "Enterprises" +#define NID_Enterprises 389 +#define OBJ_Enterprises OBJ_Private,1L + +#define SN_dcObject "dcobject" +#define LN_dcObject "dcObject" +#define NID_dcObject 390 +#define OBJ_dcObject OBJ_Enterprises,1466L,344L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression OBJ_id_smime_alg,8L + +#define OBJ_csor 2L,16L,840L,1L,101L,3L + +#define OBJ_nistAlgorithms OBJ_csor,4L + +#define OBJ_aes OBJ_nistAlgorithms,1L + +#define SN_aes_128_ecb "AES-128-ECB" +#define LN_aes_128_ecb "aes-128-ecb" +#define NID_aes_128_ecb 418 +#define OBJ_aes_128_ecb OBJ_aes,1L + +#define SN_aes_128_cbc "AES-128-CBC" +#define LN_aes_128_cbc "aes-128-cbc" +#define NID_aes_128_cbc 419 +#define OBJ_aes_128_cbc OBJ_aes,2L + +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L + +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + +#define SN_aes_192_ecb "AES-192-ECB" +#define LN_aes_192_ecb "aes-192-ecb" +#define NID_aes_192_ecb 422 +#define OBJ_aes_192_ecb OBJ_aes,21L + +#define SN_aes_192_cbc "AES-192-CBC" +#define LN_aes_192_cbc "aes-192-cbc" +#define NID_aes_192_cbc 423 +#define OBJ_aes_192_cbc OBJ_aes,22L + +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L + +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + +#define SN_aes_256_ecb "AES-256-ECB" +#define LN_aes_256_ecb "aes-256-ecb" +#define NID_aes_256_ecb 426 +#define OBJ_aes_256_ecb OBJ_aes,41L + +#define SN_aes_256_cbc "AES-256-CBC" +#define LN_aes_256_cbc "aes-256-cbc" +#define NID_aes_256_cbc 427 +#define OBJ_aes_256_cbc OBJ_aes,42L + +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L + +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 +#define OBJ_aes_128_xts OBJ_ieee_siswg,0L,1L,1L + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 +#define OBJ_aes_256_xts OBJ_ieee_siswg,0L,1L,2L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_ocb "AES-128-OCB" +#define LN_aes_128_ocb "aes-128-ocb" +#define NID_aes_128_ocb 958 + +#define SN_aes_192_ocb "AES-192-OCB" +#define LN_aes_192_ocb "aes-192-ocb" +#define NID_aes_192_ocb 959 + +#define SN_aes_256_ocb "AES-256-OCB" +#define LN_aes_256_ocb "aes-256-ocb" +#define NID_aes_256_ocb 960 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + +#define SN_sha512_224 "SHA512-224" +#define LN_sha512_224 "sha512-224" +#define NID_sha512_224 1094 +#define OBJ_sha512_224 OBJ_nist_hashalgs,5L + +#define SN_sha512_256 "SHA512-256" +#define LN_sha512_256 "sha512-256" +#define NID_sha512_256 1095 +#define OBJ_sha512_256 OBJ_nist_hashalgs,6L + +#define SN_sha3_224 "SHA3-224" +#define LN_sha3_224 "sha3-224" +#define NID_sha3_224 1096 +#define OBJ_sha3_224 OBJ_nist_hashalgs,7L + +#define SN_sha3_256 "SHA3-256" +#define LN_sha3_256 "sha3-256" +#define NID_sha3_256 1097 +#define OBJ_sha3_256 OBJ_nist_hashalgs,8L + +#define SN_sha3_384 "SHA3-384" +#define LN_sha3_384 "sha3-384" +#define NID_sha3_384 1098 +#define OBJ_sha3_384 OBJ_nist_hashalgs,9L + +#define SN_sha3_512 "SHA3-512" +#define LN_sha3_512 "sha3-512" +#define NID_sha3_512 1099 +#define OBJ_sha3_512 OBJ_nist_hashalgs,10L + +#define SN_shake128 "SHAKE128" +#define LN_shake128 "shake128" +#define NID_shake128 1100 +#define OBJ_shake128 OBJ_nist_hashalgs,11L + +#define SN_shake256 "SHAKE256" +#define LN_shake256 "shake256" +#define NID_shake256 1101 +#define OBJ_shake256 OBJ_nist_hashalgs,12L + +#define SN_hmac_sha3_224 "id-hmacWithSHA3-224" +#define LN_hmac_sha3_224 "hmac-sha3-224" +#define NID_hmac_sha3_224 1102 +#define OBJ_hmac_sha3_224 OBJ_nist_hashalgs,13L + +#define SN_hmac_sha3_256 "id-hmacWithSHA3-256" +#define LN_hmac_sha3_256 "hmac-sha3-256" +#define NID_hmac_sha3_256 1103 +#define OBJ_hmac_sha3_256 OBJ_nist_hashalgs,14L + +#define SN_hmac_sha3_384 "id-hmacWithSHA3-384" +#define LN_hmac_sha3_384 "hmac-sha3-384" +#define NID_hmac_sha3_384 1104 +#define OBJ_hmac_sha3_384 OBJ_nist_hashalgs,15L + +#define SN_hmac_sha3_512 "id-hmacWithSHA3-512" +#define LN_hmac_sha3_512 "hmac-sha3-512" +#define NID_hmac_sha3_512 1105 +#define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L + +#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L + +#define OBJ_sigAlgs OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA384 "id-dsa-with-sha384" +#define LN_dsa_with_SHA384 "dsa_with_SHA384" +#define NID_dsa_with_SHA384 1106 +#define OBJ_dsa_with_SHA384 OBJ_sigAlgs,3L + +#define SN_dsa_with_SHA512 "id-dsa-with-sha512" +#define LN_dsa_with_SHA512 "dsa_with_SHA512" +#define NID_dsa_with_SHA512 1107 +#define OBJ_dsa_with_SHA512 OBJ_sigAlgs,4L + +#define SN_dsa_with_SHA3_224 "id-dsa-with-sha3-224" +#define LN_dsa_with_SHA3_224 "dsa_with_SHA3-224" +#define NID_dsa_with_SHA3_224 1108 +#define OBJ_dsa_with_SHA3_224 OBJ_sigAlgs,5L + +#define SN_dsa_with_SHA3_256 "id-dsa-with-sha3-256" +#define LN_dsa_with_SHA3_256 "dsa_with_SHA3-256" +#define NID_dsa_with_SHA3_256 1109 +#define OBJ_dsa_with_SHA3_256 OBJ_sigAlgs,6L + +#define SN_dsa_with_SHA3_384 "id-dsa-with-sha3-384" +#define LN_dsa_with_SHA3_384 "dsa_with_SHA3-384" +#define NID_dsa_with_SHA3_384 1110 +#define OBJ_dsa_with_SHA3_384 OBJ_sigAlgs,7L + +#define SN_dsa_with_SHA3_512 "id-dsa-with-sha3-512" +#define LN_dsa_with_SHA3_512 "dsa_with_SHA3-512" +#define NID_dsa_with_SHA3_512 1111 +#define OBJ_dsa_with_SHA3_512 OBJ_sigAlgs,8L + +#define SN_ecdsa_with_SHA3_224 "id-ecdsa-with-sha3-224" +#define LN_ecdsa_with_SHA3_224 "ecdsa_with_SHA3-224" +#define NID_ecdsa_with_SHA3_224 1112 +#define OBJ_ecdsa_with_SHA3_224 OBJ_sigAlgs,9L + +#define SN_ecdsa_with_SHA3_256 "id-ecdsa-with-sha3-256" +#define LN_ecdsa_with_SHA3_256 "ecdsa_with_SHA3-256" +#define NID_ecdsa_with_SHA3_256 1113 +#define OBJ_ecdsa_with_SHA3_256 OBJ_sigAlgs,10L + +#define SN_ecdsa_with_SHA3_384 "id-ecdsa-with-sha3-384" +#define LN_ecdsa_with_SHA3_384 "ecdsa_with_SHA3-384" +#define NID_ecdsa_with_SHA3_384 1114 +#define OBJ_ecdsa_with_SHA3_384 OBJ_sigAlgs,11L + +#define SN_ecdsa_with_SHA3_512 "id-ecdsa-with-sha3-512" +#define LN_ecdsa_with_SHA3_512 "ecdsa_with_SHA3-512" +#define NID_ecdsa_with_SHA3_512 1115 +#define OBJ_ecdsa_with_SHA3_512 OBJ_sigAlgs,12L + +#define SN_RSA_SHA3_224 "id-rsassa-pkcs1-v1_5-with-sha3-224" +#define LN_RSA_SHA3_224 "RSA-SHA3-224" +#define NID_RSA_SHA3_224 1116 +#define OBJ_RSA_SHA3_224 OBJ_sigAlgs,13L + +#define SN_RSA_SHA3_256 "id-rsassa-pkcs1-v1_5-with-sha3-256" +#define LN_RSA_SHA3_256 "RSA-SHA3-256" +#define NID_RSA_SHA3_256 1117 +#define OBJ_RSA_SHA3_256 OBJ_sigAlgs,14L + +#define SN_RSA_SHA3_384 "id-rsassa-pkcs1-v1_5-with-sha3-384" +#define LN_RSA_SHA3_384 "RSA-SHA3-384" +#define NID_RSA_SHA3_384 1118 +#define OBJ_RSA_SHA3_384 OBJ_sigAlgs,15L + +#define SN_RSA_SHA3_512 "id-rsassa-pkcs1-v1_5-with-sha3-512" +#define LN_RSA_SHA3_512 "RSA-SHA3-512" +#define NID_RSA_SHA3_512 1119 +#define OBJ_RSA_SHA3_512 OBJ_sigAlgs,16L + +#define SN_hold_instruction_code "holdInstructionCode" +#define LN_hold_instruction_code "Hold Instruction Code" +#define NID_hold_instruction_code 430 +#define OBJ_hold_instruction_code OBJ_id_ce,23L + +#define OBJ_holdInstruction OBJ_X9_57,2L + +#define SN_hold_instruction_none "holdInstructionNone" +#define LN_hold_instruction_none "Hold Instruction None" +#define NID_hold_instruction_none 431 +#define OBJ_hold_instruction_none OBJ_holdInstruction,1L + +#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +#define NID_hold_instruction_call_issuer 432 +#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L + +#define SN_hold_instruction_reject "holdInstructionReject" +#define LN_hold_instruction_reject "Hold Instruction Reject" +#define NID_hold_instruction_reject 433 +#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L + +#define SN_data "data" +#define NID_data 434 +#define OBJ_data OBJ_itu_t,9L + +#define SN_pss "pss" +#define NID_pss 435 +#define OBJ_pss OBJ_data,2342L + +#define SN_ucl "ucl" +#define NID_ucl 436 +#define OBJ_ucl OBJ_pss,19200300L + +#define SN_pilot "pilot" +#define NID_pilot 437 +#define OBJ_pilot OBJ_ucl,100L + +#define LN_pilotAttributeType "pilotAttributeType" +#define NID_pilotAttributeType 438 +#define OBJ_pilotAttributeType OBJ_pilot,1L + +#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +#define NID_pilotAttributeSyntax 439 +#define OBJ_pilotAttributeSyntax OBJ_pilot,3L + +#define LN_pilotObjectClass "pilotObjectClass" +#define NID_pilotObjectClass 440 +#define OBJ_pilotObjectClass OBJ_pilot,4L + +#define LN_pilotGroups "pilotGroups" +#define NID_pilotGroups 441 +#define OBJ_pilotGroups OBJ_pilot,10L + +#define LN_iA5StringSyntax "iA5StringSyntax" +#define NID_iA5StringSyntax 442 +#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L + +#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +#define NID_caseIgnoreIA5StringSyntax 443 +#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L + +#define LN_pilotObject "pilotObject" +#define NID_pilotObject 444 +#define OBJ_pilotObject OBJ_pilotObjectClass,3L + +#define LN_pilotPerson "pilotPerson" +#define NID_pilotPerson 445 +#define OBJ_pilotPerson OBJ_pilotObjectClass,4L + +#define SN_account "account" +#define NID_account 446 +#define OBJ_account OBJ_pilotObjectClass,5L + +#define SN_document "document" +#define NID_document 447 +#define OBJ_document OBJ_pilotObjectClass,6L + +#define SN_room "room" +#define NID_room 448 +#define OBJ_room OBJ_pilotObjectClass,7L + +#define LN_documentSeries "documentSeries" +#define NID_documentSeries 449 +#define OBJ_documentSeries OBJ_pilotObjectClass,9L + +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain OBJ_pilotObjectClass,13L + +#define LN_rFC822localPart "rFC822localPart" +#define NID_rFC822localPart 450 +#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L + +#define LN_dNSDomain "dNSDomain" +#define NID_dNSDomain 451 +#define OBJ_dNSDomain OBJ_pilotObjectClass,15L + +#define LN_domainRelatedObject "domainRelatedObject" +#define NID_domainRelatedObject 452 +#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L + +#define LN_friendlyCountry "friendlyCountry" +#define NID_friendlyCountry 453 +#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L + +#define LN_simpleSecurityObject "simpleSecurityObject" +#define NID_simpleSecurityObject 454 +#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L + +#define LN_pilotOrganization "pilotOrganization" +#define NID_pilotOrganization 455 +#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L + +#define LN_pilotDSA "pilotDSA" +#define NID_pilotDSA 456 +#define OBJ_pilotDSA OBJ_pilotObjectClass,21L + +#define LN_qualityLabelledData "qualityLabelledData" +#define NID_qualityLabelledData 457 +#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L + +#define SN_userId "UID" +#define LN_userId "userId" +#define NID_userId 458 +#define OBJ_userId OBJ_pilotAttributeType,1L + +#define LN_textEncodedORAddress "textEncodedORAddress" +#define NID_textEncodedORAddress 459 +#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L + +#define SN_rfc822Mailbox "mail" +#define LN_rfc822Mailbox "rfc822Mailbox" +#define NID_rfc822Mailbox 460 +#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L + +#define SN_info "info" +#define NID_info 461 +#define OBJ_info OBJ_pilotAttributeType,4L + +#define LN_favouriteDrink "favouriteDrink" +#define NID_favouriteDrink 462 +#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L + +#define LN_roomNumber "roomNumber" +#define NID_roomNumber 463 +#define OBJ_roomNumber OBJ_pilotAttributeType,6L + +#define SN_photo "photo" +#define NID_photo 464 +#define OBJ_photo OBJ_pilotAttributeType,7L + +#define LN_userClass "userClass" +#define NID_userClass 465 +#define OBJ_userClass OBJ_pilotAttributeType,8L + +#define SN_host "host" +#define NID_host 466 +#define OBJ_host OBJ_pilotAttributeType,9L + +#define SN_manager "manager" +#define NID_manager 467 +#define OBJ_manager OBJ_pilotAttributeType,10L + +#define LN_documentIdentifier "documentIdentifier" +#define NID_documentIdentifier 468 +#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L + +#define LN_documentTitle "documentTitle" +#define NID_documentTitle 469 +#define OBJ_documentTitle OBJ_pilotAttributeType,12L + +#define LN_documentVersion "documentVersion" +#define NID_documentVersion 470 +#define OBJ_documentVersion OBJ_pilotAttributeType,13L + +#define LN_documentAuthor "documentAuthor" +#define NID_documentAuthor 471 +#define OBJ_documentAuthor OBJ_pilotAttributeType,14L + +#define LN_documentLocation "documentLocation" +#define NID_documentLocation 472 +#define OBJ_documentLocation OBJ_pilotAttributeType,15L + +#define LN_homeTelephoneNumber "homeTelephoneNumber" +#define NID_homeTelephoneNumber 473 +#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L + +#define SN_secretary "secretary" +#define NID_secretary 474 +#define OBJ_secretary OBJ_pilotAttributeType,21L + +#define LN_otherMailbox "otherMailbox" +#define NID_otherMailbox 475 +#define OBJ_otherMailbox OBJ_pilotAttributeType,22L + +#define LN_lastModifiedTime "lastModifiedTime" +#define NID_lastModifiedTime 476 +#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L + +#define LN_lastModifiedBy "lastModifiedBy" +#define NID_lastModifiedBy 477 +#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L + +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +#define LN_aRecord "aRecord" +#define NID_aRecord 478 +#define OBJ_aRecord OBJ_pilotAttributeType,26L + +#define LN_pilotAttributeType27 "pilotAttributeType27" +#define NID_pilotAttributeType27 479 +#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L + +#define LN_mXRecord "mXRecord" +#define NID_mXRecord 480 +#define OBJ_mXRecord OBJ_pilotAttributeType,28L + +#define LN_nSRecord "nSRecord" +#define NID_nSRecord 481 +#define OBJ_nSRecord OBJ_pilotAttributeType,29L + +#define LN_sOARecord "sOARecord" +#define NID_sOARecord 482 +#define OBJ_sOARecord OBJ_pilotAttributeType,30L + +#define LN_cNAMERecord "cNAMERecord" +#define NID_cNAMERecord 483 +#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L + +#define LN_associatedDomain "associatedDomain" +#define NID_associatedDomain 484 +#define OBJ_associatedDomain OBJ_pilotAttributeType,37L + +#define LN_associatedName "associatedName" +#define NID_associatedName 485 +#define OBJ_associatedName OBJ_pilotAttributeType,38L + +#define LN_homePostalAddress "homePostalAddress" +#define NID_homePostalAddress 486 +#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L + +#define LN_personalTitle "personalTitle" +#define NID_personalTitle 487 +#define OBJ_personalTitle OBJ_pilotAttributeType,40L + +#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +#define NID_mobileTelephoneNumber 488 +#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L + +#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +#define NID_pagerTelephoneNumber 489 +#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L + +#define LN_friendlyCountryName "friendlyCountryName" +#define NID_friendlyCountryName 490 +#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +#define SN_uniqueIdentifier "uid" +#define LN_uniqueIdentifier "uniqueIdentifier" +#define NID_uniqueIdentifier 102 +#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L + +#define LN_organizationalStatus "organizationalStatus" +#define NID_organizationalStatus 491 +#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L + +#define LN_janetMailbox "janetMailbox" +#define NID_janetMailbox 492 +#define OBJ_janetMailbox OBJ_pilotAttributeType,46L + +#define LN_mailPreferenceOption "mailPreferenceOption" +#define NID_mailPreferenceOption 493 +#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L + +#define LN_buildingName "buildingName" +#define NID_buildingName 494 +#define OBJ_buildingName OBJ_pilotAttributeType,48L + +#define LN_dSAQuality "dSAQuality" +#define NID_dSAQuality 495 +#define OBJ_dSAQuality OBJ_pilotAttributeType,49L + +#define LN_singleLevelQuality "singleLevelQuality" +#define NID_singleLevelQuality 496 +#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L + +#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +#define NID_subtreeMinimumQuality 497 +#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L + +#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +#define NID_subtreeMaximumQuality 498 +#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L + +#define LN_personalSignature "personalSignature" +#define NID_personalSignature 499 +#define OBJ_personalSignature OBJ_pilotAttributeType,53L + +#define LN_dITRedirect "dITRedirect" +#define NID_dITRedirect 500 +#define OBJ_dITRedirect OBJ_pilotAttributeType,54L + +#define SN_audio "audio" +#define NID_audio 501 +#define OBJ_audio OBJ_pilotAttributeType,55L + +#define LN_documentPublisher "documentPublisher" +#define NID_documentPublisher 502 +#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set OBJ_international_organizations,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_tc26 "id-tc26" +#define NID_id_tc26 974 +#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_gost89_cnt_12 "gost89-cnt-12" +#define NID_gost89_cnt_12 975 + +#define SN_gost89_cbc "gost89-cbc" +#define NID_gost89_cbc 1009 + +#define SN_gost89_ecb "gost89-ecb" +#define NID_gost89_ecb 1010 + +#define SN_gost89_ctr "gost89-ctr" +#define NID_gost89_ctr 1011 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_gost_mac_12 "gost-mac-12" +#define NID_gost_mac_12 976 + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +#define SN_id_tc26_algorithms "id-tc26-algorithms" +#define NID_id_tc26_algorithms 977 +#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L + +#define SN_id_tc26_sign "id-tc26-sign" +#define NID_id_tc26_sign 978 +#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L + +#define SN_id_GostR3410_2012_256 "gost2012_256" +#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" +#define NID_id_GostR3410_2012_256 979 +#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L + +#define SN_id_GostR3410_2012_512 "gost2012_512" +#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" +#define NID_id_GostR3410_2012_512 980 +#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L + +#define SN_id_tc26_digest "id-tc26-digest" +#define NID_id_tc26_digest 981 +#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L + +#define SN_id_GostR3411_2012_256 "md_gost12_256" +#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" +#define NID_id_GostR3411_2012_256 982 +#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L + +#define SN_id_GostR3411_2012_512 "md_gost12_512" +#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" +#define NID_id_GostR3411_2012_512 983 +#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L + +#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" +#define NID_id_tc26_signwithdigest 984 +#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L + +#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" +#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_256 985 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L + +#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" +#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_512 986 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L + +#define SN_id_tc26_mac "id-tc26-mac" +#define NID_id_tc26_mac 987 +#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L + +#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" +#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" +#define NID_id_tc26_hmac_gost_3411_2012_256 988 +#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L + +#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" +#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" +#define NID_id_tc26_hmac_gost_3411_2012_512 989 +#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L + +#define SN_id_tc26_cipher "id-tc26-cipher" +#define NID_id_tc26_cipher 990 +#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L + +#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma" +#define NID_id_tc26_cipher_gostr3412_2015_magma 1173 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L + +#define SN_id_tc26_agreement "id-tc26-agreement" +#define NID_id_tc26_agreement 991 +#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L + +#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" +#define NID_id_tc26_agreement_gost_3410_2012_256 992 +#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L + +#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" +#define NID_id_tc26_agreement_gost_3410_2012_512 993 +#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L + +#define SN_id_tc26_wrap "id-tc26-wrap" +#define NID_id_tc26_wrap 1179 +#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L + +#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma" +#define NID_id_tc26_wrap_gostr3412_2015_magma 1180 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L + +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_constants "id-tc26-constants" +#define NID_id_tc26_constants 994 +#define OBJ_id_tc26_constants OBJ_id_tc26,2L + +#define SN_id_tc26_sign_constants "id-tc26-sign-constants" +#define NID_id_tc26_sign_constants 995 +#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants" +#define NID_id_tc26_gost_3410_2012_256_constants 1147 +#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA" +#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB" +#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L + +#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC" +#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L + +#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD" +#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" +#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L + +#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" +#define NID_id_tc26_gost_3410_2012_512_constants 996 +#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" +#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" +#define NID_id_tc26_gost_3410_2012_512_paramSetTest 997 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L + +#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" +#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_512_paramSetA 998 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L + +#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" +#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_512_paramSetB 999 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC" +#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L + +#define SN_id_tc26_digest_constants "id-tc26-digest-constants" +#define NID_id_tc26_digest_constants 1000 +#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L + +#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" +#define NID_id_tc26_cipher_constants 1001 +#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L + +#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" +#define NID_id_tc26_gost_28147_constants 1002 +#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L + +#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" +#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" +#define NID_id_tc26_gost_28147_param_Z 1003 +#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L + +#define SN_INN "INN" +#define LN_INN "INN" +#define NID_INN 1004 +#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L + +#define SN_OGRN "OGRN" +#define LN_OGRN "OGRN" +#define NID_OGRN 1005 +#define OBJ_OGRN OBJ_member_body,643L,100L,1L + +#define SN_SNILS "SNILS" +#define LN_SNILS "SNILS" +#define NID_SNILS 1006 +#define OBJ_SNILS OBJ_member_body,643L,100L,3L + +#define SN_subjectSignTool "subjectSignTool" +#define LN_subjectSignTool "Signing Tool of Subject" +#define NID_subjectSignTool 1007 +#define OBJ_subjectSignTool OBJ_member_body,643L,100L,111L + +#define SN_issuerSignTool "issuerSignTool" +#define LN_issuerSignTool "Signing Tool of Issuer" +#define NID_issuerSignTool 1008 +#define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L + +#define SN_grasshopper_ecb "grasshopper-ecb" +#define NID_grasshopper_ecb 1012 + +#define SN_grasshopper_ctr "grasshopper-ctr" +#define NID_grasshopper_ctr 1013 + +#define SN_grasshopper_ofb "grasshopper-ofb" +#define NID_grasshopper_ofb 1014 + +#define SN_grasshopper_cbc "grasshopper-cbc" +#define NID_grasshopper_cbc 1015 + +#define SN_grasshopper_cfb "grasshopper-cfb" +#define NID_grasshopper_cfb 1016 + +#define SN_grasshopper_mac "grasshopper-mac" +#define NID_grasshopper_mac 1017 + +#define SN_magma_ecb "magma-ecb" +#define NID_magma_ecb 1187 + +#define SN_magma_ctr "magma-ctr" +#define NID_magma_ctr 1188 + +#define SN_magma_ofb "magma-ofb" +#define NID_magma_ofb 1189 + +#define SN_magma_cbc "magma-cbc" +#define NID_magma_cbc 1190 + +#define SN_magma_cfb "magma-cfb" +#define NID_magma_cfb 1191 + +#define SN_magma_mac "magma-mac" +#define NID_magma_mac 1192 + +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_128_gcm "CAMELLIA-128-GCM" +#define LN_camellia_128_gcm "camellia-128-gcm" +#define NID_camellia_128_gcm 961 +#define OBJ_camellia_128_gcm OBJ_camellia,6L + +#define SN_camellia_128_ccm "CAMELLIA-128-CCM" +#define LN_camellia_128_ccm "camellia-128-ccm" +#define NID_camellia_128_ccm 962 +#define OBJ_camellia_128_ccm OBJ_camellia,7L + +#define SN_camellia_128_ctr "CAMELLIA-128-CTR" +#define LN_camellia_128_ctr "camellia-128-ctr" +#define NID_camellia_128_ctr 963 +#define OBJ_camellia_128_ctr OBJ_camellia,9L + +#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" +#define LN_camellia_128_cmac "camellia-128-cmac" +#define NID_camellia_128_cmac 964 +#define OBJ_camellia_128_cmac OBJ_camellia,10L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_192_gcm "CAMELLIA-192-GCM" +#define LN_camellia_192_gcm "camellia-192-gcm" +#define NID_camellia_192_gcm 965 +#define OBJ_camellia_192_gcm OBJ_camellia,26L + +#define SN_camellia_192_ccm "CAMELLIA-192-CCM" +#define LN_camellia_192_ccm "camellia-192-ccm" +#define NID_camellia_192_ccm 966 +#define OBJ_camellia_192_ccm OBJ_camellia,27L + +#define SN_camellia_192_ctr "CAMELLIA-192-CTR" +#define LN_camellia_192_ctr "camellia-192-ctr" +#define NID_camellia_192_ctr 967 +#define OBJ_camellia_192_ctr OBJ_camellia,29L + +#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" +#define LN_camellia_192_cmac "camellia-192-cmac" +#define NID_camellia_192_cmac 968 +#define OBJ_camellia_192_cmac OBJ_camellia,30L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_256_gcm "CAMELLIA-256-GCM" +#define LN_camellia_256_gcm "camellia-256-gcm" +#define NID_camellia_256_gcm 969 +#define OBJ_camellia_256_gcm OBJ_camellia,46L + +#define SN_camellia_256_ccm "CAMELLIA-256-CCM" +#define LN_camellia_256_ccm "camellia-256-ccm" +#define NID_camellia_256_ccm 970 +#define OBJ_camellia_256_ccm OBJ_camellia,47L + +#define SN_camellia_256_ctr "CAMELLIA-256-CTR" +#define LN_camellia_256_ctr "camellia-256-ctr" +#define NID_camellia_256_ctr 971 +#define OBJ_camellia_256_ctr OBJ_camellia,49L + +#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" +#define LN_camellia_256_cmac "camellia-256-cmac" +#define NID_camellia_256_cmac 972 +#define OBJ_camellia_256_cmac OBJ_camellia,50L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define OBJ_aria 1L,2L,410L,200046L,1L,1L + +#define SN_aria_128_ecb "ARIA-128-ECB" +#define LN_aria_128_ecb "aria-128-ecb" +#define NID_aria_128_ecb 1065 +#define OBJ_aria_128_ecb OBJ_aria,1L + +#define SN_aria_128_cbc "ARIA-128-CBC" +#define LN_aria_128_cbc "aria-128-cbc" +#define NID_aria_128_cbc 1066 +#define OBJ_aria_128_cbc OBJ_aria,2L + +#define SN_aria_128_cfb128 "ARIA-128-CFB" +#define LN_aria_128_cfb128 "aria-128-cfb" +#define NID_aria_128_cfb128 1067 +#define OBJ_aria_128_cfb128 OBJ_aria,3L + +#define SN_aria_128_ofb128 "ARIA-128-OFB" +#define LN_aria_128_ofb128 "aria-128-ofb" +#define NID_aria_128_ofb128 1068 +#define OBJ_aria_128_ofb128 OBJ_aria,4L + +#define SN_aria_128_ctr "ARIA-128-CTR" +#define LN_aria_128_ctr "aria-128-ctr" +#define NID_aria_128_ctr 1069 +#define OBJ_aria_128_ctr OBJ_aria,5L + +#define SN_aria_192_ecb "ARIA-192-ECB" +#define LN_aria_192_ecb "aria-192-ecb" +#define NID_aria_192_ecb 1070 +#define OBJ_aria_192_ecb OBJ_aria,6L + +#define SN_aria_192_cbc "ARIA-192-CBC" +#define LN_aria_192_cbc "aria-192-cbc" +#define NID_aria_192_cbc 1071 +#define OBJ_aria_192_cbc OBJ_aria,7L + +#define SN_aria_192_cfb128 "ARIA-192-CFB" +#define LN_aria_192_cfb128 "aria-192-cfb" +#define NID_aria_192_cfb128 1072 +#define OBJ_aria_192_cfb128 OBJ_aria,8L + +#define SN_aria_192_ofb128 "ARIA-192-OFB" +#define LN_aria_192_ofb128 "aria-192-ofb" +#define NID_aria_192_ofb128 1073 +#define OBJ_aria_192_ofb128 OBJ_aria,9L + +#define SN_aria_192_ctr "ARIA-192-CTR" +#define LN_aria_192_ctr "aria-192-ctr" +#define NID_aria_192_ctr 1074 +#define OBJ_aria_192_ctr OBJ_aria,10L + +#define SN_aria_256_ecb "ARIA-256-ECB" +#define LN_aria_256_ecb "aria-256-ecb" +#define NID_aria_256_ecb 1075 +#define OBJ_aria_256_ecb OBJ_aria,11L + +#define SN_aria_256_cbc "ARIA-256-CBC" +#define LN_aria_256_cbc "aria-256-cbc" +#define NID_aria_256_cbc 1076 +#define OBJ_aria_256_cbc OBJ_aria,12L + +#define SN_aria_256_cfb128 "ARIA-256-CFB" +#define LN_aria_256_cfb128 "aria-256-cfb" +#define NID_aria_256_cfb128 1077 +#define OBJ_aria_256_cfb128 OBJ_aria,13L + +#define SN_aria_256_ofb128 "ARIA-256-OFB" +#define LN_aria_256_ofb128 "aria-256-ofb" +#define NID_aria_256_ofb128 1078 +#define OBJ_aria_256_ofb128 OBJ_aria,14L + +#define SN_aria_256_ctr "ARIA-256-CTR" +#define LN_aria_256_ctr "aria-256-ctr" +#define NID_aria_256_ctr 1079 +#define OBJ_aria_256_ctr OBJ_aria,15L + +#define SN_aria_128_cfb1 "ARIA-128-CFB1" +#define LN_aria_128_cfb1 "aria-128-cfb1" +#define NID_aria_128_cfb1 1080 + +#define SN_aria_192_cfb1 "ARIA-192-CFB1" +#define LN_aria_192_cfb1 "aria-192-cfb1" +#define NID_aria_192_cfb1 1081 + +#define SN_aria_256_cfb1 "ARIA-256-CFB1" +#define LN_aria_256_cfb1 "aria-256-cfb1" +#define NID_aria_256_cfb1 1082 + +#define SN_aria_128_cfb8 "ARIA-128-CFB8" +#define LN_aria_128_cfb8 "aria-128-cfb8" +#define NID_aria_128_cfb8 1083 + +#define SN_aria_192_cfb8 "ARIA-192-CFB8" +#define LN_aria_192_cfb8 "aria-192-cfb8" +#define NID_aria_192_cfb8 1084 + +#define SN_aria_256_cfb8 "ARIA-256-CFB8" +#define LN_aria_256_cfb8 "aria-256-cfb8" +#define NID_aria_256_cfb8 1085 + +#define SN_aria_128_ccm "ARIA-128-CCM" +#define LN_aria_128_ccm "aria-128-ccm" +#define NID_aria_128_ccm 1120 +#define OBJ_aria_128_ccm OBJ_aria,37L + +#define SN_aria_192_ccm "ARIA-192-CCM" +#define LN_aria_192_ccm "aria-192-ccm" +#define NID_aria_192_ccm 1121 +#define OBJ_aria_192_ccm OBJ_aria,38L + +#define SN_aria_256_ccm "ARIA-256-CCM" +#define LN_aria_256_ccm "aria-256-ccm" +#define NID_aria_256_ccm 1122 +#define OBJ_aria_256_ccm OBJ_aria,39L + +#define SN_aria_128_gcm "ARIA-128-GCM" +#define LN_aria_128_gcm "aria-128-gcm" +#define NID_aria_128_gcm 1123 +#define OBJ_aria_128_gcm OBJ_aria,34L + +#define SN_aria_192_gcm "ARIA-192-GCM" +#define LN_aria_192_gcm "aria-192-gcm" +#define NID_aria_192_gcm 1124 +#define OBJ_aria_192_gcm OBJ_aria,35L + +#define SN_aria_256_gcm "ARIA-256-GCM" +#define LN_aria_256_gcm "aria-256-gcm" +#define NID_aria_256_gcm 1125 +#define OBJ_aria_256_gcm OBJ_aria,36L + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_sm4_ecb "SM4-ECB" +#define LN_sm4_ecb "sm4-ecb" +#define NID_sm4_ecb 1133 +#define OBJ_sm4_ecb OBJ_sm_scheme,104L,1L + +#define SN_sm4_cbc "SM4-CBC" +#define LN_sm4_cbc "sm4-cbc" +#define NID_sm4_cbc 1134 +#define OBJ_sm4_cbc OBJ_sm_scheme,104L,2L + +#define SN_sm4_ofb128 "SM4-OFB" +#define LN_sm4_ofb128 "sm4-ofb" +#define NID_sm4_ofb128 1135 +#define OBJ_sm4_ofb128 OBJ_sm_scheme,104L,3L + +#define SN_sm4_cfb128 "SM4-CFB" +#define LN_sm4_cfb128 "sm4-cfb" +#define NID_sm4_cfb128 1137 +#define OBJ_sm4_cfb128 OBJ_sm_scheme,104L,4L + +#define SN_sm4_cfb1 "SM4-CFB1" +#define LN_sm4_cfb1 "sm4-cfb1" +#define NID_sm4_cfb1 1136 +#define OBJ_sm4_cfb1 OBJ_sm_scheme,104L,5L + +#define SN_sm4_cfb8 "SM4-CFB8" +#define LN_sm4_cfb8 "sm4-cfb8" +#define NID_sm4_cfb8 1138 +#define OBJ_sm4_cfb8 OBJ_sm_scheme,104L,6L + +#define SN_sm4_ctr "SM4-CTR" +#define LN_sm4_ctr "sm4-ctr" +#define NID_sm4_ctr 1139 +#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + +#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" +#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" +#define NID_aes_128_cbc_hmac_sha256 948 + +#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" +#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" +#define NID_aes_192_cbc_hmac_sha256 949 + +#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" +#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" +#define NID_aes_256_cbc_hmac_sha256 950 + +#define SN_chacha20_poly1305 "ChaCha20-Poly1305" +#define LN_chacha20_poly1305 "chacha20-poly1305" +#define NID_chacha20_poly1305 1018 + +#define SN_chacha20 "ChaCha20" +#define LN_chacha20 "chacha20" +#define NID_chacha20 1019 + +#define SN_dhpublicnumber "dhpublicnumber" +#define LN_dhpublicnumber "X9.42 DH" +#define NID_dhpublicnumber 920 +#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L + +#define SN_brainpoolP160r1 "brainpoolP160r1" +#define NID_brainpoolP160r1 921 +#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L + +#define SN_brainpoolP160t1 "brainpoolP160t1" +#define NID_brainpoolP160t1 922 +#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L + +#define SN_brainpoolP192r1 "brainpoolP192r1" +#define NID_brainpoolP192r1 923 +#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L + +#define SN_brainpoolP192t1 "brainpoolP192t1" +#define NID_brainpoolP192t1 924 +#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L + +#define SN_brainpoolP224r1 "brainpoolP224r1" +#define NID_brainpoolP224r1 925 +#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L + +#define SN_brainpoolP224t1 "brainpoolP224t1" +#define NID_brainpoolP224t1 926 +#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L + +#define SN_brainpoolP256r1 "brainpoolP256r1" +#define NID_brainpoolP256r1 927 +#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L + +#define SN_brainpoolP256t1 "brainpoolP256t1" +#define NID_brainpoolP256t1 928 +#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L + +#define SN_brainpoolP320r1 "brainpoolP320r1" +#define NID_brainpoolP320r1 929 +#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L + +#define SN_brainpoolP320t1 "brainpoolP320t1" +#define NID_brainpoolP320t1 930 +#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L + +#define SN_brainpoolP384r1 "brainpoolP384r1" +#define NID_brainpoolP384r1 931 +#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L + +#define SN_brainpoolP384t1 "brainpoolP384t1" +#define NID_brainpoolP384t1 932 +#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L + +#define SN_brainpoolP512r1 "brainpoolP512r1" +#define NID_brainpoolP512r1 933 +#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L + +#define SN_brainpoolP512t1 "brainpoolP512t1" +#define NID_brainpoolP512t1 934 +#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L + +#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L + +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L + +#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L + +#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L + +#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L + +#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L + +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L + +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L + +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L + +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L + +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L + +#define SN_dh_std_kdf "dh-std-kdf" +#define NID_dh_std_kdf 946 + +#define SN_dh_cofactor_kdf "dh-cofactor-kdf" +#define NID_dh_cofactor_kdf 947 + +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 951 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 952 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 953 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 954 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_jurisdictionLocalityName "jurisdictionL" +#define LN_jurisdictionLocalityName "jurisdictionLocalityName" +#define NID_jurisdictionLocalityName 955 +#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L + +#define SN_jurisdictionStateOrProvinceName "jurisdictionST" +#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define NID_jurisdictionStateOrProvinceName 956 +#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L + +#define SN_jurisdictionCountryName "jurisdictionC" +#define LN_jurisdictionCountryName "jurisdictionCountryName" +#define NID_jurisdictionCountryName 957 +#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L + +#define SN_id_scrypt "id-scrypt" +#define LN_id_scrypt "scrypt" +#define NID_id_scrypt 973 +#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L + +#define SN_tls1_prf "TLS1-PRF" +#define LN_tls1_prf "tls1-prf" +#define NID_tls1_prf 1021 + +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1036 + +#define SN_id_pkinit "id-pkinit" +#define NID_id_pkinit 1031 +#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L + +#define SN_pkInitClientAuth "pkInitClientAuth" +#define LN_pkInitClientAuth "PKINIT Client Auth" +#define NID_pkInitClientAuth 1032 +#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L + +#define SN_pkInitKDC "pkInitKDC" +#define LN_pkInitKDC "Signing KDC Response" +#define NID_pkInitKDC 1033 +#define OBJ_pkInitKDC OBJ_id_pkinit,5L + +#define SN_X25519 "X25519" +#define NID_X25519 1034 +#define OBJ_X25519 1L,3L,101L,110L + +#define SN_X448 "X448" +#define NID_X448 1035 +#define OBJ_X448 1L,3L,101L,111L + +#define SN_ED25519 "ED25519" +#define NID_ED25519 1087 +#define OBJ_ED25519 1L,3L,101L,112L + +#define SN_ED448 "ED448" +#define NID_ED448 1088 +#define OBJ_ED448 1L,3L,101L,113L + +#define SN_kx_rsa "KxRSA" +#define LN_kx_rsa "kx-rsa" +#define NID_kx_rsa 1037 + +#define SN_kx_ecdhe "KxECDHE" +#define LN_kx_ecdhe "kx-ecdhe" +#define NID_kx_ecdhe 1038 + +#define SN_kx_dhe "KxDHE" +#define LN_kx_dhe "kx-dhe" +#define NID_kx_dhe 1039 + +#define SN_kx_ecdhe_psk "KxECDHE-PSK" +#define LN_kx_ecdhe_psk "kx-ecdhe-psk" +#define NID_kx_ecdhe_psk 1040 + +#define SN_kx_dhe_psk "KxDHE-PSK" +#define LN_kx_dhe_psk "kx-dhe-psk" +#define NID_kx_dhe_psk 1041 + +#define SN_kx_rsa_psk "KxRSA_PSK" +#define LN_kx_rsa_psk "kx-rsa-psk" +#define NID_kx_rsa_psk 1042 + +#define SN_kx_psk "KxPSK" +#define LN_kx_psk "kx-psk" +#define NID_kx_psk 1043 + +#define SN_kx_srp "KxSRP" +#define LN_kx_srp "kx-srp" +#define NID_kx_srp 1044 + +#define SN_kx_gost "KxGOST" +#define LN_kx_gost "kx-gost" +#define NID_kx_gost 1045 + +#define SN_kx_any "KxANY" +#define LN_kx_any "kx-any" +#define NID_kx_any 1063 + +#define SN_auth_rsa "AuthRSA" +#define LN_auth_rsa "auth-rsa" +#define NID_auth_rsa 1046 + +#define SN_auth_ecdsa "AuthECDSA" +#define LN_auth_ecdsa "auth-ecdsa" +#define NID_auth_ecdsa 1047 + +#define SN_auth_psk "AuthPSK" +#define LN_auth_psk "auth-psk" +#define NID_auth_psk 1048 + +#define SN_auth_dss "AuthDSS" +#define LN_auth_dss "auth-dss" +#define NID_auth_dss 1049 + +#define SN_auth_gost01 "AuthGOST01" +#define LN_auth_gost01 "auth-gost01" +#define NID_auth_gost01 1050 + +#define SN_auth_gost12 "AuthGOST12" +#define LN_auth_gost12 "auth-gost12" +#define NID_auth_gost12 1051 + +#define SN_auth_srp "AuthSRP" +#define LN_auth_srp "auth-srp" +#define NID_auth_srp 1052 + +#define SN_auth_null "AuthNULL" +#define LN_auth_null "auth-null" +#define NID_auth_null 1053 + +#define SN_auth_any "AuthANY" +#define LN_auth_any "auth-any" +#define NID_auth_any 1064 + +#define SN_poly1305 "Poly1305" +#define LN_poly1305 "poly1305" +#define NID_poly1305 1061 + +#define SN_siphash "SipHash" +#define LN_siphash "siphash" +#define NID_siphash 1062 + +#define SN_ffdhe2048 "ffdhe2048" +#define NID_ffdhe2048 1126 + +#define SN_ffdhe3072 "ffdhe3072" +#define NID_ffdhe3072 1127 + +#define SN_ffdhe4096 "ffdhe4096" +#define NID_ffdhe4096 1128 + +#define SN_ffdhe6144 "ffdhe6144" +#define NID_ffdhe6144 1129 + +#define SN_ffdhe8192 "ffdhe8192" +#define NID_ffdhe8192 1130 + +#define SN_ISO_UA "ISO-UA" +#define NID_ISO_UA 1150 +#define OBJ_ISO_UA OBJ_member_body,804L + +#define SN_ua_pki "ua-pki" +#define NID_ua_pki 1151 +#define OBJ_ua_pki OBJ_ISO_UA,2L,1L,1L,1L + +#define SN_dstu28147 "dstu28147" +#define LN_dstu28147 "DSTU Gost 28147-2009" +#define NID_dstu28147 1152 +#define OBJ_dstu28147 OBJ_ua_pki,1L,1L,1L + +#define SN_dstu28147_ofb "dstu28147-ofb" +#define LN_dstu28147_ofb "DSTU Gost 28147-2009 OFB mode" +#define NID_dstu28147_ofb 1153 +#define OBJ_dstu28147_ofb OBJ_dstu28147,2L + +#define SN_dstu28147_cfb "dstu28147-cfb" +#define LN_dstu28147_cfb "DSTU Gost 28147-2009 CFB mode" +#define NID_dstu28147_cfb 1154 +#define OBJ_dstu28147_cfb OBJ_dstu28147,3L + +#define SN_dstu28147_wrap "dstu28147-wrap" +#define LN_dstu28147_wrap "DSTU Gost 28147-2009 key wrap" +#define NID_dstu28147_wrap 1155 +#define OBJ_dstu28147_wrap OBJ_dstu28147,5L + +#define SN_hmacWithDstu34311 "hmacWithDstu34311" +#define LN_hmacWithDstu34311 "HMAC DSTU Gost 34311-95" +#define NID_hmacWithDstu34311 1156 +#define OBJ_hmacWithDstu34311 OBJ_ua_pki,1L,1L,2L + +#define SN_dstu34311 "dstu34311" +#define LN_dstu34311 "DSTU Gost 34311-95" +#define NID_dstu34311 1157 +#define OBJ_dstu34311 OBJ_ua_pki,1L,2L,1L + +#define SN_dstu4145le "dstu4145le" +#define LN_dstu4145le "DSTU 4145-2002 little endian" +#define NID_dstu4145le 1158 +#define OBJ_dstu4145le OBJ_ua_pki,1L,3L,1L,1L + +#define SN_dstu4145be "dstu4145be" +#define LN_dstu4145be "DSTU 4145-2002 big endian" +#define NID_dstu4145be 1159 +#define OBJ_dstu4145be OBJ_dstu4145le,1L,1L + +#define SN_uacurve0 "uacurve0" +#define LN_uacurve0 "DSTU curve 0" +#define NID_uacurve0 1160 +#define OBJ_uacurve0 OBJ_dstu4145le,2L,0L + +#define SN_uacurve1 "uacurve1" +#define LN_uacurve1 "DSTU curve 1" +#define NID_uacurve1 1161 +#define OBJ_uacurve1 OBJ_dstu4145le,2L,1L + +#define SN_uacurve2 "uacurve2" +#define LN_uacurve2 "DSTU curve 2" +#define NID_uacurve2 1162 +#define OBJ_uacurve2 OBJ_dstu4145le,2L,2L + +#define SN_uacurve3 "uacurve3" +#define LN_uacurve3 "DSTU curve 3" +#define NID_uacurve3 1163 +#define OBJ_uacurve3 OBJ_dstu4145le,2L,3L + +#define SN_uacurve4 "uacurve4" +#define LN_uacurve4 "DSTU curve 4" +#define NID_uacurve4 1164 +#define OBJ_uacurve4 OBJ_dstu4145le,2L,4L + +#define SN_uacurve5 "uacurve5" +#define LN_uacurve5 "DSTU curve 5" +#define NID_uacurve5 1165 +#define OBJ_uacurve5 OBJ_dstu4145le,2L,5L + +#define SN_uacurve6 "uacurve6" +#define LN_uacurve6 "DSTU curve 6" +#define NID_uacurve6 1166 +#define OBJ_uacurve6 OBJ_dstu4145le,2L,6L + +#define SN_uacurve7 "uacurve7" +#define LN_uacurve7 "DSTU curve 7" +#define NID_uacurve7 1167 +#define OBJ_uacurve7 OBJ_dstu4145le,2L,7L + +#define SN_uacurve8 "uacurve8" +#define LN_uacurve8 "DSTU curve 8" +#define NID_uacurve8 1168 +#define OBJ_uacurve8 OBJ_dstu4145le,2L,8L + +#define SN_uacurve9 "uacurve9" +#define LN_uacurve9 "DSTU curve 9" +#define NID_uacurve9 1169 +#define OBJ_uacurve9 OBJ_dstu4145le,2L,9L diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/objects.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/objects.h new file mode 100644 index 00000000..5e8b5762 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/objects.h @@ -0,0 +1,175 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OBJECTS_H +# define HEADER_OBJECTS_H + +# include +# include +# include +# include + +# define OBJ_NAME_TYPE_UNDEF 0x00 +# define OBJ_NAME_TYPE_MD_METH 0x01 +# define OBJ_NAME_TYPE_CIPHER_METH 0x02 +# define OBJ_NAME_TYPE_PKEY_METH 0x03 +# define OBJ_NAME_TYPE_COMP_METH 0x04 +# define OBJ_NAME_TYPE_NUM 0x05 + +# define OBJ_NAME_ALIAS 0x8000 + +# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct obj_name_st { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; + +# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) + +int OBJ_NAME_init(void); +int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + int (*cmp_func) (const char *, const char *), + void (*free_func) (const char *, int, const char *)); +const char *OBJ_NAME_get(const char *name, int type); +int OBJ_NAME_add(const char *name, int type, const char *data); +int OBJ_NAME_remove(const char *name, int type); +void OBJ_NAME_cleanup(int type); /* -1 for everything */ +void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type, + void (*fn) (const OBJ_NAME *, void *arg), + void *arg); + +ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_nid2obj(int n); +const char *OBJ_nid2ln(int n); +const char *OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_txt2nid(const char *s); +int OBJ_ln2nid(const char *s); +int OBJ_sn2nid(const char *s); +int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp) (const void *, const void *)); +const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, + int size, + int (*cmp) (const void *, const void *), + int flags); + +# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/*- + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignment discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, declare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) + +int OBJ_new_nid(int num); +int OBJ_add_object(const ASN1_OBJECT *obj); +int OBJ_create(const char *oid, const char *sn, const char *ln); +#if OPENSSL_API_COMPAT < 0x10100000L +# define OBJ_cleanup() while(0) continue +#endif +int OBJ_create_objects(BIO *in); + +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/objectserr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/objectserr.h new file mode 100644 index 00000000..02e166f1 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/objectserr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OBJERR_H +# define HEADER_OBJERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OBJ_strings(void); + +/* + * OBJ function codes. + */ +# define OBJ_F_OBJ_ADD_OBJECT 105 +# define OBJ_F_OBJ_ADD_SIGID 107 +# define OBJ_F_OBJ_CREATE 100 +# define OBJ_F_OBJ_DUP 101 +# define OBJ_F_OBJ_NAME_NEW_INDEX 106 +# define OBJ_F_OBJ_NID2LN 102 +# define OBJ_F_OBJ_NID2OBJ 103 +# define OBJ_F_OBJ_NID2SN 104 +# define OBJ_F_OBJ_TXT2OBJ 108 + +/* + * OBJ reason codes. + */ +# define OBJ_R_OID_EXISTS 102 +# define OBJ_R_UNKNOWN_NID 101 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ocsp.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ocsp.h new file mode 100644 index 00000000..8582fe1e --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ocsp.h @@ -0,0 +1,352 @@ +/* + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OCSP_H +# define HEADER_OCSP_H + +#include + +/* + * These definitions are outside the OPENSSL_NO_OCSP guard because although for + * historical reasons they have OCSP_* names, they can actually be used + * independently of OCSP. E.g. see RFC5280 + */ +/*- + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * removeFromCRL (8) } + */ +# define OCSP_REVOKED_STATUS_NOSTATUS -1 +# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +# define OCSP_REVOKED_STATUS_SUPERSEDED 4 +# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 + + +# ifndef OPENSSL_NO_OCSP + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Various flags and values */ + +# define OCSP_DEFAULT_NONCE_LENGTH 16 + +# define OCSP_NOCERTS 0x1 +# define OCSP_NOINTERN 0x2 +# define OCSP_NOSIGS 0x4 +# define OCSP_NOCHAIN 0x8 +# define OCSP_NOVERIFY 0x10 +# define OCSP_NOEXPLICIT 0x20 +# define OCSP_NOCASIGN 0x40 +# define OCSP_NODELEGATED 0x80 +# define OCSP_NOCHECKS 0x100 +# define OCSP_TRUSTOTHER 0x200 +# define OCSP_RESPID_KEY 0x400 +# define OCSP_NOTIME 0x800 + +typedef struct ocsp_cert_id_st OCSP_CERTID; + +DEFINE_STACK_OF(OCSP_CERTID) + +typedef struct ocsp_one_request_st OCSP_ONEREQ; + +DEFINE_STACK_OF(OCSP_ONEREQ) + +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + +# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +# define OCSP_RESPONSE_STATUS_TRYLATER 3 +# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + +# define V_OCSP_RESPID_NAME 0 +# define V_OCSP_RESPID_KEY 1 + +DEFINE_STACK_OF(OCSP_RESPID) + +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; + +# define V_OCSP_CERTSTATUS_GOOD 0 +# define V_OCSP_CERTSTATUS_REVOKED 1 +# define V_OCSP_CERTSTATUS_UNKNOWN 2 + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; + +DEFINE_STACK_OF(OCSP_SINGLERESP) + +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; + +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; + +# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) + +# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ + bp,(char **)(x),cb,NULL) + +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ + bp,(char **)(x),cb,NULL) + +# define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +# define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +# define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ + (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + +OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, + ASN1_VALUE *val); +int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval, + const ASN1_ITEM *it); +BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path); +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, + const X509 *issuer); + +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, + const ASN1_INTEGER *serialNumber); + +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + +int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +int OCSP_request_sign(OCSP_REQUEST *req, + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +int OCSP_response_status(OCSP_RESPONSE *resp); +OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + +int OCSP_resp_count(OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); + +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + int *pssl); + +int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); +OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); + +X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); + +X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); + +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls); + +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, + int *idx); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); + +DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) +DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) +DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) +DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) +DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) +DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ocsperr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ocsperr.h new file mode 100644 index 00000000..8dd9e01a --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ocsperr.h @@ -0,0 +1,78 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OCSPERR_H +# define HEADER_OCSPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_OCSP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OCSP_strings(void); + +/* + * OCSP function codes. + */ +# define OCSP_F_D2I_OCSP_NONCE 102 +# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 +# define OCSP_F_OCSP_BASIC_SIGN 104 +# define OCSP_F_OCSP_BASIC_SIGN_CTX 119 +# define OCSP_F_OCSP_BASIC_VERIFY 105 +# define OCSP_F_OCSP_CERT_ID_NEW 101 +# define OCSP_F_OCSP_CHECK_DELEGATED 106 +# define OCSP_F_OCSP_CHECK_IDS 107 +# define OCSP_F_OCSP_CHECK_ISSUER 108 +# define OCSP_F_OCSP_CHECK_VALIDITY 115 +# define OCSP_F_OCSP_MATCH_ISSUERID 109 +# define OCSP_F_OCSP_PARSE_URL 114 +# define OCSP_F_OCSP_REQUEST_SIGN 110 +# define OCSP_F_OCSP_REQUEST_VERIFY 116 +# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 +# define OCSP_F_PARSE_HTTP_LINE1 118 + +/* + * OCSP reason codes. + */ +# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +# define OCSP_R_DIGEST_ERR 102 +# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +# define OCSP_R_ERROR_PARSING_URL 121 +# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +# define OCSP_R_NOT_BASIC_RESPONSE 104 +# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +# define OCSP_R_NO_RESPONSE_DATA 108 +# define OCSP_R_NO_REVOKED_TIME 109 +# define OCSP_R_NO_SIGNER_KEY 130 +# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +# define OCSP_R_REQUEST_NOT_SIGNED 128 +# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +# define OCSP_R_SERVER_RESPONSE_ERROR 114 +# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 +# define OCSP_R_SIGNATURE_FAILURE 117 +# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +# define OCSP_R_STATUS_EXPIRED 125 +# define OCSP_R_STATUS_NOT_YET_VALID 126 +# define OCSP_R_STATUS_TOO_OLD 127 +# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +# define OCSP_R_UNKNOWN_NID 120 +# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/opensslconf.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/opensslconf.h new file mode 100644 index 00000000..b58e8833 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/opensslconf.h @@ -0,0 +1,208 @@ +/* + * WARNING: do not edit! + * Generated by makefile from ..\include\openssl\opensslconf.h.in + * + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif + +/* + * OpenSSL was configured with the following options: + */ + +#ifndef OPENSSL_SYS_WIN32 +# define OPENSSL_SYS_WIN32 1 +#endif +#define OPENSSL_MIN_API 0x10100000L +#ifndef OPENSSL_NO_COMP +# define OPENSSL_NO_COMP +#endif +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_RAND_SEED_OS +# define OPENSSL_RAND_SEED_OS +#endif +#ifndef OPENSSL_NO_ASAN +# define OPENSSL_NO_ASAN +#endif +#ifndef OPENSSL_NO_ASM +# define OPENSSL_NO_ASM +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_NO_CRYPTO_MDEBUG +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +#endif +#ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +#endif +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif +#ifndef OPENSSL_NO_EGD +# define OPENSSL_NO_EGD +#endif +#ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +#endif +#ifndef OPENSSL_NO_FUZZ_AFL +# define OPENSSL_NO_FUZZ_AFL +#endif +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER +# define OPENSSL_NO_FUZZ_LIBFUZZER +#endif +#ifndef OPENSSL_NO_HEARTBEATS +# define OPENSSL_NO_HEARTBEATS +#endif +#ifndef OPENSSL_NO_MSAN +# define OPENSSL_NO_MSAN +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +#endif +#ifndef OPENSSL_NO_SSL3_METHOD +# define OPENSSL_NO_SSL3_METHOD +#endif +#ifndef OPENSSL_NO_UBSAN +# define OPENSSL_NO_UBSAN +#endif +#ifndef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI_CONSOLE +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif +#ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE +#endif +#ifndef OPENSSL_NO_AFALGENG +# define OPENSSL_NO_AFALGENG +#endif + + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . Otherwise, they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + +/* Generate 80386 code? */ +#undef I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#define OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +# define BN_LLONG +/* Only one for the following should be defined */ +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# define THIRTY_TWO_BIT +#endif + +#define RC4_INT unsigned int + +#ifdef __cplusplus +} +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/opensslv.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/opensslv.h new file mode 100644 index 00000000..704c819e --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/opensslv.h @@ -0,0 +1,101 @@ +/* + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OPENSSLV_H +# define HEADER_OPENSSLV_H + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * Numeric release version identifier: + * MNNFFPPS: major minor fix patch status + * The status nibble has one of the values 0 for development, 1 to e for betas + * 1 to 14, and f for release. The patch level is exactly that. + * For example: + * 0.9.3-dev 0x00903000 + * 0.9.3-beta1 0x00903001 + * 0.9.3-beta2-dev 0x00903002 + * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) + * 0.9.3 0x0090300f + * 0.9.3a 0x0090301f + * 0.9.4 0x0090400f + * 1.2.3z 0x102031af + * + * For continuity reasons (because 0.9.5 is already out, and is coded + * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level + * part is slightly different, by setting the highest bit. This means + * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start + * with 0x0090600S... + * + * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +# define OPENSSL_VERSION_NUMBER 0x10101040L +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1d-dev xx XXX xxxx" + +/*- + * The macros below are to be used for shared library (.so, .dll, ...) + * versioning. That kind of versioning works a bit differently between + * operating systems. The most usual scheme is to set a major and a minor + * number, and have the runtime loader check that the major number is equal + * to what it was at application link time, while the minor number has to + * be greater or equal to what it was at application link time. With this + * scheme, the version number is usually part of the file name, like this: + * + * libcrypto.so.0.9 + * + * Some unixen also make a softlink with the major version number only: + * + * libcrypto.so.0 + * + * On Tru64 and IRIX 6.x it works a little bit differently. There, the + * shared library version is stored in the file, and is actually a series + * of versions, separated by colons. The rightmost version present in the + * library when linking an application is stored in the application to be + * matched at run time. When the application is run, a check is done to + * see if the library version stored in the application matches any of the + * versions in the version string of the library itself. + * This version string can be constructed in any way, depending on what + * kind of matching is desired. However, to implement the same scheme as + * the one used in the other unixen, all compatible versions, from lowest + * to highest, should be part of the string. Consecutive builds would + * give the following versions strings: + * + * 3.0 + * 3.0:3.1 + * 3.0:3.1:3.2 + * 4.0 + * 4.0:4.1 + * + * Notice how version 4 is completely incompatible with version, and + * therefore give the breach you can see. + * + * There may be other schemes as well that I haven't yet discovered. + * + * So, here's the way it works here: first of all, the library version + * number doesn't need at all to match the overall OpenSSL version. + * However, it's nice and more understandable if it actually does. + * The current library version is stored in the macro SHLIB_VERSION_NUMBER, + * which is just a piece of text in the format "M.m.e" (Major, minor, edit). + * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways, + * we need to keep a history of version numbers, which is done in the + * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and + * should only keep the versions that are binary compatible with the current. + */ +# define SHLIB_VERSION_HISTORY "" +# define SHLIB_VERSION_NUMBER "1.1" + + +#ifdef __cplusplus +} +#endif +#endif /* HEADER_OPENSSLV_H */ diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ossl_typ.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ossl_typ.h new file mode 100644 index 00000000..7993ca28 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ossl_typ.h @@ -0,0 +1,196 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OPENSSL_TYPES_H +# define HEADER_OPENSSL_TYPES_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +# ifdef NO_ASN1_TYPEDEFS +# define ASN1_INTEGER ASN1_STRING +# define ASN1_ENUMERATED ASN1_STRING +# define ASN1_BIT_STRING ASN1_STRING +# define ASN1_OCTET_STRING ASN1_STRING +# define ASN1_PRINTABLESTRING ASN1_STRING +# define ASN1_T61STRING ASN1_STRING +# define ASN1_IA5STRING ASN1_STRING +# define ASN1_UTCTIME ASN1_STRING +# define ASN1_GENERALIZEDTIME ASN1_STRING +# define ASN1_TIME ASN1_STRING +# define ASN1_GENERALSTRING ASN1_STRING +# define ASN1_UNIVERSALSTRING ASN1_STRING +# define ASN1_BMPSTRING ASN1_STRING +# define ASN1_VISIBLESTRING ASN1_STRING +# define ASN1_UTF8STRING ASN1_STRING +# define ASN1_BOOLEAN int +# define ASN1_NULL int +# else +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; +typedef int ASN1_BOOLEAN; +typedef int ASN1_NULL; +# endif + +typedef struct asn1_object_st ASN1_OBJECT; + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; +typedef struct asn1_sctx_st ASN1_SCTX; + +# ifdef _WIN32 +# undef X509_NAME +# undef X509_EXTENSIONS +# undef PKCS7_ISSUER_AND_SERIAL +# undef PKCS7_SIGNER_INFO +# undef OCSP_REQUEST +# undef OCSP_RESPONSE +# endif + +# ifdef BIGNUM +# undef BIGNUM +# endif +struct dane_st; +typedef struct bio_st BIO; +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; + +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct evp_md_st EVP_MD; +typedef struct evp_md_ctx_st EVP_MD_CTX; +typedef struct evp_pkey_st EVP_PKEY; + +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; + +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; + +typedef struct rand_meth_st RAND_METHOD; +typedef struct rand_drbg_st RAND_DRBG; + +typedef struct ssl_dane_st SSL_DANE; +typedef struct x509_st X509; +typedef struct X509_algor_st X509_ALGOR; +typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; +typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; +typedef struct x509_store_st X509_STORE; +typedef struct x509_store_ctx_st X509_STORE_CTX; + +typedef struct x509_object_st X509_OBJECT; +typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + +typedef struct x509_sig_info_st X509_SIG_INFO; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; +typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + +typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + +typedef struct ossl_store_info_st OSSL_STORE_INFO; +typedef struct ossl_store_search_st OSSL_STORE_SEARCH; + +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) +typedef intmax_t ossl_intmax_t; +typedef uintmax_t ossl_uintmax_t; +#else +/* + * Not long long, because the C-library can only be expected to provide + * strtoll(), strtoull() at the same time as intmax_t and strtoimax(), + * strtoumax(). Since we use these for parsing arguments, we need the + * conversion functions, not just the sizes. + */ +typedef long ossl_intmax_t; +typedef unsigned long ossl_uintmax_t; +#endif + +#ifdef __cplusplus +} +#endif +#endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/pem.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/pem.h new file mode 100644 index 00000000..2ef5b5d0 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/pem.h @@ -0,0 +1,378 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEM_H +# define HEADER_PEM_H + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PEM_BUFSIZE 1024 + +# define PEM_STRING_X509_OLD "X509 CERTIFICATE" +# define PEM_STRING_X509 "CERTIFICATE" +# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +# define PEM_STRING_X509_CRL "X509 CRL" +# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +# define PEM_STRING_PUBLIC "PUBLIC KEY" +# define PEM_STRING_RSA "RSA PRIVATE KEY" +# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +# define PEM_STRING_DSA "DSA PRIVATE KEY" +# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +# define PEM_STRING_PKCS7 "PKCS7" +# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +# define PEM_STRING_PKCS8INF "PRIVATE KEY" +# define PEM_STRING_DHPARAMS "DH PARAMETERS" +# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" +# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +# define PEM_STRING_PARAMETERS "PARAMETERS" +# define PEM_STRING_CMS "CMS" + +# define PEM_TYPE_ENCRYPTED 10 +# define PEM_TYPE_MIC_ONLY 20 +# define PEM_TYPE_MIC_CLEAR 30 +# define PEM_TYPE_CLEAR 40 + +/* + * These macros make the PEM_read/PEM_write functions easier to maintain and + * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or + * IMPLEMENT_PEM_rw_cb(...) + */ + +# ifdef OPENSSL_NO_STDIO + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ +# else + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ +type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, const type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# endif + +# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ +type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) + +/* These are the same except they are for the declarations */ + +# if defined(OPENSSL_NO_STDIO) + +# define DECLARE_PEM_read_fp(name, type) /**/ +# define DECLARE_PEM_write_fp(name, type) /**/ +# define DECLARE_PEM_write_fp_const(name, type) /**/ +# define DECLARE_PEM_write_cb_fp(name, type) /**/ +# else + +# define DECLARE_PEM_read_fp(name, type) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x); + +# define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + +# define DECLARE_PEM_write_cb_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# endif + +# define DECLARE_PEM_read_bio(name, type) \ + type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x); + +# define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + +# define DECLARE_PEM_write_cb_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) +# define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) +# define DECLARE_PEM_write_cb(name, type) \ + DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_fp(name, type) +# define DECLARE_PEM_read(name, type) \ + DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_fp(name, type) +# define DECLARE_PEM_rw(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write(name, type) +# define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) +# define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) +typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); + +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); + +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +# define PEM_FLAG_SECURE 0x1 +# define PEM_FLAG_EAY_COMPATIBLE 0x2 +# define PEM_FLAG_ONLY_B64 0x4 +int PEM_read_bio_ex(BIO *bp, char **name, char **header, + unsigned char **data, long *len, unsigned int flags); +int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cd, void *u); + +#ifndef OPENSSL_NO_STDIO +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u); +STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +#endif + +int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, const char *type, int len, char *str); + +# include + +DECLARE_PEM_rw(X509, X509) +DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_CRL, X509_CRL) +DECLARE_PEM_rw(PKCS7, PKCS7) +DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) +DECLARE_PEM_rw(PKCS8, X509_SIG) +DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +# ifndef OPENSSL_NO_RSA +DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) +# endif +# ifndef OPENSSL_NO_DSA +DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) +# endif +# ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +# endif +# ifndef OPENSSL_NO_DH +DECLARE_PEM_rw_const(DHparams, DH) +DECLARE_PEM_write_const(DHxparams, DH) +# endif +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, + char *, int, pem_password_cb *, void *); +int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); + +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cd, + void *u); +# endif +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + +# ifndef OPENSSL_NO_DSA +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +# ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +# endif +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/pem2.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/pem2.h new file mode 100644 index 00000000..038fe790 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/pem2.h @@ -0,0 +1,13 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEM2_H +# define HEADER_PEM2_H +# include +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/pemerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/pemerr.h new file mode 100644 index 00000000..0c45918f --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/pemerr.h @@ -0,0 +1,103 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEMERR_H +# define HEADER_PEMERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PEM_strings(void); + +/* + * PEM function codes. + */ +# define PEM_F_B2I_DSS 127 +# define PEM_F_B2I_PVK_BIO 128 +# define PEM_F_B2I_RSA 129 +# define PEM_F_CHECK_BITLEN_DSA 130 +# define PEM_F_CHECK_BITLEN_RSA 131 +# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 +# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +# define PEM_F_DO_B2I 132 +# define PEM_F_DO_B2I_BIO 133 +# define PEM_F_DO_BLOB_HEADER 134 +# define PEM_F_DO_I2B 146 +# define PEM_F_DO_PK8PKEY 126 +# define PEM_F_DO_PK8PKEY_FP 125 +# define PEM_F_DO_PVK_BODY 135 +# define PEM_F_DO_PVK_HEADER 136 +# define PEM_F_GET_HEADER_AND_DATA 143 +# define PEM_F_GET_NAME 144 +# define PEM_F_I2B_PVK 137 +# define PEM_F_I2B_PVK_BIO 138 +# define PEM_F_LOAD_IV 101 +# define PEM_F_PEM_ASN1_READ 102 +# define PEM_F_PEM_ASN1_READ_BIO 103 +# define PEM_F_PEM_ASN1_WRITE 104 +# define PEM_F_PEM_ASN1_WRITE_BIO 105 +# define PEM_F_PEM_DEF_CALLBACK 100 +# define PEM_F_PEM_DO_HEADER 106 +# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +# define PEM_F_PEM_READ 108 +# define PEM_F_PEM_READ_BIO 109 +# define PEM_F_PEM_READ_BIO_DHPARAMS 141 +# define PEM_F_PEM_READ_BIO_EX 145 +# define PEM_F_PEM_READ_BIO_PARAMETERS 140 +# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +# define PEM_F_PEM_READ_DHPARAMS 142 +# define PEM_F_PEM_READ_PRIVATEKEY 124 +# define PEM_F_PEM_SIGNFINAL 112 +# define PEM_F_PEM_WRITE 113 +# define PEM_F_PEM_WRITE_BIO 114 +# define PEM_F_PEM_WRITE_PRIVATEKEY 139 +# define PEM_F_PEM_X509_INFO_READ 115 +# define PEM_F_PEM_X509_INFO_READ_BIO 116 +# define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* + * PEM reason codes. + */ +# define PEM_R_BAD_BASE64_DECODE 100 +# define PEM_R_BAD_DECRYPT 101 +# define PEM_R_BAD_END_LINE 102 +# define PEM_R_BAD_IV_CHARS 103 +# define PEM_R_BAD_MAGIC_NUMBER 116 +# define PEM_R_BAD_PASSWORD_READ 104 +# define PEM_R_BAD_VERSION_NUMBER 117 +# define PEM_R_BIO_WRITE_FAILURE 118 +# define PEM_R_CIPHER_IS_NULL 127 +# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_HEADER_TOO_LONG 128 +# define PEM_R_INCONSISTENT_HEADER 121 +# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +# define PEM_R_KEYBLOB_TOO_SHORT 123 +# define PEM_R_MISSING_DEK_IV 129 +# define PEM_R_NOT_DEK_INFO 105 +# define PEM_R_NOT_ENCRYPTED 106 +# define PEM_R_NOT_PROC_TYPE 107 +# define PEM_R_NO_START_LINE 108 +# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +# define PEM_R_PVK_DATA_TOO_SHORT 124 +# define PEM_R_PVK_TOO_SHORT 125 +# define PEM_R_READ_KEY 111 +# define PEM_R_SHORT_HEADER 112 +# define PEM_R_UNEXPECTED_DEK_IV 130 +# define PEM_R_UNSUPPORTED_CIPHER 113 +# define PEM_R_UNSUPPORTED_ENCRYPTION 114 +# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs12.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs12.h new file mode 100644 index 00000000..3f43dad6 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs12.h @@ -0,0 +1,223 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS12_H +# define HEADER_PKCS12_H + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PKCS12_KEY_ID 1 +# define PKCS12_IV_ID 2 +# define PKCS12_MAC_ID 3 + +/* Default iteration count */ +# ifndef PKCS12_DEFAULT_ITER +# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +# endif + +# define PKCS12_MAC_KEY_LENGTH 20 + +# define PKCS12_SALT_LEN 8 + +/* It's not clear if these are actually needed... */ +# define PKCS12_key_gen PKCS12_key_gen_utf8 +# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 + +/* MS key usage constants */ + +# define KEY_EX 0x10 +# define KEY_SIG 0x80 + +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; + +DEFINE_STACK_OF(PKCS12_SAFEBAG) + +typedef struct pkcs12_bag_st PKCS12_BAGS; + +# define PKCS12_ERROR 0 +# define PKCS12_OK 1 + +/* Compatibility macros */ + +#if OPENSSL_API_COMPAT < 0x10100000L + +# define M_PKCS12_bag_type PKCS12_bag_type +# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type + +# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt + +#endif + +DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)) + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(const PKCS12 *p12); +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12); + +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * +PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf); + +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, + int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, + const char *pass, int passlen); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); + +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, + const unsigned char *name, int namelen); +int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, + int attr_nid); +char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +const STACK_OF(X509_ATTRIBUTE) * +PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); +PKCS12 *PKCS12_init(int mode); +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); +unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); + +DECLARE_ASN1_FUNCTIONS(PKCS12) +DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) + +DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) +DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + +void PKCS12_PBE_add(void); +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + +int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); +# endif +PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +# ifndef OPENSSL_NO_STDIO +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +# endif +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs12err.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs12err.h new file mode 100644 index 00000000..eff5eb26 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs12err.h @@ -0,0 +1,81 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS12ERR_H +# define HEADER_PKCS12ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS12_strings(void); + +/* + * PKCS12 function codes. + */ +# define PKCS12_F_OPENSSL_ASC2UNI 121 +# define PKCS12_F_OPENSSL_UNI2ASC 124 +# define PKCS12_F_OPENSSL_UNI2UTF8 127 +# define PKCS12_F_OPENSSL_UTF82UNI 129 +# define PKCS12_F_PKCS12_CREATE 105 +# define PKCS12_F_PKCS12_GEN_MAC 107 +# define PKCS12_F_PKCS12_INIT 109 +# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 +# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 +# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 +# define PKCS12_F_PKCS12_KEY_GEN_UTF8 116 +# define PKCS12_F_PKCS12_NEWPASS 128 +# define PKCS12_F_PKCS12_PACK_P7DATA 114 +# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 +# define PKCS12_F_PKCS12_PARSE 118 +# define PKCS12_F_PKCS12_PBE_CRYPT 119 +# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133 +# define PKCS12_F_PKCS12_SETUP_MAC 122 +# define PKCS12_F_PKCS12_SET_MAC 123 +# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +# define PKCS12_F_PKCS12_VERIFY_MAC 126 +# define PKCS12_F_PKCS8_ENCRYPT 125 +# define PKCS12_F_PKCS8_SET0_PBE 132 + +/* + * PKCS12 reason codes. + */ +# define PKCS12_R_CANT_PACK_STRUCTURE 100 +# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +# define PKCS12_R_DECODE_ERROR 101 +# define PKCS12_R_ENCODE_ERROR 102 +# define PKCS12_R_ENCRYPT_ERROR 103 +# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +# define PKCS12_R_INVALID_NULL_ARGUMENT 104 +# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +# define PKCS12_R_IV_GEN_ERROR 106 +# define PKCS12_R_KEY_GEN_ERROR 107 +# define PKCS12_R_MAC_ABSENT 108 +# define PKCS12_R_MAC_GENERATION_ERROR 109 +# define PKCS12_R_MAC_SETUP_ERROR 110 +# define PKCS12_R_MAC_STRING_SET_ERROR 111 +# define PKCS12_R_MAC_VERIFY_FAILURE 113 +# define PKCS12_R_PARSE_ERROR 114 +# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs7.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs7.h new file mode 100644 index 00000000..9b66e002 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs7.h @@ -0,0 +1,319 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS7_H +# define HEADER_PKCS7_H + +# include +# include +# include + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct pkcs7_issuer_and_serial_st { + X509_NAME *issuer; + ASN1_INTEGER *serial; +} PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + /* The private key to sign with */ + EVP_PKEY *pkey; +} PKCS7_SIGNER_INFO; + +DEFINE_STACK_OF(PKCS7_SIGNER_INFO) + +typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ +} PKCS7_RECIP_INFO; + +DEFINE_STACK_OF(PKCS7_RECIP_INFO) + +typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + struct pkcs7_st *contents; +} PKCS7_SIGNED; +/* + * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about + * merging the two + */ + +typedef struct pkcs7_enc_content_st { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; +} PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +} PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; +} PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENCRYPT; + +typedef struct pkcs7_st { + /* + * The following is non NULL if it contains ASN1 encoding of this + * structure + */ + unsigned char *asn1; + long length; +# define PKCS7_S_HEADER 0 +# define PKCS7_S_BODY 1 +# define PKCS7_S_TAIL 2 + int state; /* used during processing */ + int detached; + ASN1_OBJECT *type; + /* content as defined by the type */ + /* + * all encryption/message digests are applied to the 'contents', leaving + * out the 'type' field. + */ + union { + char *ptr; + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + /* Anything else */ + ASN1_TYPE *other; + } d; +} PKCS7; + +DEFINE_STACK_OF(PKCS7) + +# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +# define PKCS7_get_attributes(si) ((si)->unauth_attr) + +# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +# define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + +# define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +# define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +/* S/MIME related flags */ + +# define PKCS7_TEXT 0x1 +# define PKCS7_NOCERTS 0x2 +# define PKCS7_NOSIGS 0x4 +# define PKCS7_NOCHAIN 0x8 +# define PKCS7_NOINTERN 0x10 +# define PKCS7_NOVERIFY 0x20 +# define PKCS7_DETACHED 0x40 +# define PKCS7_BINARY 0x80 +# define PKCS7_NOATTR 0x100 +# define PKCS7_NOSMIMECAP 0x200 +# define PKCS7_NOOLDMIMETYPE 0x400 +# define PKCS7_CRLFEOL 0x800 +# define PKCS7_STREAM 0x1000 +# define PKCS7_NOCRL 0x2000 +# define PKCS7_PARTIAL 0x4000 +# define PKCS7_REUSE_DIGEST 0x8000 +# define PKCS7_NO_DUAL_CONTENT 0x10000 + +/* Flags: for compatibility with older code */ + +# define SMIME_TEXT PKCS7_TEXT +# define SMIME_NOCERTS PKCS7_NOCERTS +# define SMIME_NOSIGS PKCS7_NOSIGS +# define SMIME_NOCHAIN PKCS7_NOCHAIN +# define SMIME_NOINTERN PKCS7_NOINTERN +# define SMIME_NOVERIFY PKCS7_NOVERIFY +# define SMIME_DETACHED PKCS7_DETACHED +# define SMIME_BINARY PKCS7_BINARY +# define SMIME_NOATTR PKCS7_NOATTR + +/* CRLF ASCII canonicalisation */ +# define SMIME_ASCIICRLF 0x80000 + +DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +# ifndef OPENSSL_NO_STDIO +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); +# endif +PKCS7 *PKCS7_dup(PKCS7 *p7); +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) +DECLARE_ASN1_FUNCTIONS(PKCS7) + +DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) +DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) + +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *x509); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); +BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, const EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + +PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); +ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); +int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); +ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); +ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); +int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, + int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap); +STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs7err.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs7err.h new file mode 100644 index 00000000..02e0299a --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/pkcs7err.h @@ -0,0 +1,103 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS7ERR_H +# define HEADER_PKCS7ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS7_strings(void); + +/* + * PKCS7 function codes. + */ +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +# define PKCS7_F_PKCS7_ADD_CRL 101 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 +# define PKCS7_F_PKCS7_ADD_SIGNER 103 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 +# define PKCS7_F_PKCS7_CTRL 104 +# define PKCS7_F_PKCS7_DATADECODE 112 +# define PKCS7_F_PKCS7_DATAFINAL 128 +# define PKCS7_F_PKCS7_DATAINIT 105 +# define PKCS7_F_PKCS7_DATAVERIFY 107 +# define PKCS7_F_PKCS7_DECRYPT 114 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +# define PKCS7_F_PKCS7_ENCODE_RINFO 132 +# define PKCS7_F_PKCS7_ENCRYPT 115 +# define PKCS7_F_PKCS7_FINAL 134 +# define PKCS7_F_PKCS7_FIND_DIGEST 127 +# define PKCS7_F_PKCS7_GET0_SIGNERS 124 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 +# define PKCS7_F_PKCS7_SET_CIPHER 108 +# define PKCS7_F_PKCS7_SET_CONTENT 109 +# define PKCS7_F_PKCS7_SET_DIGEST 126 +# define PKCS7_F_PKCS7_SET_TYPE 110 +# define PKCS7_F_PKCS7_SIGN 116 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +# define PKCS7_F_PKCS7_VERIFY 117 + +/* + * PKCS7 reason codes. + */ +# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 +# define PKCS7_R_DECRYPT_ERROR 119 +# define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +# define PKCS7_R_ERROR_SETTING_CIPHER 121 +# define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +# define PKCS7_R_NO_CONTENT 122 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +# define PKCS7_R_NO_SIGNERS 142 +# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +# define PKCS7_R_PKCS7_DATASIGN 145 +# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +# define PKCS7_R_SIGNATURE_FAILURE 105 +# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +# define PKCS7_R_SMIME_TEXT_ERROR 129 +# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +# define PKCS7_R_UNKNOWN_OPERATION 110 +# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +# define PKCS7_R_WRONG_CONTENT_TYPE 113 +# define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/rand.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/rand.h new file mode 100644 index 00000000..38a2a271 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/rand.h @@ -0,0 +1,77 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RAND_H +# define HEADER_RAND_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +struct rand_meth_st { + int (*seed) (const void *buf, int num); + int (*bytes) (unsigned char *buf, int num); + void (*cleanup) (void); + int (*add) (const void *buf, int num, double randomness); + int (*pseudorand) (unsigned char *buf, int num); + int (*status) (void); +}; + +int RAND_set_rand_method(const RAND_METHOD *meth); +const RAND_METHOD *RAND_get_rand_method(void); +# ifndef OPENSSL_NO_ENGINE +int RAND_set_rand_engine(ENGINE *engine); +# endif + +RAND_METHOD *RAND_OpenSSL(void); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define RAND_cleanup() while(0) continue +# endif +int RAND_bytes(unsigned char *buf, int num); +int RAND_priv_bytes(unsigned char *buf, int num); +DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) + +void RAND_seed(const void *buf, int num); +void RAND_keep_random_devices_open(int keep); + +# if defined(__ANDROID__) && defined(__NDK_FPABI__) +__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +# endif +void RAND_add(const void *buf, int num, double randomness); +int RAND_load_file(const char *file, long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file, size_t num); +int RAND_status(void); + +# ifndef OPENSSL_NO_EGD +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +int RAND_egd(const char *path); +int RAND_egd_bytes(const char *path, int bytes); +# endif + +int RAND_poll(void); + +# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +/* application has to include in order to use these */ +DEPRECATEDIN_1_1_0(void RAND_screen(void)) +DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) +# endif + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/rand_drbg.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/rand_drbg.h new file mode 100644 index 00000000..45b731b7 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/rand_drbg.h @@ -0,0 +1,130 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DRBG_RAND_H +# define HEADER_DRBG_RAND_H + +# include +# include +# include + +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ + +/* In CTR mode, disable derivation function ctr_df */ +# define RAND_DRBG_FLAG_CTR_NO_DF 0x1 + + +# if OPENSSL_API_COMPAT < 0x10200000L +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif + +/* + * Default security strength (in the sense of [NIST SP 800-90Ar1]) + * + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. + * + * RAND_DRBG_STRENGTH is currently only used for the legacy RAND + * implementation. + * + * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and + * NID_aes_256_ctr + */ +# define RAND_DRBG_STRENGTH 256 +/* Default drbg type */ +# define RAND_DRBG_TYPE NID_aes_256_ctr +/* Default drbg flags */ +# define RAND_DRBG_FLAGS 0 + + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Object lifetime functions. + */ +RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent); +int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags); +int RAND_DRBG_set_defaults(int type, unsigned int flags); +int RAND_DRBG_instantiate(RAND_DRBG *drbg, + const unsigned char *pers, size_t perslen); +int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +void RAND_DRBG_free(RAND_DRBG *drbg); + +/* + * Object "use" functions. + */ +int RAND_DRBG_reseed(RAND_DRBG *drbg, + const unsigned char *adin, size_t adinlen, + int prediction_resistance); +int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen); +int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); + +int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); +int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); + +int RAND_DRBG_set_reseed_defaults( + unsigned int master_reseed_interval, + unsigned int slave_reseed_interval, + time_t master_reseed_time_interval, + time_t slave_reseed_time_interval + ); + +RAND_DRBG *RAND_DRBG_get0_master(void); +RAND_DRBG *RAND_DRBG_get0_public(void); +RAND_DRBG *RAND_DRBG_get0_private(void); + +/* + * EXDATA + */ +# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef) +int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg); +void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); + +/* + * Callback function typedefs + */ +typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, + size_t max_len, + int prediction_resistance); +typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx, + unsigned char *out, size_t outlen); +typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout, + int entropy, size_t min_len, + size_t max_len); +typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + +int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, + RAND_DRBG_get_entropy_fn get_entropy, + RAND_DRBG_cleanup_entropy_fn cleanup_entropy, + RAND_DRBG_get_nonce_fn get_nonce, + RAND_DRBG_cleanup_nonce_fn cleanup_nonce); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/randerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/randerr.h new file mode 100644 index 00000000..70d1a17a --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/randerr.h @@ -0,0 +1,92 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RANDERR_H +# define HEADER_RANDERR_H + +# include + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RAND_strings(void); + +/* + * RAND function codes. + */ +# define RAND_F_DRBG_BYTES 101 +# define RAND_F_DRBG_GET_ENTROPY 105 +# define RAND_F_DRBG_SETUP 117 +# define RAND_F_GET_ENTROPY 106 +# define RAND_F_RAND_BYTES 100 +# define RAND_F_RAND_DRBG_ENABLE_LOCKING 119 +# define RAND_F_RAND_DRBG_GENERATE 107 +# define RAND_F_RAND_DRBG_GET_ENTROPY 120 +# define RAND_F_RAND_DRBG_GET_NONCE 123 +# define RAND_F_RAND_DRBG_INSTANTIATE 108 +# define RAND_F_RAND_DRBG_NEW 109 +# define RAND_F_RAND_DRBG_RESEED 110 +# define RAND_F_RAND_DRBG_RESTART 102 +# define RAND_F_RAND_DRBG_SET 104 +# define RAND_F_RAND_DRBG_SET_DEFAULTS 121 +# define RAND_F_RAND_DRBG_UNINSTANTIATE 118 +# define RAND_F_RAND_LOAD_FILE 111 +# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 +# define RAND_F_RAND_POOL_ADD 103 +# define RAND_F_RAND_POOL_ADD_BEGIN 113 +# define RAND_F_RAND_POOL_ADD_END 114 +# define RAND_F_RAND_POOL_ATTACH 124 +# define RAND_F_RAND_POOL_BYTES_NEEDED 115 +# define RAND_F_RAND_POOL_GROW 125 +# define RAND_F_RAND_POOL_NEW 116 +# define RAND_F_RAND_WRITE_FILE 112 + +/* + * RAND reason codes. + */ +# define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 +# define RAND_R_ALREADY_INSTANTIATED 103 +# define RAND_R_ARGUMENT_OUT_OF_RANGE 105 +# define RAND_R_CANNOT_OPEN_FILE 121 +# define RAND_R_DRBG_ALREADY_INITIALIZED 129 +# define RAND_R_DRBG_NOT_INITIALISED 104 +# define RAND_R_ENTROPY_INPUT_TOO_LONG 106 +# define RAND_R_ENTROPY_OUT_OF_RANGE 124 +# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED 127 +# define RAND_R_ERROR_INITIALISING_DRBG 107 +# define RAND_R_ERROR_INSTANTIATING_DRBG 108 +# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 +# define RAND_R_ERROR_RETRIEVING_ENTROPY 110 +# define RAND_R_ERROR_RETRIEVING_NONCE 111 +# define RAND_R_FAILED_TO_CREATE_LOCK 126 +# define RAND_R_FUNC_NOT_IMPLEMENTED 101 +# define RAND_R_FWRITE_ERROR 123 +# define RAND_R_GENERATE_ERROR 112 +# define RAND_R_INTERNAL_ERROR 113 +# define RAND_R_IN_ERROR_STATE 114 +# define RAND_R_NOT_A_REGULAR_FILE 122 +# define RAND_R_NOT_INSTANTIATED 115 +# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED 128 +# define RAND_R_PARENT_LOCKING_NOT_ENABLED 130 +# define RAND_R_PARENT_STRENGTH_TOO_WEAK 131 +# define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 +# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 +# define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_RANDOM_POOL_OVERFLOW 125 +# define RAND_R_RANDOM_POOL_UNDERFLOW 134 +# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 +# define RAND_R_RESEED_ERROR 118 +# define RAND_R_SELFTEST_FAILURE 119 +# define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 +# define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 +# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 +# define RAND_R_UNSUPPORTED_DRBG_TYPE 120 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/rc2.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/rc2.h new file mode 100644 index 00000000..585f9e4c --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/rc2.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC2_H +# define HEADER_RC2_H + +# include + +# ifndef OPENSSL_NO_RC2 +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned int RC2_INT; + +# define RC2_ENCRYPT 1 +# define RC2_DECRYPT 0 + +# define RC2_BLOCK 8 +# define RC2_KEY_LENGTH 16 + +typedef struct rc2_key_st { + RC2_INT data[64]; +} RC2_KEY; + +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); +void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC2_KEY *key, int enc); +void RC2_encrypt(unsigned long *data, RC2_KEY *key); +void RC2_decrypt(unsigned long *data, RC2_KEY *key); +void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc); +void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num, int enc); +void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/rc4.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/rc4.h new file mode 100644 index 00000000..86803b37 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/rc4.h @@ -0,0 +1,36 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC4_H +# define HEADER_RC4_H + +# include + +# ifndef OPENSSL_NO_RC4 +# include +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct rc4_key_st { + RC4_INT x, y; + RC4_INT data[256]; +} RC4_KEY; + +const char *RC4_options(void); +void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/rc5.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/rc5.h new file mode 100644 index 00000000..793f88e4 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/rc5.h @@ -0,0 +1,63 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC5_H +# define HEADER_RC5_H + +# include + +# ifndef OPENSSL_NO_RC5 +# ifdef __cplusplus +extern "C" { +# endif + +# define RC5_ENCRYPT 1 +# define RC5_DECRYPT 0 + +# define RC5_32_INT unsigned int + +# define RC5_32_BLOCK 8 +# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ + +/* + * This are the only values supported. Tweak the code if you want more The + * most supported modes will be RC5-32/12/16 RC5-32/16/8 + */ +# define RC5_8_ROUNDS 8 +# define RC5_12_ROUNDS 12 +# define RC5_16_ROUNDS 16 + +typedef struct rc5_key_st { + /* Number of rounds */ + int rounds; + RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; +} RC5_32_KEY; + +void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds); +void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC5_32_KEY *key, int enc); +void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *ks, unsigned char *iv, + int enc); +void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ripemd.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ripemd.h new file mode 100644 index 00000000..c42026aa --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ripemd.h @@ -0,0 +1,47 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RIPEMD_H +# define HEADER_RIPEMD_H + +# include + +#ifndef OPENSSL_NO_RMD160 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define RIPEMD160_LONG unsigned int + +# define RIPEMD160_CBLOCK 64 +# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) +# define RIPEMD160_DIGEST_LENGTH 20 + +typedef struct RIPEMD160state_st { + RIPEMD160_LONG A, B, C, D, E; + RIPEMD160_LONG Nl, Nh; + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; +} RIPEMD160_CTX; + +int RIPEMD160_Init(RIPEMD160_CTX *c); +int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); +int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); +void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); + +# ifdef __cplusplus +} +# endif +# endif + + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/rsa.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/rsa.h new file mode 100644 index 00000000..cdce1264 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/rsa.h @@ -0,0 +1,512 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RSA_H +# define HEADER_RSA_H + +# include + +# ifndef OPENSSL_NO_RSA +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ + +# ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +# endif + +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + +# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +# endif +# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS + +/* exponent limit enforced for "large" modulus only */ +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 +# endif + +# define RSA_3 0x3L +# define RSA_F4 0x10001L + +/* based on RFC 8017 appendix A.1.2 */ +# define RSA_ASN1_VERSION_DEFAULT 0 +# define RSA_ASN1_VERSION_MULTI 1 + +# define RSA_DEFAULT_PRIME_NUM 2 + +# define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private + * match */ + +# define RSA_FLAG_CACHE_PUBLIC 0x0002 +# define RSA_FLAG_CACHE_PRIVATE 0x0004 +# define RSA_FLAG_BLINDING 0x0008 +# define RSA_FLAG_THREAD_SAFE 0x0010 +/* + * This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag + * bn_mod_exp gets called when private key components are absent. + */ +# define RSA_FLAG_EXT_PKEY 0x0020 + +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +# define RSA_FLAG_NO_BLINDING 0x0080 +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define RSA_FLAG_NO_CONSTTIME 0x0000 +# endif +# if OPENSSL_API_COMPAT < 0x00908000L +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME +# endif + +# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL) + +# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + +# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) +/* Salt length matches digest */ +# define RSA_PSS_SALTLEN_DIGEST -1 +/* Verify only: auto detect salt length */ +# define RSA_PSS_SALTLEN_AUTO -2 +/* Set salt length to maximum possible */ +# define RSA_PSS_SALTLEN_MAX -3 +/* Old compatible max salt length for sign only */ +# define RSA_PSS_SALTLEN_MAX_SIGN -2 + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen) + +# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL) + +# define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l)) + +# define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l)) + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ + 0, (void *)(md)) + +# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) + +# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + +# define RSA_PKCS1_PADDING 1 +# define RSA_SSLV23_PADDING 2 +# define RSA_NO_PADDING 3 +# define RSA_PKCS1_OAEP_PADDING 4 +# define RSA_X931_PADDING 5 +/* EVP_PKEY_ only */ +# define RSA_PKCS1_PSS_PADDING 6 + +# define RSA_PKCS1_PADDING_SIZE 11 + +# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +# define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +RSA *RSA_new(void); +RSA *RSA_new_method(ENGINE *engine); +int RSA_bits(const RSA *rsa); +int RSA_size(const RSA *rsa); +int RSA_security_bits(const RSA *rsa); + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], + BIGNUM *coeffs[], int pnum); +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +int RSA_get_multi_prime_extra_count(const RSA *r); +int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +void RSA_get0_crt_params(const RSA *r, + const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp); +int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], + const BIGNUM *coeffs[]); +const BIGNUM *RSA_get0_n(const RSA *d); +const BIGNUM *RSA_get0_e(const RSA *d); +const BIGNUM *RSA_get0_d(const RSA *d); +const BIGNUM *RSA_get0_p(const RSA *d); +const BIGNUM *RSA_get0_q(const RSA *d); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); +void RSA_clear_flags(RSA *r, int flags); +int RSA_test_flags(const RSA *r, int flags); +void RSA_set_flags(RSA *r, int flags); +int RSA_get_version(RSA *r); +ENGINE *RSA_get0_engine(const RSA *r); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void + (*callback) (int, int, void *), + void *cb_arg)) + +/* New version */ +int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +/* Multi-prime version */ +int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, + BIGNUM *e, BN_GENCB *cb); + +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, + BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, + const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, + BN_GENCB *cb); + +int RSA_check_key(const RSA *); +int RSA_check_key_ex(const RSA *, BN_GENCB *cb); + /* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +void RSA_free(RSA *r); +/* "up" the RSA object's reference count */ +int RSA_up_ref(RSA *r); + +int RSA_flags(const RSA *r); + +void RSA_set_default_method(const RSA_METHOD *meth); +const RSA_METHOD *RSA_get_default_method(void); +const RSA_METHOD *RSA_null_method(void); +const RSA_METHOD *RSA_get_method(const RSA *rsa); +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); + +/* these are the actual RSA functions */ +const RSA_METHOD *RSA_PKCS1_OpenSSL(void); + +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) + +typedef struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + /* Decoded hash algorithm from maskGenAlgorithm */ + X509_ALGOR *maskHash; +} RSA_PSS_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) + +typedef struct rsa_oaep_params_st { + X509_ALGOR *hashFunc; + X509_ALGOR *maskGenFunc; + X509_ALGOR *pSourceFunc; + /* Decoded hash algorithm from maskGenFunc */ + X509_ALGOR *maskHash; +} RSA_OAEP_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) + +# ifndef OPENSSL_NO_STDIO +int RSA_print_fp(FILE *fp, const RSA *r, int offset); +# endif + +int RSA_print(BIO *bp, const RSA *r, int offset); + +/* + * The following 2 functions sign and verify a X509_SIG ASN1 object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +/* + * The following 2 function sign and verify a ASN1_OCTET_STRING object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigbuf, + unsigned int siglen, RSA *rsa); + +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); +BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); + +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, + long seedlen, const EVP_MD *dgst); +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl); +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); +int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md); +int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_X931_hash_id(int nid); + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, + int sLen); +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, + int sLen); + +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen); + +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); + +#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) +int RSA_set_ex_data(RSA *r, int idx, void *arg); +void *RSA_get_ex_data(const RSA *r, int idx); + +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); + +/* + * If this flag is set the RSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define RSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* + * Application has decided PRNG is good enough to generate a key: don't + * check. + */ +# define RSA_FLAG_CHECKED 0x0800 + +RSA_METHOD *RSA_meth_new(const char *name, int flags); +void RSA_meth_free(RSA_METHOD *meth); +RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +const char *RSA_meth_get0_name(const RSA_METHOD *meth); +int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +int RSA_meth_get_flags(const RSA_METHOD *meth); +int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_pub_enc(RSA_METHOD *rsa, + int (*pub_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_pub_dec(RSA_METHOD *rsa, + int (*pub_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_priv_enc(RSA_METHOD *rsa, + int (*priv_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_priv_dec(RSA_METHOD *rsa, + int (*priv_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); +int RSA_meth_set_mod_exp(RSA_METHOD *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, + BN_CTX *ctx)); +int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx)); +int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); +int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); +int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); +int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); +int (*RSA_meth_get_sign(const RSA_METHOD *meth)) + (int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa); +int RSA_meth_set_sign(RSA_METHOD *rsa, + int (*sign) (int type, const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa)); +int (*RSA_meth_get_verify(const RSA_METHOD *meth)) + (int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); +int RSA_meth_set_verify(RSA_METHOD *rsa, + int (*verify) (int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)); +int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +int RSA_meth_set_keygen(RSA_METHOD *rsa, + int (*keygen) (RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)); +int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); +int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + int (*keygen) (RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/rsaerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/rsaerr.h new file mode 100644 index 00000000..59b15e13 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/rsaerr.h @@ -0,0 +1,167 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RSAERR_H +# define HEADER_RSAERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RSA_strings(void); + +/* + * RSA function codes. + */ +# define RSA_F_CHECK_PADDING_MD 140 +# define RSA_F_ENCODE_PKCS1 146 +# define RSA_F_INT_RSA_VERIFY 145 +# define RSA_F_OLD_RSA_PRIV_DECODE 147 +# define RSA_F_PKEY_PSS_INIT 165 +# define RSA_F_PKEY_RSA_CTRL 143 +# define RSA_F_PKEY_RSA_CTRL_STR 144 +# define RSA_F_PKEY_RSA_SIGN 142 +# define RSA_F_PKEY_RSA_VERIFY 149 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +# define RSA_F_RSA_ALGOR_TO_MD 156 +# define RSA_F_RSA_BUILTIN_KEYGEN 129 +# define RSA_F_RSA_CHECK_KEY 123 +# define RSA_F_RSA_CHECK_KEY_EX 160 +# define RSA_F_RSA_CMS_DECRYPT 159 +# define RSA_F_RSA_CMS_VERIFY 158 +# define RSA_F_RSA_ITEM_VERIFY 148 +# define RSA_F_RSA_METH_DUP 161 +# define RSA_F_RSA_METH_NEW 162 +# define RSA_F_RSA_METH_SET1_NAME 163 +# define RSA_F_RSA_MGF1_TO_MD 157 +# define RSA_F_RSA_MULTIP_INFO_NEW 166 +# define RSA_F_RSA_NEW_METHOD 106 +# define RSA_F_RSA_NULL 124 +# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101 +# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102 +# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103 +# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104 +# define RSA_F_RSA_PADDING_ADD_NONE 107 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +# define RSA_F_RSA_PADDING_ADD_SSLV23 110 +# define RSA_F_RSA_PADDING_ADD_X931 127 +# define RSA_F_RSA_PADDING_CHECK_NONE 111 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +# define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +# define RSA_F_RSA_PADDING_CHECK_X931 128 +# define RSA_F_RSA_PARAM_DECODE 164 +# define RSA_F_RSA_PRINT 115 +# define RSA_F_RSA_PRINT_FP 116 +# define RSA_F_RSA_PRIV_DECODE 150 +# define RSA_F_RSA_PRIV_ENCODE 138 +# define RSA_F_RSA_PSS_GET_PARAM 151 +# define RSA_F_RSA_PSS_TO_CTX 155 +# define RSA_F_RSA_PUB_DECODE 139 +# define RSA_F_RSA_SETUP_BLINDING 136 +# define RSA_F_RSA_SIGN 117 +# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +# define RSA_F_RSA_VERIFY 119 +# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 +# define RSA_F_SETUP_TBUF 167 + +/* + * RSA reason codes. + */ +# define RSA_R_ALGORITHM_MISMATCH 100 +# define RSA_R_BAD_E_VALUE 101 +# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +# define RSA_R_BAD_PAD_BYTE_COUNT 103 +# define RSA_R_BAD_SIGNATURE 104 +# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +# define RSA_R_DATA_TOO_LARGE 109 +# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +# define RSA_R_DATA_TOO_SMALL 111 +# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +# define RSA_R_DIGEST_DOES_NOT_MATCH 158 +# define RSA_R_DIGEST_NOT_ALLOWED 145 +# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +# define RSA_R_FIRST_OCTET_INVALID 133 +# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +# define RSA_R_INVALID_DIGEST 157 +# define RSA_R_INVALID_DIGEST_LENGTH 143 +# define RSA_R_INVALID_HEADER 137 +# define RSA_R_INVALID_LABEL 160 +# define RSA_R_INVALID_MESSAGE_LENGTH 131 +# define RSA_R_INVALID_MGF1_MD 156 +# define RSA_R_INVALID_MULTI_PRIME_KEY 167 +# define RSA_R_INVALID_OAEP_PARAMETERS 161 +# define RSA_R_INVALID_PADDING 138 +# define RSA_R_INVALID_PADDING_MODE 141 +# define RSA_R_INVALID_PSS_PARAMETERS 149 +# define RSA_R_INVALID_PSS_SALTLEN 146 +# define RSA_R_INVALID_SALT_LENGTH 150 +# define RSA_R_INVALID_TRAILER 139 +# define RSA_R_INVALID_X931_DIGEST 142 +# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +# define RSA_R_KEY_PRIME_NUM_INVALID 165 +# define RSA_R_KEY_SIZE_TOO_SMALL 120 +# define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MISSING_PRIVATE_KEY 179 +# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 +# define RSA_R_MODULUS_TOO_LARGE 105 +# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 +# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 +# define RSA_R_MP_R_NOT_PRIME 170 +# define RSA_R_NO_PUBLIC_EXPONENT 140 +# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 +# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +# define RSA_R_OAEP_DECODING_ERROR 121 +# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +# define RSA_R_PADDING_CHECK_FAILED 114 +# define RSA_R_PKCS_DECODING_ERROR 159 +# define RSA_R_PSS_SALTLEN_TOO_SMALL 164 +# define RSA_R_P_NOT_PRIME 128 +# define RSA_R_Q_NOT_PRIME 129 +# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +# define RSA_R_SLEN_CHECK_FAILED 136 +# define RSA_R_SLEN_RECOVERY_FAILED 135 +# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +# define RSA_R_UNKNOWN_DIGEST 166 +# define RSA_R_UNKNOWN_MASK_DIGEST 151 +# define RSA_R_UNKNOWN_PADDING_TYPE 118 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 +# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +# define RSA_R_VALUE_MISSING 147 +# define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/safestack.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/safestack.h new file mode 100644 index 00000000..38b55789 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/safestack.h @@ -0,0 +1,207 @@ +/* + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SAFESTACK_H +# define HEADER_SAFESTACK_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define STACK_OF(type) struct stack_st_##type + +# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 *a); \ + typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ + { \ + return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + { \ + return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_free((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + { \ + return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ + (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ + { \ + OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + { \ + return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ + sk_##t1##_copyfunc copyfunc, \ + sk_##t1##_freefunc freefunc) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ + (OPENSSL_sk_copyfunc)copyfunc, \ + (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ + { \ + return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ + } + +# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ + SKM_DEFINE_STACK_OF(t1, const t2, t2) +# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) + +/*- + * Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * + * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; +typedef const char *OPENSSL_CSTRING; + +/*- + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ +DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) +DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char) + +/* + * Similarly, we sometimes use a block of characters, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ +typedef void *OPENSSL_BLOCK; +DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_sk_num +# pragma weak OPENSSL_sk_value +# pragma weak OPENSSL_sk_new +# pragma weak OPENSSL_sk_new_null +# pragma weak OPENSSL_sk_new_reserve +# pragma weak OPENSSL_sk_reserve +# pragma weak OPENSSL_sk_free +# pragma weak OPENSSL_sk_zero +# pragma weak OPENSSL_sk_delete +# pragma weak OPENSSL_sk_delete_ptr +# pragma weak OPENSSL_sk_push +# pragma weak OPENSSL_sk_unshift +# pragma weak OPENSSL_sk_pop +# pragma weak OPENSSL_sk_shift +# pragma weak OPENSSL_sk_pop_free +# pragma weak OPENSSL_sk_insert +# pragma weak OPENSSL_sk_set +# pragma weak OPENSSL_sk_find +# pragma weak OPENSSL_sk_find_ex +# pragma weak OPENSSL_sk_sort +# pragma weak OPENSSL_sk_is_sorted +# pragma weak OPENSSL_sk_dup +# pragma weak OPENSSL_sk_deep_copy +# pragma weak OPENSSL_sk_set_cmp_func +# endif /* __SUNPRO_C */ + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/seed.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/seed.h new file mode 100644 index 00000000..de10b085 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/seed.h @@ -0,0 +1,96 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HEADER_SEED_H +# define HEADER_SEED_H + +# include + +# ifndef OPENSSL_NO_SEED +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* look whether we need 'long' to get 32 bits */ +# ifdef AES_LONG +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +# endif + +# include + +# define SEED_BLOCK_SIZE 16 +# define SEED_KEY_LENGTH 16 + +typedef struct seed_key_st { +# ifdef SEED_LONG + unsigned long data[32]; +# else + unsigned int data[32]; +# endif +} SEED_KEY_SCHEDULE; + +void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks); + +void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); +void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); + +void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, + const SEED_KEY_SCHEDULE *ks, int enc); +void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int enc); +void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num, + int enc); +void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/sha.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/sha.h new file mode 100644 index 00000000..6a1eb0de --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/sha.h @@ -0,0 +1,119 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SHA_H +# define HEADER_SHA_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define SHA_LONG unsigned int + +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) +# define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st { + SHA_LONG h0, h1, h2, h3, h4; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; +} SHA_CTX; + +int SHA1_Init(SHA_CTX *c); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +int SHA1_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); +void SHA1_Transform(SHA_CTX *c, const unsigned char *data); + +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ + +typedef struct SHA256state_st { + SHA_LONG h[8]; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num, md_len; +} SHA256_CTX; + +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); + +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 +# define SHA384_DIGEST_LENGTH 48 +# define SHA512_DIGEST_LENGTH 64 + +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# define U64(C) C##UI64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# define U64(C) C##UL +# else +# define SHA_LONG64 unsigned long long +# define U64(C) C##ULL +# endif + +typedef struct SHA512state_st { + SHA_LONG64 h[8]; + SHA_LONG64 Nl, Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num, md_len; +} SHA512_CTX; + +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/srp.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/srp.h new file mode 100644 index 00000000..aaf13558 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/srp.h @@ -0,0 +1,135 @@ +/* + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. + */ + +#ifndef HEADER_SRP_H +# define HEADER_SRP_H + +#include + +#ifndef OPENSSL_NO_SRP +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct SRP_gN_cache_st { + char *b64_bn; + BIGNUM *bn; +} SRP_gN_cache; + + +DEFINE_STACK_OF(SRP_gN_cache) + +typedef struct SRP_user_pwd_st { + /* Owned by us. */ + char *id; + BIGNUM *s; + BIGNUM *v; + /* Not owned by us. */ + const BIGNUM *g; + const BIGNUM *N; + /* Owned by us. */ + char *info; +} SRP_user_pwd; + +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + +DEFINE_STACK_OF(SRP_user_pwd) + +typedef struct SRP_VBASE_st { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + const BIGNUM *default_g; + const BIGNUM *default_N; +} SRP_VBASE; + +/* + * Internal structure storing N and g pair + */ +typedef struct SRP_gN_st { + char *id; + const BIGNUM *g; + const BIGNUM *N; +} SRP_gN; + +DEFINE_STACK_OF(SRP_gN) + +SRP_VBASE *SRP_VBASE_new(char *seed_key); +void SRP_VBASE_free(SRP_VBASE *vb); +int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); + +/* This method ignores the configured seed and fails for an unknown user. */ +DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)) +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g); + +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' + +/* see srp.c */ +char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); +SRP_gN *SRP_get_default_gN(const char *id); + +/* server side .... */ +BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N); +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v); +int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); +BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); + +/* client side .... */ +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); +BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); +int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); + +# define SRP_MINIMAL_N 1024 + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/srtp.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/srtp.h new file mode 100644 index 00000000..0b57c235 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/srtp.h @@ -0,0 +1,50 @@ +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * DTLS code by Eric Rescorla + * + * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. + */ + +#ifndef HEADER_D1_SRTP_H +# define HEADER_D1_SRTP_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 + +/* AEAD SRTP protection profiles from RFC 7714 */ +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +# ifndef OPENSSL_NO_SRTP + +__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); + +__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ssl.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ssl.h new file mode 100644 index 00000000..6724ccf2 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ssl.h @@ -0,0 +1,2438 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL_H +# define HEADER_SSL_H + +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# endif +# include +# include +# include +# include + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* OpenSSL version number for ASN.1 encoding of the session information */ +/*- + * Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +# define SSL_SESSION_ASN1_VERSION 0x0001 + +# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +# define SSL_MAX_SID_CTX_LENGTH 32 + +# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +# define SSL_MAX_KEY_ARG_LENGTH 8 +# define SSL_MAX_MASTER_KEY_LENGTH 48 + +/* The maximum number of encrypt/decrypt pipelines we can support */ +# define SSL_MAX_PIPELINES 32 + +/* text strings for the ciphers */ + +/* These are used to specify which ciphers to use and not to use */ + +# define SSL_TXT_LOW "LOW" +# define SSL_TXT_MEDIUM "MEDIUM" +# define SSL_TXT_HIGH "HIGH" +# define SSL_TXT_FIPS "FIPS" + +# define SSL_TXT_aNULL "aNULL" +# define SSL_TXT_eNULL "eNULL" +# define SSL_TXT_NULL "NULL" + +# define SSL_TXT_kRSA "kRSA" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ +# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ +# define SSL_TXT_kDHE "kDHE" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ +# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ +# define SSL_TXT_kECDHE "kECDHE" +# define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kRSAPSK "kRSAPSK" +# define SSL_TXT_kECDHEPSK "kECDHEPSK" +# define SSL_TXT_kDHEPSK "kDHEPSK" +# define SSL_TXT_kGOST "kGOST" +# define SSL_TXT_kSRP "kSRP" + +# define SSL_TXT_aRSA "aRSA" +# define SSL_TXT_aDSS "aDSS" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDSA "aECDSA" +# define SSL_TXT_aPSK "aPSK" +# define SSL_TXT_aGOST94 "aGOST94" +# define SSL_TXT_aGOST01 "aGOST01" +# define SSL_TXT_aGOST12 "aGOST12" +# define SSL_TXT_aGOST "aGOST" +# define SSL_TXT_aSRP "aSRP" + +# define SSL_TXT_DSS "DSS" +# define SSL_TXT_DH "DH" +# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ +# define SSL_TXT_EDH "EDH"/* alias for DHE */ +# define SSL_TXT_ADH "ADH" +# define SSL_TXT_RSA "RSA" +# define SSL_TXT_ECDH "ECDH" +# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ +# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ +# define SSL_TXT_AECDH "AECDH" +# define SSL_TXT_ECDSA "ECDSA" +# define SSL_TXT_PSK "PSK" +# define SSL_TXT_SRP "SRP" + +# define SSL_TXT_DES "DES" +# define SSL_TXT_3DES "3DES" +# define SSL_TXT_RC4 "RC4" +# define SSL_TXT_RC2 "RC2" +# define SSL_TXT_IDEA "IDEA" +# define SSL_TXT_SEED "SEED" +# define SSL_TXT_AES128 "AES128" +# define SSL_TXT_AES256 "AES256" +# define SSL_TXT_AES "AES" +# define SSL_TXT_AES_GCM "AESGCM" +# define SSL_TXT_AES_CCM "AESCCM" +# define SSL_TXT_AES_CCM_8 "AESCCM8" +# define SSL_TXT_CAMELLIA128 "CAMELLIA128" +# define SSL_TXT_CAMELLIA256 "CAMELLIA256" +# define SSL_TXT_CAMELLIA "CAMELLIA" +# define SSL_TXT_CHACHA20 "CHACHA20" +# define SSL_TXT_GOST "GOST89" +# define SSL_TXT_ARIA "ARIA" +# define SSL_TXT_ARIA_GCM "ARIAGCM" +# define SSL_TXT_ARIA128 "ARIA128" +# define SSL_TXT_ARIA256 "ARIA256" + +# define SSL_TXT_MD5 "MD5" +# define SSL_TXT_SHA1 "SHA1" +# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ +# define SSL_TXT_GOST94 "GOST94" +# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_GOST12 "GOST12" +# define SSL_TXT_GOST89MAC12 "GOST89MAC12" +# define SSL_TXT_SHA256 "SHA256" +# define SSL_TXT_SHA384 "SHA384" + +# define SSL_TXT_SSLV3 "SSLv3" +# define SSL_TXT_TLSV1 "TLSv1" +# define SSL_TXT_TLSV1_1 "TLSv1.1" +# define SSL_TXT_TLSV1_2 "TLSv1.2" + +# define SSL_TXT_ALL "ALL" + +/*- + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +# define SSL_TXT_CMPALL "COMPLEMENTOFALL" +# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + * This applies to ciphersuites for TLSv1.2 and below. + */ +# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +/* This is the default set of TLSv1.3 ciphersuites */ +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" +# else +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_AES_128_GCM_SHA256" +#endif +/* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +# define SSL_SENT_SHUTDOWN 1 +# define SSL_RECEIVED_SHUTDOWN 2 + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +# define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* + * This is needed to stop compilers complaining about the 'struct ssl_st *' + * function parameters used to prototype callbacks in SSL_CTX. + */ +typedef struct ssl_st *ssl_crock_st; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; +typedef struct tls_sigalgs_st TLS_SIGALGS; +typedef struct ssl_conf_ctx_st SSL_CONF_CTX; +typedef struct ssl_comp_st SSL_COMP; + +STACK_OF(SSL_CIPHER); +STACK_OF(SSL_COMP); + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; + +DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) + +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); + +/* Extension context codes */ +/* This extension is only allowed in TLS */ +#define SSL_EXT_TLS_ONLY 0x0001 +/* This extension is only allowed in DTLS */ +#define SSL_EXT_DTLS_ONLY 0x0002 +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +#define SSL_EXT_SSL3_ALLOWED 0x0008 +/* Extension is only defined for TLS1.2 and below */ +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +/* Extension is only defined for TLS1.3 and above */ +#define SSL_EXT_TLS1_3_ONLY 0x0020 +/* Ignore this extension during parsing if we are resuming */ +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 +/* Really means TLS1.2 or below */ +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 + +/* Typedefs for handling custom extensions */ + +typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, + int *al, void *add_arg); + +typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *parse_arg); + + +typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, + size_t chainidx, + int *al, void *add_arg); + +typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, + void *add_arg); + +typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, + int *al, void *parse_arg); + +/* Typedef for verification callback */ +typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + +/* + * Some values are reserved until OpenSSL 1.2.0 because they were previously + * included in SSL_OP_ALL in a 1.1.x release. + * + * Reserved value (until OpenSSL 1.2.0) 0x00000001U + * Reserved value (until OpenSSL 1.2.0) 0x00000002U + */ +/* Allow initial connection to servers that don't support RI */ +# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U + +/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */ +# define SSL_OP_TLSEXT_PADDING 0x00000010U +/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */ +# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +/* + * Reserved value (until OpenSSL 1.2.0) 0x00000080U + * Reserved value (until OpenSSL 1.2.0) 0x00000100U + * Reserved value (until OpenSSL 1.2.0) 0x00000200U + */ + +/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ +# define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U + +/* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in + * OpenSSL 0.9.6d. Usually (depending on the application protocol) the + * workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include it in + * SSL_OP_ALL. Added in 0.9.6e + */ +# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U + +/* DTLS options */ +# define SSL_OP_NO_QUERY_MTU 0x00001000U +/* Turn on Cookie Exchange (on relevant for servers) */ +# define SSL_OP_COOKIE_EXCHANGE 0x00002000U +/* Don't use RFC4507 ticket extension */ +# define SSL_OP_NO_TICKET 0x00004000U +# ifndef OPENSSL_NO_DTLS1_METHOD +/* Use Cisco's "speshul" version of DTLS_BAD_VER + * (only with deprecated DTLSv1_client_method()) */ +# define SSL_OP_CISCO_ANYCONNECT 0x00008000U +# endif + +/* As server, disallow session resumption on renegotiation */ +# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U +/* Don't use compression even if supported */ +# define SSL_OP_NO_COMPRESSION 0x00020000U +/* Permit unsafe legacy renegotiation */ +# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U +/* Disable encrypt-then-mac */ +# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U + +/* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future version + * of OpenSSL may have this disabled by default. + */ +# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0x00100000U + +/* Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */ +# define SSL_OP_PRIORITIZE_CHACHA 0x00200000U + +/* + * Set on servers to choose the cipher according to the server's preferences + */ +# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U +/* + * If set, a server will allow a client to issue a SSLv3.0 version number as + * latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is + * forbidden to prevent version rollback attacks. + */ +# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U + +/* + * Switches off automatic TLSv1.3 anti-replay protection for early data. This + * is a server-side option only (no effect on the client). + */ +# define SSL_OP_NO_ANTI_REPLAY 0x01000000U + +# define SSL_OP_NO_SSLv3 0x02000000U +# define SSL_OP_NO_TLSv1 0x04000000U +# define SSL_OP_NO_TLSv1_2 0x08000000U +# define SSL_OP_NO_TLSv1_1 0x10000000U +# define SSL_OP_NO_TLSv1_3 0x20000000U + +# define SSL_OP_NO_DTLSv1 0x04000000U +# define SSL_OP_NO_DTLSv1_2 0x08000000U + +# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) +# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) + +/* Disallow all renegotiation */ +# define SSL_OP_NO_RENEGOTIATION 0x40000000U + +/* + * Make server add server-hello extension from early version of cryptopro + * draft, when GOST ciphersuite is negotiated. Required for interoperability + * with CryptoPro CSP 3.x + */ +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U + +/* + * SSL_OP_ALL: various bug workarounds that should be rather harmless. + * This used to be 0x000FFFFFL before 0.9.7. + * This used to be 0x80000BFFU before 1.1.1. + */ +# define SSL_OP_ALL (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\ + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\ + SSL_OP_LEGACY_SERVER_CONNECT|\ + SSL_OP_TLSEXT_PADDING|\ + SSL_OP_SAFARI_ECDHE_ECDSA_BUG) + +/* OBSOLETE OPTIONS: retained for compatibility */ + +/* Removed from OpenSSL 1.1.0. Was 0x00000001L */ +/* Related to removed SSLv2. */ +# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000002L */ +/* Related to removed SSLv2. */ +# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 +/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */ +/* Dead forever, see CVE-2010-4180 */ +# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 +/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */ +/* Refers to ancient SSLREF and SSLv2. */ +# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000020 */ +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 +/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */ +# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000080 */ +/* Ancient SSLeay version. */ +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000100L */ +# define SSL_OP_TLS_D5_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000200L */ +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00080000L */ +# define SSL_OP_SINGLE_ECDH_USE 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00100000L */ +# define SSL_OP_SINGLE_DH_USE 0x0 +/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */ +# define SSL_OP_EPHEMERAL_RSA 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x01000000L */ +# define SSL_OP_NO_SSLv2 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x08000000L */ +# define SSL_OP_PKCS1_CHECK_1 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x10000000L */ +# define SSL_OP_PKCS1_CHECK_2 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ +# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x40000000L */ +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 + +/* + * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): + */ +# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U +/* + * Make it possible to retry SSL_write() with changed buffer location (buffer + * contents must stay the same!); this is not the default to avoid the + * misconception that non-blocking SSL_write() behaves like non-blocking + * write(): + */ +# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U +/* + * Never bother the application with retries if the transport is blocking: + */ +# define SSL_MODE_AUTO_RETRY 0x00000004U +/* Don't attempt to automatically build certificate chain */ +# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U +/* + * Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) Released buffers are freed. + */ +# define SSL_MODE_RELEASE_BUFFERS 0x00000010U +/* + * Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U +/* + * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications + * that reconnect with a downgraded protocol version; see + * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your + * application attempts a normal handshake. Only use this in explicit + * fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-00. + */ +# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +/* + * Support Asynchronous operation + */ +# define SSL_MODE_ASYNC 0x00000100U + +/* + * When using DTLS/SCTP, include the terminating zero in the label + * used for computing the endpoint-pair shared secret. Required for + * interoperability with implementations having this bug like these + * older version of OpenSSL: + * - OpenSSL 1.0.0 series + * - OpenSSL 1.0.1 series + * - OpenSSL 1.0.2 series + * - OpenSSL 1.1.0 series + * - OpenSSL 1.1.1 and 1.1.1a + */ +# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U + +/* Cert related flags */ +/* + * Many implementations ignore some aspects of the TLS standards such as + * enforcing certificate chain algorithms. When this is set we enforce them. + */ +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U + +/* Suite B modes, takes same values as certificate verify flags */ +# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 + +/* Perform all sorts of protocol violations for testing purposes */ +# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 + +/* Flags for building certificate chains */ +/* Treat any existing certificates as untrusted CAs */ +# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +/* Don't include root CA in chain */ +# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +/* Clear verification errors from queue */ +# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 + +/* Flags returned by SSL_check_chain */ +/* Certificate can be used with this session */ +# define CERT_PKEY_VALID 0x1 +/* Certificate can also be used for signing */ +# define CERT_PKEY_SIGN 0x2 +/* EE certificate signing algorithm OK */ +# define CERT_PKEY_EE_SIGNATURE 0x10 +/* CA signature algorithms OK */ +# define CERT_PKEY_CA_SIGNATURE 0x20 +/* EE certificate parameters OK */ +# define CERT_PKEY_EE_PARAM 0x40 +/* CA certificate parameters OK */ +# define CERT_PKEY_CA_PARAM 0x80 +/* Signing explicitly allowed as opposed to SHA1 fallback */ +# define CERT_PKEY_EXPLICIT_SIGN 0x100 +/* Client CA issuer names match (always set for server cert) */ +# define CERT_PKEY_ISSUER_NAME 0x200 +/* Cert type matches client types (always set for server cert) */ +# define CERT_PKEY_CERT_TYPE 0x400 +/* Cert chain suitable to Suite B */ +# define CERT_PKEY_SUITEB 0x800 + +# define SSL_CONF_FLAG_CMDLINE 0x1 +# define SSL_CONF_FLAG_FILE 0x2 +# define SSL_CONF_FLAG_CLIENT 0x4 +# define SSL_CONF_FLAG_SERVER 0x8 +# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +# define SSL_CONF_FLAG_CERTIFICATE 0x20 +# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 +/* Configuration value types */ +# define SSL_CONF_TYPE_UNKNOWN 0x0 +# define SSL_CONF_TYPE_STRING 0x1 +# define SSL_CONF_TYPE_FILE 0x2 +# define SSL_CONF_TYPE_DIR 0x3 +# define SSL_CONF_TYPE_NONE 0x4 + +/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ +# define SSL_COOKIE_LENGTH 4096 + +/* + * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they + * cannot be used to clear bits. + */ + +unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); +unsigned long SSL_get_options(const SSL *s); +unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_clear_options(SSL *s, unsigned long op); +unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_set_options(SSL *s, unsigned long op); + +# define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +# define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +# define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +# define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +# define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +# define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +# define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) + +# define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_heartbeat(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL) +# endif + +# define SSL_CTX_set_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_set_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_CTX_clear_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +# define SSL_clear_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +# define SSL_get_extms_support(s) \ + SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) + +# ifndef OPENSSL_NO_SRP + +/* see tls_srp.c */ +__owur int SSL_SRP_CTX_init(SSL *s); +__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +int SSL_SRP_CTX_free(SSL *ctx); +int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +__owur int SSL_srp_server_param_with_username(SSL *s, int *ad); +__owur int SRP_Calc_A_param(SSL *s); + +# endif + +/* 100k max cert list */ +# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 + +# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* + * This callback type is used inside SSL_CTX, SSL, and in the functions that + * set them. It is used to override the generation of SSL/TLS session IDs in + * a server. Return value should be zero on an error, non-zero to proceed. + * Also, callbacks should themselves check if the id they generate is unique + * otherwise the SSL handshake will fail with an error - callbacks can do + * this using the 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in + * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 + * bytes. The callback can alter this length to be less if desired. It is + * also an error for the callback to set the size to zero. + */ +typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, + unsigned int *id_len); + +# define SSL_SESS_CACHE_OFF 0x0000 +# define SSL_SESS_CACHE_CLIENT 0x0001 +# define SSL_SESS_CACHE_SERVER 0x0002 +# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +# define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); +# define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +# define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +# define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +# define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +# define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +# define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +# define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +# define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +# define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +# define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*new_session_cb) (struct ssl_st *ssl, + SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*remove_session_cb) (struct ssl_ctx_st + *ctx, + SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, + SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb) (struct ssl_st + *ssl, + const unsigned char + *data, int len, + int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, + int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +# ifndef OPENSSL_NO_ENGINE +__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +# endif +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb) (SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb) (SSL *ssl, + const unsigned + char *cookie, + unsigned int + cookie_len)); + +void SSL_CTX_set_stateless_cookie_generate_cb( + SSL_CTX *ctx, + int (*gen_stateless_cookie_cb) (SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); +void SSL_CTX_set_stateless_cookie_verify_cb( + SSL_CTX *ctx, + int (*verify_stateless_cookie_cb) (SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); +# ifndef OPENSSL_NO_NEXTPROTONEG + +typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg); +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + +typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, + SSL_CTX_npn_select_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); +# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated +# endif + +__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); + +# define OPENSSL_NPN_UNSUPPORTED 0 +# define OPENSSL_NPN_NEGOTIATED 1 +# define OPENSSL_NPN_NO_OVERLAP 2 + +__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned int protos_len); +__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned int protos_len); +typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + SSL_CTX_alpn_select_cb_func cb, + void *arg); +void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned int *len); + +# ifndef OPENSSL_NO_PSK +/* + * the maximum length of the buffer given to callbacks containing the + * resulting identity/psk + */ +# define PSK_MAX_IDENTITY_LEN 128 +# define PSK_MAX_PSK_LEN 256 +typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); + +typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); + +__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +const char *SSL_get_psk_identity_hint(const SSL *s); +const char *SSL_get_psk_identity(const SSL *s); +# endif + +typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); +typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); + +void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, + SSL_psk_find_session_cb_func cb); +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, + SSL_psk_use_session_cb_func cb); + +/* Register callbacks to handle custom TLS Extensions for client or server. */ + +__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, + unsigned int ext_type); + +__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg); + +__owur int SSL_extension_supported(unsigned int ext_type); + +# define SSL_NOTHING 1 +# define SSL_WRITING 2 +# define SSL_READING 3 +# define SSL_X509_LOOKUP 4 +# define SSL_ASYNC_PAUSED 5 +# define SSL_ASYNC_NO_JOBS 6 +# define SSL_CLIENT_HELLO_CB 7 + +/* These will only be used when doing non-blocking IO */ +# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +# define SSL_want_read(s) (SSL_want(s) == SSL_READING) +# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) + +# define SSL_MAC_FLAG_READ_MAC_STREAM 1 +# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + +/* + * A callback for logging out TLS key material. This callback should log out + * |line| followed by a newline. + */ +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); + +/* + * SSL_CTX_set_keylog_callback configures a callback to log key material. This + * is intended for debugging use with tools like Wireshark. The cb function + * should log line followed by a newline. + */ +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); + +/* + * SSL_CTX_get_keylog_callback returns the callback configured by + * SSL_CTX_set_keylog_callback. + */ +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); + +int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +uint32_t SSL_get_max_early_data(const SSL *s); +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +uint32_t SSL_get_recv_max_early_data(const SSL *s); + +#ifdef __cplusplus +} +#endif + +# include +# include +# include /* This is mostly sslv3 with a few tweaks */ +# include /* Datagram TLS */ +# include /* Support for the use_srtp extension */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * These need to be after the above set of includes due to a compiler bug + * in VisualStudio 2015 + */ +DEFINE_STACK_OF_CONST(SSL_CIPHER) +DEFINE_STACK_OF(SSL_COMP) + +/* compatibility */ +# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) +# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ + (char *)(a))) +# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg))) +DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) + +/* TLSv1.3 KeyUpdate message types */ +/* -1 used so that this is an invalid value for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NONE -1 +/* Values as defined for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 +#define SSL_KEY_UPDATE_REQUESTED 1 + +/* + * The valid handshake states (one for each type message sent and one for each + * type of message received). There are also two "special" states: + * TLS = TLS or DTLS state + * DTLS = DTLS specific state + * CR/SR = Client Read/Server Read + * CW/SW = Client Write/Server Write + * + * The "special" states are: + * TLS_ST_BEFORE = No handshake has been initiated yet + * TLS_ST_OK = A handshake has been successfully completed + */ +typedef enum { + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED, + TLS_ST_SW_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_CERT_VRFY, + TLS_ST_SW_CERT_VRFY, + TLS_ST_CR_HELLO_REQ, + TLS_ST_SW_KEY_UPDATE, + TLS_ST_CW_KEY_UPDATE, + TLS_ST_SR_KEY_UPDATE, + TLS_ST_CR_KEY_UPDATE, + TLS_ST_EARLY_DATA, + TLS_ST_PENDING_EARLY_DATA_END, + TLS_ST_CW_END_OF_EARLY_DATA, + TLS_ST_SR_END_OF_EARLY_DATA +} OSSL_HANDSHAKE_STATE; + +/* + * Most of the following state values are no longer used and are defined to be + * the closest equivalent value in the current state machine code. Not all + * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT + * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, + * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. + */ + +# define SSL_ST_CONNECT 0x1000 +# define SSL_ST_ACCEPT 0x2000 + +# define SSL_ST_MASK 0x0FFF + +# define SSL_CB_LOOP 0x01 +# define SSL_CB_EXIT 0x02 +# define SSL_CB_READ 0x04 +# define SSL_CB_WRITE 0x08 +# define SSL_CB_ALERT 0x4000/* used in callback */ +# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +# define SSL_CB_HANDSHAKE_START 0x10 +# define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +int SSL_in_init(const SSL *s); +int SSL_in_before(const SSL *s); +int SSL_is_init_finished(const SSL *s); + +/* + * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you + * should not need these + */ +# define SSL_ST_READ_HEADER 0xF0 +# define SSL_ST_READ_BODY 0xF1 +# define SSL_ST_READ_DONE 0xF2 + +/*- + * Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. + */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* + * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are + * 'ored' with SSL_VERIFY_PEER if they are desired + */ +# define SSL_VERIFY_NONE 0x00 +# define SSL_VERIFY_PEER 0x01 +# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +# define SSL_VERIFY_CLIENT_ONCE 0x04 +# define SSL_VERIFY_POST_HANDSHAKE 0x08 + +# if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSL_add_ssl_algorithms() SSL_library_init() +# define SSLeay_add_ssl_algorithms() SSL_library_init() +# endif + +/* More backward compatibility */ +# define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +# define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +# define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_time(a) SSL_SESSION_get_time(a) +# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value + * from SSL_AD_... */ +/* These alert types are for SSLv3 and TLSv1 */ +# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +/* fatal */ +# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC +# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +/* fatal */ +# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE +# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +/* fatal */ +# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR +# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +/* fatal */ +# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR +# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION +# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED +# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +/* fatal */ +# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL +# define SSL_ERROR_NONE 0 +# define SSL_ERROR_SSL 1 +# define SSL_ERROR_WANT_READ 2 +# define SSL_ERROR_WANT_WRITE 3 +# define SSL_ERROR_WANT_X509_LOOKUP 4 +# define SSL_ERROR_SYSCALL 5/* look at error stack/return + * value/errno */ +# define SSL_ERROR_ZERO_RETURN 6 +# define SSL_ERROR_WANT_CONNECT 7 +# define SSL_ERROR_WANT_ACCEPT 8 +# define SSL_ERROR_WANT_ASYNC 9 +# define SSL_ERROR_WANT_ASYNC_JOB 10 +# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 +# define SSL_CTRL_SET_TMP_DH 3 +# define SSL_CTRL_SET_TMP_ECDH 4 +# define SSL_CTRL_SET_TMP_DH_CB 6 +# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +# define SSL_CTRL_GET_FLAGS 13 +# define SSL_CTRL_EXTRA_CHAIN_CERT 14 +# define SSL_CTRL_SET_MSG_CALLBACK 15 +# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +/* only applies to datagram connections */ +# define SSL_CTRL_SET_MTU 17 +/* Stats */ +# define SSL_CTRL_SESS_NUMBER 20 +# define SSL_CTRL_SESS_CONNECT 21 +# define SSL_CTRL_SESS_CONNECT_GOOD 22 +# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +# define SSL_CTRL_SESS_ACCEPT 24 +# define SSL_CTRL_SESS_ACCEPT_GOOD 25 +# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +# define SSL_CTRL_SESS_HIT 27 +# define SSL_CTRL_SESS_CB_HIT 28 +# define SSL_CTRL_SESS_MISSES 29 +# define SSL_CTRL_SESS_TIMEOUTS 30 +# define SSL_CTRL_SESS_CACHE_FULL 31 +# define SSL_CTRL_MODE 33 +# define SSL_CTRL_GET_READ_AHEAD 40 +# define SSL_CTRL_SET_READ_AHEAD 41 +# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +# define SSL_CTRL_SET_SESS_CACHE_MODE 44 +# define SSL_CTRL_GET_SESS_CACHE_MODE 45 +# define SSL_CTRL_GET_MAX_CERT_LIST 50 +# define SSL_CTRL_SET_MAX_CERT_LIST 51 +# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 +/* see tls1.h for macros based on these */ +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85 +# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86 +# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87 +# endif +# define DTLS_CTRL_GET_TIMEOUT 73 +# define DTLS_CTRL_HANDLE_TIMEOUT 74 +# define SSL_CTRL_GET_RI_SUPPORT 76 +# define SSL_CTRL_CLEAR_MODE 78 +# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 +# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +# define SSL_CTRL_CHAIN 88 +# define SSL_CTRL_CHAIN_CERT 89 +# define SSL_CTRL_GET_GROUPS 90 +# define SSL_CTRL_SET_GROUPS 91 +# define SSL_CTRL_SET_GROUPS_LIST 92 +# define SSL_CTRL_GET_SHARED_GROUP 93 +# define SSL_CTRL_SET_SIGALGS 97 +# define SSL_CTRL_SET_SIGALGS_LIST 98 +# define SSL_CTRL_CERT_FLAGS 99 +# define SSL_CTRL_CLEAR_CERT_FLAGS 100 +# define SSL_CTRL_SET_CLIENT_SIGALGS 101 +# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +# define SSL_CTRL_BUILD_CERT_CHAIN 105 +# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 +# define SSL_CTRL_GET_RAW_CIPHERLIST 110 +# define SSL_CTRL_GET_EC_POINT_FORMATS 111 +# define SSL_CTRL_GET_CHAIN_CERTS 115 +# define SSL_CTRL_SELECT_CURRENT_CERT 116 +# define SSL_CTRL_SET_CURRENT_CERT 117 +# define SSL_CTRL_SET_DH_AUTO 118 +# define DTLS_CTRL_SET_LINK_MTU 120 +# define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CTRL_GET_EXTMS_SUPPORT 122 +# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +# define SSL_CTRL_SET_MAX_PIPELINES 126 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 +# define SSL_CERT_SET_FIRST 1 +# define SSL_CERT_SET_NEXT 2 +# define SSL_CERT_SET_SERVER 3 +# define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) +# define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +# define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) +# define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) +# define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) +# define SSL_CTX_set0_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_CTX_set1_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_CTX_add0_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_add1_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_CTX_get0_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx,NULL) +# define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_CTX_select_current_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_CTX_set0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_set0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_set0_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_set1_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_add0_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_add1_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_get0_chain_certs(s,px509) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_clear_chain_certs(s) \ + SSL_set0_chain(s,NULL) +# define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_select_current_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_set_current_cert(s,op) \ + SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_set0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_set1_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_set0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_set1_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_get1_groups(s, glist) \ + SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) +# define SSL_set1_groups(s, glist, glistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_set1_groups_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) +# define SSL_get_shared_group(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) +# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) +# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_client_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_client_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) +# define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) +# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ + (char *)(clist)) +# define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) +# define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) +# define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) +# define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) +# define SSL_CTX_set_min_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +# define SSL_set_min_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_set_max_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) + +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + +/* + * The following symbol names are old and obsolete. They are kept + * for compatibility reasons only and should not be used anymore. + */ +# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS +# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST +# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP + +# define SSL_get1_curves SSL_get1_groups +# define SSL_CTX_set1_curves SSL_CTX_set1_groups +# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +# define SSL_set1_curves SSL_set1_groups +# define SSL_set1_curves_list SSL_set1_groups_list +# define SSL_get_shared_curve SSL_get_shared_group + + +# if OPENSSL_API_COMPAT < 0x10100000L +/* Provide some compatibility macros for removed functionality. */ +# define SSL_CTX_need_tmp_RSA(ctx) 0 +# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +# define SSL_need_tmp_RSA(ssl) 0 +# define SSL_set_tmp_rsa(ssl,rsa) 1 +# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +/* + * We "pretend" to call the callback to avoid warnings about unused static + * functions. + */ +# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) +# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) +# endif +__owur const BIO_METHOD *BIO_f_ssl(void); +__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +int SSL_CTX_up_ref(SSL_CTX *ctx); +void SSL_CTX_free(SSL_CTX *); +__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); +__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); +__owur int SSL_want(const SSL *s); +__owur int SSL_clear(SSL *s); + +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + +__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); +__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +__owur const char *OPENSSL_cipher_name(const char *rfc_name); +__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + +__owur int SSL_get_fd(const SSL *s); +__owur int SSL_get_rfd(const SSL *s); +__owur int SSL_get_wfd(const SSL *s); +__owur const char *SSL_get_cipher_list(const SSL *s, int n); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +__owur int SSL_get_read_ahead(const SSL *s); +__owur int SSL_pending(const SSL *s); +__owur int SSL_has_pending(const SSL *s); +# ifndef OPENSSL_NO_SOCK +__owur int SSL_set_fd(SSL *s, int fd); +__owur int SSL_set_rfd(SSL *s, int fd); +__owur int SSL_set_wfd(SSL *s, int fd); +# endif +void SSL_set0_rbio(SSL *s, BIO *rbio); +void SSL_set0_wbio(SSL *s, BIO *wbio); +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); +__owur BIO *SSL_get_rbio(const SSL *s); +__owur BIO *SSL_get_wbio(const SSL *s); +__owur int SSL_set_cipher_list(SSL *s, const char *str); +__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +__owur int SSL_set_ciphersuites(SSL *s, const char *str); +void SSL_set_read_ahead(SSL *s, int yes); +__owur int SSL_get_verify_mode(const SSL *s); +__owur int SSL_get_verify_depth(const SSL *s); +__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); +void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); +void SSL_set_verify_depth(SSL *s, int depth); +void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, + long len); +# endif +__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, + long len); +__owur int SSL_use_certificate(SSL *ssl, X509 *x); +__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + + +/* serverinfo file format versions */ +# define SSL_SERVERINFOV1 1 +# define SSL_SERVERINFOV2 2 + +/* Set serverinfo data for the current active cert. */ +__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, + const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +#endif + +__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +#endif +__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, + int type); +/* PEM type */ +__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_load_error_strings() \ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# endif + +__owur const char *SSL_state_string(const SSL *s); +__owur const char *SSL_rstate_string(const SSL *s); +__owur const char *SSL_state_string_long(const SSL *s); +__owur const char *SSL_rstate_string_long(const SSL *s); +__owur long SSL_SESSION_get_time(const SSL_SESSION *s); +__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); +__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); +__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); + +__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); +__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, + const unsigned char *alpn, + size_t len); +__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); +__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, + size_t *len); +__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, + uint32_t max_early_data); +__owur int SSL_copy_session_id(SSL *to, const SSL *from); +__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); +__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + unsigned int sid_len); +__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); + +__owur SSL_SESSION *SSL_SESSION_new(void); +__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); +const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, + unsigned int *len); +__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +# ifndef OPENSSL_NO_STDIO +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +# endif +int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +int SSL_SESSION_up_ref(SSL_SESSION *ses); +void SSL_SESSION_free(SSL_SESSION *ses); +__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +__owur int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); +int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); +__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); +__owur int SSL_has_matching_session_id(const SSL *s, + const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); + +# ifdef HEADER_X509_H +__owur X509 *SSL_get_peer_certificate(const SSL *s); +# endif + +__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*cb) (X509_STORE_CTX *, void *), + void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), + void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, + long len); +# endif +__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, + const unsigned char *d, long len); +__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d); +__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +void *SSL_get_default_passwd_cb_userdata(SSL *s); + +__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); +__owur int SSL_check_private_key(const SSL *ctx); + +__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL *SSL_new(SSL_CTX *ctx); +int SSL_up_ref(SSL *s); +int SSL_is_dtls(const SSL *s); +__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); +__owur int SSL_set_purpose(SSL *ssl, int purpose); +__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); +__owur int SSL_set_trust(SSL *ssl, int trust); + +__owur int SSL_set1_host(SSL *s, const char *hostname); +__owur int SSL_add1_host(SSL *s, const char *hostname); +__owur const char *SSL_get0_peername(SSL *s); +void SSL_set_hostflags(SSL *s, unsigned int flags); + +__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); +__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, + uint8_t mtype, uint8_t ord); +__owur int SSL_dane_enable(SSL *s, const char *basedomain); +__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, + uint8_t mtype, unsigned const char *data, size_t dlen); +__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, + uint8_t *mtype, unsigned const char **data, + size_t *dlen); +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +SSL_DANE *SSL_get0_dane(SSL *ssl); +/* + * DANE flags + */ +unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); + +__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + +# ifndef OPENSSL_NO_SRP +int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, + char *(*cb) (SSL *, void *)); +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, + int (*cb) (SSL *, void *)); +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, + int (*cb) (SSL *, int *, void *)); +int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); + +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + BIGNUM *sa, BIGNUM *v, char *info); +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +__owur BIGNUM *SSL_get_srp_g(SSL *s); +__owur BIGNUM *SSL_get_srp_N(SSL *s); + +__owur char *SSL_get_srp_username(SSL *s); +__owur char *SSL_get_srp_userinfo(SSL *s); +# endif + +/* + * ClientHello callback and helpers. + */ + +# define SSL_CLIENT_HELLO_SUCCESS 1 +# define SSL_CLIENT_HELLO_ERROR 0 +# define SSL_CLIENT_HELLO_RETRY (-1) + +typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); +void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, + void *arg); +int SSL_client_hello_isv2(SSL *s); +unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_compression_methods(SSL *s, + const unsigned char **out); +int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get0_ext(SSL *s, unsigned int type, + const unsigned char **out, size_t *outlen); + +void SSL_certs_clear(SSL *s); +void SSL_free(SSL *ssl); +# ifdef OSSL_ASYNC_FD +/* + * Windows application developer has to include windows.h to use these. + */ +__owur int SSL_waiting_for_async(SSL *s); +__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); +__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +# endif +__owur int SSL_accept(SSL *ssl); +__owur int SSL_stateless(SSL *s); +__owur int SSL_connect(SSL *ssl); +__owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); + +# define SSL_READ_EARLY_DATA_ERROR 0 +# define SSL_READ_EARLY_DATA_SUCCESS 1 +# define SSL_READ_EARLY_DATA_FINISH 2 + +__owur int SSL_read_early_data(SSL *s, void *buf, size_t num, + size_t *readbytes); +__owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +__owur int SSL_write(SSL *ssl, const void *buf, int num); +__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, + size_t *written); +long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +# define SSL_EARLY_DATA_NOT_SENT 0 +# define SSL_EARLY_DATA_REJECTED 1 +# define SSL_EARLY_DATA_ACCEPTED 2 + +__owur int SSL_get_early_data_status(const SSL *s); + +__owur int SSL_get_error(const SSL *s, int ret_code); +__owur const char *SSL_get_version(const SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +# ifndef OPENSSL_NO_SSL3_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) +# endif + +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method + +/* Negotiate highest available SSL/TLS version */ +__owur const SSL_METHOD *TLS_method(void); +__owur const SSL_METHOD *TLS_server_method(void); +__owur const SSL_METHOD *TLS_client_method(void); + +# ifndef OPENSSL_NO_TLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_2_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_2_METHOD +/* DTLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) +# endif + +__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ + +__owur size_t DTLS_get_data_mtu(const SSL *s); + +__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); + +__owur int SSL_do_handshake(SSL *s); +int SSL_key_update(SSL *s, int updatetype); +int SSL_get_key_update_type(const SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); +__owur int SSL_renegotiate_pending(const SSL *s); +int SSL_shutdown(SSL *s); +__owur int SSL_verify_client_post_handshake(SSL *s); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +void SSL_set_post_handshake_auth(SSL *s, int val); + +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); +__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +__owur const char *SSL_alert_type_string_long(int value); +__owur const char *SSL_alert_type_string(int value); +__owur const char *SSL_alert_desc_string_long(int value); +__owur const char *SSL_alert_desc_string(int value); + +void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +__owur int SSL_add_client_CA(SSL *ssl, X509 *x); +__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +__owur long SSL_get_default_timeout(const SSL *s); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +# endif + +__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); + +__owur SSL *SSL_dup(SSL *ssl); + +__owur X509 *SSL_get_certificate(const SSL *ssl); +/* + * EVP_PKEY + */ +struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl, int mode); +__owur int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl, int mode); +__owur int SSL_get_shutdown(const SSL *ssl); +__owur int SSL_version(const SSL *ssl); +__owur int SSL_client_version(const SSL *s); +__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); +# define SSL_get0_session SSL_get_session/* just peek at pointer */ +__owur SSL_SESSION *SSL_get_session(const SSL *ssl); +__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, + int val); +__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + +void SSL_set_verify_result(SSL *ssl, long v); +__owur long SSL_get_verify_result(const SSL *ssl); +__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); + +__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, + unsigned char *out, size_t outlen); +__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, + const unsigned char *in, size_t len); +uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); + +#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) +__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); +void *SSL_get_ex_data(const SSL *ssl, int idx); +#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) +__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) +__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); + +__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); + +# define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +# define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +# define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +# define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +# define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +# define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +# define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +# define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + +# define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_split_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_set_split_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_max_pipelines(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_max_pipelines(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) + +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +void SSL_set_default_read_buffer_len(SSL *s, size_t len); + +# ifndef OPENSSL_NO_DH +/* NB: the |keylength| is only applicable when is_export is true */ +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +# endif + +__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); +__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); +__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); +__owur int SSL_COMP_get_id(const SSL_COMP *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths); +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_COMP_free_compression_methods() while(0) continue +# endif +__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); + +/* TLS extensions functions */ +__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +__owur int SSL_set_session_ticket_ext_cb(SSL *s, + tls_session_ticket_ext_cb_fn cb, + void *arg); + +/* Pre-shared secret session resumption functions */ +__owur int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn session_secret_cb, + void *arg); + +void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + int + is_forward_secure)); + +void SSL_set_not_resumable_session_callback(SSL *ssl, + int (*cb) (SSL *ssl, + int is_forward_secure)); + +void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); + +void SSL_set_record_padding_callback(SSL *ssl, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +void *SSL_get_record_padding_callback_arg(const SSL *ssl); +int SSL_set_block_padding(SSL *ssl, size_t block_size); + +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(const SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_cache_hit(s) SSL_session_reused(s) +# endif + +__owur int SSL_session_reused(const SSL *s); +__owur int SSL_is_server(const SSL *s); + +__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); +int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); +void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, + unsigned int flags); +__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); + +void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + +__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + +void SSL_add_ssl_module(void); +int SSL_config(SSL *s, const char *name); +int SSL_CTX_config(SSL_CTX *ctx, const char *name); + +# ifndef OPENSSL_NO_SSL_TRACE +void SSL_trace(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); +# endif + +# ifndef OPENSSL_NO_SOCK +int DTLSv1_listen(SSL *s, BIO_ADDR *client); +# endif + +# ifndef OPENSSL_NO_CT + +/* + * A callback for verifying that the received SCTs are sufficient. + * Expected to return 1 if they are sufficient, otherwise 0. + * May return a negative integer if an error occurs. + * A connection should be aborted if the SCTs are deemed insufficient. + */ +typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); + +/* + * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate + * the received SCTs. + * If the callback returns a non-positive result, the connection is terminated. + * Call this function before beginning a handshake. + * If a NULL |callback| is provided, SCT validation is disabled. + * |arg| is arbitrary userdata that will be passed to the callback whenever it + * is invoked. Ownership of |arg| remains with the caller. + * + * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response + * will be requested. + */ +int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, + void *arg); +int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, + ssl_ct_validation_cb callback, + void *arg); +#define SSL_disable_ct(s) \ + ((void) SSL_set_validation_callback((s), NULL, NULL)) +#define SSL_CTX_disable_ct(ctx) \ + ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) + +/* + * The validation type enumerates the available behaviours of the built-in SSL + * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). + * The underlying callback is a static function in libssl. + */ +enum { + SSL_CT_VALIDATION_PERMISSIVE = 0, + SSL_CT_VALIDATION_STRICT +}; + +/* + * Enable CT by setting up a callback that implements one of the built-in + * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always + * continues the handshake, the application can make appropriate decisions at + * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at + * least one valid SCT, or else handshake termination will be requested. The + * handshake may continue anyway if SSL_VERIFY_NONE is in effect. + */ +int SSL_enable_ct(SSL *s, int validation_mode); +int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); + +/* + * Report whether a non-NULL callback is enabled. + */ +int SSL_ct_is_enabled(const SSL *s); +int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); + +/* Gets the SCTs received from a connection */ +const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); + +/* + * Loads the CT log list from the default location. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); + +/* + * Loads the CT log list from the specified file path. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); + +/* + * Sets the CT log list used by all SSL connections created from this SSL_CTX. + * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. + */ +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); + +/* + * Gets the CT log list used by all SSL connections created from this SSL_CTX. + * This will be NULL unless one of the following functions has been called: + * - SSL_CTX_set_default_ctlog_list_file + * - SSL_CTX_set_ctlog_list_file + * - SSL_CTX_set_ctlog_store + */ +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); + +# endif /* OPENSSL_NO_CT */ + +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +# define SSL_SECOP_OTHER_TYPE 0xffff0000 +# define SSL_SECOP_OTHER_NONE 0 +# define SSL_SECOP_OTHER_CIPHER (1 << 16) +# define SSL_SECOP_OTHER_CURVE (2 << 16) +# define SSL_SECOP_OTHER_DH (3 << 16) +# define SSL_SECOP_OTHER_PKEY (4 << 16) +# define SSL_SECOP_OTHER_SIGALG (5 << 16) +# define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +# define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +/* SSL/TLS version */ +# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *s, int level); +__owur int SSL_get_security_level(const SSL *s); +void SSL_set_security_callback(SSL *s, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); +void SSL_set0_security_ex_data(SSL *s, void *ex); +__owur void *SSL_get0_security_ex_data(const SSL *s); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); +void SSL_CTX_set_security_callback(SSL_CTX *ctx, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex); +void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); + +/* OPENSSL_INIT flag 0x010000 reserved for internal use */ +# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L + +# define OPENSSL_INIT_SSL_DEFAULT \ + (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) + +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + +# ifndef OPENSSL_NO_UNIT_TEST +__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); +# endif + +__owur int SSL_free_buffers(SSL *ssl); +__owur int SSL_alloc_buffers(SSL *ssl); + +/* Status codes passed to the decrypt session ticket callback. Some of these + * are for internal use only and are never passed to the callback. */ +typedef int SSL_TICKET_STATUS; + +/* Support for ticket appdata */ +/* fatal error, malloc failure */ +# define SSL_TICKET_FATAL_ERR_MALLOC 0 +/* fatal error, either from parsing or decrypting the ticket */ +# define SSL_TICKET_FATAL_ERR_OTHER 1 +/* No ticket present */ +# define SSL_TICKET_NONE 2 +/* Empty ticket present */ +# define SSL_TICKET_EMPTY 3 +/* the ticket couldn't be decrypted */ +# define SSL_TICKET_NO_DECRYPT 4 +/* a ticket was successfully decrypted */ +# define SSL_TICKET_SUCCESS 5 +/* same as above but the ticket needs to be renewed */ +# define SSL_TICKET_SUCCESS_RENEW 6 + +/* Return codes for the decrypt session ticket callback */ +typedef int SSL_TICKET_RETURN; + +/* An error occurred */ +#define SSL_TICKET_RETURN_ABORT 0 +/* Do not use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE 1 +/* Do not use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +/* Use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE 3 +/* Use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE_RENEW 4 + +typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg); +int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); +int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); + +extern const char SSL_version_str[]; + +typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); + +void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); + + +typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg); +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ssl2.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ssl2.h new file mode 100644 index 00000000..5321bd27 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ssl2.h @@ -0,0 +1,24 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL2_H +# define HEADER_SSL2_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL2_VERSION 0x0002 + +# define SSL2_MT_CLIENT_HELLO 1 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ssl3.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ssl3.h new file mode 100644 index 00000000..8d01fcc4 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ssl3.h @@ -0,0 +1,339 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL3_H +# define HEADER_SSL3_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + */ +# define SSL3_CK_SCSV 0x030000FF + +/* + * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) + */ +# define SSL3_CK_FALLBACK_SCSV 0x03005600 + +# define SSL3_CK_RSA_NULL_MD5 0x03000001 +# define SSL3_CK_RSA_NULL_SHA 0x03000002 +# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA + +# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" +# define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" +# define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" +# define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" +# define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" +# define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" + +# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* + * This next block of six "EDH" labels is for backward compatibility with + * older versions of OpenSSL. New code should use the six "DHE" labels above + * instead: + */ +# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +# define SSL3_SSL_SESSION_ID_LENGTH 32 +# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +# define SSL3_MASTER_SECRET_SIZE 48 +# define SSL3_RANDOM_SIZE 32 +# define SSL3_SESSION_ID_SIZE 32 +# define SSL3_RT_HEADER_LENGTH 5 + +# define SSL3_HM_HEADER_LENGTH 4 + +# ifndef SSL3_ALIGN_PAYLOAD + /* + * Some will argue that this increases memory footprint, but it's not + * actually true. Point is that malloc has to return at least 64-bit aligned + * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. + * Suggested pre-gaping simply moves these wasted bytes from the end of + * allocated region to its front, but makes data payload aligned, which + * improves performance:-) + */ +# define SSL3_ALIGN_PAYLOAD 8 +# else +# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 +# error "insane SSL3_ALIGN_PAYLOAD" +# undef SSL3_ALIGN_PAYLOAD +# endif +# endif + +/* + * This is the maximum MAC (digest) size used by the SSL library. Currently + * maximum of 20 is used by SHA1, but we reserve for future extension for + * 512-bit hashes. + */ + +# define SSL3_RT_MAX_MD_SIZE 64 + +/* + * Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +# define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* + * The standards give a maximum encryption overhead of 1024 bytes. In + * practice the value is lower than this. The overhead is the maximum number + * of padding bytes (256) plus the mac size. + */ +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 + +/* + * OpenSSL currently only uses a padding length of at most one block so the + * send overhead is smaller. + */ + +# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ + +# ifdef OPENSSL_NO_COMP +# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +# else +# define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) +# endif +# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) +# define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + +# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +# define SSL3_VERSION 0x0300 +# define SSL3_VERSION_MAJOR 0x03 +# define SSL3_VERSION_MINOR 0x00 + +# define SSL3_RT_CHANGE_CIPHER_SPEC 20 +# define SSL3_RT_ALERT 21 +# define SSL3_RT_HANDSHAKE 22 +# define SSL3_RT_APPLICATION_DATA 23 +# define DTLS1_RT_HEARTBEAT 24 + +/* Pseudo content types to indicate additional parameters */ +# define TLS1_RT_CRYPTO 0x1000 +# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +# define TLS1_RT_CRYPTO_READ 0x0000 +# define TLS1_RT_CRYPTO_WRITE 0x0100 +# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + +/* Pseudo content types for SSL/TLS header info */ +# define SSL3_RT_HEADER 0x100 +# define SSL3_RT_INNER_CONTENT_TYPE 0x101 + +# define SSL3_AL_WARNING 1 +# define SSL3_AL_FATAL 2 + +# define SSL3_AD_CLOSE_NOTIFY 0 +# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ +# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ +# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ +# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ +# define SSL3_AD_NO_CERTIFICATE 41 +# define SSL3_AD_BAD_CERTIFICATE 42 +# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +# define SSL3_AD_CERTIFICATE_REVOKED 44 +# define SSL3_AD_CERTIFICATE_EXPIRED 45 +# define SSL3_AD_CERTIFICATE_UNKNOWN 46 +# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ + +# define TLS1_HB_REQUEST 1 +# define TLS1_HB_RESPONSE 2 + + +# define SSL3_CT_RSA_SIGN 1 +# define SSL3_CT_DSS_SIGN 2 +# define SSL3_CT_RSA_FIXED_DH 3 +# define SSL3_CT_DSS_FIXED_DH 4 +# define SSL3_CT_RSA_EPHEMERAL_DH 5 +# define SSL3_CT_DSS_EPHEMERAL_DH 6 +# define SSL3_CT_FORTEZZA_DMS 20 +/* + * SSL3_CT_NUMBER is used to size arrays and it must be large enough to + * contain all of the cert types defined for *either* SSLv3 and TLSv1. + */ +# define SSL3_CT_NUMBER 10 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +/* No longer used as of OpenSSL 1.1.1 */ +# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 + +/* Removed from OpenSSL 1.1.0 */ +# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 + +# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + +/* Set if we encrypt then mac instead of usual mac then encrypt */ +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 +# define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ + +/* Set if extended master secret extension received from peer */ +# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 + +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 + +# define TLS1_FLAGS_STATELESS 0x0800 + +# define SSL3_MT_HELLO_REQUEST 0 +# define SSL3_MT_CLIENT_HELLO 1 +# define SSL3_MT_SERVER_HELLO 2 +# define SSL3_MT_NEWSESSION_TICKET 4 +# define SSL3_MT_END_OF_EARLY_DATA 5 +# define SSL3_MT_ENCRYPTED_EXTENSIONS 8 +# define SSL3_MT_CERTIFICATE 11 +# define SSL3_MT_SERVER_KEY_EXCHANGE 12 +# define SSL3_MT_CERTIFICATE_REQUEST 13 +# define SSL3_MT_SERVER_DONE 14 +# define SSL3_MT_CERTIFICATE_VERIFY 15 +# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +# define SSL3_MT_FINISHED 20 +# define SSL3_MT_CERTIFICATE_URL 21 +# define SSL3_MT_CERTIFICATE_STATUS 22 +# define SSL3_MT_SUPPLEMENTAL_DATA 23 +# define SSL3_MT_KEY_UPDATE 24 +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_MT_NEXT_PROTO 67 +# endif +# define SSL3_MT_MESSAGE_HASH 254 +# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + +/* Dummy message type for handling CCS like a normal handshake message */ +# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 + +# define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +# define SSL3_CC_READ 0x001 +# define SSL3_CC_WRITE 0x002 +# define SSL3_CC_CLIENT 0x010 +# define SSL3_CC_SERVER 0x020 +# define SSL3_CC_EARLY 0x040 +# define SSL3_CC_HANDSHAKE 0x080 +# define SSL3_CC_APPLICATION 0x100 +# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/sslerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/sslerr.h new file mode 100644 index 00000000..3d6850de --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/sslerr.h @@ -0,0 +1,772 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSLERR_H +# define HEADER_SSLERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_SSL_strings(void); + +/* + * SSL function codes. + */ +# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 438 +# define SSL_F_ADD_KEY_SHARE 512 +# define SSL_F_BYTES_TO_CIPHER_LIST 519 +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 +# define SSL_F_CIPHERSUITE_CB 622 +# define SSL_F_CONSTRUCT_CA_NAMES 552 +# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553 +# define SSL_F_CONSTRUCT_STATEFUL_TICKET 636 +# define SSL_F_CONSTRUCT_STATELESS_TICKET 637 +# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539 +# define SSL_F_CREATE_TICKET_PREQUEL 638 +# define SSL_F_CT_MOVE_SCTS 345 +# define SSL_F_CT_STRICT 349 +# define SSL_F_CUSTOM_EXT_ADD 554 +# define SSL_F_CUSTOM_EXT_PARSE 555 +# define SSL_F_D2I_SSL_SESSION 103 +# define SSL_F_DANE_CTX_ENABLE 347 +# define SSL_F_DANE_MTYPE_SET 393 +# define SSL_F_DANE_TLSA_ADD 394 +# define SSL_F_DERIVE_SECRET_KEY_AND_IV 514 +# define SSL_F_DO_DTLS1_WRITE 245 +# define SSL_F_DO_SSL3_WRITE 104 +# define SSL_F_DTLS1_BUFFER_RECORD 247 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 +# define SSL_F_DTLS1_HEARTBEAT 305 +# define SSL_F_DTLS1_HM_FRAGMENT_NEW 623 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 +# define SSL_F_DTLS1_PROCESS_RECORD 257 +# define SSL_F_DTLS1_READ_BYTES 258 +# define SSL_F_DTLS1_READ_FAILED 339 +# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390 +# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +# define SSL_F_DTLS1_WRITE_BYTES 545 +# define SSL_F_DTLSV1_LISTEN 350 +# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371 +# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 +# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 +# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +# define SSL_F_DTLS_RECORD_LAYER_NEW 635 +# define SSL_F_DTLS_WAIT_FOR_DRY 592 +# define SSL_F_EARLY_DATA_COUNT_OK 532 +# define SSL_F_FINAL_EARLY_DATA 556 +# define SSL_F_FINAL_EC_PT_FORMATS 485 +# define SSL_F_FINAL_EMS 486 +# define SSL_F_FINAL_KEY_SHARE 503 +# define SSL_F_FINAL_MAXFRAGMENTLEN 557 +# define SSL_F_FINAL_RENEGOTIATE 483 +# define SSL_F_FINAL_SERVER_NAME 558 +# define SSL_F_FINAL_SIG_ALGS 497 +# define SSL_F_GET_CERT_VERIFY_TBS_DATA 588 +# define SSL_F_NSS_KEYLOG_INT 500 +# define SSL_F_OPENSSL_INIT_SSL 342 +# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436 +# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 598 +# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 430 +# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 593 +# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 594 +# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 +# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 599 +# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 437 +# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 600 +# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431 +# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 601 +# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 602 +# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 603 +# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 +# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 604 +# define SSL_F_PARSE_CA_NAMES 541 +# define SSL_F_PITEM_NEW 624 +# define SSL_F_PQUEUE_NEW 625 +# define SSL_F_PROCESS_KEY_SHARE_EXT 439 +# define SSL_F_READ_STATE_MACHINE 352 +# define SSL_F_SET_CLIENT_CIPHERSUITE 540 +# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 595 +# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 589 +# define SSL_F_SRP_VERIFY_SERVER_PARAM 596 +# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +# define SSL_F_SSL3_CTRL 213 +# define SSL_F_SSL3_CTX_CTRL 133 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 +# define SSL_F_SSL3_ENC 608 +# define SSL_F_SSL3_FINAL_FINISH_MAC 285 +# define SSL_F_SSL3_FINISH_MAC 587 +# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 +# define SSL_F_SSL3_GET_RECORD 143 +# define SSL_F_SSL3_INIT_FINISHED_MAC 397 +# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +# define SSL_F_SSL3_READ_BYTES 148 +# define SSL_F_SSL3_READ_N 149 +# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +# define SSL_F_SSL3_SETUP_READ_BUFFER 156 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +# define SSL_F_SSL3_WRITE_BYTES 158 +# define SSL_F_SSL3_WRITE_PENDING 159 +# define SSL_F_SSL_ADD_CERT_CHAIN 316 +# define SSL_F_SSL_ADD_CERT_TO_BUF 319 +# define SSL_F_SSL_ADD_CERT_TO_WPACKET 493 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 +# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 +# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 +# define SSL_F_SSL_BAD_METHOD 160 +# define SSL_F_SSL_BUILD_CERT_CHAIN 332 +# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +# define SSL_F_SSL_CACHE_CIPHERLIST 520 +# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346 +# define SSL_F_SSL_CERT_DUP 221 +# define SSL_F_SSL_CERT_NEW 162 +# define SSL_F_SSL_CERT_SET0_CHAIN 340 +# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 +# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 606 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 +# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 607 +# define SSL_F_SSL_CIPHER_DESCRIPTION 626 +# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 425 +# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 +# define SSL_F_SSL_CLEAR 164 +# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 627 +# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +# define SSL_F_SSL_CONF_CMD 334 +# define SSL_F_SSL_CREATE_CIPHER_LIST 166 +# define SSL_F_SSL_CTRL 232 +# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +# define SSL_F_SSL_CTX_ENABLE_CT 398 +# define SSL_F_SSL_CTX_MAKE_PROFILES 309 +# define SSL_F_SSL_CTX_NEW 169 +# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 +# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 +# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396 +# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 +# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 551 +# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +# define SSL_F_SSL_CTX_USE_SERVERINFO 336 +# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 543 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 +# define SSL_F_SSL_DANE_DUP 403 +# define SSL_F_SSL_DANE_ENABLE 395 +# define SSL_F_SSL_DERIVE 590 +# define SSL_F_SSL_DO_CONFIG 391 +# define SSL_F_SSL_DO_HANDSHAKE 180 +# define SSL_F_SSL_DUP_CA_LIST 408 +# define SSL_F_SSL_ENABLE_CT 402 +# define SSL_F_SSL_GENERATE_PKEY_GROUP 559 +# define SSL_F_SSL_GENERATE_SESSION_ID 547 +# define SSL_F_SSL_GET_NEW_SESSION 181 +# define SSL_F_SSL_GET_PREV_SESSION 217 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 +# define SSL_F_SSL_GET_SIGN_PKEY 183 +# define SSL_F_SSL_HANDSHAKE_HASH 560 +# define SSL_F_SSL_INIT_WBIO_BUFFER 184 +# define SSL_F_SSL_KEY_UPDATE 515 +# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +# define SSL_F_SSL_LOG_MASTER_SECRET 498 +# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 499 +# define SSL_F_SSL_MODULE_INIT 392 +# define SSL_F_SSL_NEW 186 +# define SSL_F_SSL_NEXT_PROTO_VALIDATE 565 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 +# define SSL_F_SSL_PEEK 270 +# define SSL_F_SSL_PEEK_EX 432 +# define SSL_F_SSL_PEEK_INTERNAL 522 +# define SSL_F_SSL_READ 223 +# define SSL_F_SSL_READ_EARLY_DATA 529 +# define SSL_F_SSL_READ_EX 434 +# define SSL_F_SSL_READ_INTERNAL 523 +# define SSL_F_SSL_RENEGOTIATE 516 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 +# define SSL_F_SSL_SESSION_NEW 189 +# define SSL_F_SSL_SESSION_PRINT_FP 190 +# define SSL_F_SSL_SESSION_SET1_ID 423 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 +# define SSL_F_SSL_SET_ALPN_PROTOS 344 +# define SSL_F_SSL_SET_CERT 191 +# define SSL_F_SSL_SET_CERT_AND_KEY 621 +# define SSL_F_SSL_SET_CIPHER_LIST 271 +# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 +# define SSL_F_SSL_SET_FD 192 +# define SSL_F_SSL_SET_PKEY 193 +# define SSL_F_SSL_SET_RFD 194 +# define SSL_F_SSL_SET_SESSION 195 +# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 +# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 550 +# define SSL_F_SSL_SET_WFD 196 +# define SSL_F_SSL_SHUTDOWN 224 +# define SSL_F_SSL_SRP_CTX_INIT 313 +# define SSL_F_SSL_START_ASYNC_JOB 389 +# define SSL_F_SSL_UNDEFINED_FUNCTION 197 +# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +# define SSL_F_SSL_USE_CERTIFICATE 198 +# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 +# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 +# define SSL_F_SSL_USE_PRIVATEKEY 201 +# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 +# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +# define SSL_F_SSL_VALIDATE_CT 400 +# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 +# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 616 +# define SSL_F_SSL_WRITE 208 +# define SSL_F_SSL_WRITE_EARLY_DATA 526 +# define SSL_F_SSL_WRITE_EARLY_FINISH 527 +# define SSL_F_SSL_WRITE_EX 433 +# define SSL_F_SSL_WRITE_INTERNAL 524 +# define SSL_F_STATE_MACHINE 353 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 333 +# define SSL_F_TLS12_COPY_SIGALGS 533 +# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440 +# define SSL_F_TLS13_ENC 609 +# define SSL_F_TLS13_FINAL_FINISH_MAC 605 +# define SSL_F_TLS13_GENERATE_SECRET 591 +# define SSL_F_TLS13_HKDF_EXPAND 561 +# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 617 +# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 618 +# define SSL_F_TLS13_SETUP_KEY_BLOCK 441 +# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 +# define SSL_F_TLS1_ENC 401 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 +# define SSL_F_TLS1_GET_CURVELIST 338 +# define SSL_F_TLS1_PRF 284 +# define SSL_F_TLS1_SAVE_U16 628 +# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +# define SSL_F_TLS1_SET_GROUPS 629 +# define SSL_F_TLS1_SET_RAW_SIGALGS 630 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 335 +# define SSL_F_TLS1_SET_SHARED_SIGALGS 631 +# define SSL_F_TLS1_SET_SIGALGS 632 +# define SSL_F_TLS_CHOOSE_SIGALG 513 +# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 +# define SSL_F_TLS_COLLECT_EXTENSIONS 435 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 542 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 494 +# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 496 +# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427 +# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 +# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 +# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 +# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 +# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 +# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 +# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 484 +# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 487 +# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 488 +# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 489 +# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 466 +# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 355 +# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 535 +# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 530 +# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 467 +# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 468 +# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 469 +# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 356 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 357 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 470 +# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 549 +# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 471 +# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 472 +# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 619 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509 +# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473 +# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474 +# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475 +# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 476 +# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 477 +# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 478 +# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 479 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 480 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 481 +# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 482 +# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 358 +# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 443 +# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 536 +# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 447 +# define SSL_F_TLS_CONSTRUCT_FINISHED 359 +# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 +# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 510 +# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 517 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 +# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426 +# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 490 +# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 491 +# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 492 +# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 451 +# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374 +# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 613 +# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452 +# define SSL_F_TLS_CONSTRUCT_STOC_DONE 375 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 531 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 525 +# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 453 +# define SSL_F_TLS_CONSTRUCT_STOC_EMS 454 +# define SSL_F_TLS_CONSTRUCT_STOC_ETM 455 +# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 376 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 377 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 456 +# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 548 +# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457 +# define SSL_F_TLS_CONSTRUCT_STOC_PSK 504 +# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458 +# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459 +# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460 +# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 461 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 544 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 611 +# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 462 +# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 521 +# define SSL_F_TLS_FINISH_HANDSHAKE 597 +# define SSL_F_TLS_GET_MESSAGE_BODY 351 +# define SSL_F_TLS_GET_MESSAGE_HEADER 387 +# define SSL_F_TLS_HANDLE_ALPN 562 +# define SSL_F_TLS_HANDLE_STATUS_REQUEST 563 +# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566 +# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449 +# define SSL_F_TLS_PARSE_CTOS_ALPN 567 +# define SSL_F_TLS_PARSE_CTOS_COOKIE 614 +# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568 +# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569 +# define SSL_F_TLS_PARSE_CTOS_EMS 570 +# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463 +# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 571 +# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 620 +# define SSL_F_TLS_PARSE_CTOS_PSK 505 +# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572 +# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 +# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573 +# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 575 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 615 +# define SSL_F_TLS_PARSE_CTOS_SRP 576 +# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 577 +# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 578 +# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465 +# define SSL_F_TLS_PARSE_STOC_ALPN 579 +# define SSL_F_TLS_PARSE_STOC_COOKIE 534 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528 +# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 580 +# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445 +# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581 +# define SSL_F_TLS_PARSE_STOC_NPN 582 +# define SSL_F_TLS_PARSE_STOC_PSK 502 +# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448 +# define SSL_F_TLS_PARSE_STOC_SCT 564 +# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583 +# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 584 +# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 585 +# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 612 +# define SSL_F_TLS_PARSE_STOC_USE_SRTP 446 +# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 +# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 +# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 +# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 610 +# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361 +# define SSL_F_TLS_PROCESS_CERT_STATUS 362 +# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 495 +# define SSL_F_TLS_PROCESS_CERT_VERIFY 379 +# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363 +# define SSL_F_TLS_PROCESS_CKE_DHE 411 +# define SSL_F_TLS_PROCESS_CKE_ECDHE 412 +# define SSL_F_TLS_PROCESS_CKE_GOST 413 +# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414 +# define SSL_F_TLS_PROCESS_CKE_RSA 415 +# define SSL_F_TLS_PROCESS_CKE_SRP 416 +# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 +# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 +# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 +# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 444 +# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 537 +# define SSL_F_TLS_PROCESS_FINISHED 364 +# define SSL_F_TLS_PROCESS_HELLO_REQ 507 +# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 511 +# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 442 +# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 +# define SSL_F_TLS_PROCESS_KEY_UPDATE 518 +# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366 +# define SSL_F_TLS_PROCESS_NEXT_PROTO 383 +# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 +# define SSL_F_TLS_PROCESS_SERVER_DONE 368 +# define SSL_F_TLS_PROCESS_SERVER_HELLO 369 +# define SSL_F_TLS_PROCESS_SKE_DHE 419 +# define SSL_F_TLS_PROCESS_SKE_ECDHE 420 +# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421 +# define SSL_F_TLS_PROCESS_SKE_SRP 422 +# define SSL_F_TLS_PSK_DO_BINDER 506 +# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450 +# define SSL_F_TLS_SETUP_HANDSHAKE 508 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 +# define SSL_F_WPACKET_INTERN_INIT_LEN 633 +# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 634 +# define SSL_F_WRITE_STATE_MACHINE 586 + +/* + * SSL reason codes. + */ +# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 +# define SSL_R_APP_DATA_IN_HANDSHAKE 100 +# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 +# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +# define SSL_R_BAD_CIPHER 186 +# define SSL_R_BAD_DATA 390 +# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +# define SSL_R_BAD_DECOMPRESSION 107 +# define SSL_R_BAD_DH_VALUE 102 +# define SSL_R_BAD_DIGEST_LENGTH 111 +# define SSL_R_BAD_EARLY_DATA 233 +# define SSL_R_BAD_ECC_CERT 304 +# define SSL_R_BAD_ECPOINT 306 +# define SSL_R_BAD_EXTENSION 110 +# define SSL_R_BAD_HANDSHAKE_LENGTH 332 +# define SSL_R_BAD_HANDSHAKE_STATE 236 +# define SSL_R_BAD_HELLO_REQUEST 105 +# define SSL_R_BAD_HRR_VERSION 263 +# define SSL_R_BAD_KEY_SHARE 108 +# define SSL_R_BAD_KEY_UPDATE 122 +# define SSL_R_BAD_LEGACY_VERSION 292 +# define SSL_R_BAD_LENGTH 271 +# define SSL_R_BAD_PACKET 240 +# define SSL_R_BAD_PACKET_LENGTH 115 +# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +# define SSL_R_BAD_PSK 219 +# define SSL_R_BAD_PSK_IDENTITY 114 +# define SSL_R_BAD_RECORD_TYPE 443 +# define SSL_R_BAD_RSA_ENCRYPT 119 +# define SSL_R_BAD_SIGNATURE 123 +# define SSL_R_BAD_SRP_A_LENGTH 347 +# define SSL_R_BAD_SRP_PARAMETERS 371 +# define SSL_R_BAD_SRTP_MKI_VALUE 352 +# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +# define SSL_R_BAD_SSL_FILETYPE 124 +# define SSL_R_BAD_VALUE 384 +# define SSL_R_BAD_WRITE_RETRY 127 +# define SSL_R_BINDER_DOES_NOT_VERIFY 253 +# define SSL_R_BIO_NOT_SET 128 +# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +# define SSL_R_BN_LIB 130 +# define SSL_R_CALLBACK_FAILED 234 +# define SSL_R_CANNOT_CHANGE_CIPHER 109 +# define SSL_R_CA_DN_LENGTH_MISMATCH 131 +# define SSL_R_CA_KEY_TOO_SMALL 397 +# define SSL_R_CA_MD_TOO_WEAK 398 +# define SSL_R_CCS_RECEIVED_EARLY 133 +# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +# define SSL_R_CERT_CB_ERROR 377 +# define SSL_R_CERT_LENGTH_MISMATCH 135 +# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218 +# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +# define SSL_R_CLIENTHELLO_TLSEXT 226 +# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +# define SSL_R_COMPRESSION_DISABLED 343 +# define SSL_R_COMPRESSION_FAILURE 141 +# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +# define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 +# define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +# define SSL_R_DANE_ALREADY_ENABLED 172 +# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +# define SSL_R_DANE_NOT_ENABLED 175 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +# define SSL_R_DANE_TLSA_NULL_DATA 203 +# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +# define SSL_R_DATA_LENGTH_TOO_LONG 146 +# define SSL_R_DECRYPTION_FAILED 147 +# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 394 +# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +# define SSL_R_DIGEST_CHECK_FAILED 149 +# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +# define SSL_R_DUPLICATE_COMPRESSION_ID 309 +# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +# define SSL_R_EE_KEY_TOO_SMALL 399 +# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 +# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 +# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +# define SSL_R_EXTENSION_NOT_RECEIVED 279 +# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +# define SSL_R_EXT_LENGTH_MISMATCH 163 +# define SSL_R_FAILED_TO_INIT_ASYNC 405 +# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 +# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +# define SSL_R_HTTPS_PROXY_REQUEST 155 +# define SSL_R_HTTP_REQUEST 156 +# define SSL_R_ILLEGAL_POINT_COMPRESSION 162 +# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +# define SSL_R_INAPPROPRIATE_FALLBACK 373 +# define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN 222 +# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 +# define SSL_R_INCONSISTENT_EXTMS 104 +# define SSL_R_INSUFFICIENT_SECURITY 241 +# define SSL_R_INVALID_ALERT 205 +# define SSL_R_INVALID_CCS_MESSAGE 260 +# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 +# define SSL_R_INVALID_COMMAND 280 +# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_CONFIG 283 +# define SSL_R_INVALID_CONFIGURATION_NAME 113 +# define SSL_R_INVALID_CONTEXT 282 +# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 +# define SSL_R_INVALID_KEY_UPDATE_TYPE 120 +# define SSL_R_INVALID_MAX_EARLY_DATA 174 +# define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_SEQUENCE_NUMBER 402 +# define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SESSION_ID 999 +# define SSL_R_INVALID_SRP_USERNAME 357 +# define SSL_R_INVALID_STATUS_RESPONSE 328 +# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +# define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 +# define SSL_R_LENGTH_TOO_SHORT 160 +# define SSL_R_LIBRARY_BUG 274 +# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MISSING_DSA_SIGNING_CERT 165 +# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 +# define SSL_R_MISSING_FATAL 256 +# define SSL_R_MISSING_PARAMETERS 290 +# define SSL_R_MISSING_RSA_CERTIFICATE 168 +# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +# define SSL_R_MISSING_RSA_SIGNING_CERT 170 +# define SSL_R_MISSING_SIGALGS_EXTENSION 112 +# define SSL_R_MISSING_SIGNING_CERT 221 +# define SSL_R_MISSING_SRP_PARAM 358 +# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 +# define SSL_R_MISSING_TMP_DH_KEY 171 +# define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 +# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 +# define SSL_R_NOT_REPLACING_CERTIFICATE 289 +# define SSL_R_NOT_SERVER 284 +# define SSL_R_NO_APPLICATION_PROTOCOL 235 +# define SSL_R_NO_CERTIFICATES_RETURNED 176 +# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +# define SSL_R_NO_CERTIFICATE_SET 179 +# define SSL_R_NO_CHANGE_FOLLOWING_HRR 214 +# define SSL_R_NO_CIPHERS_AVAILABLE 181 +# define SSL_R_NO_CIPHERS_SPECIFIED 183 +# define SSL_R_NO_CIPHER_MATCH 185 +# define SSL_R_NO_CLIENT_CERT_METHOD 331 +# define SSL_R_NO_COMPRESSION_SPECIFIED 187 +# define SSL_R_NO_COOKIE_CALLBACK_SET 287 +# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +# define SSL_R_NO_METHOD_SPECIFIED 188 +# define SSL_R_NO_PEM_EXTENSIONS 389 +# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +# define SSL_R_NO_RENEGOTIATION 339 +# define SSL_R_NO_REQUIRED_DIGEST 324 +# define SSL_R_NO_SHARED_CIPHER 193 +# define SSL_R_NO_SHARED_GROUPS 410 +# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 +# define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_SUITABLE_KEY_SHARE 101 +# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 +# define SSL_R_NO_VALID_SCTS 216 +# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 +# define SSL_R_NULL_SSL_CTX 195 +# define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_OVERFLOW_ERROR 237 +# define SSL_R_PACKET_LENGTH_TOO_LONG 198 +# define SSL_R_PARSE_TLSEXT 227 +# define SSL_R_PATH_TOO_LONG 270 +# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +# define SSL_R_PEM_NAME_BAD_PREFIX 391 +# define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PIPELINE_FAILURE 406 +# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR 278 +# define SSL_R_PRIVATE_KEY_MISMATCH 288 +# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +# define SSL_R_PSK_NO_CLIENT_CB 224 +# define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_READ_BIO_NOT_SET 211 +# define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_RECORD_LENGTH_MISMATCH 213 +# define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +# define SSL_R_RENEGOTIATION_MISMATCH 337 +# define SSL_R_REQUEST_PENDING 285 +# define SSL_R_REQUEST_SENT 286 +# define SSL_R_REQUIRED_CIPHER_MISSING 215 +# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 +# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SCT_VERIFICATION_FAILED 208 +# define SSL_R_SERVERHELLO_TLSEXT 275 +# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 +# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +# define SSL_R_SRP_A_CALC 361 +# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 +# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +# define SSL_R_SSL_HANDSHAKE_FAILURE 229 +# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +# define SSL_R_SSL_NEGATIVE_LENGTH 372 +# define SSL_R_SSL_SECTION_EMPTY 126 +# define SSL_R_SSL_SECTION_NOT_FOUND 136 +# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +# define SSL_R_SSL_SESSION_ID_CONFLICT 302 +# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 +# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 +# define SSL_R_STILL_IN_INIT 121 +# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 +# define SSL_R_TLS_HEARTBEAT_PENDING 366 +# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_KEY_UPDATES 132 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 +# define SSL_R_TOO_MUCH_EARLY_DATA 164 +# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 +# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 +# define SSL_R_UNEXPECTED_MESSAGE 244 +# define SSL_R_UNEXPECTED_RECORD 245 +# define SSL_R_UNINITIALIZED 276 +# define SSL_R_UNKNOWN_ALERT_TYPE 246 +# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +# define SSL_R_UNKNOWN_CIPHER_TYPE 249 +# define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_COMMAND 139 +# define SSL_R_UNKNOWN_DIGEST 368 +# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_PKEY_TYPE 251 +# define SSL_R_UNKNOWN_PROTOCOL 252 +# define SSL_R_UNKNOWN_SSL_VERSION 254 +# define SSL_R_UNKNOWN_STATE 255 +# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +# define SSL_R_UNSOLICITED_EXTENSION 217 +# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +# define SSL_R_UNSUPPORTED_PROTOCOL 258 +# define SSL_R_UNSUPPORTED_SSL_VERSION 259 +# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +# define SSL_R_VERSION_TOO_HIGH 166 +# define SSL_R_VERSION_TOO_LOW 396 +# define SSL_R_WRONG_CERTIFICATE_TYPE 383 +# define SSL_R_WRONG_CIPHER_RETURNED 261 +# define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_SIGNATURE_LENGTH 264 +# define SSL_R_WRONG_SIGNATURE_SIZE 265 +# define SSL_R_WRONG_SIGNATURE_TYPE 370 +# define SSL_R_WRONG_SSL_VERSION 266 +# define SSL_R_WRONG_VERSION_NUMBER 267 +# define SSL_R_X509_LIB 268 +# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/stack.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/stack.h new file mode 100644 index 00000000..cfc07505 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/stack.h @@ -0,0 +1,83 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_STACK_H +# define HEADER_STACK_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ + +typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); +typedef void (*OPENSSL_sk_freefunc)(void *); +typedef void *(*OPENSSL_sk_copyfunc)(const void *); + +int OPENSSL_sk_num(const OPENSSL_STACK *); +void *OPENSSL_sk_value(const OPENSSL_STACK *, int); + +void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data); + +OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_new_null(void); +OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n); +int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n); +void OPENSSL_sk_free(OPENSSL_STACK *); +void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); +OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, + OPENSSL_sk_copyfunc c, + OPENSSL_sk_freefunc f); +int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); +void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); +void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); +int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); +void *OPENSSL_sk_shift(OPENSSL_STACK *st); +void *OPENSSL_sk_pop(OPENSSL_STACK *st); +void OPENSSL_sk_zero(OPENSSL_STACK *st); +OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, + OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); +void OPENSSL_sk_sort(OPENSSL_STACK *st); +int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define _STACK OPENSSL_STACK +# define sk_num OPENSSL_sk_num +# define sk_value OPENSSL_sk_value +# define sk_set OPENSSL_sk_set +# define sk_new OPENSSL_sk_new +# define sk_new_null OPENSSL_sk_new_null +# define sk_free OPENSSL_sk_free +# define sk_pop_free OPENSSL_sk_pop_free +# define sk_deep_copy OPENSSL_sk_deep_copy +# define sk_insert OPENSSL_sk_insert +# define sk_delete OPENSSL_sk_delete +# define sk_delete_ptr OPENSSL_sk_delete_ptr +# define sk_find OPENSSL_sk_find +# define sk_find_ex OPENSSL_sk_find_ex +# define sk_push OPENSSL_sk_push +# define sk_unshift OPENSSL_sk_unshift +# define sk_shift OPENSSL_sk_shift +# define sk_pop OPENSSL_sk_pop +# define sk_zero OPENSSL_sk_zero +# define sk_set_cmp_func OPENSSL_sk_set_cmp_func +# define sk_dup OPENSSL_sk_dup +# define sk_sort OPENSSL_sk_sort +# define sk_is_sorted OPENSSL_sk_is_sorted +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/store.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/store.h new file mode 100644 index 00000000..cda8c979 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/store.h @@ -0,0 +1,266 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STORE_H +# define HEADER_OSSL_STORE_H + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * The main OSSL_STORE functions. + * ------------------------------ + * + * These allow applications to open a channel to a resource with supported + * data (keys, certs, crls, ...), read the data a piece at a time and decide + * what to do with it, and finally close. + */ + +typedef struct ossl_store_ctx_st OSSL_STORE_CTX; + +/* + * Typedef for the OSSL_STORE_INFO post processing callback. This can be used + * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning + * NULL). + */ +typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, + void *); + +/* + * Open a channel given a URI. The given UI method will be used any time the + * loader needs extra input, for example when a password or pin is needed, and + * will be passed the same user data every time it's needed in this context. + * + * Returns a context reference which represents the channel to communicate + * through. + */ +OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, + void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + +/* + * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be + * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to + * determine which loader is used), except for common commands (see below). + * Each command takes different arguments. + */ +int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); + +/* + * Common ctrl commands that different loaders may choose to support. + */ +/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */ +# define OSSL_STORE_C_USE_SECMEM 1 +/* Where custom commands start */ +# define OSSL_STORE_C_CUSTOM_START 100 + +/* + * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE + * functionality, given a context. + * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be + * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ... + * NULL is returned on error, which may include that the data found at the URI + * can't be figured out for certain or is ambiguous. + */ +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); + +/* + * Check if end of data (end of file) is reached + * Returns 1 on end, 0 otherwise. + */ +int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); + +/* + * Check if an error occurred + * Returns 1 if it did, 0 otherwise. + */ +int OSSL_STORE_error(OSSL_STORE_CTX *ctx); + +/* + * Close the channel + * Returns 1 on success, 0 on error. + */ +int OSSL_STORE_close(OSSL_STORE_CTX *ctx); + + +/*- + * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs + * --------------------------------------------------------------- + */ + +/* + * Types of data that can be ossl_stored in a OSSL_STORE_INFO. + * OSSL_STORE_INFO_NAME is typically found when getting a listing of + * available "files" / "tokens" / what have you. + */ +# define OSSL_STORE_INFO_NAME 1 /* char * */ +# define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_PKEY 3 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_CERT 4 /* X509 * */ +# define OSSL_STORE_INFO_CRL 5 /* X509_CRL * */ + +/* + * Functions to generate OSSL_STORE_INFOs, one function for each type we + * support having in them, as well as a generic constructor. + * + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO + * and will therefore be freed when the OSSL_STORE_INFO is freed. + */ +OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); + +/* + * Functions to try to extract data from a OSSL_STORE_INFO. + */ +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info); + +const char *OSSL_STORE_INFO_type_string(int type); + +/* + * Free the OSSL_STORE_INFO + */ +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info); + + +/*- + * Functions to construct a search URI from a base URI and search criteria + * ----------------------------------------------------------------------- + */ + +/* OSSL_STORE search types */ +# define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ +# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 +# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 +# define OSSL_STORE_SEARCH_BY_ALIAS 4 + +/* To check what search types the scheme handler supports */ +int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type); + +/* Search term constructors */ +/* + * The input is considered to be owned by the caller, and must therefore + * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH + */ +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER + *serial); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, size_t len); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); + +/* Search term destructor */ +void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); + +/* Search term accessors */ +int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); +const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion); +const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length); +const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion); + +/* + * Add search criterion and expected return type (which can be unspecified) + * to the loading channel. This MUST happen before the first OSSL_STORE_load(). + */ +int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); + + +/*- + * Function to register a loader for the given URI scheme. + * ------------------------------------------------------- + * + * The loader receives all the main components of an URI except for the + * scheme. + */ + +typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +/* struct ossl_store_loader_ctx_st is defined differently by each loader */ +typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER + *loader, + const char *uri, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function); +typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, + va_list args); +int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function); +typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function); +typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, + OSSL_STORE_SEARCH *criteria); +int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function); +typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function); +typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function); +typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function); +typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function); +void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); + +int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); + +/*- + * Functions to list STORE loaders + * ------------------------------- + */ +int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER + *loader, void *do_arg), + void *do_arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/storeerr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/storeerr.h new file mode 100644 index 00000000..190eab07 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/storeerr.h @@ -0,0 +1,91 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STOREERR_H +# define HEADER_OSSL_STOREERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OSSL_STORE_strings(void); + +/* + * OSSL_STORE function codes. + */ +# define OSSL_STORE_F_FILE_CTRL 129 +# define OSSL_STORE_F_FILE_FIND 138 +# define OSSL_STORE_F_FILE_GET_PASS 118 +# define OSSL_STORE_F_FILE_LOAD 119 +# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 124 +# define OSSL_STORE_F_FILE_NAME_TO_URI 126 +# define OSSL_STORE_F_FILE_OPEN 120 +# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 127 +# define OSSL_STORE_F_OSSL_STORE_EXPECT 130 +# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 128 +# define OSSL_STORE_F_OSSL_STORE_FIND 131 +# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 100 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 101 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 102 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 103 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 135 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 104 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 105 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 106 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 107 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 123 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 109 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 110 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 111 +# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 134 +# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 112 +# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 113 +# define OSSL_STORE_F_OSSL_STORE_OPEN 114 +# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 115 +# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 117 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 132 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 133 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 136 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 137 +# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 116 +# define OSSL_STORE_F_TRY_DECODE_PARAMS 121 +# define OSSL_STORE_F_TRY_DECODE_PKCS12 122 +# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 125 + +/* + * OSSL_STORE reason codes. + */ +# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE 107 +# define OSSL_STORE_R_BAD_PASSWORD_READ 115 +# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC 113 +# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121 +# define OSSL_STORE_R_INVALID_SCHEME 106 +# define OSSL_STORE_R_IS_NOT_A 112 +# define OSSL_STORE_R_LOADER_INCOMPLETE 116 +# define OSSL_STORE_R_LOADING_STARTED 117 +# define OSSL_STORE_R_NOT_A_CERTIFICATE 100 +# define OSSL_STORE_R_NOT_A_CRL 101 +# define OSSL_STORE_R_NOT_A_KEY 102 +# define OSSL_STORE_R_NOT_A_NAME 103 +# define OSSL_STORE_R_NOT_PARAMETERS 104 +# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114 +# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108 +# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119 +# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109 +# define OSSL_STORE_R_UNREGISTERED_SCHEME 105 +# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE 110 +# define OSSL_STORE_R_UNSUPPORTED_OPERATION 118 +# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE 120 +# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED 111 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/symhacks.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/symhacks.h new file mode 100644 index 00000000..156ea6e4 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/symhacks.h @@ -0,0 +1,37 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SYMHACKS_H +# define HEADER_SYMHACKS_H + +# include + +/* Case insensitive linking causes problems.... */ +# if defined(OPENSSL_SYS_VMS) +# undef ERR_load_CRYPTO_strings +# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +# undef OCSP_crlID_new +# define OCSP_crlID_new OCSP_crlID2_new + +# undef d2i_ECPARAMETERS +# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +# undef i2d_ECPARAMETERS +# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +# undef d2i_ECPKPARAMETERS +# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +# undef i2d_ECPKPARAMETERS +# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + +/* This one clashes with CMS_data_create */ +# undef cms_Data_create +# define cms_Data_create priv_cms_Data_create + +# endif + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/tls1.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/tls1.h new file mode 100644 index 00000000..8a6b6ee4 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/tls1.h @@ -0,0 +1,1237 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TLS1_H +# define HEADER_TLS1_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Default security level if not overridden at config time */ +# ifndef OPENSSL_TLS_SECURITY_LEVEL +# define OPENSSL_TLS_SECURITY_LEVEL 1 +# endif + +# define TLS1_VERSION 0x0301 +# define TLS1_1_VERSION 0x0302 +# define TLS1_2_VERSION 0x0303 +# define TLS1_3_VERSION 0x0304 +# define TLS_MAX_VERSION TLS1_3_VERSION + +/* Special value for method supporting multiple versions */ +# define TLS_ANY_VERSION 0x10000 + +# define TLS1_VERSION_MAJOR 0x03 +# define TLS1_VERSION_MINOR 0x01 + +# define TLS1_1_VERSION_MAJOR 0x03 +# define TLS1_1_VERSION_MINOR 0x02 + +# define TLS1_2_VERSION_MAJOR 0x03 +# define TLS1_2_VERSION_MINOR 0x03 + +# define TLS1_get_version(s) \ + ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) + +# define TLS1_get_client_version(s) \ + ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) + +# define TLS1_AD_DECRYPTION_FAILED 21 +# define TLS1_AD_RECORD_OVERFLOW 22 +# define TLS1_AD_UNKNOWN_CA 48/* fatal */ +# define TLS1_AD_ACCESS_DENIED 49/* fatal */ +# define TLS1_AD_DECODE_ERROR 50/* fatal */ +# define TLS1_AD_DECRYPT_ERROR 51 +# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ +# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ +# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ +# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ +# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ +# define TLS1_AD_USER_CANCELLED 90 +# define TLS1_AD_NO_RENEGOTIATION 100 +/* TLSv1.3 alerts */ +# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ +# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ +/* codes 110-114 are from RFC3546 */ +# define TLS1_AD_UNSUPPORTED_EXTENSION 110 +# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +# define TLS1_AD_UNRECOGNIZED_NAME 112 +# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ +# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ + +/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ +# define TLSEXT_TYPE_server_name 0 +# define TLSEXT_TYPE_max_fragment_length 1 +# define TLSEXT_TYPE_client_certificate_url 2 +# define TLSEXT_TYPE_trusted_ca_keys 3 +# define TLSEXT_TYPE_truncated_hmac 4 +# define TLSEXT_TYPE_status_request 5 +/* ExtensionType values from RFC4681 */ +# define TLSEXT_TYPE_user_mapping 6 +/* ExtensionType values from RFC5878 */ +# define TLSEXT_TYPE_client_authz 7 +# define TLSEXT_TYPE_server_authz 8 +/* ExtensionType values from RFC6091 */ +# define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC4492 */ +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups +# define TLSEXT_TYPE_ec_point_formats 11 + + +/* ExtensionType value from RFC5054 */ +# define TLSEXT_TYPE_srp 12 + +/* ExtensionType values from RFC5246 */ +# define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC5764 */ +# define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC5620 */ +# define TLSEXT_TYPE_heartbeat 15 + +/* ExtensionType value from RFC7301 */ +# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +/* + * Extension type for Certificate Transparency + * https://tools.ietf.org/html/rfc6962#section-3.3.1 + */ +# define TLSEXT_TYPE_signed_certificate_timestamp 18 + +/* + * ExtensionType value for TLS padding extension. + * http://tools.ietf.org/html/draft-agl-tls-padding + */ +# define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC7366 */ +# define TLSEXT_TYPE_encrypt_then_mac 22 + +/* ExtensionType value from RFC7627 */ +# define TLSEXT_TYPE_extended_master_secret 23 + +/* ExtensionType value from RFC4507 */ +# define TLSEXT_TYPE_session_ticket 35 + +/* As defined for TLS1.3 */ +# define TLSEXT_TYPE_psk 41 +# define TLSEXT_TYPE_early_data 42 +# define TLSEXT_TYPE_supported_versions 43 +# define TLSEXT_TYPE_cookie 44 +# define TLSEXT_TYPE_psk_kex_modes 45 +# define TLSEXT_TYPE_certificate_authorities 47 +# define TLSEXT_TYPE_post_handshake_auth 49 +# define TLSEXT_TYPE_signature_algorithms_cert 50 +# define TLSEXT_TYPE_key_share 51 + +/* Temporary extension type */ +# define TLSEXT_TYPE_renegotiate 0xff01 + +# ifndef OPENSSL_NO_NEXTPROTONEG +/* This is not an IANA defined extension number */ +# define TLSEXT_TYPE_next_proto_neg 13172 +# endif + +/* NameType value from RFC3546 */ +# define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC3546 */ +# define TLSEXT_STATUSTYPE_ocsp 1 + +/* ECPointFormat values from RFC4492 */ +# define TLSEXT_ECPOINTFORMAT_first 0 +# define TLSEXT_ECPOINTFORMAT_uncompressed 0 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +# define TLSEXT_ECPOINTFORMAT_last 2 + +/* Signature and hash algorithms from RFC5246 */ +# define TLSEXT_signature_anonymous 0 +# define TLSEXT_signature_rsa 1 +# define TLSEXT_signature_dsa 2 +# define TLSEXT_signature_ecdsa 3 +# define TLSEXT_signature_gostr34102001 237 +# define TLSEXT_signature_gostr34102012_256 238 +# define TLSEXT_signature_gostr34102012_512 239 + +/* Total number of different signature algorithms */ +# define TLSEXT_signature_num 7 + +# define TLSEXT_hash_none 0 +# define TLSEXT_hash_md5 1 +# define TLSEXT_hash_sha1 2 +# define TLSEXT_hash_sha224 3 +# define TLSEXT_hash_sha256 4 +# define TLSEXT_hash_sha384 5 +# define TLSEXT_hash_sha512 6 +# define TLSEXT_hash_gostr3411 237 +# define TLSEXT_hash_gostr34112012_256 238 +# define TLSEXT_hash_gostr34112012_512 239 + +/* Total number of different digest algorithms */ + +# define TLSEXT_hash_num 10 + +/* Flag set for unrecognised algorithms */ +# define TLSEXT_nid_unknown 0x1000000 + +/* ECC curves */ + +# define TLSEXT_curve_P_256 23 +# define TLSEXT_curve_P_384 24 + +/* OpenSSL value to disable maximum fragment length extension */ +# define TLSEXT_max_fragment_length_DISABLED 0 +/* Allowed values for max fragment length extension */ +# define TLSEXT_max_fragment_length_512 1 +# define TLSEXT_max_fragment_length_1024 2 +# define TLSEXT_max_fragment_length_2048 3 +# define TLSEXT_max_fragment_length_4096 4 + +int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); + +# define TLSEXT_MAXLEN_host_name 255 + +__owur const char *SSL_get_servername(const SSL *s, const int type); +__owur int SSL_get_servername_type(const SSL *s); +/* + * SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) It returns 1 on success and + * 0 or -1 otherwise. + */ +__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); + +/* + * SSL_export_keying_material_early exports a value derived from the + * early exporter master secret, as specified in + * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes + * |olen| bytes to |out| given a label and optional context. It + * returns 1 on success and 0 otherwise. + */ +__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); + +int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); +int SSL_get_signature_type_nid(const SSL *s, int *pnid); + +int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + +# define SSL_set_tlsext_host_name(s,name) \ + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\ + (void *)name) + +# define SSL_set_tlsext_debug_callback(ssl, cb) \ + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\ + (void (*)(void))cb) + +# define SSL_set_tlsext_debug_arg(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg) + +# define SSL_get_tlsext_status_type(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_set_tlsext_status_type(ssl, type) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_get_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_set_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_get_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_set_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg) + +# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg) + +# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\ + (void (*)(void))cb) + +# define SSL_TLSEXT_ERR_OK 0 +# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +# define SSL_TLSEXT_ERR_NOACK 3 + +# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg) + +# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys) +# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys) + +# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb) +# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\ + (void (*)(void))cb) + +# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) +# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) + +# define SSL_CTX_set_tlsext_status_type(ssl, type) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_CTX_get_tlsext_status_type(ssl) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\ + (void (*)(void))cb) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_DTLSEXT_HB_ENABLED 0x01 +# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02 +# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04 +# define SSL_get_dtlsext_heartbeat_pending(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL) +# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ + SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT +# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ + SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING +# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \ + SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS +# define SSL_TLSEXT_HB_ENABLED \ + SSL_DTLSEXT_HB_ENABLED +# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \ + SSL_DTLSEXT_HB_DONT_SEND_REQUESTS +# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \ + SSL_DTLSEXT_HB_DONT_RECV_REQUESTS +# define SSL_get_tlsext_heartbeat_pending(ssl) \ + SSL_get_dtlsext_heartbeat_pending(ssl) +# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ + SSL_set_dtlsext_heartbeat_no_requests(ssl,arg) +# endif +# endif + +/* PSK ciphersuites from 4279 */ +# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 +# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 + +/* PSK ciphersuites from 5487 */ +# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E + +/* AES ciphersuites from RFC3268 */ +# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 +# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C +# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F +# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 +# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 +# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 +# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 +# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 +# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF + +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* SRP ciphersuites from RFC 5054 */ +# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +/* ECDHE PSK ciphersuites from RFC5489 */ +# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 + +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 + +# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE + +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 +# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 +# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052 +# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053 +# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054 +# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055 +# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056 +# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057 +# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058 +# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059 +# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A +# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060 +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063 +# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A +# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B +# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C +# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D +# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E +# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" +# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA" +# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA" +# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA" +# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + + +/* + * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE + * ciphers names with "EDH" instead of "DHE". Going forward, we should be + * using DHE everywhere, though we may indefinitely maintain aliases for + * users or configurations that used "EDH" + */ +# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" + +/* AES ciphersuites from RFC3268 */ +# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* PSK ciphersuites from RFC 4279 */ +# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" + +/* PSK ciphersuites from RFC 5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" + +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" + +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" + +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" + +/* SRP ciphersuite from RFC 5054 */ +# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" + +# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +/* TLS v1.2 ciphersuites */ +# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" +# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" + +# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" +# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" +# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" +# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" + +/* ECDHE PSK ciphersuites from RFC 5489 */ +# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" + +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" + +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384" +# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" + +# define TLS_CT_RSA_SIGN 1 +# define TLS_CT_DSS_SIGN 2 +# define TLS_CT_RSA_FIXED_DH 3 +# define TLS_CT_DSS_FIXED_DH 4 +# define TLS_CT_ECDSA_SIGN 64 +# define TLS_CT_RSA_FIXED_ECDH 65 +# define TLS_CT_ECDSA_FIXED_ECDH 66 +# define TLS_CT_GOST01_SIGN 22 +# define TLS_CT_GOST12_SIGN 238 +# define TLS_CT_GOST12_512_SIGN 239 + +/* + * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) + */ +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +# define TLS1_FINISH_MAC_LENGTH 12 + +# define TLS_MD_MAX_CONST_SIZE 22 +# define TLS_MD_CLIENT_FINISH_CONST "client finished" +# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +# define TLS_MD_SERVER_FINISH_CONST "server finished" +# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +# define TLS_MD_KEY_EXPANSION_CONST "key expansion" +# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_IV_BLOCK_CONST "IV block" +# define TLS_MD_IV_BLOCK_CONST_SIZE 8 +# define TLS_MD_MASTER_SECRET_CONST "master secret" +# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 + +# ifdef CHARSET_EBCDIC +# undef TLS_MD_CLIENT_FINISH_CONST +/* + * client finished + */ +# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_FINISH_CONST +/* + * server finished + */ +# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_KEY_EXPANSION_CONST +/* + * key expansion + */ +# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" + +# undef TLS_MD_CLIENT_WRITE_KEY_CONST +/* + * client write key + */ +# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_IV_BLOCK_CONST +/* + * IV block + */ +# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" + +# undef TLS_MD_MASTER_SECRET_CONST +/* + * master secret + */ +# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST +/* + * extended master secret + */ +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# endif + +/* TLS Session Ticket extension struct */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ts.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ts.h new file mode 100644 index 00000000..3b58aa52 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ts.h @@ -0,0 +1,559 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TS_H +# define HEADER_TS_H + +# include + +# ifndef OPENSSL_NO_TS +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# include +# include + +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; + +/* Possible values for status. */ +# define TS_STATUS_GRANTED 0 +# define TS_STATUS_GRANTED_WITH_MODS 1 +# define TS_STATUS_REJECTION 2 +# define TS_STATUS_WAITING 3 +# define TS_STATUS_REVOCATION_WARNING 4 +# define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. */ +# define TS_INFO_BAD_ALG 0 +# define TS_INFO_BAD_REQUEST 2 +# define TS_INFO_BAD_DATA_FORMAT 5 +# define TS_INFO_TIME_NOT_AVAILABLE 14 +# define TS_INFO_UNACCEPTED_POLICY 15 +# define TS_INFO_UNACCEPTED_EXTENSION 16 +# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +# define TS_INFO_SYSTEM_FAILURE 25 + + +typedef struct TS_status_info_st TS_STATUS_INFO; +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; +typedef struct ESS_signing_cert ESS_SIGNING_CERT; + +DEFINE_STACK_OF(ESS_CERT_ID) + +typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; +typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; + +DEFINE_STACK_OF(ESS_CERT_ID_V2) + +typedef struct TS_resp_st TS_RESP; + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +#ifndef OPENSSL_NO_STDIO +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +#endif +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +#ifndef OPENSSL_NO_STDIO +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +#endif +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +#ifndef OPENSSL_NO_STDIO +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +#endif +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +#ifndef OPENSSL_NO_STDIO +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +#endif +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, + long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void); +void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a); +int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp); +ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, + const unsigned char **pp, long length); +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a); + +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void); +void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a); +int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, unsigned char **pp); +ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a, + const unsigned char **pp, + long length); +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); +const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a); + +const STACK_OF(ASN1_UTF8STRING) * +TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a); + +const ASN1_BIT_STRING * +TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* + * Declarations related to response generation, defined in ts/ts_resp_sign.c. + */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +# define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +# define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +# define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); + +/* + * This must return the seconds and microseconds since Jan 1, 1970 in the sec + * and usec variables allocated by the caller. Return non-zero for success + * and zero for failure. + */ +typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, + long *usec); + +/* + * This must process the given extension. It can modify the TS_TST_INFO + * object of the context. Return values: !0 (processed), 0 (error, it must + * set the status info/failure info of the response). + */ +typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, + void *); + +typedef struct TS_resp_ctx TS_RESP_CTX; + +DEFINE_STACK_OF_CONST(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, + const EVP_MD *signer_digest); +int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* + * Adds a new acceptable policy, only the default policy is accepted by + * default. + */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); + +/* + * Adds a new acceptable message digest. Note that no message digests are + * accepted by default. The md argument is shared with the caller. + */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* + * Clock precision digits, i.e. the number of decimal digits: '0' means sec, + * '3' msec, '6' usec, and so on. Default is 0. + */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +# define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* Maximum status message length */ +# define TS_MAX_STATUS_LENGTH (1024 * 1024) + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* + * Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. + */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +# define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +# define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +# define TS_VFY_POLICY (1u << 2) +/* + * Verify the message imprint provided by the user. This flag should not be + * specified with TS_VFY_DATA. + */ +# define TS_VFY_IMPRINT (1u << 3) +/* + * Verify the message imprint computed by the verify method from the user + * provided data and the MD algorithm of the response. This flag should not + * be specified with TS_VFY_IMPRINT. + */ +# define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +# define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +# define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +# define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *hexstr, long len); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); +STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); + +/*- + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* + * Function declarations for handling configuration options, defined in + * ts/ts_conf.c + */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +#ifndef OPENSSL_NO_ENGINE +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +#endif +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_digest(CONF *conf, const char *section, + const char *md, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/tserr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/tserr.h new file mode 100644 index 00000000..07f23339 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/tserr.h @@ -0,0 +1,132 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TSERR_H +# define HEADER_TSERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_TS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_TS_strings(void); + +/* + * TS function codes. + */ +# define TS_F_DEF_SERIAL_CB 110 +# define TS_F_DEF_TIME_CB 111 +# define TS_F_ESS_ADD_SIGNING_CERT 112 +# define TS_F_ESS_ADD_SIGNING_CERT_V2 147 +# define TS_F_ESS_CERT_ID_NEW_INIT 113 +# define TS_F_ESS_CERT_ID_V2_NEW_INIT 156 +# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +# define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT 157 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +# define TS_F_PKCS7_TO_TS_TST_INFO 148 +# define TS_F_TS_ACCURACY_SET_MICROS 115 +# define TS_F_TS_ACCURACY_SET_MILLIS 116 +# define TS_F_TS_ACCURACY_SET_SECONDS 117 +# define TS_F_TS_CHECK_IMPRINTS 100 +# define TS_F_TS_CHECK_NONCES 101 +# define TS_F_TS_CHECK_POLICY 102 +# define TS_F_TS_CHECK_SIGNING_CERTS 103 +# define TS_F_TS_CHECK_STATUS_INFO 104 +# define TS_F_TS_COMPUTE_IMPRINT 145 +# define TS_F_TS_CONF_INVALID 151 +# define TS_F_TS_CONF_LOAD_CERT 153 +# define TS_F_TS_CONF_LOAD_CERTS 154 +# define TS_F_TS_CONF_LOAD_KEY 155 +# define TS_F_TS_CONF_LOOKUP_FAIL 152 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +# define TS_F_TS_GET_STATUS_TEXT 105 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +# define TS_F_TS_REQ_SET_NONCE 120 +# define TS_F_TS_REQ_SET_POLICY_ID 121 +# define TS_F_TS_RESP_CREATE_RESPONSE 122 +# define TS_F_TS_RESP_CREATE_TST_INFO 123 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +# define TS_F_TS_RESP_CTX_ADD_MD 125 +# define TS_F_TS_RESP_CTX_ADD_POLICY 126 +# define TS_F_TS_RESP_CTX_NEW 127 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +# define TS_F_TS_RESP_CTX_SET_CERTS 129 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +# define TS_F_TS_RESP_GET_POLICY 133 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +# define TS_F_TS_RESP_SET_STATUS_INFO 135 +# define TS_F_TS_RESP_SET_TST_INFO 150 +# define TS_F_TS_RESP_SIGN 136 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +# define TS_F_TS_TST_INFO_SET_ACCURACY 137 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +# define TS_F_TS_TST_INFO_SET_NONCE 139 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +# define TS_F_TS_TST_INFO_SET_SERIAL 141 +# define TS_F_TS_TST_INFO_SET_TIME 142 +# define TS_F_TS_TST_INFO_SET_TSA 143 +# define TS_F_TS_VERIFY 108 +# define TS_F_TS_VERIFY_CERT 109 +# define TS_F_TS_VERIFY_CTX_NEW 144 + +/* + * TS reason codes. + */ +# define TS_R_BAD_PKCS7_TYPE 132 +# define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 +# define TS_R_CERTIFICATE_VERIFY_ERROR 100 +# define TS_R_COULD_NOT_SET_ENGINE 127 +# define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_DETACHED_CONTENT 134 +# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +# define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR 139 +# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +# define TS_R_INVALID_NULL_POINTER 102 +# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +# define TS_R_NONCE_MISMATCH 104 +# define TS_R_NONCE_NOT_RETURNED 105 +# define TS_R_NO_CONTENT 106 +# define TS_R_NO_TIME_STAMP_TOKEN 107 +# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +# define TS_R_POLICY_MISMATCH 108 +# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +# define TS_R_RESPONSE_SETUP_ERROR 121 +# define TS_R_SIGNATURE_FAILURE 109 +# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +# define TS_R_TIME_SYSCALL_ERROR 122 +# define TS_R_TOKEN_NOT_PRESENT 130 +# define TS_R_TOKEN_PRESENT 131 +# define TS_R_TSA_NAME_MISMATCH 111 +# define TS_R_TSA_UNTRUSTED 112 +# define TS_R_TST_INFO_SETUP_ERROR 123 +# define TS_R_TS_DATASIGN 124 +# define TS_R_UNACCEPTABLE_POLICY 125 +# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +# define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 +# define TS_R_WRONG_CONTENT_TYPE 114 + +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/txt_db.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/txt_db.h new file mode 100644 index 00000000..ec981a43 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/txt_db.h @@ -0,0 +1,57 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TXT_DB_H +# define HEADER_TXT_DB_H + +# include +# include +# include +# include + +# define DB_ERROR_OK 0 +# define DB_ERROR_MALLOC 1 +# define DB_ERROR_INDEX_CLASH 2 +# define DB_ERROR_INDEX_OUT_OF_RANGE 3 +# define DB_ERROR_NO_INDEX 4 +# define DB_ERROR_INSERT_INDEX_CLASH 5 +# define DB_ERROR_WRONG_NUM_FIELDS 6 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st { + int num_fields; + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual) (OPENSSL_STRING *); + long error; + long arg1; + long arg2; + OPENSSL_STRING *arg_row; +} TXT_DB; + +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); +void TXT_DB_free(TXT_DB *db); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/ui.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/ui.h new file mode 100644 index 00000000..7c721ec8 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/ui.h @@ -0,0 +1,368 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_UI_H +# define HEADER_UI_H + +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# include +# include +# include + +/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ +# if OPENSSL_API_COMPAT < 0x10200000L +# ifdef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI +# endif +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * All the following functions return -1 or NULL on error and in some cases + * (UI_process()) -2 if interrupted or in some other way cancelled. When + * everything is fine, they return 0, a positive value or a non-NULL pointer, + * all depending on their purpose. + */ + +/* Creators and destructor. */ +UI *UI_new(void); +UI *UI_new_method(const UI_METHOD *method); +void UI_free(UI *ui); + +/*- + The following functions are used to add strings to be printed and prompt + strings to prompt for data. The names are UI_{add,dup}__string + and UI_{add,dup}_input_boolean. + + UI_{add,dup}__string have the following meanings: + add add a text or prompt string. The pointers given to these + functions are used verbatim, no copying is done. + dup make a copy of the text or prompt string, then add the copy + to the collection of strings in the user interface. + + The function is a name for the functionality that the given + string shall be used for. It can be one of: + input use the string as data prompt. + verify use the string as verification prompt. This + is used to verify a previous input. + info use the string for informational output. + error use the string for error output. + Honestly, there's currently no difference between info and error for the + moment. + + UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + and are typically used when one wants to prompt for a yes/no response. + + All of the functions in this group take a UI and a prompt string. + The string input and verify addition functions also take a flag argument, + a buffer for the result to end up with, a minimum input size and a maximum + input size (the result buffer MUST be large enough to be able to contain + the maximum number of characters). Additionally, the verify addition + functions takes another buffer to compare the result against. + The boolean input functions take an action description string (which should + be safe to ignore if the expected user action is obvious, for example with + a dialog box with an OK button and a Cancel button), a string of acceptable + characters to mean OK and to mean Cancel. The two last strings are checked + to make sure they don't have common characters. Additionally, the same + flag argument as for the string input is taken, as well as a result buffer. + The result buffer is required to be at least one byte long. Depending on + the answer, the first character from the OK or the Cancel character strings + will be stored in the first byte of the result buffer. No NUL will be + added, so the result is *not* a string. + + On success, the all return an index of the added information. That index + is useful when retrieving results with UI_get0_result(). */ +int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_add_info_string(UI *ui, const char *text); +int UI_dup_info_string(UI *ui, const char *text); +int UI_add_error_string(UI *ui, const char *text); +int UI_dup_error_string(UI *ui, const char *text); + +/* These are the possible flags. They can be or'ed together. */ +/* Use to have echoing of input */ +# define UI_INPUT_FLAG_ECHO 0x01 +/* + * Use a default password. Where that password is found is completely up to + * the application, it might for example be in the user data set with + * UI_add_user_data(). It is not recommended to have more than one input in + * each UI being marked with this flag, or the application might get + * confused. + */ +# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + +/*- + * The user of these routines may want to define flags of their own. The core + * UI won't look at those, but will pass them on to the method routines. They + * must use higher bits so they don't get confused with the UI bits above. + * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good + * example of use is this: + * + * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + * +*/ +# define UI_INPUT_FLAG_USER_BASE 16 + +/*- + * The following function helps construct a prompt. object_desc is a + * textual short description of the object, for example "pass phrase", + * and object_name is the name of the object (might be a card name or + * a file name. + * The returned string shall always be allocated on the heap with + * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + * + * If the ui_method doesn't contain a pointer to a user-defined prompt + * constructor, a default string is built, looking like this: + * + * "Enter {object_desc} for {object_name}:" + * + * So, if object_desc has the value "pass phrase" and object_name has + * the value "foo.key", the resulting string is: + * + * "Enter pass phrase for foo.key:" +*/ +char *UI_construct_prompt(UI *ui_method, + const char *object_desc, const char *object_name); + +/* + * The following function is used to store a pointer to user-specific data. + * Any previous such pointer will be returned and replaced. + * + * For callback purposes, this function makes a lot more sense than using + * ex_data, since the latter requires that different parts of OpenSSL or + * applications share the same ex_data index. + * + * Note that the UI_OpenSSL() method completely ignores the user data. Other + * methods may not, however. + */ +void *UI_add_user_data(UI *ui, void *user_data); +/* + * Alternatively, this function is used to duplicate the user data. + * This uses the duplicator method function. The destroy function will + * be used to free the user data in this case. + */ +int UI_dup_user_data(UI *ui, void *user_data); +/* We need a user data retrieving function as well. */ +void *UI_get0_user_data(UI *ui); + +/* Return the result associated with a prompt given with the index i. */ +const char *UI_get0_result(UI *ui, int i); +int UI_get_result_length(UI *ui, int i); + +/* When all strings have been added, process the whole thing. */ +int UI_process(UI *ui); + +/* + * Give a user interface parameterised control commands. This can be used to + * send down an integer, a data pointer or a function pointer, as well as be + * used to get information from a UI. + */ +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + +/* The commands */ +/* + * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the + * OpenSSL error stack before printing any info or added error messages and + * before any prompting. + */ +# define UI_CTRL_PRINT_ERRORS 1 +/* + * Check if a UI_process() is possible to do again with the same instance of + * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 + * if not. + */ +# define UI_CTRL_IS_REDOABLE 2 + +/* Some methods may use extra data */ +# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +# define UI_get_app_data(s) UI_get_ex_data(s,0) + +# define UI_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) +int UI_set_ex_data(UI *r, int idx, void *arg); +void *UI_get_ex_data(UI *r, int idx); + +/* Use specific methods instead of the built-in one */ +void UI_set_default_method(const UI_METHOD *meth); +const UI_METHOD *UI_get_default_method(void); +const UI_METHOD *UI_get_method(UI *ui); +const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + +# ifndef OPENSSL_NO_UI_CONSOLE + +/* The method with all the built-in thingies */ +UI_METHOD *UI_OpenSSL(void); + +# endif + +/* + * NULL method. Literally does nothing, but may serve as a placeholder + * to avoid internal default. + */ +const UI_METHOD *UI_null(void); + +/* ---------- For method writers ---------- */ +/*- + A method contains a number of functions that implement the low level + of the User Interface. The functions are: + + an opener This function starts a session, maybe by opening + a channel to a tty, or by opening a window. + a writer This function is called to write a given string, + maybe to the tty, maybe as a field label in a + window. + a flusher This function is called to flush everything that + has been output so far. It can be used to actually + display a dialog box after it has been built. + a reader This function is called to read a given prompt, + maybe from the tty, maybe from a field in a + window. Note that it's called with all string + structures, not only the prompt ones, so it must + check such things itself. + a closer This function closes the session, maybe by closing + the channel to the tty, or closing the window. + + All these functions are expected to return: + + 0 on error. + 1 on success. + -1 on out-of-band events, for example if some prompting has + been canceled (by pressing Ctrl-C, for example). This is + only checked when returned by the flusher or the reader. + + The way this is used, the opener is first called, then the writer for all + strings, then the flusher, then the reader for all strings and finally the + closer. Note that if you want to prompt from a terminal or other command + line interface, the best is to have the reader also write the prompts + instead of having the writer do it. If you want to prompt from a dialog + box, the writer can be used to build up the contents of the box, and the + flusher to actually display the box and run the event loop until all data + has been given, after which the reader only grabs the given data and puts + them back into the UI strings. + + All method functions take a UI as argument. Additionally, the writer and + the reader take a UI_STRING. +*/ + +/* + * The UI_STRING type is the data structure that contains all the needed info + * about a string or a prompt, including test data for a verification prompt. + */ +typedef struct ui_string_st UI_STRING; +DEFINE_STACK_OF(UI_STRING) + +/* + * The different types of strings that are currently supported. This is only + * needed by method authors. + */ +enum UI_string_types { + UIT_NONE = 0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ +}; + +/* Create and manipulate methods */ +UI_METHOD *UI_create_method(const char *name); +void UI_destroy_method(UI_METHOD *ui_method); +int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +int UI_method_set_writer(UI_METHOD *method, + int (*writer) (UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +int UI_method_set_reader(UI_METHOD *method, + int (*reader) (UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +int UI_method_set_data_duplicator(UI_METHOD *method, + void *(*duplicator) (UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)); +int UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor) (UI *ui, + const char + *object_desc, + const char + *object_name)); +int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) + (UI *, const char *, const char *); +void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); + +/* + * The following functions are helpers for method writers to access relevant + * data from a UI_STRING. + */ + +/* Return type of the UI_STRING */ +enum UI_string_types UI_get_string_type(UI_STRING *uis); +/* Return input flags of the UI_STRING */ +int UI_get_input_flags(UI_STRING *uis); +/* Return the actual string to output (the prompt, info or error) */ +const char *UI_get0_output_string(UI_STRING *uis); +/* + * Return the optional action string to output (the boolean prompt + * instruction) + */ +const char *UI_get0_action_string(UI_STRING *uis); +/* Return the result of a prompt */ +const char *UI_get0_result_string(UI_STRING *uis); +int UI_get_result_string_length(UI_STRING *uis); +/* + * Return the string to test the result against. Only useful with verifies. + */ +const char *UI_get0_test_string(UI_STRING *uis); +/* Return the required minimum size of the result */ +int UI_get_result_minsize(UI_STRING *uis); +/* Return the required maximum size of the result */ +int UI_get_result_maxsize(UI_STRING *uis); +/* Set the result of a UI_STRING. */ +int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); + +/* A couple of popular utility functions */ +int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, + int verify); +int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, + int verify); +UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/uierr.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/uierr.h new file mode 100644 index 00000000..bd68864d --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/uierr.h @@ -0,0 +1,65 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_UIERR_H +# define HEADER_UIERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_UI_strings(void); + +/* + * UI function codes. + */ +# define UI_F_CLOSE_CONSOLE 115 +# define UI_F_ECHO_CONSOLE 116 +# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 +# define UI_F_GENERAL_ALLOCATE_PROMPT 109 +# define UI_F_NOECHO_CONSOLE 117 +# define UI_F_OPEN_CONSOLE 114 +# define UI_F_UI_CONSTRUCT_PROMPT 121 +# define UI_F_UI_CREATE_METHOD 112 +# define UI_F_UI_CTRL 111 +# define UI_F_UI_DUP_ERROR_STRING 101 +# define UI_F_UI_DUP_INFO_STRING 102 +# define UI_F_UI_DUP_INPUT_BOOLEAN 110 +# define UI_F_UI_DUP_INPUT_STRING 103 +# define UI_F_UI_DUP_USER_DATA 118 +# define UI_F_UI_DUP_VERIFY_STRING 106 +# define UI_F_UI_GET0_RESULT 107 +# define UI_F_UI_GET_RESULT_LENGTH 119 +# define UI_F_UI_NEW_METHOD 104 +# define UI_F_UI_PROCESS 113 +# define UI_F_UI_SET_RESULT 105 +# define UI_F_UI_SET_RESULT_EX 120 + +/* + * UI reason codes. + */ +# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +# define UI_R_INDEX_TOO_LARGE 102 +# define UI_R_INDEX_TOO_SMALL 103 +# define UI_R_NO_RESULT_BUFFER 105 +# define UI_R_PROCESSING_ERROR 107 +# define UI_R_RESULT_TOO_LARGE 100 +# define UI_R_RESULT_TOO_SMALL 101 +# define UI_R_SYSASSIGN_ERROR 109 +# define UI_R_SYSDASSGN_ERROR 110 +# define UI_R_SYSQIOW_ERROR 111 +# define UI_R_UNKNOWN_CONTROL_COMMAND 106 +# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 +# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED 112 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/whrlpool.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/whrlpool.h new file mode 100644 index 00000000..20ea3503 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/whrlpool.h @@ -0,0 +1,48 @@ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_WHRLPOOL_H +# define HEADER_WHRLPOOL_H + +#include + +# ifndef OPENSSL_NO_WHIRLPOOL +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define WHIRLPOOL_DIGEST_LENGTH (512/8) +# define WHIRLPOOL_BBLOCK 512 +# define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK / 8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; +} WHIRLPOOL_CTX; + +int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); +int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); +unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/x509.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/x509.h new file mode 100644 index 00000000..39ca0ba5 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/x509.h @@ -0,0 +1,1047 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509_H +# define HEADER_X509_H + +# include +# include +# include +# include +# include +# include +# include +# include +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + + +/* Flags for X509_get_signature_info() */ +/* Signature info is valid */ +# define X509_SIG_INFO_VALID 0x1 +/* Signature is suitable for TLS use */ +# define X509_SIG_INFO_TLS 0x2 + +# define X509_FILETYPE_PEM 1 +# define X509_FILETYPE_ASN1 2 +# define X509_FILETYPE_DEFAULT 3 + +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +# define X509v3_KU_NON_REPUDIATION 0x0040 +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +# define X509v3_KU_KEY_AGREEMENT 0x0008 +# define X509v3_KU_KEY_CERT_SIGN 0x0004 +# define X509v3_KU_CRL_SIGN 0x0002 +# define X509v3_KU_ENCIPHER_ONLY 0x0001 +# define X509v3_KU_DECIPHER_ONLY 0x8000 +# define X509v3_KU_UNDEF 0xffff + +struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; +} /* X509_ALGOR */ ; + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +typedef struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; +} X509_VAL; + +typedef struct X509_sig_st X509_SIG; + +typedef struct X509_name_entry_st X509_NAME_ENTRY; + +DEFINE_STACK_OF(X509_NAME_ENTRY) + +DEFINE_STACK_OF(X509_NAME) + +# define X509_EX_V_NETSCAPE_HACK 0x8000 +# define X509_EX_V_INIT 0x0001 +typedef struct X509_extension_st X509_EXTENSION; + +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +DEFINE_STACK_OF(X509_EXTENSION) + +typedef struct x509_attributes_st X509_ATTRIBUTE; + +DEFINE_STACK_OF(X509_ATTRIBUTE) + +typedef struct X509_req_info_st X509_REQ_INFO; + +typedef struct X509_req_st X509_REQ; + +typedef struct x509_cert_aux_st X509_CERT_AUX; + +typedef struct x509_cinf_st X509_CINF; + +DEFINE_STACK_OF(X509) + +/* This is used for a table of trust checking functions */ + +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust) (struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; + +DEFINE_STACK_OF(X509_TRUST) + +/* standard trust ids */ + +# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ + +# define X509_TRUST_COMPAT 1 +# define X509_TRUST_SSL_CLIENT 2 +# define X509_TRUST_SSL_SERVER 3 +# define X509_TRUST_EMAIL 4 +# define X509_TRUST_OBJECT_SIGN 5 +# define X509_TRUST_OCSP_SIGN 6 +# define X509_TRUST_OCSP_REQUEST 7 +# define X509_TRUST_TSA 8 + +/* Keep these up to date! */ +# define X509_TRUST_MIN 1 +# define X509_TRUST_MAX 8 + +/* trust_flags values */ +# define X509_TRUST_DYNAMIC (1U << 0) +# define X509_TRUST_DYNAMIC_NAME (1U << 1) +/* No compat trust if self-signed, preempts "DO_SS" */ +# define X509_TRUST_NO_SS_COMPAT (1U << 2) +/* Compat trust if no explicit accepted trust EKUs */ +# define X509_TRUST_DO_SS_COMPAT (1U << 3) +/* Accept "anyEKU" as a wildcard trust OID */ +# define X509_TRUST_OK_ANY_EKU (1U << 4) + +/* check_trust return codes */ + +# define X509_TRUST_TRUSTED 1 +# define X509_TRUST_REJECTED 2 +# define X509_TRUST_UNTRUSTED 3 + +/* Flags for X509_print_ex() */ + +# define X509_FLAG_COMPAT 0 +# define X509_FLAG_NO_HEADER 1L +# define X509_FLAG_NO_VERSION (1L << 1) +# define X509_FLAG_NO_SERIAL (1L << 2) +# define X509_FLAG_NO_SIGNAME (1L << 3) +# define X509_FLAG_NO_ISSUER (1L << 4) +# define X509_FLAG_NO_VALIDITY (1L << 5) +# define X509_FLAG_NO_SUBJECT (1L << 6) +# define X509_FLAG_NO_PUBKEY (1L << 7) +# define X509_FLAG_NO_EXTENSIONS (1L << 8) +# define X509_FLAG_NO_SIGDUMP (1L << 9) +# define X509_FLAG_NO_AUX (1L << 10) +# define X509_FLAG_NO_ATTRIBUTES (1L << 11) +# define X509_FLAG_NO_IDS (1L << 12) + +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +# define XN_FLAG_SEP_MASK (0xf << 16) + +# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ +# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ +# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ +# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ +# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ + +# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ + +/* How the field name is shown */ + +# define XN_FLAG_FN_MASK (0x3 << 21) + +# define XN_FLAG_FN_SN 0/* Object short name */ +# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ +# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ +# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ + +# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ + +/* + * This determines if we dump fields we don't recognise: RFC2253 requires + * this. + */ + +# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 + * characters */ + +/* Complete set of RFC2253 flags */ + +# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +DEFINE_STACK_OF(X509_REVOKED) + +typedef struct X509_crl_info_st X509_CRL_INFO; + +DEFINE_STACK_OF(X509_CRL) + +typedef struct private_key_st { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; +} X509_PKEY; + +typedef struct X509_info_st { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; +} X509_INFO; + +DEFINE_STACK_OF(X509_INFO) + +/* + * The next 2 structures and their 8 routines are used to manipulate Netscape's + * spki structures - useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ +} NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR sig_algor; + ASN1_BIT_STRING *signature; +} NETSCAPE_SPKI; + +/* Netscape certificate sequence structure */ +typedef struct Netscape_certificate_sequence { + ASN1_OBJECT *type; + STACK_OF(X509) *certs; +} NETSCAPE_CERT_SEQUENCE; + +/*- Unused (and iv length is wrong) +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; +*/ + +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; +} PBEPARAM; + +/* Password based encryption V2 structures */ + +typedef struct PBE2PARAM_st { + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; +} PBE2PARAM; + +typedef struct PBKDF2PARAM_st { +/* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; +} PBKDF2PARAM; + +#ifndef OPENSSL_NO_SCRYPT +typedef struct SCRYPT_PARAMS_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *costParameter; + ASN1_INTEGER *blockSize; + ASN1_INTEGER *parallelizationParameter; + ASN1_INTEGER *keyLength; +} SCRYPT_PARAMS; +#endif + +#ifdef __cplusplus +} +#endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define X509_EXT_PACK_UNKNOWN 1 +# define X509_EXT_PACK_STRING 2 + +# define X509_extract_key(x) X509_get_pubkey(x)/*****/ +# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), + int (*crl_free) (X509_CRL *crl), + int (*crl_lookup) (X509_CRL *crl, + X509_REVOKED **ret, + ASN1_INTEGER *ser, + X509_NAME *issuer), + int (*crl_verify) (X509_CRL *crl, + EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + +const char *X509_verify_cert_error_string(long n); + +int X509_verify(X509 *a, EVP_PKEY *r); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); +char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp, const X509_ALGOR *alg, + const ASN1_STRING *sig); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_OCSP +int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert); +# endif +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_OCSP +int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl); +# endif +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + +# ifndef OPENSSL_NO_STDIO +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp, X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +# endif + +X509 *d2i_X509_bio(BIO *bp, X509 **x509); +int i2d_X509_bio(BIO *bp, X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); + +X509 *X509_dup(X509 *x509); +X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); +X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); +X509_CRL *X509_CRL_dup(X509_CRL *crl); +X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); +X509_REQ *X509_REQ_dup(X509_REQ *req); +X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, + void *pval); +void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, + const void **ppval, const X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + +X509_NAME *X509_NAME_dup(X509_NAME *xn); +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); + +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + +const char *X509_get_default_cert_area(void); +const char *X509_get_default_cert_dir(void); +const char *X509_get_default_cert_file(void); +const char *X509_get_default_cert_dir_env(void); +const char *X509_get_default_cert_file_env(void); +const char *X509_get_default_private_dir(void); + +X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); + +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) +DECLARE_ASN1_FUNCTIONS(X509_VAL) + +DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); +long X509_get_pathlen(X509 *x); +int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); +EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); +# ifndef OPENSSL_NO_RSA +int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); +RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_DSA +int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp); +DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_EC +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); +# endif + +DECLARE_ASN1_FUNCTIONS(X509_SIG) +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + +DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) +DECLARE_ASN1_FUNCTIONS(X509_REQ) + +DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + +DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) + +DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) + +DECLARE_ASN1_FUNCTIONS(X509_NAME) + +int X509_NAME_set(X509_NAME **xn, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(X509_CINF) + +DECLARE_ASN1_FUNCTIONS(X509) +DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + +#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(X509 *r, int idx); +int i2d_X509_AUX(X509 *a, unsigned char **pp); +X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags); +void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags); + +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); +int X509_get_signature_nid(const X509 *x); + +int X509_trusted(const X509 *x); +int X509_alias_set1(X509 *x, const unsigned char *name, int len); +int X509_keyid_set1(X509 *x, const unsigned char *id, int len); +unsigned char *X509_alias_get0(X509 *x, int *len); +unsigned char *X509_keyid_get0(X509 *x, int *len); +int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, + int); +int X509_TRUST_set(int *t, int trust); +int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); + +STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); + +DECLARE_ASN1_FUNCTIONS(X509_REVOKED) +DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) +DECLARE_ASN1_FUNCTIONS(X509_CRL) + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + +X509_PKEY *X509_PKEY_new(void); +void X509_PKEY_free(X509_PKEY *a); + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + +X509_INFO *X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); + +int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); + +int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, + unsigned char *md, unsigned int *len); + +int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey, const EVP_MD *type); + +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, + unsigned char *md, unsigned int *len); + +int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); + +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, + EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + void *asn, EVP_MD_CTX *ctx); + +long X509_get_version(const X509 *x); +int X509_set_version(X509 *x, long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER *X509_get_serialNumber(X509 *x); +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_issuer_name(const X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_subject_name(const X509 *a); +const ASN1_TIME * X509_get0_notBefore(const X509 *x); +ASN1_TIME *X509_getm_notBefore(const X509 *x); +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +const ASN1_TIME *X509_get0_notAfter(const X509 *x); +ASN1_TIME *X509_getm_notAfter(const X509 *x); +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +int X509_up_ref(X509 *x); +int X509_get_signature_type(const X509 *x); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_get_notBefore X509_getm_notBefore +# define X509_get_notAfter X509_getm_notAfter +# define X509_set_notBefore X509_set1_notBefore +# define X509_set_notAfter X509_set1_notAfter +#endif + + +/* + * This one is only used so that a binary form can output, as in + * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) + */ +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, + const ASN1_BIT_STRING **psuid); +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); + +EVP_PKEY *X509_get0_pubkey(const X509 *x); +EVP_PKEY *X509_get_pubkey(X509 *x); +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); + +long X509_REQ_get_version(const X509_REQ *req); +int X509_REQ_set_version(X509_REQ *x, long version); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_REQ_get_signature_nid(const X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +int *X509_REQ_get_extension_nids(void); +void X509_REQ_set_extension_nids(int *nids); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_sort(X509_CRL *crl); +int X509_CRL_up_ref(X509_CRL *crl); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate +#endif + +long X509_CRL_get_version(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_CRL_get_signature_nid(const X509_CRL *crl); +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); +int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +const STACK_OF(X509_EXTENSION) * +X509_REVOKED_get0_extensions(const X509_REVOKED *r); + +X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + +int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); + +int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); +int X509_chain_check_suiteb(int *perror_depth, + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); + +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +# ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +# endif + +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); + +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +int X509_aux_print(BIO *out, X509 *x, int indent); +# ifndef OPENSSL_NO_STDIO +int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print_fp(FILE *bp, X509 *x); +int X509_CRL_print_fp(FILE *bp, X509_CRL *x); +int X509_REQ_print_fp(FILE *bp, X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + unsigned long flags); +# endif + +int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + unsigned long flags); +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print(BIO *bp, X509 *x); +int X509_ocspid_print(BIO *bp, X509 *x); +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); +int X509_CRL_print(BIO *bp, X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, + unsigned long cflag); +int X509_REQ_print(BIO *bp, X509_REQ *req); + +int X509_NAME_entry_count(const X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + char *buf, int len); + +/* + * NOTE: you should be passing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. + */ +int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len, int loc, + int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, + const unsigned char *bytes, + int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type, + const unsigned char *bytes, + int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); + +int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, + size_t *pderlen); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + const ASN1_OBJECT *obj, int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +int X509_get_ext_count(const X509 *x); +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_CRL_get_ext_count(const X509_CRL *x); +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, + int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, + int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, + ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) + **x, const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) + **x, int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + **x, const char *attrname, + int type, + const unsigned char *bytes, + int len); +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, + const unsigned char *bytes, + int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(PBEPARAM) +DECLARE_ASN1_FUNCTIONS(PBE2PARAM) +DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) +#ifndef OPENSSL_NO_SCRYPT +DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) +#endif + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +#ifndef OPENSSL_NO_SCRYPT +X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); +#endif + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); + +/* PKCS#8 utilities */ + +DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + +const STACK_OF(X509_ATTRIBUTE) * +PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len); + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, X509_PUBKEY *pub); + +int X509_check_trust(X509 *x, int id, int flags); +int X509_TRUST_get_count(void); +X509_TRUST *X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(const X509_TRUST *xp); +char *X509_TRUST_get0_name(const X509_TRUST *xp); +int X509_TRUST_get_trust(const X509_TRUST *xp); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/x509_vfy.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/x509_vfy.h new file mode 100644 index 00000000..adb8bce7 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/x509_vfy.h @@ -0,0 +1,628 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509_VFY_H +# define HEADER_X509_VFY_H + +/* + * Protect against recursion, x509.h and x509_vfy.h each include the other. + */ +# ifndef HEADER_X509_H +# include +# endif + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +SSL_CTX -> X509_STORE + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + +SSL -> X509_STORE_CTX + ->X509_STORE + +The X509_STORE holds the tables etc for verification stuff. +A X509_STORE_CTX is used while validating a single certificate. +The X509_STORE has X509_LOOKUPs for looking up certs. +The X509_STORE then calls a function to actually verify the +certificate chain. +*/ + +typedef enum { + X509_LU_NONE = 0, + X509_LU_X509, X509_LU_CRL +} X509_LOOKUP_TYPE; + +#if OPENSSL_API_COMPAT < 0x10100000L +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 +#endif + +DEFINE_STACK_OF(X509_LOOKUP) +DEFINE_STACK_OF(X509_OBJECT) +DEFINE_STACK_OF(X509_VERIFY_PARAM) + +int X509_STORE_set_depth(X509_STORE *store, int depth); + +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, + X509_STORE_CTX *ctx, X509 *x); +typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, + X509 *x, X509 *issuer); +typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL **crl, X509 *x); +typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL *crl, X509 *x); +typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); + + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +# define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +# define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) + +# define X509_L_FILE_LOAD 1 +# define X509_L_ADD_DIR 2 + +# define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +# define X509_V_OK 0 +# define X509_V_ERR_UNSPECIFIED 1 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +# define X509_V_ERR_UNABLE_TO_GET_CRL 3 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +# define X509_V_ERR_CERT_NOT_YET_VALID 9 +# define X509_V_ERR_CERT_HAS_EXPIRED 10 +# define X509_V_ERR_CRL_NOT_YET_VALID 11 +# define X509_V_ERR_CRL_HAS_EXPIRED 12 +# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +# define X509_V_ERR_OUT_OF_MEM 17 +# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +# define X509_V_ERR_CERT_REVOKED 23 +# define X509_V_ERR_INVALID_CA 24 +# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +# define X509_V_ERR_INVALID_PURPOSE 26 +# define X509_V_ERR_CERT_UNTRUSTED 27 +# define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +# define X509_V_ERR_AKID_SKID_MISMATCH 30 +# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +# define X509_V_ERR_INVALID_NON_CA 37 +# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +# define X509_V_ERR_INVALID_EXTENSION 41 +# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +# define X509_V_ERR_NO_EXPLICIT_POLICY 43 +# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +# define X509_V_ERR_UNNESTED_RESOURCE 46 +# define X509_V_ERR_PERMITTED_VIOLATION 47 +# define X509_V_ERR_EXCLUDED_VIOLATION 48 +# define X509_V_ERR_SUBTREE_MINMAX 49 +/* The application is not happy */ +# define X509_V_ERR_APPLICATION_VERIFICATION 50 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +/* Another issuer check debug option */ +# define X509_V_ERR_PATH_LOOP 55 +/* Suite B mode algorithm violation */ +# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +/* Host, email and IP check errors */ +# define X509_V_ERR_HOSTNAME_MISMATCH 62 +# define X509_V_ERR_EMAIL_MISMATCH 63 +# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +/* DANE TLSA errors */ +# define X509_V_ERR_DANE_NO_MATCH 65 +/* security level errors */ +# define X509_V_ERR_EE_KEY_TOO_SMALL 66 +# define X509_V_ERR_CA_KEY_TOO_SMALL 67 +# define X509_V_ERR_CA_MD_TOO_WEAK 68 +/* Caller error */ +# define X509_V_ERR_INVALID_CALL 69 +/* Issuer lookup error */ +# define X509_V_ERR_STORE_LOOKUP 70 +/* Certificate transparency */ +# define X509_V_ERR_NO_VALID_SCTS 71 + +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +/* OCSP status errors */ +# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ + +/* Certificate verify flags */ + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +# endif +/* Use check time instead of current time */ +# define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +# define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +# define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +# define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +# define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +# define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +# define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +# define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +# define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +# define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +# define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check self-signed CA signature */ +# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Suite B 128 bit only mode: not normally used */ +# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define X509_V_FLAG_SUITEB_128_LOS 0x30000 +/* Allow partial chains if at least one certificate is in trusted store */ +# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +/* Do not check certificate/CRL validity against current time */ +# define X509_V_FLAG_NO_CHECK_TIME 0x200000 + +# define X509_VP_FLAG_DEFAULT 0x1 +# define X509_VP_FLAG_OVERWRITE 0x2 +# define X509_VP_FLAG_RESET_FLAGS 0x4 +# define X509_VP_FLAG_LOCKED 0x8 +# define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + X509_OBJECT *x); +int X509_OBJECT_up_ref_count(X509_OBJECT *a); +X509_OBJECT *X509_OBJECT_new(void); +void X509_OBJECT_free(X509_OBJECT *a); +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); +X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *v); +int X509_STORE_lock(X509_STORE *ctx); +int X509_STORE_unlock(X509_STORE *ctx); +int X509_STORE_up_ref(X509_STORE *v); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); + +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); + +void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +#define X509_STORE_set_verify_func(ctx, func) \ + X509_STORE_set_verify((ctx),(func)) +void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_fn verify); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +void X509_STORE_set_verify_cb(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb); +# define X509_STORE_set_verify_cb_func(ctx,func) \ + X509_STORE_set_verify_cb((ctx),(func)) +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx); +void X509_STORE_set_get_issuer(X509_STORE *ctx, + X509_STORE_CTX_get_issuer_fn get_issuer); +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx); +void X509_STORE_set_check_issued(X509_STORE *ctx, + X509_STORE_CTX_check_issued_fn check_issued); +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx); +void X509_STORE_set_check_revocation(X509_STORE *ctx, + X509_STORE_CTX_check_revocation_fn check_revocation); +X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx); +void X509_STORE_set_get_crl(X509_STORE *ctx, + X509_STORE_CTX_get_crl_fn get_crl); +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx); +void X509_STORE_set_check_crl(X509_STORE *ctx, + X509_STORE_CTX_check_crl_fn check_crl); +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); +void X509_STORE_set_cert_crl(X509_STORE *ctx, + X509_STORE_CTX_cert_crl_fn cert_crl); +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); +void X509_STORE_set_check_policy(X509_STORE *ctx, + X509_STORE_CTX_check_policy_fn check_policy); +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); +void X509_STORE_set_lookup_certs(X509_STORE *ctx, + X509_STORE_CTX_lookup_certs_fn lookup_certs); +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx); +void X509_STORE_set_lookup_crls(X509_STORE *ctx, + X509_STORE_CTX_lookup_crls_fn lookup_crls); +#define X509_STORE_set_lookup_crls_cb(ctx, func) \ + X509_STORE_set_lookup_crls((ctx), (func)) +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx); +void X509_STORE_set_cleanup(X509_STORE *ctx, + X509_STORE_CTX_cleanup_fn cleanup); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx); + +#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) +int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); +void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx); + +X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); +void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_cb verify); +X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain +# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted +# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +/* the following macro is misspelled; use X509_STORE_get1_certs instead */ +# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +/* the following macro is misspelled; use X509_STORE_get1_crls instead */ +# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls +#endif + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD *X509_LOOKUP_file(void); + +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free_fn) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + X509_NAME *name); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); + +X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +void X509_LOOKUP_free(X509_LOOKUP *ctx); +int X509_LOOKUP_init(X509_LOOKUP *ctx); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, + X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, + X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +int X509_STORE_load_locations(X509_STORE *ctx, + const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *ctx); + +#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); +void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); +#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0) + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + +int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, + uint32_t flags); +uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, + const char *ipasc); + +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_count(void); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +/* Non positive return values are errors */ +#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ + +/* + * Positive return values form a bit mask, all but the first are internal to + * the library and don't appear in results from X509_policy_check(). + */ +#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, + int i); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const + X509_POLICY_TREE + *tree); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const + X509_POLICY_TREE + *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, + int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const + X509_POLICY_NODE + *node); +const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE + *node); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/x509err.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/x509err.h new file mode 100644 index 00000000..02738531 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/x509err.h @@ -0,0 +1,130 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509ERR_H +# define HEADER_X509ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509_strings(void); + +/* + * X509 function codes. + */ +# define X509_F_ADD_CERT_DIR 100 +# define X509_F_BUILD_CHAIN 106 +# define X509_F_BY_FILE_CTRL 101 +# define X509_F_CHECK_NAME_CONSTRAINTS 149 +# define X509_F_CHECK_POLICY 145 +# define X509_F_DANE_I2D 107 +# define X509_F_DIR_CTRL 102 +# define X509_F_GET_CERT_BY_SUBJECT 103 +# define X509_F_I2D_X509_AUX 151 +# define X509_F_LOOKUP_CERTS_SK 152 +# define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +# define X509_F_NEW_DIR 153 +# define X509_F_X509AT_ADD1_ATTR 135 +# define X509_F_X509V3_ADD_EXT 104 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 +# define X509_F_X509_ATTRIBUTE_GET0_DATA 139 +# define X509_F_X509_ATTRIBUTE_SET1_DATA 138 +# define X509_F_X509_CHECK_PRIVATE_KEY 128 +# define X509_F_X509_CRL_DIFF 105 +# define X509_F_X509_CRL_METHOD_NEW 154 +# define X509_F_X509_CRL_PRINT_FP 147 +# define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +# define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +# define X509_F_X509_LOAD_CERT_CRL_FILE 132 +# define X509_F_X509_LOAD_CERT_FILE 111 +# define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_LOOKUP_METH_NEW 160 +# define X509_F_X509_LOOKUP_NEW 155 +# define X509_F_X509_NAME_ADD_ENTRY 113 +# define X509_F_X509_NAME_CANON 156 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 +# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +# define X509_F_X509_NAME_ONELINE 116 +# define X509_F_X509_NAME_PRINT 117 +# define X509_F_X509_OBJECT_NEW 150 +# define X509_F_X509_PRINT_EX_FP 118 +# define X509_F_X509_PUBKEY_DECODE 148 +# define X509_F_X509_PUBKEY_GET0 119 +# define X509_F_X509_PUBKEY_SET 120 +# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +# define X509_F_X509_REQ_PRINT_EX 121 +# define X509_F_X509_REQ_PRINT_FP 122 +# define X509_F_X509_REQ_TO_X509 123 +# define X509_F_X509_STORE_ADD_CERT 124 +# define X509_F_X509_STORE_ADD_CRL 125 +# define X509_F_X509_STORE_ADD_LOOKUP 157 +# define X509_F_X509_STORE_CTX_GET1_ISSUER 146 +# define X509_F_X509_STORE_CTX_INIT 143 +# define X509_F_X509_STORE_CTX_NEW 142 +# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 +# define X509_F_X509_STORE_NEW 158 +# define X509_F_X509_TO_X509_REQ 126 +# define X509_F_X509_TRUST_ADD 133 +# define X509_F_X509_TRUST_SET 141 +# define X509_F_X509_VERIFY_CERT 127 +# define X509_F_X509_VERIFY_PARAM_NEW 159 + +/* + * X509 reason codes. + */ +# define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_SELECTOR 133 +# define X509_R_BAD_X509_FILETYPE 100 +# define X509_R_BASE64_DECODE_ERROR 118 +# define X509_R_CANT_CHECK_DH_KEY 114 +# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +# define X509_R_CRL_ALREADY_DELTA 127 +# define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 138 +# define X509_R_INVALID_DIRECTORY 113 +# define X509_R_INVALID_FIELD_NAME 119 +# define X509_R_INVALID_TRUST 123 +# define X509_R_ISSUER_MISMATCH 129 +# define X509_R_KEY_TYPE_MISMATCH 115 +# define X509_R_KEY_VALUES_MISMATCH 116 +# define X509_R_LOADING_CERT_DIR 103 +# define X509_R_LOADING_DEFAULTS 104 +# define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 +# define X509_R_NEWER_CRL_NOT_NEWER 132 +# define X509_R_NO_CERTIFICATE_FOUND 135 +# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 +# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_FOUND 137 +# define X509_R_NO_CRL_NUMBER 130 +# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +# define X509_R_SHOULD_RETRY 106 +# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +# define X509_R_UNKNOWN_KEY_TYPE 117 +# define X509_R_UNKNOWN_NID 109 +# define X509_R_UNKNOWN_PURPOSE_ID 121 +# define X509_R_UNKNOWN_TRUST_ID 120 +# define X509_R_UNSUPPORTED_ALGORITHM 111 +# define X509_R_WRONG_LOOKUP_TYPE 112 +# define X509_R_WRONG_TYPE 122 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/x509v3.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/x509v3.h new file mode 100644 index 00000000..6c6eca38 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/x509v3.h @@ -0,0 +1,937 @@ +/* + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509V3_H +# define HEADER_X509V3_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef void *(*X509V3_EXT_NEW)(void); +typedef void (*X509V3_EXT_FREE) (void *); +typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, + void *ext); +typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + +/* V3 extension structure */ + +struct v3_ext_method { + int ext_nid; + int ext_flags; +/* If this is set the following four fields are ignored */ + ASN1_ITEM_EXP *it; +/* Old style ASN1 calls */ + X509V3_EXT_NEW ext_new; + X509V3_EXT_FREE ext_free; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; +/* The following pair is used for string extensions */ + X509V3_EXT_I2S i2s; + X509V3_EXT_S2I s2i; +/* The following pair is used for multi-valued extensions */ + X509V3_EXT_I2V i2v; + X509V3_EXT_V2I v2i; +/* The following are used for raw extensions */ + X509V3_EXT_I2R i2r; + X509V3_EXT_R2I r2i; + void *usr_data; /* Any extension specific data */ +}; + +typedef struct X509V3_CONF_METHOD_st { + char *(*get_string) (void *db, const char *section, const char *value); + STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); + void (*free_string) (void *db, char *string); + void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); +} X509V3_CONF_METHOD; + +/* Context specific info */ +struct v3_ext_ctx { +# define CTX_TEST 0x1 +# define X509V3_CTX_REPLACE 0x2 + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + X509V3_CONF_METHOD *db_meth; + void *db; +/* Maybe more here */ +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; + +DEFINE_STACK_OF(X509V3_EXT_METHOD) + +/* ext_flags values */ +# define X509V3_EXT_DYNAMIC 0x1 +# define X509V3_EXT_CTX_DEP 0x2 +# define X509V3_EXT_MULTILINE 0x4 + +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + +typedef struct BASIC_CONSTRAINTS_st { + int ca; + ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + +typedef struct PKEY_USAGE_PERIOD_st { + ASN1_GENERALIZEDTIME *notBefore; + ASN1_GENERALIZEDTIME *notAfter; +} PKEY_USAGE_PERIOD; + +typedef struct otherName_st { + ASN1_OBJECT *type_id; + ASN1_TYPE *value; +} OTHERNAME; + +typedef struct EDIPartyName_st { + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; +} EDIPARTYNAME; + +typedef struct GENERAL_NAME_st { +# define GEN_OTHERNAME 0 +# define GEN_EMAIL 1 +# define GEN_DNS 2 +# define GEN_X400 3 +# define GEN_DIRNAME 4 +# define GEN_EDIPARTY 5 +# define GEN_URI 6 +# define GEN_IPADD 7 +# define GEN_RID 8 + int type; + union { + char *ptr; + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_TYPE *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + /* Old names */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, + * uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ + } d; +} GENERAL_NAME; + +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; + +typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; + +DEFINE_STACK_OF(GENERAL_NAME) +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DEFINE_STACK_OF(GENERAL_NAMES) + +DEFINE_STACK_OF(ACCESS_DESCRIPTION) + +typedef struct DIST_POINT_NAME_st { + int type; + union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; +/* If relativename then this contains the full distribution point name */ + X509_NAME *dpname; +} DIST_POINT_NAME; +/* All existing reasons */ +# define CRLDP_ALL_REASONS 0x807f + +# define CRL_REASON_NONE -1 +# define CRL_REASON_UNSPECIFIED 0 +# define CRL_REASON_KEY_COMPROMISE 1 +# define CRL_REASON_CA_COMPROMISE 2 +# define CRL_REASON_AFFILIATION_CHANGED 3 +# define CRL_REASON_SUPERSEDED 4 +# define CRL_REASON_CESSATION_OF_OPERATION 5 +# define CRL_REASON_CERTIFICATE_HOLD 6 +# define CRL_REASON_REMOVE_FROM_CRL 8 +# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +# define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; + int dp_reasons; +}; + +typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +DEFINE_STACK_OF(DIST_POINT) + +struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +}; + +/* Strong extranet structures */ + +typedef struct SXNET_ID_st { + ASN1_INTEGER *zone; + ASN1_OCTET_STRING *user; +} SXNETID; + +DEFINE_STACK_OF(SXNETID) + +typedef struct SXNET_st { + ASN1_INTEGER *version; + STACK_OF(SXNETID) *ids; +} SXNET; + +typedef struct NOTICEREF_st { + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; +} NOTICEREF; + +typedef struct USERNOTICE_st { + NOTICEREF *noticeref; + ASN1_STRING *exptext; +} USERNOTICE; + +typedef struct POLICYQUALINFO_st { + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; +} POLICYQUALINFO; + +DEFINE_STACK_OF(POLICYQUALINFO) + +typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; +} POLICYINFO; + +typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +DEFINE_STACK_OF(POLICYINFO) + +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DEFINE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DEFINE_STACK_OF(GENERAL_SUBTREE) + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; +} PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; +} PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +/* Values in idp_flags field */ +/* IDP present */ +# define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +# define IDP_INVALID 0x2 +/* onlyuser true */ +# define IDP_ONLYUSER 0x4 +/* onlyCA true */ +# define IDP_ONLYCA 0x8 +/* onlyattr true */ +# define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +# define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +# define IDP_REASONS 0x40 + +# define X509V3_conf_err(val) ERR_add_error_data(6, \ + "section:", (val)->section, \ + ",name:", (val)->name, ",value:", (val)->value) + +# define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0,0,0,0, \ + 0,0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table} + +# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0,0,0,0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0,0,0,0, \ + NULL} + +# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + +/* X509_PURPOSE stuff */ + +# define EXFLAG_BCONS 0x1 +# define EXFLAG_KUSAGE 0x2 +# define EXFLAG_XKUSAGE 0x4 +# define EXFLAG_NSCERT 0x8 + +# define EXFLAG_CA 0x10 +/* Really self issued not necessarily self signed */ +# define EXFLAG_SI 0x20 +# define EXFLAG_V1 0x40 +# define EXFLAG_INVALID 0x80 +/* EXFLAG_SET is set to indicate that some values have been precomputed */ +# define EXFLAG_SET 0x100 +# define EXFLAG_CRITICAL 0x200 +# define EXFLAG_PROXY 0x400 + +# define EXFLAG_INVALID_POLICY 0x800 +# define EXFLAG_FRESHEST 0x1000 +/* Self signed */ +# define EXFLAG_SS 0x2000 + +# define KU_DIGITAL_SIGNATURE 0x0080 +# define KU_NON_REPUDIATION 0x0040 +# define KU_KEY_ENCIPHERMENT 0x0020 +# define KU_DATA_ENCIPHERMENT 0x0010 +# define KU_KEY_AGREEMENT 0x0008 +# define KU_KEY_CERT_SIGN 0x0004 +# define KU_CRL_SIGN 0x0002 +# define KU_ENCIPHER_ONLY 0x0001 +# define KU_DECIPHER_ONLY 0x8000 + +# define NS_SSL_CLIENT 0x80 +# define NS_SSL_SERVER 0x40 +# define NS_SMIME 0x20 +# define NS_OBJSIGN 0x10 +# define NS_SSL_CA 0x04 +# define NS_SMIME_CA 0x02 +# define NS_OBJSIGN_CA 0x01 +# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) + +# define XKU_SSL_SERVER 0x1 +# define XKU_SSL_CLIENT 0x2 +# define XKU_SMIME 0x4 +# define XKU_CODE_SIGN 0x8 +# define XKU_SGC 0x10 +# define XKU_OCSP_SIGN 0x20 +# define XKU_TIMESTAMP 0x40 +# define XKU_DVCS 0x80 +# define XKU_ANYEKU 0x100 + +# define X509_PURPOSE_DYNAMIC 0x1 +# define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); + char *name; + char *sname; + void *usr_data; +} X509_PURPOSE; + +# define X509_PURPOSE_SSL_CLIENT 1 +# define X509_PURPOSE_SSL_SERVER 2 +# define X509_PURPOSE_NS_SSL_SERVER 3 +# define X509_PURPOSE_SMIME_SIGN 4 +# define X509_PURPOSE_SMIME_ENCRYPT 5 +# define X509_PURPOSE_CRL_SIGN 6 +# define X509_PURPOSE_ANY 7 +# define X509_PURPOSE_OCSP_HELPER 8 +# define X509_PURPOSE_TIMESTAMP_SIGN 9 + +# define X509_PURPOSE_MIN 1 +# define X509_PURPOSE_MAX 9 + +/* Flags for X509V3_EXT_print() */ + +# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +# define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +/* Flags for X509V3_add1_i2d */ + +# define X509V3_ADD_OP_MASK 0xfL +# define X509V3_ADD_DEFAULT 0L +# define X509V3_ADD_APPEND 1L +# define X509V3_ADD_REPLACE 2L +# define X509V3_ADD_REPLACE_EXISTING 3L +# define X509V3_ADD_KEEP_EXISTING 4L +# define X509V3_ADD_DELETE 5L +# define X509V3_ADD_SILENT 0x10 + +DEFINE_STACK_OF(X509_PURPOSE) + +DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + +DECLARE_ASN1_FUNCTIONS(SXNET) +DECLARE_ASN1_FUNCTIONS(SXNETID) + +int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, + int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, + int userlen); + +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); +ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); + +DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) + +DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); +char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret); +int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +DECLARE_ASN1_FUNCTIONS(OTHERNAME) +DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) + +DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) +DECLARE_ASN1_FUNCTIONS(POLICYINFO) +DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) +DECLARE_ASN1_FUNCTIONS(USERNOTICE) +DECLARE_ASN1_FUNCTIONS(NOTICEREF) + +DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) +DECLARE_ASN1_FUNCTIONS(DIST_POINT) +DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); +int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); + +DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) +DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) + +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, + const char *value, int is_nc); + +# ifdef HEADER_CONF_H +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); +void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *name, const char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_CRL *crl); + +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); +# endif + +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); + +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + const ASN1_ENUMERATED *aint); +int X509V3_EXT_add(X509V3_EXT_METHOD *ext); +int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); +int X509V3_EXT_add_alias(int nid_to, int nid_from); +void X509V3_EXT_cleanup(void); + +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); +void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags); + +#if OPENSSL_API_COMPAT < 0x10100000L +/* The new declarations are in crypto.h, but the old ones were here. */ +# define hex_to_string OPENSSL_buf2hexstr +# define string_to_hex OPENSSL_hexstr2buf +#endif + +void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent); +#ifndef OPENSSL_NO_STDIO +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +#endif +int X509V3_extensions_print(BIO *out, const char *title, + const STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); + +int X509_check_ca(X509 *x); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_supported_extension(X509_EXTENSION *ex); +int X509_PURPOSE_set(int *p, int purpose); +int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +void X509_set_proxy_flag(X509 *x); +void X509_set_proxy_pathlen(X509 *x, long l); +long X509_get_proxy_pathlen(X509 *x); + +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); +const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); + +int X509_PURPOSE_get_count(void); +X509_PURPOSE *X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_by_sname(const char *sname); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck) (const X509_PURPOSE *, const X509 *, int), + const char *name, const char *sname, void *arg); +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); +void X509_PURPOSE_cleanup(void); +int X509_PURPOSE_get_id(const X509_PURPOSE *); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); +/* Flags for X509_check_* functions */ + +/* + * Always check subject name for host match even if subject alt names present + */ +# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Never check the subject CN */ +# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 +/* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject + * reference identity is a DNS name. + */ +# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); + +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DEFINE_STACK_OF(X509_POLICY_NODE) + +#ifndef OPENSSL_NO_RFC3779 +typedef struct ASRange_st { + ASN1_INTEGER *min, *max; +} ASRange; + +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DEFINE_STACK_OF(ASIdOrRange) + +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum, *rdi; +} ASIdentifiers; + +DECLARE_ASN1_FUNCTIONS(ASRange) +DECLARE_ASN1_FUNCTIONS(ASIdOrRange) +DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) +DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; +} IPAddressRange; + +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DEFINE_STACK_OF(IPAddressOrRange) + +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DEFINE_STACK_OF(IPAddressFamily) + +DECLARE_ASN1_FUNCTIONS(IPAddressRange) +DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +DECLARE_ASN1_FUNCTIONS(IPAddressChoice) +DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int X509v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi); +int X509v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); +int X509v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); +unsigned X509v3_addr_get_afi(const IPAddressFamily *f); +int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, + const int length); + +/* + * Canonical forms. + */ +int X509v3_asid_is_canonical(ASIdentifiers *asid); +int X509v3_addr_is_canonical(IPAddrBlocks *addr); +int X509v3_asid_canonize(ASIdentifiers *asid); +int X509v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int X509v3_asid_inherits(ASIdentifiers *asid); +int X509v3_addr_inherits(IPAddrBlocks *addr); +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int X509v3_asid_validate_path(X509_STORE_CTX *); +int X509v3_addr_validate_path(X509_STORE_CTX *); +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, + int allow_inheritance); +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, int allow_inheritance); + +#endif /* OPENSSL_NO_RFC3779 */ + +DEFINE_STACK_OF(ASN1_STRING) + +/* + * Admission Syntax + */ +typedef struct NamingAuthority_st NAMING_AUTHORITY; +typedef struct ProfessionInfo_st PROFESSION_INFO; +typedef struct Admissions_st ADMISSIONS; +typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY) +DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) +DECLARE_ASN1_FUNCTIONS(ADMISSIONS) +DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) +DEFINE_STACK_OF(ADMISSIONS) +DEFINE_STACK_OF(PROFESSION_INFO) +typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; + +const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( + const NAMING_AUTHORITY *n); +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( + const NAMING_AUTHORITY *n); +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( + const NAMING_AUTHORITY *n); +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, + ASN1_OBJECT* namingAuthorityId); +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, + ASN1_IA5STRING* namingAuthorityUrl); +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, + ASN1_STRING* namingAuthorityText); + +const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_admissionAuthority( + ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_contentsOfAdmissions( + ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_addProfessionInfo( + PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_namingAuthority( + PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionItems( + PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionOIDs( + PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_registrationNumber( + PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/include/openssl/x509v3err.h b/include/DomainExec/mswin32/OpenSSL/include/openssl/x509v3err.h new file mode 100644 index 00000000..5f25442f --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/include/openssl/x509v3err.h @@ -0,0 +1,162 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509V3ERR_H +# define HEADER_X509V3ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509V3_strings(void); + +/* + * X509V3 function codes. + */ +# define X509V3_F_A2I_GENERAL_NAME 164 +# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 +# define X509V3_F_BIGNUM_TO_STRING 167 +# define X509V3_F_COPY_EMAIL 122 +# define X509V3_F_COPY_ISSUER 123 +# define X509V3_F_DO_DIRNAME 144 +# define X509V3_F_DO_EXT_I2D 135 +# define X509V3_F_DO_EXT_NCONF 151 +# define X509V3_F_GNAMES_FROM_SECTNAME 156 +# define X509V3_F_I2S_ASN1_ENUMERATED 121 +# define X509V3_F_I2S_ASN1_IA5STRING 149 +# define X509V3_F_I2S_ASN1_INTEGER 120 +# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +# define X509V3_F_LEVEL_ADD_NODE 168 +# define X509V3_F_NOTICE_SECTION 132 +# define X509V3_F_NREF_NOS 133 +# define X509V3_F_POLICY_CACHE_CREATE 169 +# define X509V3_F_POLICY_CACHE_NEW 170 +# define X509V3_F_POLICY_DATA_NEW 171 +# define X509V3_F_POLICY_SECTION 131 +# define X509V3_F_PROCESS_PCI_VALUE 150 +# define X509V3_F_R2I_CERTPOL 130 +# define X509V3_F_R2I_PCI 155 +# define X509V3_F_S2I_ASN1_IA5STRING 100 +# define X509V3_F_S2I_ASN1_INTEGER 108 +# define X509V3_F_S2I_ASN1_OCTET_STRING 112 +# define X509V3_F_S2I_SKEY_ID 115 +# define X509V3_F_SET_DIST_POINT_NAME 158 +# define X509V3_F_SXNET_ADD_ID_ASC 125 +# define X509V3_F_SXNET_ADD_ID_INTEGER 126 +# define X509V3_F_SXNET_ADD_ID_ULONG 127 +# define X509V3_F_SXNET_GET_ID_ASC 128 +# define X509V3_F_SXNET_GET_ID_ULONG 129 +# define X509V3_F_TREE_INIT 172 +# define X509V3_F_V2I_ASIDENTIFIERS 163 +# define X509V3_F_V2I_ASN1_BIT_STRING 101 +# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 +# define X509V3_F_V2I_AUTHORITY_KEYID 119 +# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 +# define X509V3_F_V2I_CRLD 134 +# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 +# define X509V3_F_V2I_GENERAL_NAMES 118 +# define X509V3_F_V2I_GENERAL_NAME_EX 117 +# define X509V3_F_V2I_IDP 157 +# define X509V3_F_V2I_IPADDRBLOCKS 159 +# define X509V3_F_V2I_ISSUER_ALT 153 +# define X509V3_F_V2I_NAME_CONSTRAINTS 147 +# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +# define X509V3_F_V2I_POLICY_MAPPINGS 145 +# define X509V3_F_V2I_SUBJECT_ALT 154 +# define X509V3_F_V2I_TLS_FEATURE 165 +# define X509V3_F_V3_GENERIC_EXTENSION 116 +# define X509V3_F_X509V3_ADD1_I2D 140 +# define X509V3_F_X509V3_ADD_VALUE 105 +# define X509V3_F_X509V3_EXT_ADD 104 +# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 +# define X509V3_F_X509V3_EXT_I2D 136 +# define X509V3_F_X509V3_EXT_NCONF 152 +# define X509V3_F_X509V3_GET_SECTION 142 +# define X509V3_F_X509V3_GET_STRING 143 +# define X509V3_F_X509V3_GET_VALUE_BOOL 110 +# define X509V3_F_X509V3_PARSE_LIST 109 +# define X509V3_F_X509_PURPOSE_ADD 137 +# define X509V3_F_X509_PURPOSE_SET 141 + +/* + * X509V3 reason codes. + */ +# define X509V3_R_BAD_IP_ADDRESS 118 +# define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BN_DEC2BN_ERROR 100 +# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +# define X509V3_R_DIRNAME_ERROR 149 +# define X509V3_R_DISTPOINT_ALREADY_SET 160 +# define X509V3_R_DUPLICATE_ZONE_ID 133 +# define X509V3_R_ERROR_CONVERTING_ZONE 131 +# define X509V3_R_ERROR_CREATING_EXTENSION 144 +# define X509V3_R_ERROR_IN_EXTENSION 128 +# define X509V3_R_EXPECTED_A_SECTION_NAME 137 +# define X509V3_R_EXTENSION_EXISTS 145 +# define X509V3_R_EXTENSION_NAME_ERROR 115 +# define X509V3_R_EXTENSION_NOT_FOUND 102 +# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +# define X509V3_R_EXTENSION_VALUE_ERROR 116 +# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +# define X509V3_R_INVALID_ASNUMBER 162 +# define X509V3_R_INVALID_ASRANGE 163 +# define X509V3_R_INVALID_BOOLEAN_STRING 104 +# define X509V3_R_INVALID_EXTENSION_STRING 105 +# define X509V3_R_INVALID_INHERITANCE 165 +# define X509V3_R_INVALID_IPADDRESS 166 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 +# define X509V3_R_INVALID_NAME 106 +# define X509V3_R_INVALID_NULL_ARGUMENT 107 +# define X509V3_R_INVALID_NULL_NAME 108 +# define X509V3_R_INVALID_NULL_VALUE 109 +# define X509V3_R_INVALID_NUMBER 140 +# define X509V3_R_INVALID_NUMBERS 141 +# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +# define X509V3_R_INVALID_OPTION 138 +# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +# define X509V3_R_INVALID_PURPOSE 146 +# define X509V3_R_INVALID_SAFI 164 +# define X509V3_R_INVALID_SECTION 135 +# define X509V3_R_INVALID_SYNTAX 143 +# define X509V3_R_ISSUER_DECODE_ERROR 126 +# define X509V3_R_MISSING_VALUE 124 +# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +# define X509V3_R_NO_CONFIG_DATABASE 136 +# define X509V3_R_NO_ISSUER_CERTIFICATE 121 +# define X509V3_R_NO_ISSUER_DETAILS 127 +# define X509V3_R_NO_POLICY_IDENTIFIER 139 +# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +# define X509V3_R_NO_PUBLIC_KEY 114 +# define X509V3_R_NO_SUBJECT_DETAILS 125 +# define X509V3_R_OPERATION_NOT_DEFINED 148 +# define X509V3_R_OTHERNAME_ERROR 147 +# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +# define X509V3_R_POLICY_PATH_LENGTH 156 +# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +# define X509V3_R_SECTION_NOT_FOUND 150 +# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +# define X509V3_R_UNKNOWN_EXTENSION 129 +# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +# define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNSUPPORTED_OPTION 117 +# define X509V3_R_UNSUPPORTED_TYPE 167 +# define X509V3_R_USER_TOO_LONG 132 + +#endif diff --git a/include/DomainExec/mswin32/OpenSSL/ssl/openssl.cnf b/include/DomainExec/mswin32/OpenSSL/ssl/openssl.cnf new file mode 100644 index 00000000..4acca4b0 --- /dev/null +++ b/include/DomainExec/mswin32/OpenSSL/ssl/openssl.cnf @@ -0,0 +1,350 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) diff --git a/include/DomainExec/mswin32/license-format/licformat.sh b/include/DomainExec/mswin32/license-format/licformat.sh new file mode 100644 index 00000000..f5436ff1 --- /dev/null +++ b/include/DomainExec/mswin32/license-format/licformat.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +script_dir=`dirname $0` + +sed -f $script_dir/licsed_1 $1 | tr '\n' ' '| awk 'NR==1{printf("\n%s", $0) }' | + +awk '{for (i=1&&j=2; i <= NF; i++&&j++) if($i=="SDFGHJdblnewline"){printf("\n\n")} +else if($i=="oSDFGHbullet"){printf(" \no ")} +else if($i=="Copyright" && $j=="(C)"){printf("\n%s ",$i)} +else if($i=="author" && $j=="Gnomovision"){printf("author\n")} +else if($i=="1989" && $j== "Ty"){printf("1989\n")} +else{printf("%s ",$i)}}' | + +sed -f $script_dir/licsed_2 diff --git a/include/DomainExec/mswin32/license-format/licsed_1 b/include/DomainExec/mswin32/license-format/licsed_1 new file mode 100644 index 00000000..9755001f --- /dev/null +++ b/include/DomainExec/mswin32/license-format/licsed_1 @@ -0,0 +1,36 @@ +# remove horizontal asterisks +s@\*\*@@g + +# preserve double hyphens between words in GNU GPL +s@\([^\-]\)\-\-\([^\-]\)@\1SDFGHdbldash\2@g + +# remove horizontal hyphens +s@\-\-@@g + +# reintroduce double hyphens +s@SDFGHdbldash@--@g + +# remove trailing asterisk +s@[ ]*\*[ ]*$@@g + +# remove leading asterisk +s@^[ ]*\*@@ + +# remove lonely slash +s@^/$@@g + +# remove leading whitespace +s@^[ ]*@@g + +# preserve bullets +s@^o @ oSDFGHbullet @g + +# preserve sentence spacing +s@\. \([A-Za-z0-9]\)@.SDFGHJdblspace\1@g + +# remove first line +1d + +# read entire input and preserve paragraph separation +s@^$@ SDFGHJdblnewline @ + diff --git a/include/DomainExec/mswin32/license-format/licsed_2 b/include/DomainExec/mswin32/license-format/licsed_2 new file mode 100644 index 00000000..1eab79c6 --- /dev/null +++ b/include/DomainExec/mswin32/license-format/licsed_2 @@ -0,0 +1,12 @@ + +# collapse whitespace +s@ @ @g +s@ $@@g + +2d + +# reintroduce bullets +s@oSDFGHbullet@o @g + +# reintroduce sentence spacing +s@SDFGHJdblspace@ @g diff --git a/include/DomainExec/mswin32/ncrack.sln b/include/DomainExec/mswin32/ncrack.sln new file mode 100644 index 00000000..21aeb702 --- /dev/null +++ b/include/DomainExec/mswin32/ncrack.sln @@ -0,0 +1,38 @@ + +Microsoft Visual Studio Solution File, Format Version 11.00 +# Visual C++ Express 2010 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ncrack", "ncrack.vcxproj", "{133C627B-C6FC-438F-853D-66FF7EE484F5}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nbase", "..\nbase\nbase.vcxproj", "{B630C8F7-3138-43E8-89ED-78742FA2AC5F}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nsock", "..\nsock\nsock.vcxproj", "{F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "opensshlib", "..\opensshlib\openssh.vcxproj", "{B630C8F7-3138-1337-11FF-DEADBEEFAC5F}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Release|Win32 = Release|Win32 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {133C627B-C6FC-438F-853D-66FF7EE484F5}.Debug|Win32.ActiveCfg = Debug|Win32 + {133C627B-C6FC-438F-853D-66FF7EE484F5}.Debug|Win32.Build.0 = Debug|Win32 + {133C627B-C6FC-438F-853D-66FF7EE484F5}.Release|Win32.ActiveCfg = Release|Win32 + {133C627B-C6FC-438F-853D-66FF7EE484F5}.Release|Win32.Build.0 = Release|Win32 + {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Debug|Win32.ActiveCfg = Debug|Win32 + {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Debug|Win32.Build.0 = Debug|Win32 + {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Release|Win32.ActiveCfg = Release|Win32 + {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Release|Win32.Build.0 = Release|Win32 + {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Debug|Win32.ActiveCfg = DebugNoPcap|Win32 + {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Debug|Win32.Build.0 = DebugNoPcap|Win32 + {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Release|Win32.ActiveCfg = ReleaseNoPcap|Win32 + {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Release|Win32.Build.0 = ReleaseNoPcap|Win32 + {B630C8F7-3138-1337-11FF-DEADBEEFAC5F}.Debug|Win32.ActiveCfg = Debug|Win32 + {B630C8F7-3138-1337-11FF-DEADBEEFAC5F}.Debug|Win32.Build.0 = Debug|Win32 + {B630C8F7-3138-1337-11FF-DEADBEEFAC5F}.Release|Win32.ActiveCfg = Release|Win32 + {B630C8F7-3138-1337-11FF-DEADBEEFAC5F}.Release|Win32.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/include/DomainExec/mswin32/ncrack.vcxproj b/include/DomainExec/mswin32/ncrack.vcxproj new file mode 100644 index 00000000..bfdd35cc --- /dev/null +++ b/include/DomainExec/mswin32/ncrack.vcxproj @@ -0,0 +1,234 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + + {133C627B-C6FC-438F-853D-66FF7EE484F5} + ncrack + 10.0 + + + + Application + false + MultiByte + v142 + + + Application + false + MultiByte + v142 + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.30319.1 + .\$(Configuration)\ + .\$(Configuration)\ + true + $(Configuration)\ + $(Configuration)\ + true + + + + .\Debug\ncrack.tlb + + + + + Disabled + .;..;..\nbase;..\nsock\include;..\opensshlib;..\modules;OpenSSL\include;%(AdditionalIncludeDirectories) + WIN32;_CONSOLE;%(PreprocessorDefinitions) + false + false + false + EnableFastChecks + MultiThreadedDebug + + + .\Debug\ncrack.pch + .\Debug\ + .\Debug\ + .\Debug\ + Level2 + true + EditAndContinue + CompileAsCpp + + + nsock.lib;nbase.lib;opensshlib.lib;ws2_32.lib;advapi32.lib;libcrypto.lib;libssl.lib + .\Debug\ncrack.exe + true + lib;..\nsock;..\nbase;..\opensshlib;OpenSSL\lib;%(AdditionalLibraryDirectories) + %(IgnoreSpecificDefaultLibraries) + true + .\Debug\ncrack.pdb + Console + false + + + MachineX86 + + + xcopy "$(SolutionDir)\OpenSSL\bin\*.dll" "$(SolutionDir)\$(Configuration)\" /y && xcopy "$(SolutionDir)..\ncrack-services" "$(SolutionDir)\$(Configuration)\" /y + + + + + .\Release\ncrack.tlb + + + + + MaxSpeed + OnlyExplicitInline + .;..;..\nbase;..\nsock\include;..\opensshlib;..\modules;OpenSSL\include;%(AdditionalIncludeDirectories) + WIN32;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + + + .\Release/ncrack.pch + .\Release/ + .\Release/ + .\Release/ + true + CompileAsCpp + OldStyle + + + nbase.lib;opensshlib.lib;ws2_32.lib;advapi32.lib;libcrypto.lib;libssl.lib + .\Release\ncrack.exe + true + lib;..\nsock;..\nbase;..\opensshlib;OpenSSL\lib;%(AdditionalLibraryDirectories) + libcmtd.lib;%(IgnoreSpecificDefaultLibraries) + true + .\Release/ncrack.pdb + Console + false + + + MachineX86 + + + xcopy "$(SolutionDir)\OpenSSL\bin\*.dll" "$(SolutionDir)\$(Configuration)\" /y && xcopy "$(SolutionDir)..\ncrack-services" "$(SolutionDir)\$(Configuration)\" /y + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Sync + Sync + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + {b630c8f7-3138-43e8-89ed-78742fa2ac5f} + false + + + {f8d6d1e3-d4ea-402c-98aa-168e5309baf4} + false + + + {b630c8f7-3138-1337-11ff-deadbeefac5f} + false + + + + + + \ No newline at end of file diff --git a/include/DomainExec/mswin32/nsis/AddToPath.nsh b/include/DomainExec/mswin32/nsis/AddToPath.nsh new file mode 100644 index 00000000..2d19c9d9 --- /dev/null +++ b/include/DomainExec/mswin32/nsis/AddToPath.nsh @@ -0,0 +1,255 @@ +!ifndef _AddToPath_nsh +!define _AddToPath_nsh + +!verbose 3 +!include "WinMessages.NSH" +!verbose 4 + +!ifndef WriteEnvStr_RegKey + !ifdef ALL_USERS + !define WriteEnvStr_RegKey \ + 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"' + !else + !define WriteEnvStr_RegKey 'HKCU "Environment"' + !endif +!endif + +; AddToPath - Adds the given dir to the search path. +; Input - head of the stack +; Note - Win9x systems requires reboot + +Function AddToPath + Exch $0 + Push $1 + Push $2 + Push $3 + + # don't add if the path doesn't exist + IfFileExists "$0\*.*" "" AddToPath_done + + ReadEnvStr $1 PATH + Push "$1;" + Push "$0;" + Call StrStr + Pop $2 + StrCmp $2 "" "" AddToPath_done + Push "$1;" + Push "$0\;" + Call StrStr + Pop $2 + StrCmp $2 "" "" AddToPath_done + GetFullPathName /SHORT $3 $0 + Push "$1;" + Push "$3;" + Call StrStr + Pop $2 + StrCmp $2 "" "" AddToPath_done + Push "$1;" + Push "$3\;" + Call StrStr + Pop $2 + StrCmp $2 "" "" AddToPath_done + + Call IsNT + Pop $1 + StrCmp $1 1 AddToPath_NT + ; Not on NT + StrCpy $1 $WINDIR 2 + FileOpen $1 "$1\autoexec.bat" a + FileSeek $1 -1 END + FileReadByte $1 $2 + IntCmp $2 26 0 +2 +2 # DOS EOF + FileSeek $1 -1 END # write over EOF + FileWrite $1 "$\r$\nSET PATH=%PATH%;$3$\r$\n" + FileClose $1 + SetRebootFlag true + Goto AddToPath_done + + AddToPath_NT: + ReadRegStr $1 ${WriteEnvStr_RegKey} "PATH" + StrCpy $2 $1 1 -1 # copy last char + StrCmp $2 ";" 0 +2 # if last char == ; + StrCpy $1 $1 -1 # remove last char + StrCmp $1 "" AddToPath_NTdoIt + StrCpy $0 "$1;$0" + AddToPath_NTdoIt: + WriteRegExpandStr ${WriteEnvStr_RegKey} "PATH" $0 + SendMessage ${HWND_BROADCAST} ${WM_WININICHANGE} 0 "STR:Environment" /TIMEOUT=5000 + + AddToPath_done: + Pop $3 + Pop $2 + Pop $1 + Pop $0 +FunctionEnd + +; RemoveFromPath - Remove a given dir from the path +; Input: head of the stack + +Function un.RemoveFromPath + Exch $0 + Push $1 + Push $2 + Push $3 + Push $4 + Push $5 + Push $6 + + IntFmt $6 "%c" 26 # DOS EOF + + Call un.IsNT + Pop $1 + StrCmp $1 1 unRemoveFromPath_NT + ; Not on NT + StrCpy $1 $WINDIR 2 + FileOpen $1 "$1\autoexec.bat" r + GetTempFileName $4 + FileOpen $2 $4 w + GetFullPathName /SHORT $0 $0 + StrCpy $0 "SET PATH=%PATH%;$0" + Goto unRemoveFromPath_dosLoop + + unRemoveFromPath_dosLoop: + FileRead $1 $3 + StrCpy $5 $3 1 -1 # read last char + StrCmp $5 $6 0 +2 # if DOS EOF + StrCpy $3 $3 -1 # remove DOS EOF so we can compare + StrCmp $3 "$0$\r$\n" unRemoveFromPath_dosLoopRemoveLine + StrCmp $3 "$0$\n" unRemoveFromPath_dosLoopRemoveLine + StrCmp $3 "$0" unRemoveFromPath_dosLoopRemoveLine + StrCmp $3 "" unRemoveFromPath_dosLoopEnd + FileWrite $2 $3 + Goto unRemoveFromPath_dosLoop + unRemoveFromPath_dosLoopRemoveLine: + SetRebootFlag true + Goto unRemoveFromPath_dosLoop + + unRemoveFromPath_dosLoopEnd: + FileClose $2 + FileClose $1 + StrCpy $1 $WINDIR 2 + Delete "$1\autoexec.bat" + CopyFiles /SILENT $4 "$1\autoexec.bat" + Delete $4 + Goto unRemoveFromPath_done + + unRemoveFromPath_NT: + ReadRegStr $1 ${WriteEnvStr_RegKey} "PATH" + StrCpy $5 $1 1 -1 # copy last char + StrCmp $5 ";" +2 # if last char != ; + StrCpy $1 "$1;" # append ; + Push $1 + Push "$0;" + Call un.StrStr ; Find `$0;` in $1 + Pop $2 ; pos of our dir + StrCmp $2 "" unRemoveFromPath_done + ; else, it is in path + # $0 - path to add + # $1 - path var + StrLen $3 "$0;" + StrLen $4 $2 + StrCpy $5 $1 -$4 # $5 is now the part before the path to remove + StrCpy $6 $2 "" $3 # $6 is now the part after the path to remove + StrCpy $3 $5$6 + + StrCpy $5 $3 1 -1 # copy last char + StrCmp $5 ";" 0 +2 # if last char == ; + StrCpy $3 $3 -1 # remove last char + + WriteRegExpandStr ${WriteEnvStr_RegKey} "PATH" $3 + SendMessage ${HWND_BROADCAST} ${WM_WININICHANGE} 0 "STR:Environment" /TIMEOUT=5000 + + unRemoveFromPath_done: + Pop $6 + Pop $5 + Pop $4 + Pop $3 + Pop $2 + Pop $1 + Pop $0 +FunctionEnd + +!ifndef IsNT_KiCHiK +!define IsNT_KiCHiK + +########################################### +# Utility Functions # +########################################### + +; IsNT +; no input +; output, top of the stack = 1 if NT or 0 if not +; +; Usage: +; Call IsNT +; Pop $R0 +; ($R0 at this point is 1 or 0) + +!macro IsNT un +Function ${un}IsNT + Push $0 + ReadRegStr $0 HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion" CurrentVersion + StrCmp $0 "" 0 IsNT_yes + ; we are not NT. + Pop $0 + Push 0 + Return + + IsNT_yes: + ; NT!!! + Pop $0 + Push 1 +FunctionEnd +!macroend +!insertmacro IsNT "" +!insertmacro IsNT "un." + +!endif ; IsNT_KiCHiK + +; StrStr +; input, top of stack = string to search for +; top of stack-1 = string to search in +; output, top of stack (replaces with the portion of the string remaining) +; modifies no other variables. +; +; Usage: +; Push "this is a long ass string" +; Push "ass" +; Call StrStr +; Pop $R0 +; ($R0 at this point is "ass string") + +!macro StrStr un +Function ${un}StrStr +Exch $R1 ; st=haystack,old$R1, $R1=needle + Exch ; st=old$R1,haystack + Exch $R2 ; st=old$R1,old$R2, $R2=haystack + Push $R3 + Push $R4 + Push $R5 + StrLen $R3 $R1 + StrCpy $R4 0 + ; $R1=needle + ; $R2=haystack + ; $R3=len(needle) + ; $R4=cnt + ; $R5=tmp + loop: + StrCpy $R5 $R2 $R3 $R4 + StrCmp $R5 $R1 done + StrCmp $R5 "" done + IntOp $R4 $R4 + 1 + Goto loop +done: + StrCpy $R1 $R2 "" $R4 + Pop $R5 + Pop $R4 + Pop $R3 + Pop $R2 + Exch $R1 +FunctionEnd +!macroend +!insertmacro StrStr "" +!insertmacro StrStr "un." + +!endif ; _AddToPath_nsh \ No newline at end of file diff --git a/include/DomainExec/mswin32/nsis/Ncrack.nsi b/include/DomainExec/mswin32/nsis/Ncrack.nsi new file mode 100644 index 00000000..7d997e41 --- /dev/null +++ b/include/DomainExec/mswin32/nsis/Ncrack.nsi @@ -0,0 +1,206 @@ +; Automatically generated from nsis/Ncrack.nsi.in. +;Ncrack Installer +;-------------------------------- +;Include Modern UI + + !include "MUI.nsh" + !include "AddToPath.nsh" + +;-------------------------------- +;General + + ;Name and file + Name "Ncrack" + OutFile "NcrackInstaller.exe" + + ;Required for removing shortcuts + RequestExecutionLevel admin + + ;Default installation folder + InstallDir "$PROGRAMFILES\Ncrack" + + ;Get installation folder from registry if available + InstallDirRegKey HKCU "Software\Ncrack" "" + + !define VERSION "0.7" + VIProductVersion "0.7.0.0" + VIAddVersionKey /LANG=1033 "FileVersion" "${VERSION}" + VIAddVersionKey /LANG=1033 "ProductName" "Ncrack" + VIAddVersionKey /LANG=1033 "CompanyName" "Insecure.org" + VIAddVersionKey /LANG=1033 "InternalName" "NcrackInstaller.exe" + VIAddVersionKey /LANG=1033 "LegalCopyright" "Copyright (c) Insecure.Com LLC (fyodor@insecure.org)" + VIAddVersionKey /LANG=1033 "LegalTrademark" "NCRACK" + VIAddVersionKey /LANG=1033 "FileDescription" "Ncrack installer" + +;-------------------------------- +;Interface Settings + + !define MUI_ABORTWARNING + +;-------------------------------- +;Pages + + !insertmacro MUI_PAGE_LICENSE "..\LICENSE" + !insertmacro MUI_PAGE_COMPONENTS + !insertmacro MUI_PAGE_DIRECTORY + !insertmacro MUI_PAGE_INSTFILES + !insertmacro MUI_UNPAGE_CONFIRM + !insertmacro MUI_UNPAGE_INSTFILES + Page custom finalPage doFinal + +;-------------------------------- +;Languages + + !insertmacro MUI_LANGUAGE "English" + +;-------------------------------- +;Reserves + +ReserveFile "final.ini" +!insertmacro MUI_RESERVEFILE_INSTALLOPTIONS + +;-------------------------------- +;Functions + +Function .onInit + !insertmacro MUI_INSTALLOPTIONS_EXTRACT "final.ini" +FunctionEnd + + +Function finalPage + ; diplay a page saying everything's finished + !insertmacro MUI_HEADER_TEXT "Finished" "Thank you for installing Ncrack" + !insertmacro MUI_INSTALLOPTIONS_DISPLAY "final.ini" +FunctionEnd + +Function doFinal + ; don't need to do anything +FunctionEnd + +;-------------------------------- +;Installer Sections + +Section "Ncrack Core Files" SecCore + + StrCpy $R0 $INSTDIR "" -2 + StrCmp $R0 ":\" bad_key_install + StrCpy $R0 $INSTDIR "" -14 + StrCmp $R0 "\Program Files" bad_key_install + StrCpy $R0 $INSTDIR "" -8 + StrCmp $R0 "\Windows" bad_key_install + StrCpy $R0 $INSTDIR "" -6 + StrCmp $R0 "\WinNT" bad_key_install + StrCpy $R0 $INSTDIR "" -9 + StrCmp $R0 "\system32" bad_key_install + StrCpy $R0 $INSTDIR "" -8 + StrCmp $R0 "\Desktop" bad_key_install + StrCpy $R0 $INSTDIR "" -22 + StrCmp $R0 "\Documents and Settings" bad_key_install + StrCpy $R0 $INSTDIR "" -13 + StrCmp $R0 "\My Documents" bad_key_install probably_safe_key_install + bad_key_install: + MessageBox MB_YESNO "It may not be safe to uninstall the previous installation of Ncrack from the directory '$INSTDIR'.$\r$\nContinue anyway (not recommended)?" IDYES probably_safe_key_install + Abort "Install aborted by user" + probably_safe_key_install: + + SetOutPath "$INSTDIR" + + SetOverwrite on + File ..\..\COPYING + File /r /x .svn ..\..\lists + File ..\..\ncrack-services + File ..\Release\ncrack.exe + File ..\Release\libssl-1_1.dll + File ..\Release\libcrypto-1_1.dll + + ;Store installation folder + WriteRegStr HKCU "Software\Ncrack" "" $INSTDIR + + ;Create uninstaller + WriteUninstaller "$INSTDIR\Uninstall.exe" + + ; Register Ncrack with add/remove programs + WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ncrack" "DisplayName" "Ncrack ${VERSION}" + WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ncrack" "UninstallString" '"$INSTDIR\uninstall.exe"' + WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ncrack" "NoModify" 1 + WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ncrack" "NoRepair" 1 +SectionEnd + +Section "Register Ncrack Path" SecRegisterPath + PUSH $INSTDIR + Call AddToPath +SectionEnd + +;-------------------------------- +;Descriptions + + ;Component strings + LangString DESC_SecCore ${LANG_ENGLISH} "Installs Ncrack executable" + LangString DESC_SecRegisterPath ${LANG_ENGLISH} "Registers Ncrack path to System path so you can execute it from any directory" + + ;Assign language strings to sections + !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN + !insertmacro MUI_DESCRIPTION_TEXT ${SecCore} $(DESC_SecCore) + !insertmacro MUI_DESCRIPTION_TEXT ${SecRegisterPath} $(DESC_SecRegisterPath) + !insertmacro MUI_FUNCTION_DESCRIPTION_END +;-------------------------------- +;Uninstaller Section + +Section "Uninstall" + + StrCpy $R0 $INSTDIR "" -2 + StrCmp $R0 ":\" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -14 + StrCmp $R0 "\Program Files" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -8 + StrCmp $R0 "\Windows" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -6 + StrCmp $R0 "\WinNT" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -9 + StrCmp $R0 "\system32" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -8 + StrCmp $R0 "\Desktop" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -22 + StrCmp $R0 "\Documents and Settings" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -13 + StrCmp $R0 "\My Documents" bad_key_uninstall probably_safe_key_uninstall + bad_key_uninstall: + MessageBox MB_YESNO "It may not be safe to uninstall Ncrack from the directory '$INSTDIR'.$\r$\nContinue anyway (not recommended)?" IDYES probably_safe_key_uninstall + Abort "Uninstall aborted by user" + probably_safe_key_uninstall: + + IfFileExists $INSTDIR\ncrack.exe ncrack_installed + MessageBox MB_YESNO "It does not appear that Ncrack is installed in the directory '$INSTDIR'.$\r$\nContinue anyway (not recommended)?" IDYES ncrack_installed + Abort "Uninstall aborted by user" + + SetDetailsPrint textonly + DetailPrint "Uninstalling Files..." + SetDetailsPrint listonly + + ncrack_installed: + Delete "$INSTDIR\COPYING" + Delete "$INSTDIR\ncrack.exe" + RMDir /r "$INSTDIR\lists" + Delete "$INSTDIR\ncrack-services" + Delete "$INSTDIR\README-WIN32" + Delete "$INSTDIR\libssl-1_1.dll" + Delete "$INSTDIR\libcrypto-1_1.dll" + Delete "$INSTDIR\Uninstall.exe" + + ;Removes folder if it's now empty + RMDir "$INSTDIR" + + SetDetailsPrint textonly + DetailPrint "Deleting Registry Keys..." + SetDetailsPrint listonly + DeleteRegKey /ifempty HKCU "Software\Ncrack" + DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ncrack" + SetDetailsPrint textonly + DetailPrint "Unregistering Ncrack Path..." + Push $INSTDIR + Call un.RemoveFromPath + + RMDIR "$SMPROGRAMS\Ncrack" + + SetDetailsPrint both +SectionEnd diff --git a/include/DomainExec/mswin32/nsis/Ncrack.nsi.in b/include/DomainExec/mswin32/nsis/Ncrack.nsi.in new file mode 100644 index 00000000..c1a0e460 --- /dev/null +++ b/include/DomainExec/mswin32/nsis/Ncrack.nsi.in @@ -0,0 +1,205 @@ +;Ncrack Installer +;-------------------------------- +;Include Modern UI + + !include "MUI.nsh" + !include "AddToPath.nsh" + +;-------------------------------- +;General + + ;Name and file + Name "Ncrack" + OutFile "NcrackInstaller.exe" + + ;Required for removing shortcuts + RequestExecutionLevel admin + + ;Default installation folder + InstallDir "$PROGRAMFILES\Ncrack" + + ;Get installation folder from registry if available + InstallDirRegKey HKCU "Software\Ncrack" "" + + !define VERSION @@VERSION@@ + VIProductVersion @@VIPRODUCTVERSION@@ + VIAddVersionKey /LANG=1033 "FileVersion" "${VERSION}" + VIAddVersionKey /LANG=1033 "ProductName" "Ncrack" + VIAddVersionKey /LANG=1033 "CompanyName" "Insecure.org" + VIAddVersionKey /LANG=1033 "InternalName" "NcrackInstaller.exe" + VIAddVersionKey /LANG=1033 "LegalCopyright" "Copyright (c) Insecure.Com LLC (fyodor@insecure.org)" + VIAddVersionKey /LANG=1033 "LegalTrademark" "NCRACK" + VIAddVersionKey /LANG=1033 "FileDescription" "Ncrack installer" + +;-------------------------------- +;Interface Settings + + !define MUI_ABORTWARNING + +;-------------------------------- +;Pages + + !insertmacro MUI_PAGE_LICENSE "..\LICENSE" + !insertmacro MUI_PAGE_COMPONENTS + !insertmacro MUI_PAGE_DIRECTORY + !insertmacro MUI_PAGE_INSTFILES + !insertmacro MUI_UNPAGE_CONFIRM + !insertmacro MUI_UNPAGE_INSTFILES + Page custom finalPage doFinal + +;-------------------------------- +;Languages + + !insertmacro MUI_LANGUAGE "English" + +;-------------------------------- +;Reserves + +ReserveFile "final.ini" +!insertmacro MUI_RESERVEFILE_INSTALLOPTIONS + +;-------------------------------- +;Functions + +Function .onInit + !insertmacro MUI_INSTALLOPTIONS_EXTRACT "final.ini" +FunctionEnd + + +Function finalPage + ; diplay a page saying everything's finished + !insertmacro MUI_HEADER_TEXT "Finished" "Thank you for installing Ncrack" + !insertmacro MUI_INSTALLOPTIONS_DISPLAY "final.ini" +FunctionEnd + +Function doFinal + ; don't need to do anything +FunctionEnd + +;-------------------------------- +;Installer Sections + +Section "Ncrack Core Files" SecCore + + StrCpy $R0 $INSTDIR "" -2 + StrCmp $R0 ":\" bad_key_install + StrCpy $R0 $INSTDIR "" -14 + StrCmp $R0 "\Program Files" bad_key_install + StrCpy $R0 $INSTDIR "" -8 + StrCmp $R0 "\Windows" bad_key_install + StrCpy $R0 $INSTDIR "" -6 + StrCmp $R0 "\WinNT" bad_key_install + StrCpy $R0 $INSTDIR "" -9 + StrCmp $R0 "\system32" bad_key_install + StrCpy $R0 $INSTDIR "" -8 + StrCmp $R0 "\Desktop" bad_key_install + StrCpy $R0 $INSTDIR "" -22 + StrCmp $R0 "\Documents and Settings" bad_key_install + StrCpy $R0 $INSTDIR "" -13 + StrCmp $R0 "\My Documents" bad_key_install probably_safe_key_install + bad_key_install: + MessageBox MB_YESNO "It may not be safe to uninstall the previous installation of Ncrack from the directory '$INSTDIR'.$\r$\nContinue anyway (not recommended)?" IDYES probably_safe_key_install + Abort "Install aborted by user" + probably_safe_key_install: + + SetOutPath "$INSTDIR" + + SetOverwrite on + File ..\..\COPYING + File /r /x .svn ..\..\lists + File ..\..\ncrack-services + File ..\Release\ncrack.exe + File libeay32.dll + File ssleay32.dll + + ;Store installation folder + WriteRegStr HKCU "Software\Ncrack" "" $INSTDIR + + ;Create uninstaller + WriteUninstaller "$INSTDIR\Uninstall.exe" + + ; Register Ncrack with add/remove programs + WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ncrack" "DisplayName" "Ncrack ${VERSION}" + WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ncrack" "UninstallString" '"$INSTDIR\uninstall.exe"' + WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ncrack" "NoModify" 1 + WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ncrack" "NoRepair" 1 +SectionEnd + +Section "Register Ncrack Path" SecRegisterPath + PUSH $INSTDIR + Call AddToPath +SectionEnd + +;-------------------------------- +;Descriptions + + ;Component strings + LangString DESC_SecCore ${LANG_ENGLISH} "Installs Ncrack executable" + LangString DESC_SecRegisterPath ${LANG_ENGLISH} "Registers Ncrack path to System path so you can execute it from any directory" + + ;Assign language strings to sections + !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN + !insertmacro MUI_DESCRIPTION_TEXT ${SecCore} $(DESC_SecCore) + !insertmacro MUI_DESCRIPTION_TEXT ${SecRegisterPath} $(DESC_SecRegisterPath) + !insertmacro MUI_FUNCTION_DESCRIPTION_END +;-------------------------------- +;Uninstaller Section + +Section "Uninstall" + + StrCpy $R0 $INSTDIR "" -2 + StrCmp $R0 ":\" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -14 + StrCmp $R0 "\Program Files" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -8 + StrCmp $R0 "\Windows" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -6 + StrCmp $R0 "\WinNT" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -9 + StrCmp $R0 "\system32" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -8 + StrCmp $R0 "\Desktop" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -22 + StrCmp $R0 "\Documents and Settings" bad_key_uninstall + StrCpy $R0 $INSTDIR "" -13 + StrCmp $R0 "\My Documents" bad_key_uninstall probably_safe_key_uninstall + bad_key_uninstall: + MessageBox MB_YESNO "It may not be safe to uninstall Ncrack from the directory '$INSTDIR'.$\r$\nContinue anyway (not recommended)?" IDYES probably_safe_key_uninstall + Abort "Uninstall aborted by user" + probably_safe_key_uninstall: + + IfFileExists $INSTDIR\ncrack.exe ncrack_installed + MessageBox MB_YESNO "It does not appear that Ncrack is installed in the directory '$INSTDIR'.$\r$\nContinue anyway (not recommended)?" IDYES ncrack_installed + Abort "Uninstall aborted by user" + + SetDetailsPrint textonly + DetailPrint "Uninstalling Files..." + SetDetailsPrint listonly + + ncrack_installed: + Delete "$INSTDIR\COPYING" + Delete "$INSTDIR\ncrack.exe" + RMDir /r "$INSTDIR\lists" + Delete "$INSTDIR\ncrack-services" + Delete "$INSTDIR\README-WIN32" + Delete "$INSTDIR\libeay32.dll" + Delete "$INSTDIR\ssleay32.dll" + Delete "$INSTDIR\Uninstall.exe" + + ;Removes folder if it's now empty + RMDir "$INSTDIR" + + SetDetailsPrint textonly + DetailPrint "Deleting Registry Keys..." + SetDetailsPrint listonly + DeleteRegKey /ifempty HKCU "Software\Ncrack" + DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ncrack" + SetDetailsPrint textonly + DetailPrint "Unregistering Ncrack Path..." + Push $INSTDIR + Call un.RemoveFromPath + + RMDIR "$SMPROGRAMS\Ncrack" + + SetDetailsPrint both +SectionEnd diff --git a/include/DomainExec/mswin32/nsis/final.ini b/include/DomainExec/mswin32/nsis/final.ini new file mode 100644 index 00000000..f3024335 --- /dev/null +++ b/include/DomainExec/mswin32/nsis/final.ini @@ -0,0 +1,23 @@ +[Settings] +NumFields=2 +BackEnabled=0 +NextButtonText=Finish + +[Field 1] +Type=Label +Left=10 +Right=-1 +Top=10 +Bottom=18 +Text=Ncrack has been installed on your computer. +State=0 + +[Field 2] +Type=Label +Left=10 +Right=-1 +Top=30 +Bottom=38 +Text=Click Finish to close this wizard. +State=0 + diff --git a/include/DomainExec/mswin32/winclude.h b/include/DomainExec/mswin32/winclude.h new file mode 100644 index 00000000..14c18050 --- /dev/null +++ b/include/DomainExec/mswin32/winclude.h @@ -0,0 +1,148 @@ +/*************************************************************************** + * winclude.h -- some windows include files and * + * windows-compatabilty-related functions that are specific to Ncrack. * + * Most of this has been moved into nbase so it can be shared. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: */ + +#ifndef WINCLUDE_H +#define WINCLUDE_H + +#include "ncrack_winconfig.h" + +#include +#include + +#include "nbase.h" + +//#include + +/* non-functioning stub function */ +int fork(); + +#endif /* WINCLUDE_H */ diff --git a/include/DomainExec/mswin32/winfix.cc b/include/DomainExec/mswin32/winfix.cc new file mode 100644 index 00000000..61684f75 --- /dev/null +++ b/include/DomainExec/mswin32/winfix.cc @@ -0,0 +1,160 @@ + +/*************************************************************************** + * winfix.cc -- A few trivial windows-compatabilty-related functions that * + * are specific to Ncrack. Most of this has been moved into nbase so it can * + * be shared. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: */ + +#include +//#include + +#include "utils.h" +#include "winfix.h" + + +/* The code that has no preconditions to being called, so it can be + executed before even Nmap options parsing (so o.debugging and the + like don't need to be used. Its main function is to do + WSAStartup() as some of the option parsing code does DNS + resolution */ +void win_init() { + WORD werd; + WSADATA data; + + werd = MAKEWORD( 2, 2 ); + if( (WSAStartup(werd, &data)) !=0 ) + fatal("failed to start winsock.\n"); +} + + +int fork() +{ + fatal("no fork for you!\n"); + return 0; +} diff --git a/include/DomainExec/mswin32/winfix.h b/include/DomainExec/mswin32/winfix.h new file mode 100644 index 00000000..2732eecf --- /dev/null +++ b/include/DomainExec/mswin32/winfix.h @@ -0,0 +1,39 @@ +#ifndef WINFIX_H +#define WINFIX_H + +#include +#include + +#ifndef EXTERNC +# ifdef __cplusplus +# define EXTERNC extern "C" +# else +# define EXTERNC extern +# endif +#endif + +// windows-specific options +typedef unsigned char u_int8_t; +typedef __int16 int16_t; +typedef unsigned __int16 u_int16_t; +typedef __int32 int32_t; +typedef unsigned __int32 u_int32_t; +typedef unsigned __int64 u_int64_t; +typedef unsigned __int8 uint8_t; +typedef unsigned __int16 uint16_t; +typedef unsigned __int32 uint32_t; +typedef unsigned __int64 uint64_t; +typedef signed __int8 int8_t; +typedef signed __int16 int16_t; +typedef signed __int32 int32_t; +typedef signed __int64 int64_t; +/* (exported) functions */ + +/* Its main function is to do WSAStartup() . */ +EXTERNC void win_init(); + +#endif + + + + diff --git a/include/DomainExec/nbase/CHANGELOG b/include/DomainExec/nbase/CHANGELOG new file mode 100644 index 00000000..3eb7b3c1 --- /dev/null +++ b/include/DomainExec/nbase/CHANGELOG @@ -0,0 +1,5 @@ + +-- Added snprintf.c, inet_aton.c, inet_pton.c, and inet_ntop.c from + tcpdump-2000.09.17 ( www.tcpdump.org) + +-- Nbase library initially created (9/17/00) \ No newline at end of file diff --git a/include/DomainExec/nbase/Makefile.in b/include/DomainExec/nbase/Makefile.in new file mode 100644 index 00000000..db1380f3 --- /dev/null +++ b/include/DomainExec/nbase/Makefile.in @@ -0,0 +1,65 @@ +prefix = @prefix@ +datarootdir = @datarootdir@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +sbindir = @sbindir@ +mandir = @mandir@ +srcdir = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +CCOPT = +DEFS = @DEFS@ +# With GCC, add extra security checks to source code. +DEFS += -D_FORTIFY_SOURCE=2 +CPPFLAGS = @CPPFLAGS@ +CFLAGS = @CFLAGS@ $(CCOPT) $(GLIB_CFLAGS) $(DEFS) $(INCLS) +STATIC = +LDFLAGS = @LDFLAGS@ $(STATIC) +LIBS = @LIBS@ +SHTOOL = ./shtool +INSTALL = $(SHTOOL) install +MAKEDEPEND = @MAKEDEPEND@ + +TARGET = libnbase.a + +DEPS = getopt.h nbase.h nbase_winconfig.h nbase_config.h nbase_ipv6.h nbase_winunix.h nbase_crc32ct.h +OBJS = @LIBOBJS@ + +all: $(TARGET) + +$(TARGET): $(DEPS) $(OBJS) + rm -f $@ + $(AR) cr $@ $(OBJS) + $(RANLIB) $@ + +clean: + rm -f $(OBJS) $(TARGET) + +distclean: clean + rm -f Makefile config.cache config.log config.status nbase_config.h + +depend: + $(MAKEDEPEND) $(INCLS) -s "# DO NOT DELETE" -- $(DEFS) -- $(SRCS) + +configure: configure.ac + autoconf + +Makefile: Makefile.in config.status + ./config.status + +config.status: configure + ./config.status --recheck + +.cc.o: + $(CC) -c $(CFLAGS) $*.cc + +# DO NOT DELETE -- Needed by makedepend + + + + + + + diff --git a/include/DomainExec/nbase/acinclude.m4 b/include/DomainExec/nbase/acinclude.m4 new file mode 100644 index 00000000..8bc7f689 --- /dev/null +++ b/include/DomainExec/nbase/acinclude.m4 @@ -0,0 +1,216 @@ +dnl ----------------------------------------------------------------- +dnl Nbase local macros +dnl $Id$ +dnl ----------------------------------------------------------------- + +dnl +dnl check for working getaddrinfo(). This check is from +dnl Apache 2.0.40 +dnl +dnl Note that if the system doesn't have gai_strerror(), we +dnl can't use getaddrinfo() because we can't get strings +dnl describing the error codes. +dnl +AC_DEFUN(APR_CHECK_WORKING_GETADDRINFO,[ + AC_CACHE_CHECK(for working getaddrinfo, ac_cv_working_getaddrinfo,[ + AC_TRY_RUN( [ +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_STRING_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +int main(void) { + struct addrinfo hints, *ai; + int error; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + error = getaddrinfo("127.0.0.1", NULL, &hints, &ai); + if (error) { + return 1; + } + if (ai->ai_addr->sa_family != AF_INET) { + return 1; + } + return 0; +} +],[ + ac_cv_working_getaddrinfo="yes" +],[ + ac_cv_working_getaddrinfo="no" +],[ + ac_cv_working_getaddrinfo="yes" +])]) +if test "$ac_cv_working_getaddrinfo" = "yes"; then + if test "$ac_cv_func_gai_strerror" != "yes"; then + ac_cv_working_getaddrinfo="no" + else + AC_DEFINE(HAVE_GETADDRINFO, 1, [Define if getaddrinfo exists and works well enough for APR]) + fi +fi +]) + +dnl +dnl check for working getnameinfo() -- from Apache 2.0.40 +dnl +AC_DEFUN(APR_CHECK_WORKING_GETNAMEINFO,[ + AC_CACHE_CHECK(for working getnameinfo, ac_cv_working_getnameinfo,[ + AC_TRY_RUN( [ +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_STRING_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + +int main(void) { + struct sockaddr_in sa; + char hbuf[256]; + int error; + + sa.sin_family = AF_INET; + sa.sin_port = 0; + sa.sin_addr.s_addr = inet_addr("127.0.0.1"); +#ifdef SIN6_LEN + sa.sin_len = sizeof(sa); +#endif + + error = getnameinfo((const struct sockaddr *)&sa, sizeof(sa), + hbuf, 256, NULL, 0, + NI_NUMERICHOST); + if (error) { + return 1; + } else { + return 0; + } +} +],[ + ac_cv_working_getnameinfo="yes" +],[ + ac_cv_working_getnameinfo="no" +],[ + ac_cv_working_getnameinfo="yes" +])]) +if test "$ac_cv_working_getnameinfo" = "yes"; then + AC_DEFINE(HAVE_GETNAMEINFO, 1, [Define if getnameinfo exists]) +fi +]) + +AC_DEFUN(APR_CHECK_SOCKADDR_IN6,[ +AC_CACHE_CHECK(for sockaddr_in6, ac_cv_define_sockaddr_in6,[ +AC_TRY_COMPILE([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +],[ +struct sockaddr_in6 sa; +],[ + ac_cv_define_sockaddr_in6=yes +],[ + ac_cv_define_sockaddr_in6=no +]) +]) + +if test "$ac_cv_define_sockaddr_in6" = "yes"; then + have_sockaddr_in6=1 + AC_DEFINE(HAVE_SOCKADDR_IN6, 1, [Define if struct sockaddr_in6 exists]) +else + have_sockaddr_in6=0 +fi +]) + +AC_DEFUN(CHECK_AF_INET6_DEFINE,[ +AC_CACHE_CHECK(for AF_INET6 definition, ac_cv_define_af_inet6,[ +AC_TRY_COMPILE([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +],[ +int af = AF_INET6; +],[ + ac_cv_define_af_inet6=yes +],[ + ac_cv_define_af_inet6=no +]) +]) + +if test "$ac_cv_define_af_inet6" = "yes"; then + have_af_inet6=1 + AC_DEFINE(HAVE_AF_INET6, 1, [Define if AF_INET6 is defined]) +else + have_af_inet6=0 +fi +]) + +AC_DEFUN(APR_CHECK_SOCKADDR_STORAGE,[ +AC_CACHE_CHECK(for sockaddr_storage, ac_cv_define_sockaddr_storage,[ +AC_TRY_COMPILE([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +],[ +struct sockaddr_storage sa; +],[ + ac_cv_define_sockaddr_storage=yes +],[ + ac_cv_define_sockaddr_storage=no +]) +]) + +if test "$ac_cv_define_sockaddr_storage" = "yes"; then + have_sockaddr_storage=1 + AC_DEFINE(HAVE_SOCKADDR_STORAGE, 1, [Define if struct sockaddr_storage exists]) +else + have_sockaddr_storage=0 +fi +]) + +dnl This test taken from GCC libjava. +AC_DEFUN(CHECK_PROC_SELF_EXE,[ + if test x"$cross_compiling" = x"no"; then + AC_CHECK_FILES(/proc/self/exe, [ + AC_DEFINE(HAVE_PROC_SELF_EXE, 1, [Define if you have /proc/self/exe])]) + else + case $host in + *-linux*) + AC_DEFINE(HAVE_PROC_SELF_EXE, 1, [Define if you have /proc/self/exe]) + ;; + esac + fi +]) diff --git a/include/DomainExec/nbase/configure b/include/DomainExec/nbase/configure new file mode 100644 index 00000000..f092e213 --- /dev/null +++ b/include/DomainExec/nbase/configure @@ -0,0 +1,6574 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.69. +# +# +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, +$0: including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME= +PACKAGE_TARNAME= +PACKAGE_VERSION= +PACKAGE_STRING= +PACKAGE_BUGREPORT= +PACKAGE_URL= + +ac_unique_file="nbase.h" +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +ac_subst_vars='LTLIBOBJS +LIBOBJS +EGREP +GREP +CPP +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +RANLIB +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +runstatedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +with_localdirs +enable_ipv6 +with_openssl +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir runstatedir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures this package to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --disable-ipv6 Disable IPv6 support + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-localdirs Explicitly ask compiler to use /usr/local/{include,libs} if they exist + --with-openssl=DIR Use optional openssl libs and includes from DIR/lib/ +and DIR/include/openssl/) + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to the package provider. +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +configure +generated by GNU Autoconf 2.69 + +Copyright (C) 2012 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_mongrel + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + +# ac_fn_c_find_intX_t LINENO BITS VAR +# ----------------------------------- +# Finds a signed integer type with width BITS, setting cache variable VAR +# accordingly. +ac_fn_c_find_intX_t () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for int$2_t" >&5 +$as_echo_n "checking for int$2_t... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + # Order is important - never check a type that is potentially smaller + # than half of the expected target width. + for ac_type in int$2_t 'int' 'long int' \ + 'long long int' 'short int' 'signed char'; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default + enum { N = $2 / 2 - 1 }; +int +main () +{ +static int test_array [1 - 2 * !(0 < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1))]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default + enum { N = $2 / 2 - 1 }; +int +main () +{ +static int test_array [1 - 2 * !(($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1) + < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 2))]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + case $ac_type in #( + int$2_t) : + eval "$3=yes" ;; #( + *) : + eval "$3=\$ac_type" ;; +esac +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if eval test \"x\$"$3"\" = x"no"; then : + +else + break +fi + done +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_find_intX_t + +# ac_fn_c_find_uintX_t LINENO BITS VAR +# ------------------------------------ +# Finds an unsigned integer type with width BITS, setting cache variable VAR +# accordingly. +ac_fn_c_find_uintX_t () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint$2_t" >&5 +$as_echo_n "checking for uint$2_t... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + # Order is important - never check a type that is potentially smaller + # than half of the expected target width. + for ac_type in uint$2_t 'unsigned int' 'unsigned long int' \ + 'unsigned long long int' 'unsigned short int' 'unsigned char'; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !((($ac_type) -1 >> ($2 / 2 - 1)) >> ($2 / 2 - 1) == 3)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + case $ac_type in #( + uint$2_t) : + eval "$3=yes" ;; #( + *) : + eval "$3=\$ac_type" ;; +esac +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if eval test \"x\$"$3"\" = x"no"; then : + +else + break +fi + done +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_find_uintX_t + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_func +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by $as_me, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + +# Check whether --with-localdirs was given. +if test "${with_localdirs+set}" = set; then : + withval=$with_localdirs; case "$with_localdirs" in + yes) + user_localdirs=1 + ;; + no) + user_localdirs=0 + ;; + esac + +else + user_localdirs=0 +fi + + +if test "$user_localdirs" = 1; then + if test -d /usr/local/lib; then + LDFLAGS="$LDFLAGS -L/usr/local/lib" + fi + if test -d /usr/local/include; then + CPPFLAGS="$CPPFLAGS -I/usr/local/include" + fi +fi + +ac_config_headers="$ac_config_headers nbase_config.h" + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if ${ac_cv_objext+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + if test -n "$GCC"; then + CFLAGS="$CFLAGS -Wall " + fi +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + + +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if ${ac_cv_build+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if ${ac_cv_host+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 +$as_echo_n "checking for inline... " >&6; } +if ${ac_cv_c_inline+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_inline=no +for ac_kw in inline __inline__ __inline; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __cplusplus +typedef int foo_t; +static $ac_kw foo_t static_foo () {return 0; } +$ac_kw foo_t foo () {return 0; } +#endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_inline=$ac_kw +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test "$ac_cv_c_inline" != no && break +done + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 +$as_echo "$ac_cv_c_inline" >&6; } + +case $ac_cv_c_inline in + inline | yes) ;; + *) + case $ac_cv_c_inline in + no) ac_val=;; + *) ac_val=$ac_cv_c_inline;; + esac + cat >>confdefs.h <<_ACEOF +#ifndef __cplusplus +#define inline $ac_val +#endif +_ACEOF + ;; +esac + + +case "$host" in + *-sgi-irix5* | *-sgi-irix6*) + if test -z "$GCC"; then + $as_echo "#define inline /**/" >>confdefs.h + + fi + ;; +esac + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in string.h getopt.h strings.h sys/param.h sys/time.h unistd.h errno.h sys/select.h sys/types.h sys/socket.h netinet/in.h arpa/inet.h sys/stat.h netdb.h sys/wait.h fcntl.h sys/resource.h inttypes.h mach-o/dyld.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 +$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } +if ${ac_cv_header_time+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include + +int +main () +{ +if ((struct tm *) 0) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_time=yes +else + ac_cv_header_time=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 +$as_echo "$ac_cv_header_time" >&6; } +if test $ac_cv_header_time = yes; then + +$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h + +fi + +for ac_header in sys/socket.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "sys/socket.h" "ac_cv_header_sys_socket_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_socket_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_SOCKET_H 1 +_ACEOF + +fi + +done + +for ac_header in net/if.h +do : + ac_fn_c_check_header_compile "$LINENO" "net/if.h" "ac_cv_header_net_if_h" "#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_SYS_SOCKET_H +# include +#endif + +" +if test "x$ac_cv_header_net_if_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NET_IF_H 1 +_ACEOF + +fi + +done + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __attribute__" >&5 +$as_echo_n "checking for __attribute__... " >&6; } +if ${ac_cv___attribute__+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + + static void foo(void) __attribute__ ((noreturn)); + + static void + foo(void) + { + exit(1); + } + +int +main () +{ + + foo(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv___attribute__=yes +else + ac_cv___attribute__=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi + +if test "$ac_cv___attribute__" = "yes"; then + +$as_echo "#define HAVE___ATTRIBUTE__ 1" >>confdefs.h + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv___attribute__" >&5 +$as_echo "$ac_cv___attribute__" >&6; } + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if sockaddr{} has sa_len member" >&5 +$as_echo_n "checking if sockaddr{} has sa_len member... " >&6; } +if ${ac_cv_sockaddr_has_sa_len+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include +int +main () +{ +unsigned int i = sizeof(((struct sockaddr *)0)->sa_len) + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sockaddr_has_sa_len=yes +else + ac_cv_sockaddr_has_sa_len=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sockaddr_has_sa_len" >&5 +$as_echo "$ac_cv_sockaddr_has_sa_len" >&6; } +if test $ac_cv_sockaddr_has_sa_len = yes ; then + +$as_echo "#define HAVE_SOCKADDR_SA_LEN 1" >>confdefs.h + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 +$as_echo_n "checking whether byte ordering is bigendian... " >&6; } +if ${ac_cv_c_bigendian+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_bigendian=unknown + # See if we're dealing with a universal compiler. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __APPLE_CC__ + not a universal capable compiler + #endif + typedef int dummy; + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + # Check for potential -arch flags. It is not universal unless + # there are at least two -arch flags with different values. + ac_arch= + ac_prev= + for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do + if test -n "$ac_prev"; then + case $ac_word in + i?86 | x86_64 | ppc | ppc64) + if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then + ac_arch=$ac_word + else + ac_cv_c_bigendian=universal + break + fi + ;; + esac + ac_prev= + elif test "x$ac_word" = "x-arch"; then + ac_prev=arch + fi + done +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $ac_cv_c_bigendian = unknown; then + # See if sys/param.h defines the BYTE_ORDER macro. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ + && LITTLE_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to _BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#ifndef _BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # Compile a test program. + if test "$cross_compiling" = yes; then : + # Try to guess by grepping values from an object file. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +short int ascii_mm[] = + { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; + short int ascii_ii[] = + { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; + int use_ascii (int i) { + return ascii_mm[i] + ascii_ii[i]; + } + short int ebcdic_ii[] = + { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; + short int ebcdic_mm[] = + { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; + int use_ebcdic (int i) { + return ebcdic_mm[i] + ebcdic_ii[i]; + } + extern int foo; + +int +main () +{ +return use_ascii (foo) == use_ebcdic (foo); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + ac_cv_c_bigendian=yes + fi + if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi + fi +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long int l; + char c[sizeof (long int)]; + } u; + u.l = 1; + return u.c[sizeof (long int) - 1] == 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_c_bigendian=no +else + ac_cv_c_bigendian=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 +$as_echo "$ac_cv_c_bigendian" >&6; } + case $ac_cv_c_bigendian in #( + yes) + $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h +;; #( + no) + ;; #( + universal) + +$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h + + ;; #( + *) + as_fn_error $? "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + esac + + +ac_fn_c_find_intX_t "$LINENO" "8" "ac_cv_c_int8_t" +case $ac_cv_c_int8_t in #( + no|yes) ;; #( + *) + +cat >>confdefs.h <<_ACEOF +#define int8_t $ac_cv_c_int8_t +_ACEOF +;; +esac + +ac_fn_c_find_intX_t "$LINENO" "16" "ac_cv_c_int16_t" +case $ac_cv_c_int16_t in #( + no|yes) ;; #( + *) + +cat >>confdefs.h <<_ACEOF +#define int16_t $ac_cv_c_int16_t +_ACEOF +;; +esac + +ac_fn_c_find_intX_t "$LINENO" "32" "ac_cv_c_int32_t" +case $ac_cv_c_int32_t in #( + no|yes) ;; #( + *) + +cat >>confdefs.h <<_ACEOF +#define int32_t $ac_cv_c_int32_t +_ACEOF +;; +esac + +ac_fn_c_find_intX_t "$LINENO" "64" "ac_cv_c_int64_t" +case $ac_cv_c_int64_t in #( + no|yes) ;; #( + *) + +cat >>confdefs.h <<_ACEOF +#define int64_t $ac_cv_c_int64_t +_ACEOF +;; +esac + +ac_fn_c_find_uintX_t "$LINENO" "8" "ac_cv_c_uint8_t" +case $ac_cv_c_uint8_t in #( + no|yes) ;; #( + *) + +$as_echo "#define _UINT8_T 1" >>confdefs.h + + +cat >>confdefs.h <<_ACEOF +#define uint8_t $ac_cv_c_uint8_t +_ACEOF +;; + esac + +ac_fn_c_find_uintX_t "$LINENO" "16" "ac_cv_c_uint16_t" +case $ac_cv_c_uint16_t in #( + no|yes) ;; #( + *) + + +cat >>confdefs.h <<_ACEOF +#define uint16_t $ac_cv_c_uint16_t +_ACEOF +;; + esac + +ac_fn_c_find_uintX_t "$LINENO" "32" "ac_cv_c_uint32_t" +case $ac_cv_c_uint32_t in #( + no|yes) ;; #( + *) + +$as_echo "#define _UINT32_T 1" >>confdefs.h + + +cat >>confdefs.h <<_ACEOF +#define uint32_t $ac_cv_c_uint32_t +_ACEOF +;; + esac + +ac_fn_c_find_uintX_t "$LINENO" "64" "ac_cv_c_uint64_t" +case $ac_cv_c_uint64_t in #( + no|yes) ;; #( + *) + +$as_echo "#define _UINT64_T 1" >>confdefs.h + + +cat >>confdefs.h <<_ACEOF +#define uint64_t $ac_cv_c_uint64_t +_ACEOF +;; + esac + + +for ac_func in snprintf vsnprintf nanosleep strerror strcasestr strcasecmp strncasecmp signal +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +needsnprintf=no +for ac_func in vsnprintf snprintf asprintf asnprintf vasprintf vasnprintf +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +else + needsnprintf=yes +fi +done + +if test $needsnprintf = yes; then + case " $LIBOBJS " in + *" snprintf.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS snprintf.$ac_objext" + ;; +esac + +fi + +for ac_func in getopt getopt_long_only +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +for ac_func in usleep gettimeofday sleep localtime_s localtime_r +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +case " $LIBOBJS " in + *" nbase_time.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS nbase_time.$ac_objext" + ;; +esac + + +ac_fn_c_check_func "$LINENO" "getopt_long_only" "ac_cv_func_getopt_long_only" +if test "x$ac_cv_func_getopt_long_only" = xyes; then : + +else + case " $LIBOBJS " in + *" getopt.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS getopt.$ac_objext" + ;; +esac + +fi + + +for ac_func in strcasecmp strncasecmp +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +else + case " $LIBOBJS " in + *" strcasecmp.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS strcasecmp.$ac_objext" + ;; +esac + +fi +done + + +case " $LIBOBJS " in + *" nbase_str.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS nbase_str.$ac_objext" + ;; +esac + +case " $LIBOBJS " in + *" nbase_misc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS nbase_misc.$ac_objext" + ;; +esac + +case " $LIBOBJS " in + *" nbase_memalloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS nbase_memalloc.$ac_objext" + ;; +esac + +case " $LIBOBJS " in + *" nbase_rnd.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS nbase_rnd.$ac_objext" + ;; +esac + +case " $LIBOBJS " in + *" nbase_addrset.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS nbase_addrset.$ac_objext" + ;; +esac + + +# Check for IPv6 support -- modified from Apache 2.0.40: + +# Check whether --enable-ipv6 was given. +if test "${enable_ipv6+set}" = set; then : + enableval=$enable_ipv6; if test "$enableval" = "no"; then + user_disabled_ipv6=1 + fi +else + user_disabled_ipv6=0 +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getaddrinfo" >&5 +$as_echo_n "checking for library containing getaddrinfo... " >&6; } +if ${ac_cv_search_getaddrinfo+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char getaddrinfo (); +int +main () +{ +return getaddrinfo (); + ; + return 0; +} +_ACEOF +for ac_lib in '' inet6 socket; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_getaddrinfo=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_getaddrinfo+:} false; then : + break +fi +done +if ${ac_cv_search_getaddrinfo+:} false; then : + +else + ac_cv_search_getaddrinfo=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getaddrinfo" >&5 +$as_echo "$ac_cv_search_getaddrinfo" >&6; } +ac_res=$ac_cv_search_getaddrinfo +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gai_strerror" >&5 +$as_echo_n "checking for library containing gai_strerror... " >&6; } +if ${ac_cv_search_gai_strerror+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gai_strerror (); +int +main () +{ +return gai_strerror (); + ; + return 0; +} +_ACEOF +for ac_lib in '' inet6 socket; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_gai_strerror=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_gai_strerror+:} false; then : + break +fi +done +if ${ac_cv_search_gai_strerror+:} false; then : + +else + ac_cv_search_gai_strerror=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gai_strerror" >&5 +$as_echo "$ac_cv_search_gai_strerror" >&6; } +ac_res=$ac_cv_search_gai_strerror +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getnameinfo" >&5 +$as_echo_n "checking for library containing getnameinfo... " >&6; } +if ${ac_cv_search_getnameinfo+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char getnameinfo (); +int +main () +{ +return getnameinfo (); + ; + return 0; +} +_ACEOF +for ac_lib in '' inet6 socket; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_getnameinfo=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_getnameinfo+:} false; then : + break +fi +done +if ${ac_cv_search_getnameinfo+:} false; then : + +else + ac_cv_search_getnameinfo=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getnameinfo" >&5 +$as_echo "$ac_cv_search_getnameinfo" >&6; } +ac_res=$ac_cv_search_getnameinfo +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntop" >&5 +$as_echo_n "checking for library containing inet_ntop... " >&6; } +if ${ac_cv_search_inet_ntop+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char inet_ntop (); +int +main () +{ +return inet_ntop (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl resolv network; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_inet_ntop=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_inet_ntop+:} false; then : + break +fi +done +if ${ac_cv_search_inet_ntop+:} false; then : + +else + ac_cv_search_inet_ntop=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntop" >&5 +$as_echo "$ac_cv_search_inet_ntop" >&6; } +ac_res=$ac_cv_search_inet_ntop +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + case " $LIBOBJS " in + *" inet_ntop.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS inet_ntop.$ac_objext" + ;; +esac + + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_pton" >&5 +$as_echo_n "checking for library containing inet_pton... " >&6; } +if ${ac_cv_search_inet_pton+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char inet_pton (); +int +main () +{ +return inet_pton (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl resolv network; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_inet_pton=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_inet_pton+:} false; then : + break +fi +done +if ${ac_cv_search_inet_pton+:} false; then : + +else + ac_cv_search_inet_pton=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_pton" >&5 +$as_echo "$ac_cv_search_inet_pton" >&6; } +ac_res=$ac_cv_search_inet_pton +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + case " $LIBOBJS " in + *" inet_pton.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS inet_pton.$ac_objext" + ;; +esac + + +fi + +for ac_func in gai_strerror inet_pton inet_ntop +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getaddrinfo" >&5 +$as_echo_n "checking for working getaddrinfo... " >&6; } +if ${ac_cv_working_getaddrinfo+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + ac_cv_working_getaddrinfo="yes" + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_STRING_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +int main(void) { + struct addrinfo hints, *ai; + int error; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + error = getaddrinfo("127.0.0.1", NULL, &hints, &ai); + if (error) { + return 1; + } + if (ai->ai_addr->sa_family != AF_INET) { + return 1; + } + return 0; +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + ac_cv_working_getaddrinfo="yes" + +else + + ac_cv_working_getaddrinfo="no" + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_working_getaddrinfo" >&5 +$as_echo "$ac_cv_working_getaddrinfo" >&6; } +if test "$ac_cv_working_getaddrinfo" = "yes"; then + if test "$ac_cv_func_gai_strerror" != "yes"; then + ac_cv_working_getaddrinfo="no" + else + +$as_echo "#define HAVE_GETADDRINFO 1" >>confdefs.h + + fi +fi + +# The inet_addr function is used by APR_CHECK_WORKING_GETNAMEINFO. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_addr" >&5 +$as_echo_n "checking for library containing inet_addr... " >&6; } +if ${ac_cv_search_inet_addr+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char inet_addr (); +int +main () +{ +return inet_addr (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_inet_addr=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_inet_addr+:} false; then : + break +fi +done +if ${ac_cv_search_inet_addr+:} false; then : + +else + ac_cv_search_inet_addr=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_addr" >&5 +$as_echo "$ac_cv_search_inet_addr" >&6; } +ac_res=$ac_cv_search_inet_addr +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getnameinfo" >&5 +$as_echo_n "checking for working getnameinfo... " >&6; } +if ${ac_cv_working_getnameinfo+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + ac_cv_working_getnameinfo="yes" + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_STRING_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + +int main(void) { + struct sockaddr_in sa; + char hbuf[256]; + int error; + + sa.sin_family = AF_INET; + sa.sin_port = 0; + sa.sin_addr.s_addr = inet_addr("127.0.0.1"); +#ifdef SIN6_LEN + sa.sin_len = sizeof(sa); +#endif + + error = getnameinfo((const struct sockaddr *)&sa, sizeof(sa), + hbuf, 256, NULL, 0, + NI_NUMERICHOST); + if (error) { + return 1; + } else { + return 0; + } +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + ac_cv_working_getnameinfo="yes" + +else + + ac_cv_working_getnameinfo="no" + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_working_getnameinfo" >&5 +$as_echo "$ac_cv_working_getnameinfo" >&6; } +if test "$ac_cv_working_getnameinfo" = "yes"; then + +$as_echo "#define HAVE_GETNAMEINFO 1" >>confdefs.h + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sockaddr_in6" >&5 +$as_echo_n "checking for sockaddr_in6... " >&6; } +if ${ac_cv_define_sockaddr_in6+:} false; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif + +int +main () +{ + +struct sockaddr_in6 sa; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + ac_cv_define_sockaddr_in6=yes + +else + + ac_cv_define_sockaddr_in6=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_define_sockaddr_in6" >&5 +$as_echo "$ac_cv_define_sockaddr_in6" >&6; } + +if test "$ac_cv_define_sockaddr_in6" = "yes"; then + have_sockaddr_in6=1 + +$as_echo "#define HAVE_SOCKADDR_IN6 1" >>confdefs.h + +else + have_sockaddr_in6=0 +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sockaddr_storage" >&5 +$as_echo_n "checking for sockaddr_storage... " >&6; } +if ${ac_cv_define_sockaddr_storage+:} false; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif + +int +main () +{ + +struct sockaddr_storage sa; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + ac_cv_define_sockaddr_storage=yes + +else + + ac_cv_define_sockaddr_storage=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_define_sockaddr_storage" >&5 +$as_echo "$ac_cv_define_sockaddr_storage" >&6; } + +if test "$ac_cv_define_sockaddr_storage" = "yes"; then + have_sockaddr_storage=1 + +$as_echo "#define HAVE_SOCKADDR_STORAGE 1" >>confdefs.h + +else + have_sockaddr_storage=0 +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for AF_INET6 definition" >&5 +$as_echo_n "checking for AF_INET6 definition... " >&6; } +if ${ac_cv_define_af_inet6+:} false; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +int +main () +{ + +int af = AF_INET6; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + ac_cv_define_af_inet6=yes + +else + + ac_cv_define_af_inet6=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_define_af_inet6" >&5 +$as_echo "$ac_cv_define_af_inet6" >&6; } + +if test "$ac_cv_define_af_inet6" = "yes"; then + have_af_inet6=1 + +$as_echo "#define HAVE_AF_INET6 1" >>confdefs.h + +else + have_af_inet6=0 +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPv6 support" >&5 +$as_echo_n "checking for IPv6 support... " >&6; } +have_ipv6="0" +if test "$user_disabled_ipv6" = 1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"no -- disabled by user\"" >&5 +$as_echo "\"no -- disabled by user\"" >&6; } +else + if test "x$have_sockaddr_in6" = "x1"; then + if test "x$ac_cv_working_getaddrinfo" = "xyes"; then + if test "x$ac_cv_working_getnameinfo" = "xyes"; then + have_ipv6="1" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"no -- no working getnameinfo\"" >&5 +$as_echo "\"no -- no working getnameinfo\"" >&6; } + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"no -- no working getaddrinfo\"" >&5 +$as_echo "\"no -- no working getaddrinfo\"" >&6; } + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"no -- no sockaddr_in6\"" >&5 +$as_echo "\"no -- no sockaddr_in6\"" >&6; }; + fi +fi + +if test "x$ac_cv_working_getaddrinfo" != "xyes"; then +case " $LIBOBJS " in + *" getaddrinfo.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS getaddrinfo.$ac_objext" + ;; +esac + +fi + +if test "x$ac_cv_working_getnameinfo" != "xyes"; then +case " $LIBOBJS " in + *" getnameinfo.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS getnameinfo.$ac_objext" + ;; +esac + +fi + +if test "$have_ipv6" = "1"; then + +$as_echo "#define HAVE_IPV6 1" >>confdefs.h + +fi + +# First we test whether they specified openssl desires explicitly +use_openssl="yes" +specialssldir="" + + +# Check whether --with-openssl was given. +if test "${with_openssl+set}" = set; then : + withval=$with_openssl; case "$with_openssl" in + yes) + ;; + no) + use_openssl="no" + ;; + *) + specialssldir="$with_openssl" + ;; + esac + +fi + + + +# If they didn't specify it, we try to find it +if test "$use_openssl" = "yes" -a -z "$specialssldir"; then + ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_ssl_h" = xyes; then : + +else + use_openssl="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find openssl/ssl.h so OpenSSL will not be used. If it + is installed you can try the --with-openssl=DIR argument" >&5 +$as_echo "$as_me: WARNING: Failed to find openssl/ssl.h so OpenSSL will not be used. If it + is installed you can try the --with-openssl=DIR argument" >&2;} +fi + + + + if test "$use_openssl" = "yes"; then + ac_fn_c_check_header_mongrel "$LINENO" "openssl/err.h" "ac_cv_header_openssl_err_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_err_h" = xyes; then : + +else + use_openssl="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find openssl/err.h so OpenSSL will not be used. If it + is installed you can try the --with-openssl=DIR argument" >&5 +$as_echo "$as_me: WARNING: Failed to find openssl/err.h so OpenSSL will not be used. If it + is installed you can try the --with-openssl=DIR argument" >&2;} +fi + + + fi + + if test "$use_openssl" = "yes"; then + ac_fn_c_check_header_mongrel "$LINENO" "openssl/rand.h" "ac_cv_header_openssl_rand_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_rand_h" = xyes; then : + +else + use_openssl="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find openssl/rand.h so OpenSSL will not be used. If i +t is installed you can try the --with-openssl=DIR argument" >&5 +$as_echo "$as_me: WARNING: Failed to find openssl/rand.h so OpenSSL will not be used. If i +t is installed you can try the --with-openssl=DIR argument" >&2;} +fi + + + fi + + if test "$use_openssl" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BIO_int_ctrl in -lcrypto" >&5 +$as_echo_n "checking for BIO_int_ctrl in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_BIO_int_ctrl+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char BIO_int_ctrl (); +int +main () +{ +return BIO_int_ctrl (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_crypto_BIO_int_ctrl=yes +else + ac_cv_lib_crypto_BIO_int_ctrl=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_BIO_int_ctrl" >&5 +$as_echo "$ac_cv_lib_crypto_BIO_int_ctrl" >&6; } +if test "x$ac_cv_lib_crypto_BIO_int_ctrl" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBCRYPTO 1 +_ACEOF + + LIBS="-lcrypto $LIBS" + +else + use_openssl="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&5 +$as_echo "$as_me: WARNING: Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&2;} +fi + + fi + + if test "$use_openssl" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 +$as_echo_n "checking for SSL_new in -lssl... " >&6; } +if ${ac_cv_lib_ssl_SSL_new+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lssl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char SSL_new (); +int +main () +{ +return SSL_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_ssl_SSL_new=yes +else + ac_cv_lib_ssl_SSL_new=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_new" >&5 +$as_echo "$ac_cv_lib_ssl_SSL_new" >&6; } +if test "x$ac_cv_lib_ssl_SSL_new" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBSSL 1 +_ACEOF + + LIBS="-lssl $LIBS" + +else + use_openssl="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find libssl so OpenSSL will not be used. If it is ins +talled you can try the --with-openssl=DIR argument" >&5 +$as_echo "$as_me: WARNING: Failed to find libssl so OpenSSL will not be used. If it is ins +talled you can try the --with-openssl=DIR argument" >&2;} +fi + + fi +fi + +if test "$use_openssl" = "yes"; then + +$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h + +fi + + + if test x"$cross_compiling" = x"no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /proc/self/exe" >&5 +$as_echo_n "checking for /proc/self/exe... " >&6; } +if ${ac_cv_file__proc_self_exe+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r "/proc/self/exe"; then + ac_cv_file__proc_self_exe=yes +else + ac_cv_file__proc_self_exe=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__proc_self_exe" >&5 +$as_echo "$ac_cv_file__proc_self_exe" >&6; } +if test "x$ac_cv_file__proc_self_exe" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE__PROC_SELF_EXE 1 +_ACEOF + + +$as_echo "#define HAVE_PROC_SELF_EXE 1" >>confdefs.h + +fi + + else + case $host in + *-linux*) + +$as_echo "#define HAVE_PROC_SELF_EXE 1" >>confdefs.h + + ;; + esac + fi + + +ac_config_files="$ac_config_files Makefile" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by $as_me, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" +config_headers="$ac_config_headers" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Report bugs to the package provider." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +config.status +configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "nbase_config.h") CONFIG_HEADERS="$CONFIG_HEADERS nbase_config.h" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi + ;; + + + esac + +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + diff --git a/include/DomainExec/nbase/configure.ac b/include/DomainExec/nbase/configure.ac new file mode 100644 index 00000000..37069da4 --- /dev/null +++ b/include/DomainExec/nbase/configure.ac @@ -0,0 +1,301 @@ +dnl # -*- mode: fundamental; -*- +dnl # Autoconf configuration file for Nbase +dnl # +dnl # Process this file with autoconf to produce a configure script. +dnl # $Id$ + +# Because nbase is usually distributed with Nmap, the necessary files +# config.guess, config.guess, and install-sh are not distributed with +# nbase. Rather they are gotten from Nmap. + +# Require autoconf 2.13 +AC_PREREQ(2.13) + +# Include my own macros +m4_include([acinclude.m4]) + +AC_INIT(nbase.h) + +AC_ARG_WITH(localdirs, + [ --with-localdirs Explicitly ask compiler to use /usr/local/{include,libs} if they exist ], + [ case "$with_localdirs" in + yes) + user_localdirs=1 + ;; + no) + user_localdirs=0 + ;; + esac + ], + [ user_localdirs=0 ] ) + +if test "$user_localdirs" = 1; then + if test -d /usr/local/lib; then + LDFLAGS="$LDFLAGS -L/usr/local/lib" + fi + if test -d /usr/local/include; then + CPPFLAGS="$CPPFLAGS -I/usr/local/include" + fi +fi + +dnl use config.h instad of -D macros +AC_CONFIG_HEADER(nbase_config.h) + +dnl Checks for programs. +AC_PROG_CC + + if test -n "$GCC"; then + CFLAGS="$CFLAGS -Wall " + fi +AC_PROG_RANLIB +dnl AC_PROG_INSTALL +dnl AC_PATH_PROG(MAKEDEPEND, makedepend) + +dnl Host specific hacks +AC_CANONICAL_HOST + +dnl equiv to '#define inline' to 'inline', '__inline__', '__inline' or '' +AC_C_INLINE + +case "$host" in + *-sgi-irix5* | *-sgi-irix6*) + if test -z "$GCC"; then + AC_DEFINE(inline, ) + fi + ;; +esac + +dnl Checks for header files. +AC_HEADER_STDC +AC_CHECK_HEADERS( string.h getopt.h strings.h sys/param.h sys/time.h unistd.h errno.h sys/select.h sys/types.h sys/socket.h netinet/in.h arpa/inet.h sys/stat.h netdb.h sys/wait.h fcntl.h sys/resource.h inttypes.h mach-o/dyld.h) +AC_HEADER_TIME +dnl A special check required for on Darwin. See +dnl http://www.gnu.org/software/autoconf/manual/html_node/Header-Portability.html. +AC_CHECK_HEADERS([sys/socket.h]) +AC_CHECK_HEADERS([net/if.h], [], [], +[#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_SYS_SOCKET_H +# include +#endif +]) + +AC_MSG_CHECKING(for __attribute__) +AC_CACHE_VAL(ac_cv___attribute__, [ + AC_TRY_COMPILE( + [ + #include + + static void foo(void) __attribute__ ((noreturn)); + + static void + foo(void) + { + exit(1); + } + ], + [ + foo(); + ], + ac_cv___attribute__=yes, + ac_cv___attribute__=no + ) +]) +if test "$ac_cv___attribute__" = "yes"; then + AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__]) +fi +AC_MSG_RESULT($ac_cv___attribute__) + +AC_SUBST(CFLAGS) + + +dnl This test is from the configure.in of Unix Network Programming second +dnl edition example code by W. Richard Stevens +dnl ################################################################## +dnl Check if sockaddr{} has sa_len member. +dnl +AC_CACHE_CHECK(if sockaddr{} has sa_len member, ac_cv_sockaddr_has_sa_len, + AC_TRY_COMPILE([ + #include + #include ], + [unsigned int i = sizeof(((struct sockaddr *)0)->sa_len)], + ac_cv_sockaddr_has_sa_len=yes, + ac_cv_sockaddr_has_sa_len=no)) +if test $ac_cv_sockaddr_has_sa_len = yes ; then + AC_DEFINE(HAVE_SOCKADDR_SA_LEN, 1, [define if sockaddr has sa_len member]) +fi + +dnl check endedness +AC_C_BIGENDIAN + +dnl determine types so nbase can export u32, u16, etc. +AC_TYPE_INT8_T +AC_TYPE_INT16_T +AC_TYPE_INT32_T +AC_TYPE_INT64_T +AC_TYPE_UINT8_T +AC_TYPE_UINT16_T +AC_TYPE_UINT32_T +AC_TYPE_UINT64_T + +dnl Checks for library functions. +AC_CHECK_FUNCS( snprintf vsnprintf nanosleep strerror strcasestr strcasecmp strncasecmp signal ) + +needsnprintf=no +AC_CHECK_FUNCS(vsnprintf snprintf asprintf asnprintf vasprintf vasnprintf,, + [needsnprintf=yes]) +if test $needsnprintf = yes; then + AC_LIBOBJ([snprintf]) +fi + +AC_CHECK_FUNCS( getopt getopt_long_only) + +AC_CHECK_FUNCS(usleep gettimeofday sleep localtime_s localtime_r) +dnl Some of these time functions are always needed +AC_LIBOBJ([nbase_time]) + +AC_CHECK_FUNC(getopt_long_only, , + [ AC_LIBOBJ([getopt]) ]) + +AC_CHECK_FUNCS(strcasecmp strncasecmp, , + [ AC_LIBOBJ([strcasecmp]) ]) + +dnl We always want some of our files +AC_LIBOBJ([nbase_str]) +AC_LIBOBJ([nbase_misc]) +AC_LIBOBJ([nbase_memalloc]) +AC_LIBOBJ([nbase_rnd]) +AC_LIBOBJ([nbase_addrset]) + +# Check for IPv6 support -- modified from Apache 2.0.40: + +AC_ARG_ENABLE(ipv6, + [ --disable-ipv6 Disable IPv6 support ], + [ if test "$enableval" = "no"; then + user_disabled_ipv6=1 + fi ], + [ user_disabled_ipv6=0 ] ) + +AC_SEARCH_LIBS(getaddrinfo, [inet6 socket]) +AC_SEARCH_LIBS(gai_strerror, [inet6 socket]) +AC_SEARCH_LIBS(getnameinfo, [inet6 socket]) +AC_SEARCH_LIBS(inet_ntop, [nsl resolv network], [], + [AC_LIBOBJ(inet_ntop) + ]) +AC_SEARCH_LIBS(inet_pton, [nsl resolv network], [], + [AC_LIBOBJ(inet_pton) + ]) +AC_CHECK_FUNCS([gai_strerror inet_pton inet_ntop]) +APR_CHECK_WORKING_GETADDRINFO +# The inet_addr function is used by APR_CHECK_WORKING_GETNAMEINFO. +AC_SEARCH_LIBS(inet_addr, [nsl]) +APR_CHECK_WORKING_GETNAMEINFO +APR_CHECK_SOCKADDR_IN6 +APR_CHECK_SOCKADDR_STORAGE +CHECK_AF_INET6_DEFINE + +AC_MSG_CHECKING(for IPv6 support) +have_ipv6="0" +if test "$user_disabled_ipv6" = 1; then + AC_MSG_RESULT("no -- disabled by user") +else + if test "x$have_sockaddr_in6" = "x1"; then + if test "x$ac_cv_working_getaddrinfo" = "xyes"; then + if test "x$ac_cv_working_getnameinfo" = "xyes"; then + have_ipv6="1" + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT("no -- no working getnameinfo") + fi + else + AC_MSG_RESULT("no -- no working getaddrinfo") + fi + else + AC_MSG_RESULT("no -- no sockaddr_in6"); + fi +fi + +if test "x$ac_cv_working_getaddrinfo" != "xyes"; then +AC_LIBOBJ([getaddrinfo]) +fi + +if test "x$ac_cv_working_getnameinfo" != "xyes"; then +AC_LIBOBJ([getnameinfo]) +fi + +if test "$have_ipv6" = "1"; then + AC_DEFINE(HAVE_IPV6, 1, [define if IPv6 is available]) +fi + +# First we test whether they specified openssl desires explicitly +use_openssl="yes" +specialssldir="" + +AC_ARG_WITH(openssl, +[ --with-openssl=DIR Use optional openssl libs and includes from [DIR]/lib/ +and [DIR]/include/openssl/)], +[ case "$with_openssl" in + yes) + ;; + no) + use_openssl="no" + ;; + *) + specialssldir="$with_openssl" + ;; + esac] +) + + +# If they didn't specify it, we try to find it +if test "$use_openssl" = "yes" -a -z "$specialssldir"; then + AC_CHECK_HEADER(openssl/ssl.h,, + [ use_openssl="no" + AC_MSG_WARN([Failed to find openssl/ssl.h so OpenSSL will not be used. If it + is installed you can try the --with-openssl=DIR argument]) ]) + + if test "$use_openssl" = "yes"; then + AC_CHECK_HEADER(openssl/err.h,, + [ use_openssl="no" + AC_MSG_WARN([Failed to find openssl/err.h so OpenSSL will not be used. If it + is installed you can try the --with-openssl=DIR argument]) ]) + fi + + if test "$use_openssl" = "yes"; then + AC_CHECK_HEADER(openssl/rand.h,, + [ use_openssl="no" + AC_MSG_WARN([Failed to find openssl/rand.h so OpenSSL will not be used. If i +t is installed you can try the --with-openssl=DIR argument]) ]) + fi + + if test "$use_openssl" = "yes"; then + AC_CHECK_LIB(crypto, BIO_int_ctrl, + [], + [ use_openssl="no" + AC_MSG_WARN([Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) ]) + fi + + if test "$use_openssl" = "yes"; then + AC_CHECK_LIB(ssl, SSL_new, + [], + [ use_openssl="no" + AC_MSG_WARN([Failed to find libssl so OpenSSL will not be used. If it is ins +talled you can try the --with-openssl=DIR argument]) ]) + fi +fi + +if test "$use_openssl" = "yes"; then + AC_DEFINE(HAVE_OPENSSL, 1, [define if libssl is available]) +fi + +CHECK_PROC_SELF_EXE + +AC_OUTPUT(Makefile) + diff --git a/include/DomainExec/nbase/getaddrinfo.c b/include/DomainExec/nbase/getaddrinfo.c new file mode 100644 index 00000000..d9f7cb25 --- /dev/null +++ b/include/DomainExec/nbase/getaddrinfo.c @@ -0,0 +1,261 @@ +/*************************************************************************** + * getaddrinfo.c -- A **PARTIAL** implementation of the getaddrinfo(3) * + * hostname resolution call. In particular, IPv6 is not supported and * + * neither are some of the flags. Service "names" are always returned as * + * port numbers. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nbase.h" + +#include +#if HAVE_SYS_SOCKET_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_ARPA_INET_H +#include +#endif +#if HAVE_NETDB_H +#include +#endif +#include + + +#if !defined(HAVE_GAI_STRERROR) || defined(__MINGW32__) +#ifdef __MINGW32__ +#undef gai_strerror +#endif + +const char *gai_strerror(int errcode) { + static char customerr[64]; + switch (errcode) { + case EAI_FAMILY: + return "ai_family not supported"; + case EAI_NODATA: + return "no address associated with hostname"; + case EAI_NONAME: + return "hostname nor servname provided, or not known"; + default: + Snprintf(customerr, sizeof(customerr), "unknown error (%d)", errcode); + return "unknown error."; + } + return NULL; /* unreached */ +} +#endif + +#ifdef __MINGW32__ +char* WSAAPI gai_strerrorA (int errcode) +{ + return gai_strerror(errcode); +} +#endif + +#ifndef HAVE_GETADDRINFO +void freeaddrinfo(struct addrinfo *res) { + struct addrinfo *next; + + do { + next = res->ai_next; + free(res); + } while ((res = next) != NULL); +} + +/* Allocates and initializes a new AI structure with the port and IPv4 + address specified in network byte order */ +static struct addrinfo *new_ai(unsigned short portno, u32 addr) +{ + struct addrinfo *ai; + + ai = (struct addrinfo *) safe_malloc(sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); + + memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); + + ai->ai_family = AF_INET; + ai->ai_addrlen = sizeof(struct sockaddr_in); + ai->ai_addr = (struct sockaddr *)(ai + 1); + ai->ai_addr->sa_family = AF_INET; +#if HAVE_SOCKADDR_SA_LEN + ai->ai_addr->sa_len = ai->ai_addrlen; +#endif + ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = portno; + ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; + + return(ai); +} + + +int getaddrinfo(const char *node, const char *service, + const struct addrinfo *hints, struct addrinfo **res) { + + struct addrinfo *cur, *prev = NULL; + struct hostent *he; + struct in_addr ip; + unsigned short portno; + int i; + + if (service) + portno = htons(atoi(service)); + else + portno = 0; + + if (hints && hints->ai_flags & AI_PASSIVE) { + *res = new_ai(portno, htonl(0x00000000)); + return 0; + } + + if (!node) { + *res = new_ai(portno, htonl(0x7f000001)); + return 0; + } + + if (inet_pton(AF_INET, node, &ip)) { + *res = new_ai(portno, ip.s_addr); + return 0; + } + + he = gethostbyname(node); + if (he && he->h_addr_list[0]) { + for (i = 0; he->h_addr_list[i]; i++) { + cur = new_ai(portno, ((struct in_addr *)he->h_addr_list[i])->s_addr); + + if (prev) + prev->ai_next = cur; + else + *res = cur; + + prev = cur; + } + return 0; + } + + return EAI_NODATA; +} +#endif /* HAVE_GETADDRINFO */ diff --git a/include/DomainExec/nbase/getnameinfo.c b/include/DomainExec/nbase/getnameinfo.c new file mode 100644 index 00000000..7914a20f --- /dev/null +++ b/include/DomainExec/nbase/getnameinfo.c @@ -0,0 +1,186 @@ +/*************************************************************************** + * getnameinfo.c -- A **PARTIAL** implementation of the getnameinfo(3) * + * host resolution call. In particular, IPv6 is not supported and neither * + * are some of the flags. Service "names" are always returned as decimal * + * port numbers. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ +#include "nbase.h" + +#if HAVE_NETDB_H +#include +#endif +#include +#include +#if HAVE_SYS_SOCKET_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_ARPA_INET_H +#include +#endif + +int getnameinfo(const struct sockaddr *sa, size_t salen, + char *host, size_t hostlen, + char *serv, size_t servlen, int flags) { + + struct sockaddr_in *sin = (struct sockaddr_in *)sa; + struct hostent *he; + + if (sin->sin_family != AF_INET || salen != sizeof(struct sockaddr_in)) + return EAI_FAMILY; + + if (serv != NULL) { + Snprintf(serv, servlen, "%d", ntohs(sin->sin_port)); + return 0; + } + + if (host) { + if (flags & NI_NUMERICHOST) { + Strncpy(host, inet_ntoa(sin->sin_addr), hostlen); + return 0; + } else { + he = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr), + AF_INET); + if (he == NULL) { + if (flags & NI_NAMEREQD) + return EAI_NONAME; + + Strncpy(host, inet_ntoa(sin->sin_addr), hostlen); + return 0; + } + + assert(he->h_name); + Strncpy(host, he->h_name, hostlen); + return 0; + } + } + return 0; +} diff --git a/include/DomainExec/nbase/getopt.c b/include/DomainExec/nbase/getopt.c new file mode 100644 index 00000000..f9aad9f3 --- /dev/null +++ b/include/DomainExec/nbase/getopt.c @@ -0,0 +1,304 @@ +/* + * my_getopt.c - my re-implementation of getopt. + * Copyright 1997, 2000, 2001, 2002, 2006, Benjamin Sittler + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ + +/* $Id$ */ + +#include +#include +#include +#include +#include "getopt.h" + +#if HAVE_CONFIG_H +#include "nbase_config.h" +#else +#ifdef WIN32 +#include "nbase_winconfig.h" /* mainly for _CRT_SECURE_NO_DEPRECATE */ +#endif /* WIN32 */ +#endif /* HAVE_CONFIG_H */ + +int optind=1, opterr=1, optopt=0; +char *optarg=0; + +/* reset argument parser to start-up values */ +int getopt_reset(void) +{ + optind = 1; + opterr = 1; + optopt = 0; + optarg = 0; + return 0; +} + + +/* this is the plain old UNIX getopt, with GNU-style extensions. */ +/* if you're porting some piece of UNIX software, this is all you need. */ +/* this supports GNU-style permutation and optional arguments */ + +static int _getopt(int argc, char * argv[], const char *opts) +{ + static int charind=0; + const char *s; + char mode, colon_mode; + int off = 0, opt = -1; + + if(getenv("POSIXLY_CORRECT")) colon_mode = mode = '+'; + else { + if((colon_mode = *opts) == ':') off ++; + if(((mode = opts[off]) == '+') || (mode == '-')) { + off++; + if((colon_mode != ':') && ((colon_mode = opts[off]) == ':')) + off ++; + } + } + optarg = 0; + if(charind) { + optopt = argv[optind][charind]; + for(s=opts+off; *s; s++) if(optopt == *s) { + charind++; + if((*(++s) == ':') || ((optopt == 'W') && (*s == ';'))) { + if(argv[optind][charind]) { + optarg = &(argv[optind++][charind]); + charind = 0; + } else if(*(++s) != ':') { + charind = 0; + if(++optind >= argc) { + if(opterr) fprintf(stderr, + "%s: option requires an argument -- %c\n", + argv[0], optopt); + opt = (colon_mode == ':') ? ':' : '?'; + goto my_getopt_ok; + } + optarg = argv[optind++]; + } + } + opt = optopt; + goto my_getopt_ok; + } + if(opterr) fprintf(stderr, + "%s: illegal option -- %c\n", + argv[0], optopt); + opt = '?'; + if(argv[optind][++charind] == '\0') { + optind++; + charind = 0; + } + my_getopt_ok: + if(charind && ! argv[optind][charind]) { + optind++; + charind = 0; + } + } else if((optind >= argc) || + ((argv[optind][0] == '-') && + (argv[optind][1] == '-') && + (argv[optind][2] == '\0'))) { + optind++; + opt = -1; + } else if((argv[optind][0] != '-') || + (argv[optind][1] == '\0')) { + char *tmp; + int i, j, k; + + if(mode == '+') opt = -1; + else if(mode == '-') { + optarg = argv[optind++]; + charind = 0; + opt = 1; + } else { + for(i=j=optind; i j) { + tmp=argv[--i]; + for(k=i; k+1 argc) optind = argc; + return opt; +} + +/* this is the extended getopt_long{,_only}, with some GNU-like + * extensions. Implements _getopt_internal in case any programs + * expecting GNU libc getopt call it. + */ + +int _getopt_internal(int argc, char * argv[], const char *shortopts, + const struct option *longopts, int *longind, + int long_only) +{ + char mode, colon_mode = *shortopts; + int shortoff = 0, opt = -1; + + if(getenv("POSIXLY_CORRECT")) colon_mode = mode = '+'; + else { + if((colon_mode = *shortopts) == ':') shortoff ++; + if(((mode = shortopts[shortoff]) == '+') || (mode == '-')) { + shortoff++; + if((colon_mode != ':') && ((colon_mode = shortopts[shortoff]) == ':')) + shortoff ++; + } + } + optarg = 0; + if((optind >= argc) || + ((argv[optind][0] == '-') && + (argv[optind][1] == '-') && + (argv[optind][2] == '\0'))) { + optind++; + opt = -1; + } else if((argv[optind][0] != '-') || + (argv[optind][1] == '\0')) { + char *tmp; + int i, j, k; + + opt = -1; + if(mode == '+') return -1; + else if(mode == '-') { + optarg = argv[optind++]; + return 1; + } + for(i=j=optind; i j) { + tmp=argv[--i]; + for(k=i; k+1= argc) { + opt = (colon_mode == ':') ? ':' : '?'; + if(opterr) fprintf(stderr, + "%s: option `--%s' requires an argument\n", + argv[0], longopts[found].name); + } else optarg = argv[optind]; + } + if(!opt) { + if (longind) *longind = found; + if(!longopts[found].flag) opt = longopts[found].val; + else *(longopts[found].flag) = longopts[found].val; + } + optind++; + } else if(!hits) { + if(offset == 1) opt = _getopt(argc, argv, shortopts); + else { + opt = '?'; + if(opterr) fprintf(stderr, + "%s: unrecognized option `%s'\n", + argv[0], argv[optind++]); + } + } else { + opt = '?'; + if(opterr) fprintf(stderr, + "%s: option `%s' is ambiguous\n", + argv[0], argv[optind++]); + } + } + if (optind > argc) optind = argc; + return opt; +} + +/* This function is kinda problematic because most getopt() nowadays + seem to use char * const argv[] (they DON'T permute the options list), + but this one does. So we remove it as long as HAVE_GETOPT is define, so + people can use the version from their platform instead */ + +#ifndef HAVE_GETOPT +int getopt(int argc, char * argv[], const char *opts) +{ + return _getopt(argc, argv, opts); +} +#endif /* HAVE_GETOPT */ + +int getopt_long(int argc, char * argv[], const char *shortopts, + const struct option *longopts, int *longind) +{ + return _getopt_internal(argc, argv, shortopts, longopts, longind, 0); +} + +int getopt_long_only(int argc, char * argv[], const char *shortopts, + const struct option *longopts, int *longind) +{ + return _getopt_internal(argc, argv, shortopts, longopts, longind, 1); +} diff --git a/include/DomainExec/nbase/getopt.h b/include/DomainExec/nbase/getopt.h new file mode 100644 index 00000000..72496ec8 --- /dev/null +++ b/include/DomainExec/nbase/getopt.h @@ -0,0 +1,84 @@ +/* + * my_getopt.h - interface to my re-implementation of getopt. + * Copyright 1997, 2000, 2001, 2002, 2006, Benjamin Sittler + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ + +/* $Id$ */ + +#ifndef MY_GETOPT_H_INCLUDED +#define MY_GETOPT_H_INCLUDED + +#if HAVE_CONFIG_H +#include "nbase_config.h" +#else +#ifdef WIN32 +#include "nbase_winconfig.h" +#endif /* WIN32 */ +#endif /* HAVE_CONFIG_H */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* reset argument parser to start-up values */ +extern int getopt_reset(void); + +#ifndef HAVE_GETOPT +/* UNIX-style short-argument parser */ +extern int getopt(int argc, char * argv[], const char *opts); +#endif /* HAVE_GETOPT */ + +extern int optind, opterr, optopt; +extern char *optarg; + +struct option { + const char *name; + int has_arg; + int *flag; + int val; +}; + +/* human-readable values for has_arg */ +#undef no_argument +#define no_argument 0 +#undef required_argument +#define required_argument 1 +#undef optional_argument +#define optional_argument 2 + +/* GNU-style long-argument parsers */ +extern int getopt_long(int argc, char * argv[], const char *shortopts, + const struct option *longopts, int *longind); + +extern int getopt_long_only(int argc, char * argv[], const char *shortopts, + const struct option *longopts, int *longind); + +extern int _getopt_internal(int argc, char * argv[], const char *shortopts, + const struct option *longopts, int *longind, + int long_only); + +#ifdef __cplusplus +} +#endif + +#endif /* MY_GETOPT_H_INCLUDED */ diff --git a/include/DomainExec/nbase/inet_ntop.c b/include/DomainExec/nbase/inet_ntop.c new file mode 100644 index 00000000..da256234 --- /dev/null +++ b/include/DomainExec/nbase/inet_ntop.c @@ -0,0 +1,255 @@ +/* Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* Modified by Fyodor (fyodor@nmap.org) for inclusion in the Nmap + * Security Scanner. + * + * $Id$ + */ + +#include "nbase.h" + +#ifndef HAVE_INET_NTOP + +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_SOCKET_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_ARPA_INET_H +#include +#endif +#include +#if HAVE_ERRNO_H +#include +#endif +#include + +#ifndef IN6ADDRSZ +#define IN6ADDRSZ 16 +#endif + +#ifndef INT16SZ +#define INT16SZ sizeof(u16) +#endif + +#if !defined(EAFNOSUPPORT) && defined(WSAEAFNOSUPPORT) +#define EAFNOSUPPORT WSAEAFNOSUPPORT +#endif + +/* + * WARNING: Don't even consider trying to compile this on a system where + * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. + */ + +static const char *inet_ntop4(const unsigned char *src, char *dst, size_t size); +#if HAVE_IPV6 +static const char *inet_ntop6(const unsigned char *src, char *dst, size_t size); +#endif + +/* char * + * inet_ntop(af, src, dst, size) + * convert a network format address to presentation format. + * return: + * pointer to presentation format address (`dst'), or NULL (see errno). + * author: + * Paul Vixie, 1996. + */ +const char * +inet_ntop(int af, const void *src, char *dst, size_t size) +{ + switch (af) { + case AF_INET: + return (inet_ntop4((const unsigned char *) src, dst, size)); +#if HAVE_IPV6 + case AF_INET6: + return (inet_ntop6((const unsigned char *) src, dst, size)); +#endif + default: +#ifndef WIN32 + errno = EAFNOSUPPORT; +#endif + return (NULL); + } + /* NOTREACHED */ +} + +/* const char * + * inet_ntop4(src, dst, size) + * format an IPv4 address, more or less like inet_ntoa() + * return: + * `dst' (as a const) + * notes: + * (1) uses no statics + * (2) takes a u_char* not an in_addr as input + * author: + * Paul Vixie, 1996. + */ +static const char * +inet_ntop4(const unsigned char *src, char *dst, size_t size) +{ + const size_t MIN_SIZE = 16; /* space for 255.255.255.255\0 */ + int n = 0; + char *next = dst; + + if (size < MIN_SIZE) { +#ifndef WIN32 + errno = ENOSPC; +#endif + return NULL; + } + do { + unsigned char u = *src++; + if (u > 99) { + *next++ = '0' + u/100; + u %= 100; + *next++ = '0' + u/10; + u %= 10; + } + else if (u > 9) { + *next++ = '0' + u/10; + u %= 10; + } + *next++ = '0' + u; + *next++ = '.'; + n++; + } while (n < 4); + *--next = 0; + return dst; +} + +#if HAVE_IPV6 +/* const char * + * inet_ntop6(src, dst, size) + * convert IPv6 binary address into presentation (printable) format + * author: + * Paul Vixie, 1996. + */ +static const char * +inet_ntop6(const unsigned char *src, char *dst, size_t size) +{ + /* + * Note that int32_t and int16_t need only be "at least" large enough + * to contain a value of the specified size. On some systems, like + * Crays, there is no such thing as an integer variable with 16 bits. + * Keep this in mind if you think this function should have been coded + * to use pointer overlays. All the world's not a VAX. + */ + char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp; + struct { int base, len; } best, cur; + u16 words[IN6ADDRSZ / INT16SZ]; + int i; + const unsigned char *next_src, *src_end; + u16 *next_dest; + + /* + * Preprocess: + * Copy the input (bytewise) array into a wordwise array. + * Find the longest run of 0x00's in src[] for :: shorthanding. + */ + next_src = src; + src_end = src + IN6ADDRSZ; + next_dest = words; + best.base = -1; + cur.base = -1; + i = 0; + do { + unsigned int next_word = (unsigned int)*next_src++; + next_word <<= 8; + next_word |= (unsigned int)*next_src++; + *next_dest++ = next_word; + + if (next_word == 0) { + if (cur.base == -1) { + cur.base = i; + cur.len = 1; + } + else { + cur.len++; + } + } else { + if (cur.base != -1) { + if (best.base == -1 || cur.len > best.len) { + best = cur; + } + cur.base = -1; + } + } + + i++; + } while (next_src < src_end); + + if (cur.base != -1) { + if (best.base == -1 || cur.len > best.len) { + best = cur; + } + } + if (best.base != -1 && best.len < 2) { + best.base = -1; + } + + /* + * Format the result. + */ + tp = tmp; + for (i = 0; i < (IN6ADDRSZ / INT16SZ);) { + /* Are we inside the best run of 0x00's? */ + if (i == best.base) { + *tp++ = ':'; + i += best.len; + continue; + } + /* Are we following an initial run of 0x00s or any real hex? */ + if (i != 0) { + *tp++ = ':'; + } + /* Is this address an encapsulated IPv4? */ + if (i == 6 && best.base == 0 && + (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { + if (!inet_ntop4(src+12, tp, sizeof tmp - (tp - tmp))) { + return (NULL); + } + tp += strlen(tp); + break; + } + tp += Snprintf(tp, sizeof tmp - (tp - tmp), "%x", words[i]); + i++; + } + /* Was it a trailing run of 0x00's? */ + if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ)) { + *tp++ = ':'; + } + *tp++ = '\0'; + + /* + * Check for overflow, copy, and we're done. + */ + if ((size_t)(tp - tmp) > size) { +#ifndef WIN32 + errno = ENOSPC; +#endif + return (NULL); + } + strncpy(dst, tmp, size); + return (dst); +} +#endif + +#endif /* ifndef HAVE_INET_NTOP */ diff --git a/include/DomainExec/nbase/inet_pton.c b/include/DomainExec/nbase/inet_pton.c new file mode 100644 index 00000000..cef18cf0 --- /dev/null +++ b/include/DomainExec/nbase/inet_pton.c @@ -0,0 +1,249 @@ +/* Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* Modified by Fyodor (fyodor@nmap.org) for inclusion in the Nmap + * Security Scanner. + * + * $Id$ + */ + +#include "nbase.h" + +#ifndef HAVE_INET_PTON + +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_SOCKET_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_ARPA_INET_H +#include +#endif +#if HAVE_STRING_H +#include +#endif +#if HAVE_ERRNO_H +#include +#endif + +#ifndef IN6ADDRSZ +#define IN6ADDRSZ 16 +#endif + +#ifndef INT16SZ +#define INT16SZ 2 +#endif + +#ifndef INADDRSZ +#define INADDRSZ 4 +#endif + +#if !defined(EAFNOSUPPORT) && defined(WSAEAFNOSUPPORT) +#define EAFNOSUPPORT WSAEAFNOSUPPORT +#endif + +/* + * WARNING: Don't even consider trying to compile this on a system where + * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. + */ + +static int inet_pton4 (const char *src, unsigned char *dst); +#if HAVE_IPV6 +static int inet_pton6 (const char *src, unsigned char *dst); +#endif + +/* int + * inet_pton(af, src, dst) + * convert from presentation format (which usually means ASCII printable) + * to network format (which is usually some kind of binary format). + * return: + * 1 if the address was valid for the specified address family + * 0 if the address wasn't valid (`dst' is untouched in this case) + * -1 if some other error occurred (`dst' is untouched in this case, too) + * author: + * Paul Vixie, 1996. + */ +int +inet_pton(int af, const char *src, void *dst) +{ + switch (af) { + case AF_INET: + return (inet_pton4(src, (unsigned char *) dst)); +#if HAVE_IPV6 + case AF_INET6: + return (inet_pton6(src, (unsigned char *) dst)); +#endif + default: +#ifndef WIN32 + errno = EAFNOSUPPORT; +#endif + return (-1); + } + /* NOTREACHED */ +} + +/* int + * inet_pton4(src, dst) + * like inet_aton() but without all the hexadecimal and shorthand. + * return: + * 1 if `src' is a valid dotted quad, else 0. + * notice: + * does not touch `dst' unless it's returning 1. + * author: + * Paul Vixie, 1996. + */ +static int +inet_pton4(const char *src, unsigned char *dst) +{ + static const char digits[] = "0123456789"; + int saw_digit, octets, ch; + unsigned char tmp[INADDRSZ], *tp; + + saw_digit = 0; + octets = 0; + *(tp = tmp) = 0; + while ((ch = *src++) != '\0') { + const char *pch; + + if ((pch = strchr(digits, ch)) != NULL) { + unsigned int newval = (unsigned int) (*tp * 10 + (pch - digits)); + + if (newval > 255) + return (0); + *tp = newval; + if (! saw_digit) { + if (++octets > 4) + return (0); + saw_digit = 1; + } + } else if (ch == '.' && saw_digit) { + if (octets == 4) + return (0); + *++tp = 0; + saw_digit = 0; + } else + return (0); + } + if (octets < 4) + return (0); + + memcpy(dst, tmp, INADDRSZ); + return (1); +} + +#if HAVE_IPV6 +/* int + * inet_pton6(src, dst) + * convert presentation level address to network order binary form. + * return: + * 1 if `src' is a valid [RFC1884 2.2] address, else 0. + * notice: + * (1) does not touch `dst' unless it's returning 1. + * (2) :: in a full address is silently ignored. + * credit: + * inspired by Mark Andrews. + * author: + * Paul Vixie, 1996. + */ +static int +inet_pton6(const char *src, unsigned char *dst) +{ + static const char xdigits_l[] = "0123456789abcdef", + xdigits_u[] = "0123456789ABCDEF"; + unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp; + const char *xdigits, *curtok; + int ch, saw_xdigit; + unsigned int val; + + memset((tp = tmp), '\0', IN6ADDRSZ); + endp = tp + IN6ADDRSZ; + colonp = NULL; + /* Leading :: requires some special handling. */ + if (*src == ':') + if (*++src != ':') + return (0); + curtok = src; + saw_xdigit = 0; + val = 0; + while ((ch = *src++) != '\0') { + const char *pch; + + if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL) + pch = strchr((xdigits = xdigits_u), ch); + if (pch != NULL) { + val <<= 4; + val |= (pch - xdigits); + if (val > 0xffff) + return (0); + saw_xdigit = 1; + continue; + } + if (ch == ':') { + curtok = src; + if (!saw_xdigit) { + if (colonp) + return (0); + colonp = tp; + continue; + } + if (tp + INT16SZ > endp) + return (0); + *tp++ = (unsigned char) (val >> 8) & 0xff; + *tp++ = (unsigned char) val & 0xff; + saw_xdigit = 0; + val = 0; + continue; + } + if (ch == '.' && ((tp + INADDRSZ) <= endp) && + inet_pton4(curtok, tp) > 0) { + tp += INADDRSZ; + saw_xdigit = 0; + break; /* '\0' was seen by inet_pton4(). */ + } + return (0); + } + if (saw_xdigit) { + if (tp + INT16SZ > endp) + return (0); + *tp++ = (unsigned char) (val >> 8) & 0xff; + *tp++ = (unsigned char) val & 0xff; + } + if (colonp != NULL) { + /* + * Since some memmove()'s erroneously fail to handle + * overlapping regions, we'll do the shift by hand. + */ + const int n = tp - colonp; + int i; + + for (i = 1; i <= n; i++) { + endp[- i] = colonp[n - i]; + colonp[n - i] = 0; + } + tp = endp; + } + if (tp != endp) + return (0); + memcpy(dst, tmp, IN6ADDRSZ); + return (1); +} +#endif + +#endif /* ifndef HAVE_INET_PTON */ diff --git a/include/DomainExec/nbase/nbase.h b/include/DomainExec/nbase/nbase.h new file mode 100644 index 00000000..9298e021 --- /dev/null +++ b/include/DomainExec/nbase/nbase.h @@ -0,0 +1,599 @@ + +/*************************************************************************** + * nbase.h -- The main include file exposing the external API for * + * libnbase, a library of base (often compatibility) routines. Programs * + * using libnbase can guarantee the availability of functions like * + * (v)snprintf and inet_pton. This library also provides consistency and * + * extended features for some functions. It was originally written for * + * use in the Nmap Security Scanner ( https://nmap.org ). * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NBASE_H +#define NBASE_H + +/* NOTE -- libnbase offers the following features that you should probably + * be aware of: + * + * * 'inline' is defined to what is necessary for the C compiler being + * used (which may be nothing) + * + * * snprintf, inet_pton, memcpy, and bzero are + * provided if you don't have them (prototypes for these are + * included either way). + * + * * WORDS_BIGENDIAN is defined if platform is big endian + * + * * Definitions included which give the operating system type. They + * will generally be one of the following: LINUX, FREEBSD, NETBSD, + * OPENBSD, SOLARIS, SUNOS, BSDI, IRIX, NETBSD + * + * * Insures that getopt_* functions exist (such as getopt_long_only) + * + * * Various string functions such as Strncpy() and strcasestr() see protos + * for more info. + * + * * IPv6 structures like 'sockaddr_storage' are provided if they do + * not already exist. + * + * * Various Windows -> UNIX compatibility definitions are added (such as defining EMSGSIZE to WSAEMSGSIZE) + */ + +#if HAVE_CONFIG_H +#include "nbase_config.h" +#else +#ifdef WIN32 +#include "nbase_winconfig.h" +#endif /* WIN32 */ +#endif /* HAVE_CONFIG_H */ + +#ifdef WIN32 +#include "nbase_winunix.h" +#endif + +#if HAVE_SYS_STAT_H +#include +#endif + +#if HAVE_UNISTD_H +#include +#endif + +#include +#include +#include + +#if HAVE_SYS_SELECT_H +#include +#endif + +#if HAVE_SYS_TYPES_H +#include +#endif + +#if HAVE_SYS_PARAM_H +#include +#endif + +#if HAVE_STRING_H +#include +#endif + +#if HAVE_NETDB_H +#include +#endif + +#if HAVE_INTTYPES_H +#include +#endif + +#include + +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 64 +#endif + +#ifndef MAXPATHLEN +#define MAXPATHLEN 2048 +#endif + +#ifndef HAVE___ATTRIBUTE__ +#define __attribute__(args) +#endif + +#include + +/* Keep assert() defined for security reasons */ +#undef NDEBUG + +/* Integer types */ +#include +typedef uint8_t u8; +typedef int8_t s8; +typedef uint16_t u16; +typedef int16_t s16; +typedef uint32_t u32; +typedef int32_t s32; +typedef uint64_t u64; +typedef int64_t s64; + +/* Mathematical MIN/MAX/ABS (absolute value) macros */ +#ifndef MAX +#define MAX(x,y) (((x)>(y))?(x):(y)) +#endif +#ifndef MIN +#define MIN(x,y) (((x)<(y))?(x):(y)) +#endif +#ifndef ABS +#define ABS(x) (((x) >= 0)?(x):-(x)) +#endif + +/* Timeval subtraction in microseconds */ +#define TIMEVAL_SUBTRACT(a,b) (((a).tv_sec - (b).tv_sec) * 1000000 + (a).tv_usec - (b).tv_usec) +/* Timeval subtract in milliseconds */ +#define TIMEVAL_MSEC_SUBTRACT(a,b) ((((a).tv_sec - (b).tv_sec) * 1000) + ((a).tv_usec - (b).tv_usec) / 1000) +/* Timeval subtract in seconds; truncate towards zero */ +#define TIMEVAL_SEC_SUBTRACT(a,b) ((a).tv_sec - (b).tv_sec + (((a).tv_usec < (b).tv_usec) ? - 1 : 0)) +/* Timeval subtract in fractional seconds; convert to float */ +#define TIMEVAL_FSEC_SUBTRACT(a,b) ((a).tv_sec - (b).tv_sec + (((a).tv_usec - (b).tv_usec)/1000000.0)) + +/* assign one timeval to another timeval plus some msecs: a = b + msecs */ +#define TIMEVAL_MSEC_ADD(a, b, msecs) { (a).tv_sec = (b).tv_sec + ((msecs) / 1000); (a).tv_usec = (b).tv_usec + ((msecs) % 1000) * 1000; (a).tv_sec += (a).tv_usec / 1000000; (a).tv_usec %= 1000000; } +#define TIMEVAL_ADD(a, b, usecs) { (a).tv_sec = (b).tv_sec + ((usecs) / 1000000); (a).tv_usec = (b).tv_usec + ((usecs) % 1000000); (a).tv_sec += (a).tv_usec / 1000000; (a).tv_usec %= 1000000; } + +/* Find our if one timeval is before or after another, avoiding the integer + overflow that can result when doing a TIMEVAL_SUBTRACT on two widely spaced + timevals. */ +#define TIMEVAL_BEFORE(a, b) (((a).tv_sec < (b).tv_sec) || ((a).tv_sec == (b).tv_sec && (a).tv_usec < (b).tv_usec)) +#define TIMEVAL_AFTER(a, b) (((a).tv_sec > (b).tv_sec) || ((a).tv_sec == (b).tv_sec && (a).tv_usec > (b).tv_usec)) + +/* Convert a timeval to floating point seconds */ +#define TIMEVAL_SECS(a) ((double) (a).tv_sec + (double) (a).tv_usec / 1000000) + + +/* sprintf family */ +#if !defined(HAVE_SNPRINTF) && defined(__cplusplus) +extern "C" int snprintf (char *str, size_t sz, const char *format, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#if !defined(HAVE_VSNPRINTF) && defined(__cplusplus) +extern "C" int vsnprintf (char *str, size_t sz, const char *format, + va_list ap) + __attribute__((format (printf, 3, 0))); +#endif + +#if !defined(HAVE_ASPRINTF) && defined(__cplusplus) +extern "C" int asprintf (char **ret, const char *format, ...) + __attribute__ ((format (printf, 2, 3))); +#endif + +#if !defined(HAVE_VASPRINTF) && defined(__cplusplus) +extern "C" int vasprintf (char **ret, const char *format, va_list ap) + __attribute__((format (printf, 2, 0))); +#endif + +#if !defined(HAVE_ASNPRINTF) && defined(__cplusplus) +extern "C" int asnprintf (char **ret, size_t max_sz, const char *format, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#if !defined(HAVE_VASNPRINTF) && defined(__cplusplus) +extern "C" int vasnprintf (char **ret, size_t max_sz, const char *format, + va_list ap) + __attribute__((format (printf, 3, 0))); +#endif + +#if defined(NEED_SNPRINTF_PROTO) && defined(__cplusplus) +extern "C" int snprintf (char *, size_t, const char *, ...); +#endif + +#if defined(NEED_VSNPRINTF_PROTO) && defined(__cplusplus) +extern "C" int vsnprintf (char *, size_t, const char *, va_list); +#endif + +#ifdef HAVE_GETOPT_H +#include +#else +#ifndef HAVE_GETOPT_LONG_ONLY +#include "getopt.h" +#endif +#endif /* HAVE_GETOPT_H */ + +/* More Windows-specific stuff */ +#ifdef WIN32 + +#define WIN32_LEAN_AND_MEAN /* Whatever this means! From winclude.h*/ + +/* Apparently Windows doesn't have S_ISDIR */ +#ifndef S_ISDIR +#define S_ISDIR(m) (((m) & _S_IFMT) == _S_IFDIR) +#endif + +/* Windows doesn't have the access() defines */ +#ifndef F_OK +#define F_OK 00 +#endif +#ifndef W_OK +#define W_OK 02 +#endif +#ifndef R_OK +#define R_OK 04 +#endif + +/* wtf was ms thinking? */ +#define access _access +#define stat _stat +#define execve _execve +#define getpid _getpid +#define dup _dup +#define dup2 _dup2 +#define strdup _strdup +#define write _write +#define open _open +#define stricmp _stricmp +#define putenv _putenv +#define tzset _tzset + +#if !defined(__GNUC__) +#define snprintf _snprintf +#endif + +#define strcasecmp _stricmp +#define strncasecmp _strnicmp +#define execv _execv + +#endif /* WIN32 */ + +/* Apparently Windows doesn't like /dev/null */ +#ifdef WIN32 +#define DEVNULL "NUL" +#else +#define DEVNULL "/dev/null" +#endif + +#if defined(_MSC_VER) && !defined(__cplusplus) && !defined(inline) +#define inline __inline +#endif + +#if defined(__GNUC__) +#define NORETURN __attribute__((noreturn)) +#elif defined(_MSC_VER) +#define NORETURN __declspec(noreturn) +#else +#define NORETURN +#endif + + +static inline int checked_fd_isset(int fd, fd_set *fds) { +#ifndef WIN32 + if (fd >= FD_SETSIZE) { + fprintf(stderr, "Attempt to FD_ISSET fd %d, which is not less than " + "FD_SETSIZE (%d). Try using a lower parallelism.", + fd, FD_SETSIZE); + abort(); + } +#endif + return FD_ISSET(fd, fds); +} + +static inline void checked_fd_clr(int fd, fd_set *fds) { +#ifndef WIN32 + if (fd >= FD_SETSIZE) { + fprintf(stderr, "Attempt to FD_CLR fd %d, which is not less than " + "FD_SETSIZE (%d). Try using a lower parallelism.", + fd, FD_SETSIZE); + abort(); + } +#endif + FD_CLR(fd, fds); +} + +static inline void checked_fd_set(int fd, fd_set *fds) { +#ifndef WIN32 + if (fd >= FD_SETSIZE) { + fprintf(stderr, "Attempt to FD_SET fd %d, which is not less than " + "FD_SETSIZE (%d). Try using a lower parallelism.", + fd, FD_SETSIZE); + abort(); + } +#endif + FD_SET(fd, fds); +} + + +#ifdef __cplusplus +extern "C" { +#endif + + /* Returns the UNIX/Windows errno-equivalent. Note that the Windows + call is socket/networking specific. Also, WINDOWS TENDS TO RESET + THE ERROR, so it will return success the next time. So SAVE THE + RESULTS and re-use them, don't keep calling socket_errno(). The + windows error number returned is like WSAMSGSIZE, but nbase.h + includes #defines to correlate many of the common UNIX errors + with their closest Windows equivalents. So you can use EMSGSIZE + or EINTR. */ +int socket_errno(); + +/* We can't just use strerror to get socket errors on Windows because it has + its own set of error codes: WSACONNRESET not ECONNRESET for example. This + function will do the right thing on Windows. Call it like + socket_strerror(socket_errno()) +*/ +char *socket_strerror(int errnum); + +/* The usleep() function is important as well */ +#ifndef HAVE_USLEEP +#if defined( HAVE_NANOSLEEP) || defined(WIN32) +void usleep(unsigned long usec); +#endif +#endif + +/* localtime is not thread safe. This will use a thread safe alternative on + * supported platforms. */ +int n_localtime(const time_t *timer, struct tm *result); +int n_ctime(char *buffer, size_t bufsz, const time_t *timer); + +/***************** String functions -- See nbase_str.c ******************/ +/* I modified this conditional because !@# Redhat does not easily provide + the prototype even though the function exists */ +#if !defined(HAVE_STRCASESTR) || (defined(LINUX) && !defined(__USE_GNU) && !defined(_GNU_SOURCE)) +/* strcasestr is like strstr() except case insensitive */ +char *strcasestr(const char *haystack, const char *pneedle); +#endif + +#ifndef HAVE_STRCASECMP +int strcasecmp(const char *s1, const char *s2); +#endif + +#ifndef HAVE_STRNCASECMP +int strncasecmp(const char *s1, const char *s2, size_t n); +#endif + +#ifndef HAVE_GETTIMEOFDAY +int gettimeofday(struct timeval *tv, struct timeval *tz); +#endif + +#ifndef HAVE_SLEEP +unsigned int sleep(unsigned int seconds); +#endif + +/* Strncpy is like strcpy() except it ALWAYS zero-terminates, even if + it must truncate */ +int Strncpy(char *dest, const char *src, size_t n); + +int Vsnprintf(char *, size_t, const char *, va_list) + __attribute__ ((format (printf, 3, 0))); +int Snprintf(char *, size_t, const char *, ...) + __attribute__ ((format (printf, 3, 4))); + +char *mkstr(const char *start, const char *end); + +int alloc_vsprintf(char **strp, const char *fmt, va_list va) + __attribute__ ((format (printf, 2, 0))); + +char *escape_windows_command_arg(const char *arg); + +/* parse_long is like strtol or atoi, but it allows digits only. + No whitespace, sign, or radix prefix. */ +long parse_long(const char *s, char **tail); + +/* This function takes a byte count and stores a short ascii equivalent + in the supplied buffer. Eg: 0.122MB, 10.322Kb or 128B. */ +char *format_bytecount(unsigned long long bytes, char *buf, size_t buflen); + +/* Convert non-printable characters to replchar in the string */ +void replacenonprintable(char *str, int strlength, char replchar); + +/* Returns one if the file pathname given exists, is not a directory and + * is readable by the executing process. Returns two if it is readable + * and is a directory. Otherwise returns 0. */ +int file_is_readable(const char *pathname); + +/* Portable, incompatible replacements for dirname and basename. */ +char *path_get_dirname(const char *path); +char *path_get_basename(const char *path); + +/* A few simple wrappers for the most common memory allocation routines which will exit() if the + allocation fails, so you don't always have to check -- see nbase_memalloc.c */ +void *safe_malloc(size_t size); +void *safe_realloc(void *ptr, size_t size); +/* Zero-initializing version of safe_malloc */ +void *safe_zalloc(size_t size); + + /* Some routines for obtaining simple (not secure on systems that + lack /dev/random and friends' "random" numbers */ +int get_random_bytes(void *buf, int numbytes); +int get_random_int(); +unsigned short get_random_ushort(); +unsigned int get_random_uint(); +u64 get_random_u64(); +u32 get_random_u32(); +u16 get_random_u16(); +u8 get_random_u8(); +u32 get_random_unique_u32(); + +/* Create a new socket inheritable by subprocesses. On non-Windows systems it's + just a normal socket. */ +int inheritable_socket(int af, int style, int protocol); +/* The dup function on Windows works only on file descriptors, not socket + handles. This function accomplishes the same thing for sockets. */ +int dup_socket(int sd); +int unblock_socket(int sd); +int block_socket(int sd); +int socket_bindtodevice(int sd, const char *device); + +/* CRC32 Cyclic Redundancy Check */ +unsigned long nbase_crc32(unsigned char *buf, int len); +/* CRC32C Cyclic Redundancy Check (Castagnoli) */ +unsigned long nbase_crc32c(unsigned char *buf, int len); +/* Adler32 Checksum */ +unsigned long nbase_adler32(unsigned char *buf, int len); + +double tval2secs(const char *tspec); +long tval2msecs(const char *tspec); +const char *tval_unit(const char *tspec); + +int fselect(int s, fd_set *rmaster, fd_set *wmaster, fd_set *emaster, struct timeval *tv); + +char *hexdump(const u8 *cp, u32 length); + +char *executable_path(const char *argv0); + +/* addrset management functions and definitions */ +/* A set of addresses. Used to match against allow/deny lists. */ +struct addrset; + +void nbase_set_log(void (*log_user_func)(const char *, ...),void (*log_debug_func)(const char *, ...)); +struct addrset *addrset_new(); +extern void addrset_free(struct addrset *set); +extern void addrset_print(FILE *fp, const struct addrset *set); +extern int addrset_add_spec(struct addrset *set, const char *spec, int af, int dns); +extern int addrset_add_file(struct addrset *set, FILE *fd, int af, int dns); +extern int addrset_contains(const struct addrset *set, const struct sockaddr *sa); + +#ifndef STDIN_FILENO +#define STDIN_FILENO 0 +#endif + +#ifndef STDOUT_FILENO +#define STDOUT_FILENO 1 +#endif + +#ifndef STDERR_FILENO +#define STDERR_FILENO 2 +#endif + +#include "nbase_ipv6.h" + +#ifdef __cplusplus +} +#endif + +#endif /* NBASE_H */ diff --git a/include/DomainExec/nbase/nbase.vcxproj b/include/DomainExec/nbase/nbase.vcxproj new file mode 100644 index 00000000..8d640fc6 --- /dev/null +++ b/include/DomainExec/nbase/nbase.vcxproj @@ -0,0 +1,130 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Static + Win32 + + + + {B630C8F7-3138-43E8-89ED-78742FA2AC5F} + nbase + Win32Proj + + + + StaticLibrary + MultiByte + v120 + + + StaticLibrary + MultiByte + v120 + + + StaticLibrary + MultiByte + v120 + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.30319.1 + .\ + Debug\ + .\ + .\ + Release\ + Release\ + + + + Disabled + WIN32;_LIB;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + EditAndContinue + + + $(OutDir)nbase.lib + + + + + /D "_CRT_SECURE_NO_DEPRECATE" %(AdditionalOptions) + WIN32;_LIB;%(PreprocessorDefinitions) + + + Level3 + ProgramDatabase + + + $(OutDir)nbase.lib + + + + + /D "_CRT_SECURE_NO_DEPRECATE" %(AdditionalOptions) + WIN32;_LIB;%(PreprocessorDefinitions) + MultiThreaded + + + Level3 + ProgramDatabase + + + $(OutDir)nbase.lib + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/include/DomainExec/nbase/nbase_addrset.c b/include/DomainExec/nbase/nbase_addrset.c new file mode 100644 index 00000000..617386e1 --- /dev/null +++ b/include/DomainExec/nbase/nbase_addrset.c @@ -0,0 +1,1007 @@ +/*************************************************************************** + * nbase_addrset.c -- Address set (addrset) management. * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +/* The code in this file has tests in the file ncat/tests/test-addrset.sh. Run that + program after making any big changes. Also, please add tests for any new + features. */ + +#include /* CHAR_BIT */ +#include + +#include "nbase.h" + +/* A fancy logging system to allow this file to take advantage of different logging + systems used by various programs */ + +static void default_log_user(const char * a, ...){}; + +static void (*log_user)(const char *, ...) = default_log_user; + +static void default_log_debug(const char * a, ...){}; + +static void (*log_debug)(const char *, ...) = default_log_debug; + +void nbase_set_log(void (*log_user_func)(const char *, ...),void (*log_debug_func)(const char *, ...)){ + if (log_user_func == NULL) + log_user = default_log_user; + else + log_user = log_user_func; + if (log_debug_func == NULL) + log_debug = default_log_debug; + else + log_debug = log_debug_func; +} + +/* Node for a radix tree (trie) used to match certain addresses. + * Currently, only individual numeric IP and IPv6 addresses are matched using + * the trie. */ +struct trie_node { + /* The address prefix that this node represents. */ + u32 addr[4]; + /* The prefix mask. Bits in addr that are not within this mask are ignored. */ + u32 mask[4]; + /* Addresses with the next bit after the mask equal to 1 are on this branch. */ + struct trie_node *next_bit_one; + /* Addresses with the next bit after the mask equal to 0 are on this branch. */ + struct trie_node *next_bit_zero; +}; + +/* We use bit vectors to represent what values are allowed in an IPv4 octet. + Each vector is built up of an array of bitvector_t (any convenient integer + type). */ +typedef unsigned long bitvector_t; +/* A 256-element bit vector, representing legal values for one octet. */ +typedef bitvector_t octet_bitvector[(256 - 1) / (sizeof(unsigned long) * CHAR_BIT) + 1]; + +/* A chain of tests for set inclusion. If one test is passed, the address is in + the set. */ +struct addrset_elem { + struct { + /* A bit vector for each address octet. */ + octet_bitvector bits[4]; + } ipv4; + struct addrset_elem *next; +}; + +/* A set of addresses. Used to match against allow/deny lists. */ +struct addrset { + /* Linked list of struct addset_elem. */ + struct addrset_elem *head; + /* Radix tree for faster matching of certain cases */ + struct trie_node *trie; +}; + +/* Special node pointer to represent "all possible addresses" + * This will be used to represent netmask specifications. */ +static struct trie_node *TRIE_NODE_TRUE = NULL; + +struct addrset *addrset_new() +{ + struct addrset *set = (struct addrset *) safe_zalloc(sizeof(struct addrset)); + set->head = NULL; + /* We could simply allocate one byte to get a unique address, but this + * feels safer and is not too large. */ + if (TRIE_NODE_TRUE == NULL) { + TRIE_NODE_TRUE = (struct trie_node *) safe_zalloc(sizeof(struct trie_node)); + } + + /* Allocate the first node of the IPv4 trie */ + set->trie = (struct trie_node *) safe_zalloc(sizeof(struct trie_node)); + return set; +} + +static void trie_free(struct trie_node *curr) +{ + /* Since we descend only down one side, we at most accumulate one tree's-depth, or 128. + * Add 4 for safety to account for special root node and special empty stack position 0. + */ + struct trie_node *stack[128+4]; + int i = 1; + + while (i > 0 && curr != NULL && curr != TRIE_NODE_TRUE) { + /* stash next_bit_one */ + if (curr->next_bit_one != NULL && curr->next_bit_one != TRIE_NODE_TRUE) { + stack[i++] = curr->next_bit_one; + } + /* if next_bit_zero is valid, descend */ + if (curr->next_bit_zero != NULL && curr->next_bit_zero != TRIE_NODE_TRUE) { + curr = curr->next_bit_zero; + } + else { + /* next_bit_one was stashed, next_bit_zero is invalid. Free it and move back up the stack. */ + free(curr); + curr = stack[--i]; + } + } +} + +void addrset_free(struct addrset *set) +{ + struct addrset_elem *elem, *next; + + for (elem = set->head; elem != NULL; elem = next) { + next = elem->next; + free(elem); + } + + trie_free(set->trie); + free(set); +} + + +/* Public domain log2 function. https://graphics.stanford.edu/~seander/bithacks.html#IntegerLogLookup */ +static const char LogTable256[256] = { +#define LT(n) n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n + -1, 0, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, + LT(4), LT(5), LT(5), LT(6), LT(6), LT(6), LT(6), + LT(7), LT(7), LT(7), LT(7), LT(7), LT(7), LT(7), LT(7) +}; + +/* Returns a mask representing the common prefix between 2 values. */ +static u32 common_mask(u32 a, u32 b) +{ + u8 r; // r will be lg(v) + u32 t, tt; // temporaries + u32 v = a ^ b; + if (v == 0) { + /* values are equal, all bits are the same */ + return 0xffffffff; + } + + if ((tt = v >> 16)) + { + r = (t = tt >> 8) ? 24 + LogTable256[t] : 16 + LogTable256[tt]; + } + else + { + r = (t = v >> 8) ? 8 + LogTable256[t] : LogTable256[v]; + } + if (r + 1 >= 32) { + /* shifting this many bits would overflow. Just return max mask */ + return 0; + } + else { + return ~((1 << (r + 1)) - 1); + } +} + +/* Given a mask and a value, return the value of the bit immediately following + * the masked bits. */ +static u32 next_bit_is_one(u32 mask, u32 value) { + if (mask == 0) { + /* no masked bits, check the first bit. */ + return (0x80000000 & value); + } + else if (mask == 0xffffffff) { + /* Imaginary bit off the end we will say is 0 */ + return 0; + } + /* isolate the bit by overlapping the mask with its inverse */ + return ((mask >> 1) & ~mask) & value; +} + +/* Given a mask and an address, return true if the first unmasked bit is one */ +static u32 addr_next_bit_is_one(const u32 *mask, const u32 *addr) { + u32 curr_mask; + u8 i; + for (i = 0; i < 4; i++) { + curr_mask = mask[i]; + if (curr_mask < 0xffffffff) { + /* Only bother checking the first not-completely-masked portion of the address */ + return next_bit_is_one(curr_mask, addr[i]); + } + } + /* Mask must be all ones, meaning that the next bit is off the end, and clearly not 1. */ + return 0; +} + +/* Return true if the masked portion of a and b is identical */ +static int mask_matches(u32 mask, u32 a, u32 b) +{ + return !(mask & (a ^ b)); +} + +/* Apply a mask and check if 2 addresses are equal */ +static int addr_matches(const u32 *mask, const u32 *sa, const u32 *sb) +{ + u32 curr_mask; + u8 i; + for (i = 0; i < 4; i++) { + curr_mask = mask[i]; + if (curr_mask == 0) { + /* No more applicable bits */ + break; + } + else if (!mask_matches(curr_mask, sa[i], sb[i])) { + /* Doesn't match. */ + return 0; + } + } + /* All applicable bits match. */ + return 1; +} + +/* Helper function to allocate and initialize a new node */ +static struct trie_node *new_trie_node(const u32 *addr, const u32 *mask) +{ + u8 i; + struct trie_node *new_node = (struct trie_node *) safe_zalloc(sizeof(struct trie_node)); + for (i=0; i < 4; i++) { + new_node->addr[i] = addr[i]; + new_node->mask[i] = mask[i]; + } + /* New nodes default to matching true. Override if not. */ + new_node->next_bit_one = new_node->next_bit_zero = TRIE_NODE_TRUE; + return new_node; +} + +/* Split a node into 2: one that matches the greatest common prefix with addr + * and one that does not. */ +static void trie_split (struct trie_node *this, const u32 *addr) +{ + struct trie_node *new_node; + u32 new_mask[4] = {0,0,0,0}; + u8 i; + /* Calculate the mask of the common prefix */ + for (i=0; i < 4; i++) { + new_mask[i] = common_mask(this->addr[i], addr[i]); + if (new_mask[i] < 0xffffffff) { + break; + } + } + /* Make a copy of this node to continue matching what it has been */ + new_node = new_trie_node(this->addr, this->mask); + new_node->next_bit_one = this->next_bit_one; + new_node->next_bit_zero = this->next_bit_zero; + /* Adjust this node to the smaller mask */ + for (i=0; i < 4; i++) { + this->mask[i] = new_mask[i]; + } + /* Put the new node on the appropriate branch */ + if (addr_next_bit_is_one(this->mask, this->addr)) { + this->next_bit_one = new_node; + this->next_bit_zero = NULL; + } + else { + this->next_bit_zero = new_node; + this->next_bit_one = NULL; + } +} + +/* Helper for address insertion */ +static void _trie_insert (struct trie_node *this, const u32 *addr, const u32 *mask) +{ + u8 i; + while (this != NULL && this != TRIE_NODE_TRUE) { + if (addr_matches(this->mask, this->addr, addr)) { + if (1 & this->mask[3]) { + /* 1. end of address: duplicate. return; */ + return; + } + } + else { + /* Split the netmask to ensure a match */ + trie_split(this, addr); + } + + for (i=0; i < 4; i++) { + if (this->mask[i] > mask[i]) { + /* broader mask, truncate this one */ + this->mask[i] = mask[i]; + for (; i < 4; i++) { + this->mask[i] = 0; + } + /* The longer mask is superseded. Delete following nodes. */ + trie_free(this->next_bit_one); + trie_free(this->next_bit_zero); + /* Anything below here will always match. */ + this->next_bit_one = this->next_bit_zero = TRIE_NODE_TRUE; + return; + } + } + + if (addr_next_bit_is_one(this->mask, addr)) { + /* next bit is one: insert on the one branch */ + if (this->next_bit_one == NULL) { + /* Previously unmatching branch, always the case when splitting */ + this->next_bit_one = new_trie_node(addr, mask); + return; + } + else { + this = this->next_bit_one; + } + } + else { + /* next bit is zero: insert on the zero branch */ + if (this->next_bit_zero == NULL) { + /* Previously unmatching branch, always the case when splitting */ + this->next_bit_zero = new_trie_node(addr, mask); + return; + } + else { + this = this->next_bit_zero; + } + } + } +} + +/* Helper function to turn a sockaddr into an array of u32, used internally */ +static int sockaddr_to_addr(const struct sockaddr *sa, u32 *addr) +{ + if (sa->sa_family == AF_INET) { + /* IPv4-mapped IPv6 address */ + addr[0] = addr[1] = 0; + addr[2] = 0xffff; + addr[3] = ntohl(((struct sockaddr_in *) sa)->sin_addr.s_addr); + } +#ifdef HAVE_IPV6 + else if (sa->sa_family == AF_INET6) { + u8 i; + unsigned char *addr6 = ((struct sockaddr_in6 *) sa)->sin6_addr.s6_addr; + for (i=0; i < 4; i++) { + addr[i] = (addr6[i*4] << 24) + (addr6[i*4+1] << 16) + (addr6[i*4+2] << 8) + addr6[i*4+3]; + } + } +#endif + else { + return 0; + } + return 1; +} + +static int sockaddr_to_mask (const struct sockaddr *sa, int bits, u32 *mask) +{ + int i, k; + if (bits >= 0) { + if (sa->sa_family == AF_INET) { + bits += 96; + } +#ifdef HAVE_IPV6 + else if (sa->sa_family == AF_INET6) { + ; /* do nothing */ + } +#endif + else { + return 0; + } + } + else + bits = 128; + k = bits / 32; + for (i=0; i < 4; i++) { + if (i < k) { + mask[i] = 0xffffffff; + } + else if (i > k) { + mask[i] = 0; + } + else { + mask[i] = 0xfffffffe << (31 - bits % 32); + } + } + return 1; +} + +/* Insert a sockaddr into the trie */ +static void trie_insert (struct trie_node *this, const struct sockaddr *sa, int bits) +{ + u32 addr[4] = {0}; + u32 mask[4] = {0}; + if (!sockaddr_to_addr(sa, addr)) { + log_debug("Unknown address family %u, address not inserted.\n", sa->sa_family); + return; + } + if (!sockaddr_to_mask(sa, bits, mask)) { + log_debug("Bad netmask length %d for address family %u, address not inserted.\n", bits, sa->sa_family); + return; + } + /* First node doesn't have a mask or address of its own; we have to check the + * first bit manually. */ + if (0x80000000 & addr[0]) { + /* First bit is 1, so insert on ones branch */ + if (this->next_bit_one == NULL) { + /* Empty branch, just add it. */ + this->next_bit_one = new_trie_node(addr, mask); + return; + } + _trie_insert(this->next_bit_one, addr, mask); + } + else { + /* First bit is 0, so insert on zeros branch */ + if (this->next_bit_zero == NULL) { + /* Empty branch, just add it. */ + this->next_bit_zero = new_trie_node(addr, mask); + return; + } + _trie_insert(this->next_bit_zero, addr, mask); + } +} + +/* Helper for matching addresses */ +static int _trie_match (const struct trie_node *this, const u32 *addr) +{ + while (this != TRIE_NODE_TRUE && this != NULL + && addr_matches(this->mask, this->addr, addr)) { + if (1 & this->mask[3]) { + /* We've matched all possible bits! Yay! */ + return 1; + } + else if (addr_next_bit_is_one(this->mask, addr)) { + this = this->next_bit_one; + } + else { + this = this->next_bit_zero; + } + } + if (this == TRIE_NODE_TRUE) { + return 1; + } + return 0; +} + +static int trie_match (const struct trie_node *this, const struct sockaddr *sa) +{ + u32 addr[4] = {0}; + if (!sockaddr_to_addr(sa, addr)) { + log_debug("Unknown address family %u, cannot match.\n", sa->sa_family); + return 0; + } + /* Manually check first bit to decide which branch to match against */ + if (0x80000000 & addr[0]) { + return _trie_match(this->next_bit_one, addr); + } + else { + return _trie_match(this->next_bit_zero, addr); + } + return 0; +} + +/* A debugging function to print out the contents of an addrset_elem. For IPv4 + this is the four bit vectors. For IPv6 it is the address and netmask. */ +static void addrset_elem_print(FILE *fp, const struct addrset_elem *elem) +{ + const size_t num_bitvector = sizeof(octet_bitvector) / sizeof(bitvector_t); + int i; + size_t j; + + for (i = 0; i < 4; i++) { + for (j = 0; j < num_bitvector; j++) + fprintf(fp, "%0*lX ", (int) (sizeof(bitvector_t) * 2), elem->ipv4.bits[i][num_bitvector - 1 - j]); + fprintf(fp, "\n"); + } +} + +void addrset_print(FILE *fp, const struct addrset *set) +{ + const struct addrset_elem *elem; + for (elem = set->head; elem != NULL; elem = elem->next) { + fprintf(fp, "addrset_elem: %p\n", elem); + addrset_elem_print(fp, elem); + } +} + +/* This is a wrapper around getaddrinfo that automatically handles hints for + IPv4/IPv6, TCP/UDP, and whether name resolution is allowed. */ +static int resolve_name(const char *name, struct addrinfo **result, int af, int use_dns) +{ + struct addrinfo hints = { 0 }; + int rc; + + hints.ai_protocol = IPPROTO_TCP; + + /* First do a non-DNS lookup for any address family (just checks for a valid + numeric address). We recognize numeric addresses no matter the setting of + af. This is also the last step if use_dns is false. */ + hints.ai_flags |= AI_NUMERICHOST; + hints.ai_family = AF_UNSPEC; + *result = NULL; + rc = getaddrinfo(name, NULL, &hints, result); + if (rc == 0 || !use_dns) + return rc; + + /* Do a DNS lookup now. When we look up a name we only want addresses + corresponding to the value of af. */ + hints.ai_flags &= ~AI_NUMERICHOST; + hints.ai_family = af; + *result = NULL; + rc = getaddrinfo(name, NULL, &hints, result); + + return rc; +} + +/* This is an address family-agnostic version of inet_ntop. */ +static char *address_to_string(const struct sockaddr *sa, size_t sa_len, + char *buf, size_t len) +{ + getnameinfo(sa, sa_len, buf, len, NULL, 0, NI_NUMERICHOST); + + return buf; +} + +/* Break an IPv4 address into an array of octets. octets[0] contains the most + significant octet and octets[3] the least significant. */ +static void in_addr_to_octets(const struct in_addr *ia, uint8_t octets[4]) +{ + u32 hbo = ntohl(ia->s_addr); + + octets[0] = (uint8_t) ((hbo & (0xFFU << 24)) >> 24); + octets[1] = (uint8_t) ((hbo & (0xFFU << 16)) >> 16); + octets[2] = (uint8_t) ((hbo & (0xFFU << 8)) >> 8); + octets[3] = (uint8_t) (hbo & 0xFFU); +} + +#define BITVECTOR_BITS (sizeof(bitvector_t) * CHAR_BIT) +#define BIT_SET(v, n) ((v)[(n) / BITVECTOR_BITS] |= 1UL << ((n) % BITVECTOR_BITS)) +#define BIT_IS_SET(v, n) (((v)[(n) / BITVECTOR_BITS] & 1UL << ((n) % BITVECTOR_BITS)) != 0) + +static int parse_ipv4_ranges(struct addrset_elem *elem, const char *spec); +static void apply_ipv4_netmask_bits(struct addrset_elem *elem, int bits); + +/* Add a host specification into the address set. Returns 1 on success, 0 on + error. */ +int addrset_add_spec(struct addrset *set, const char *spec, int af, int dns) +{ + char *local_spec; + char *netmask_s; + char *tail; + long netmask_bits; + struct addrinfo *addrs, *addr; + struct addrset_elem *elem; + int rc; + + /* Make a copy of the spec to mess with. */ + local_spec = strdup(spec); + if (local_spec == NULL) + return 0; + + /* Read the CIDR netmask bits, if present. */ + netmask_s = strchr(local_spec, '/'); + if (netmask_s == NULL) { + /* A negative value means unspecified; default depends on the address + family. */ + netmask_bits = -1; + } else { + *netmask_s = '\0'; + netmask_s++; + errno = 0; + netmask_bits = parse_long(netmask_s, &tail); + if (errno != 0 || *tail != '\0' || tail == netmask_s) { + log_user("Error parsing netmask in \"%s\".\n", spec); + free(local_spec); + return 0; + } + } + + /* See if it's a plain IP address */ + rc = resolve_name(local_spec, &addrs, af, 0); + if (rc == 0 && addrs != NULL) { + /* Add all addresses to the trie */ + for (addr = addrs; addr != NULL; addr = addr->ai_next) { + char addr_string[128]; + if ((addr->ai_family == AF_INET && netmask_bits > 32) +#ifdef HAVE_IPV6 + || (addr->ai_family == AF_INET6 && netmask_bits > 128) +#endif + ) { + log_user("Illegal netmask in \"%s\". Must be smaller than address bit length.\n", spec); + free(local_spec); + freeaddrinfo(addrs); + return 0; + } + address_to_string(addr->ai_addr, addr->ai_addrlen, addr_string, sizeof(addr_string)); + trie_insert(set->trie, addr->ai_addr, netmask_bits); + log_debug("Add IP %s/%d to addrset (trie).\n", addr_string, netmask_bits); + } + free(local_spec); + freeaddrinfo(addrs); + return 1; + } + + elem = (struct addrset_elem *) safe_malloc(sizeof(*elem)); + memset(elem->ipv4.bits, 0, sizeof(elem->ipv4.bits)); + + /* Check if this is an IPv4 address, with optional ranges and wildcards. */ + if (parse_ipv4_ranges(elem, local_spec)) { + if (netmask_bits > 32) { + log_user("Illegal netmask in \"%s\". Must be between 0 and 32.\n", spec); + free(local_spec); + free(elem); + return 0; + } + apply_ipv4_netmask_bits(elem, netmask_bits); + log_debug("Add IPv4 range %s/%ld to addrset.\n", local_spec, netmask_bits > 0 ? netmask_bits : 32); + elem->next = set->head; + set->head = elem; + free(local_spec); + return 1; + } else { + free(elem); + } + + /* When all else fails, resolve the name. */ + rc = resolve_name(local_spec, &addrs, af, dns); + if (rc != 0) { + log_user("Error resolving name \"%s\": %s\n", local_spec, gai_strerror(rc)); + free(local_spec); + return 0; + } + if (addrs == NULL) + log_user("Warning: no addresses found for %s.\n", local_spec); + free(local_spec); + + /* Walk the list of addresses and add them all to the set with netmasks. */ + for (addr = addrs; addr != NULL; addr = addr->ai_next) { + char addr_string[128]; + + address_to_string(addr->ai_addr, addr->ai_addrlen, addr_string, sizeof(addr_string)); + + /* Note: it is possible that in this loop we are dealing with addresses + of more than one family (e.g., IPv4 and IPv6). But we have at most + one netmask value for all of them. Whatever netmask we have is + applied blindly to whatever addresses there are, which may not be + what you want if a /24 is applied to IPv6 and will cause an error if + a /120 is applied to IPv4. */ + if (addr->ai_family == AF_INET) { + + if (netmask_bits > 32) { + log_user("Illegal netmask in \"%s\". Must be between 0 and 32.\n", spec); + freeaddrinfo(addrs); + return 0; + } + log_debug("Add IPv4 %s/%ld to addrset (trie).\n", addr_string, netmask_bits > 0 ? netmask_bits : 32); + +#ifdef HAVE_IPV6 + } else if (addr->ai_family == AF_INET6) { + if (netmask_bits > 128) { + log_user("Illegal netmask in \"%s\". Must be between 0 and 128.\n", spec); + freeaddrinfo(addrs); + return 0; + } + log_debug("Add IPv6 %s/%ld to addrset (trie).\n", addr_string, netmask_bits > 0 ? netmask_bits : 128); +#endif + } else { + log_debug("ignoring address %s for %s. Family %d socktype %d protocol %d.\n", addr_string, spec, addr->ai_family, addr->ai_socktype, addr->ai_protocol); + continue; + } + + trie_insert(set->trie, addr->ai_addr, netmask_bits); + } + + if (addrs != NULL) + freeaddrinfo(addrs); + + return 1; +} + +/* Add whitespace-separated host specifications from fd into the address set. + Returns 1 on success, 0 on error. */ +int addrset_add_file(struct addrset *set, FILE *fd, int af, int dns) +{ + char buf[1024]; + int c, i; + + for (;;) { + /* Skip whitespace. */ + while ((c = getc(fd)) != EOF) { + if (!isspace(c)) + break; + } + if (c == EOF) + break; + ungetc(c, fd); + + i = 0; + while ((c = getc(fd)) != EOF) { + if (isspace(c)) + break; + if (i + 1 > sizeof(buf) - 1) { + /* Truncate the specification to give a little context. */ + buf[11] = '\0'; + log_user("Host specification starting with \"%s\" is too long.\n", buf); + return 0; + } + buf[i++] = c; + } + buf[i] = '\0'; + + if (!addrset_add_spec(set, buf, af, dns)) + return 0; + } + + return 1; +} + +/* Parse an IPv4 address with optional ranges and wildcards into bit vectors. + Each octet must match the regular expression '(\*|#?(-#?)?(,#?(-#?)?)*)', + where '#' stands for an integer between 0 and 255. Return 1 on success, 0 on + error. */ +static int parse_ipv4_ranges(struct addrset_elem *elem, const char *spec) +{ + const char *p; + int octet_index, i; + + p = spec; + octet_index = 0; + while (*p != '\0' && octet_index < 4) { + if (*p == '*') { + for (i = 0; i < 256; i++) + BIT_SET(elem->ipv4.bits[octet_index], i); + p++; + } else { + for (;;) { + long start, end; + char *tail; + + errno = 0; + start = parse_long(p, &tail); + /* Is this a range open on the left? */ + if (tail == p) { + if (*p == '-') + start = 0; + else + return 0; + } + if (errno != 0 || start < 0 || start > 255) + return 0; + p = tail; + + /* Look for a range. */ + if (*p == '-') { + p++; + errno = 0; + end = parse_long(p, &tail); + /* Is this range open on the right? */ + if (tail == p) + end = 255; + if (errno != 0 || end < 0 || end > 255 || end < start) + return 0; + p = tail; + } else { + end = start; + } + + /* Fill in the range in the bit vector. */ + for (i = start; i <= end; i++) + BIT_SET(elem->ipv4.bits[octet_index], i); + + if (*p != ',') + break; + p++; + } + } + octet_index++; + if (octet_index < 4) { + if (*p != '.') + return 0; + p++; + } + } + if (*p != '\0' || octet_index < 4) + return 0; + + return 1; +} + +/* Expand a single-octet bit vector to include any additional addresses that + result when mask is applied. */ +static void apply_ipv4_netmask_octet(octet_bitvector bits, uint8_t mask) +{ + unsigned int i, j; + uint32_t chunk_size; + + /* Process the bit vector in chunks, first of size 1, then of size 2, up to + size 128. Check the next bit of the mask. If it is 1, do nothing. + Otherwise, pair up the chunks (first with the second, third with the + fourth, etc.). For each pair of chunks, set a bit in one chunk if it is + set in the other. chunk_size also serves as an index into the mask. */ + for (chunk_size = 1; chunk_size < 256; chunk_size <<= 1) { + if ((mask & chunk_size) != 0) + continue; + for (i = 0; i < 256; i += chunk_size * 2) { + for (j = 0; j < chunk_size; j++) { + if (BIT_IS_SET(bits, i + j)) + BIT_SET(bits, i + j + chunk_size); + else if (BIT_IS_SET(bits, i + j + chunk_size)) + BIT_SET(bits, i + j); + } + } + } +} + +/* Expand an addrset_elem's IPv4 bit vectors to include any additional addresses + that result when the given netmask is applied. The mask is in network byte + order. */ +static void apply_ipv4_netmask(struct addrset_elem *elem, uint32_t mask) +{ + mask = ntohl(mask); + /* Apply the mask one octet at a time. It's done this way because ranges + span exactly one octet. */ + apply_ipv4_netmask_octet(elem->ipv4.bits[0], (mask & 0xFF000000) >> 24); + apply_ipv4_netmask_octet(elem->ipv4.bits[1], (mask & 0x00FF0000) >> 16); + apply_ipv4_netmask_octet(elem->ipv4.bits[2], (mask & 0x0000FF00) >> 8); + apply_ipv4_netmask_octet(elem->ipv4.bits[3], (mask & 0x000000FF)); +} + +/* Expand an addrset_elem's IPv4 bit vectors to include any additional addresses + that result from the application of a CIDR-style netmask with the given + number of bits. If bits is negative it is taken to be 32. */ +static void apply_ipv4_netmask_bits(struct addrset_elem *elem, int bits) +{ + uint32_t mask; + + if (bits > 32) + return; + if (bits < 0) + bits = 32; + + if (bits == 0) + mask = htonl(0x00000000); + else + mask = htonl(0xFFFFFFFF << (32 - bits)); + apply_ipv4_netmask(elem, mask); +} + +static int match_ipv4_bits(const octet_bitvector bits[4], const struct sockaddr *sa) +{ + uint8_t octets[4]; + + if (sa->sa_family != AF_INET) + return 0; + + in_addr_to_octets(&((const struct sockaddr_in *) sa)->sin_addr, octets); + + return BIT_IS_SET(bits[0], octets[0]) + && BIT_IS_SET(bits[1], octets[1]) + && BIT_IS_SET(bits[2], octets[2]) + && BIT_IS_SET(bits[3], octets[3]); +} + +static int addrset_elem_match(const struct addrset_elem *elem, const struct sockaddr *sa) +{ + return match_ipv4_bits(elem->ipv4.bits, sa); +} + +int addrset_contains(const struct addrset *set, const struct sockaddr *sa) +{ + struct addrset_elem *elem; + + /* First check the trie. */ + if (trie_match(set->trie, sa)) + return 1; + + /* If that didn't match, check the rest of the addrset_elem in order */ + if (sa->sa_family == AF_INET) { + for (elem = set->head; elem != NULL; elem = elem->next) { + if (addrset_elem_match(elem, sa)) + return 1; + } + } + + return 0; +} diff --git a/include/DomainExec/nbase/nbase_addrset.h b/include/DomainExec/nbase/nbase_addrset.h new file mode 100644 index 00000000..ec831da7 --- /dev/null +++ b/include/DomainExec/nbase/nbase_addrset.h @@ -0,0 +1,179 @@ +/*************************************************************************** + * nbase_addrset.h * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef _NBASE_ADDRSET_H +#define _NBASE_ADDRSET_H + +//#define HAVE_IPV6 1 +#include +#include +#include +#include +#include +#include +#ifndef WIN32 +#include +#endif + +#include "nbase.h" + +/* We use bit vectors to represent what values are allowed in an IPv4 octet. + Each vector is built up of an array of bitvector_t (any convenient integer + type). */ +typedef unsigned long bitvector_t; +/* A 256-element bit vector, representing legal values for one octet. */ +typedef bitvector_t octet_bitvector[(256 - 1) / (sizeof(unsigned long) * CHAR_BIT) + 1]; + +enum addrset_elem_type { + ADDRSET_TYPE_IPV4_BITVECTOR, +#ifdef HAVE_IPV6 + ADDRSET_TYPE_IPV6_NETMASK, +#endif +}; + +/* A chain of tests for set inclusion. If one test is passed, the address is in + the set. */ +struct addrset_elem { + enum addrset_elem_type type; + union { + struct { + /* A bit vector for each address octet. */ + octet_bitvector bits[4]; + } ipv4; +#ifdef HAVE_IPV6 + struct { + struct in6_addr addr; + struct in6_addr mask; + } ipv6; +#endif + } u; + struct addrset_elem *next; +}; + +#endif diff --git a/include/DomainExec/nbase/nbase_config.h.in b/include/DomainExec/nbase/nbase_config.h.in new file mode 100644 index 00000000..bcca04f6 --- /dev/null +++ b/include/DomainExec/nbase/nbase_config.h.in @@ -0,0 +1,276 @@ + +/*************************************************************************** + * nbase_config.h.in -- Autoconf uses this template, combined with the * + * configure script knowledge about system capabilities, to build the * + * nbase_config.h file that lets nbase (and libraries that call it) better * + * understand system particulars. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ +#ifndef NBASE_CONFIG_H +#define NBASE_CONFIG_H + +#undef HAVE_USLEEP + +#undef HAVE_NANOSLEEP + +#undef HAVE_STRUCT_ICMP + +#undef HAVE_IP_IP_SUM + +#undef inline + +#undef STDC_HEADERS + +#undef HAVE_STRING_H + +#undef HAVE_NETDB_H + +#undef HAVE_GETOPT_H + +#undef HAVE_UNISTD_H + +#undef HAVE_STRINGS_H + +#undef HAVE_BSTRING_H + +#undef WORDS_BIGENDIAN + +#undef HAVE_MEMORY_H + +#undef HAVE_LIBIBERTY_H + +#undef HAVE_FCNTL_H + +#undef HAVE_ERRNO_H + +/* both bzero() and memcpy() are used in the source */ +#undef HAVE_BZERO +#undef HAVE_MEMCPY +#undef HAVE_STRERROR + +#undef HAVE_SYS_PARAM_H + +#undef HAVE_SYS_SELECT_H + +#undef HAVE_SYS_SOCKIO_H + +#undef HAVE_SYS_SOCKET_H + +#undef HAVE_SYS_WAIT_H + +#undef HAVE_NET_IF_H + +#undef BSD_NETWORKING + +#undef HAVE_STRCASESTR + +#undef HAVE_STRCASECMP + +#undef HAVE_STRNCASECMP + +#undef HAVE_GETTIMEOFDAY + +#undef HAVE_SLEEP + +#undef HAVE_SIGNAL + +#undef HAVE_GETOPT + +#undef HAVE_GETOPT_LONG_ONLY + +#undef HAVE_SOCKADDR_SA_LEN + +#undef HAVE_NETINET_IF_ETHER_H + +#undef HAVE_NETINET_IN_H + +#undef HAVE_SYS_TIME_H + +#undef PWD_H + +#undef HAVE_ARPA_INET_H + +#undef HAVE_SYS_RESOURCE_H + +#undef HAVE_INTTYPES_H + +#undef HAVE_MACH_O_DYLD_H + +#undef HAVE_SYS_STAT_H + +#undef SPRINTF_RETURNS_STRING + +#undef STUPID_SOLARIS_CHECKSUM_BUG + +/* IPv6 stuff */ +#undef HAVE_IPV6 +#undef HAVE_AF_INET6 +#undef HAVE_SOCKADDR_IN6 +#undef HAVE_SOCKADDR_STORAGE +#undef HAVE_GETADDRINFO +#undef HAVE_GAI_STRERROR +#undef HAVE_GETNAMEINFO +#undef HAVE_INET_NTOP +#undef HAVE_INET_PTON + +#undef int8_t +#undef int16_t +#undef int32_t +#undef int64_t +#undef uint8_t +#undef uint16_t +#undef uint32_t +#undef uint64_t + +#undef HAVE_SNPRINTF +#undef HAVE_VASNPRINTF +#undef HAVE_ASPRINTF +#undef HAVE_VASPRINTF +#undef HAVE_VFPRINTF +#undef HAVE_VSNPRINTF +#undef NEED_SNPRINTF_PROTO +#undef NEED_VSNPRINTF_PROTO + +/* define if your compiler has __attribute__ */ +#undef HAVE___ATTRIBUTE__ + +#undef HAVE_OPENSSL + +#undef HAVE_PROC_SELF_EXE + +#undef LINUX +#undef FREEBSD +#undef OPENBSD +#undef SOLARIS +#undef SUNOS +#undef BSDI +#undef IRIX +#undef HPUX +#undef NETBSD + +#endif /* NBASE_CONFIG_H */ diff --git a/include/DomainExec/nbase/nbase_crc32ct.h b/include/DomainExec/nbase/nbase_crc32ct.h new file mode 100644 index 00000000..ec366ed9 --- /dev/null +++ b/include/DomainExec/nbase/nbase_crc32ct.h @@ -0,0 +1,206 @@ + +/*************************************************************************** + * nbase_crc32ct.h -- CRC-32C (Castagnoli) table definitions. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NBASE_CRC32CT_H +#define NBASE_CRC32CT_H + +#define CRC32C_POLY 0x1EDC6F41 +#define CRC32C(c,d) (c=(c>>8)^crc_c[(c^(d))&0xFF]) + +static unsigned long crc_c[256] = { +0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L, +0xC79A971FL, 0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL, +0x8AD958CFL, 0x78B2DBCCL, 0x6BE22838L, 0x9989AB3BL, +0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L, 0x5E133C24L, +0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL, +0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L, +0x9A879FA0L, 0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L, +0x5D1D08BFL, 0xAF768BBCL, 0xBC267848L, 0x4E4DFB4BL, +0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L, 0x33ED7D2AL, +0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L, +0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L, +0x6DFE410EL, 0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL, +0x30E349B1L, 0xC288CAB2L, 0xD1D83946L, 0x23B3BA45L, +0xF779DEAEL, 0x05125DADL, 0x1642AE59L, 0xE4292D5AL, +0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL, +0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L, +0x417B1DBCL, 0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L, +0x86E18AA3L, 0x748A09A0L, 0x67DAFA54L, 0x95B17957L, +0xCBA24573L, 0x39C9C670L, 0x2A993584L, 0xD8F2B687L, +0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L, +0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L, +0x96BF4DCCL, 0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L, +0xDBFC821CL, 0x2997011FL, 0x3AC7F2EBL, 0xC8AC71E8L, +0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L, 0x0F36E6F7L, +0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L, +0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L, +0xEB1FCBADL, 0x197448AEL, 0x0A24BB5AL, 0xF84F3859L, +0x2C855CB2L, 0xDEEEDFB1L, 0xCDBE2C45L, 0x3FD5AF46L, +0x7198540DL, 0x83F3D70EL, 0x90A324FAL, 0x62C8A7F9L, +0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L, +0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L, +0x3CDB9BDDL, 0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L, +0x82F63B78L, 0x709DB87BL, 0x63CD4B8FL, 0x91A6C88CL, +0x456CAC67L, 0xB7072F64L, 0xA457DC90L, 0x563C5F93L, +0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L, +0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL, +0x92A8FC17L, 0x60C37F14L, 0x73938CE0L, 0x81F80FE3L, +0x55326B08L, 0xA759E80BL, 0xB4091BFFL, 0x466298FCL, +0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL, 0x0B21572CL, +0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L, +0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L, +0x65D122B9L, 0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL, +0x2892ED69L, 0xDAF96E6AL, 0xC9A99D9EL, 0x3BC21E9DL, +0xEF087A76L, 0x1D63F975L, 0x0E330A81L, 0xFC588982L, +0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL, +0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L, +0x38CC2A06L, 0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L, +0xFF56BD19L, 0x0D3D3E1AL, 0x1E6DCDEEL, 0xEC064EEDL, +0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L, 0xD0DDD530L, +0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL, +0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL, +0x8ECEE914L, 0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L, +0xD3D3E1ABL, 0x21B862A8L, 0x32E8915CL, 0xC083125FL, +0x144976B4L, 0xE622F5B7L, 0xF5720643L, 0x07198540L, +0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L, +0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL, +0xE330A81AL, 0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL, +0x24AA3F05L, 0xD6C1BC06L, 0xC5914FF2L, 0x37FACCF1L, +0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L, 0x7AB90321L, +0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL, +0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L, +0x34F4F86AL, 0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL, +0x79B737BAL, 0x8BDCB4B9L, 0x988C474DL, 0x6AE7C44EL, +0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L, 0xAD7D5351L, +}; + +#endif /* NBASE_CRC32CT_H */ + diff --git a/include/DomainExec/nbase/nbase_ipv6.h b/include/DomainExec/nbase/nbase_ipv6.h new file mode 100644 index 00000000..cff64d91 --- /dev/null +++ b/include/DomainExec/nbase/nbase_ipv6.h @@ -0,0 +1,284 @@ + +/*************************************************************************** + * nbase_ipv6.h -- IPv6 portability classes and structures These were * + * written by fyodor@nmap.org . * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NBASE_IPV6_H +#define NBASE_IPV6_H + +#ifdef __amigaos__ +#ifndef _NMAP_AMIGAOS_H_ +#include "../nmap_amigaos.h" +#endif +#endif + +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_SOCKET_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_ARPA_INET_H +#include +#endif + +#ifndef HAVE_AF_INET6 +#define AF_INET6 10 +#define PF_INET6 10 +#endif /* HAVE_AF_INET6 */ +#ifndef HAVE_INET_PTON +/* int + * inet_pton(af, src, dst) + * convert from presentation format (which usually means ASCII printable) + * to network format (which is usually some kind of binary format). + * return: + * 1 if the address was valid for the specified address family + * 0 if the address wasn't valid (`dst' is untouched in this case) + * -1 if some other error occurred (`dst' is untouched in this case, too) + * author: + * Paul Vixie, 1996. + */ +int inet_pton(int af, const char *src, void *dst); +#endif /* HAVE_INET_PTON */ + +#ifndef HAVE_INET_NTOP +/* char * + * inet_ntop(af, src, dst, size) + * convert a network format address to presentation format. + * return: + * pointer to presentation format address (`dst'), or NULL (see errno). + * author: + * Paul Vixie, 1996. + */ +const char *inet_ntop(int af, const void *src, char *dst, size_t size); +#endif /* HAVE_INET_NTOP */ + +#ifndef HAVE_SOCKADDR_STORAGE +struct sockaddr_storage { + u16 ss_family; + u16 __align_to_64[3]; + u64 __padding[16]; +}; +#endif /* SOCKADDR_STORAGE */ + +/* Compares two sockaddr_storage structures with a return value like strcmp. + First the address families are compared, then the addresses if the families + are equal. The structures must be real full-length sockaddr_storage + structures, not something shorter like sockaddr_in. */ +int sockaddr_storage_cmp(const struct sockaddr_storage *a, + const struct sockaddr_storage *b); + +/* Does sockaddr_storage_cmp(a, b) == 0 for you. */ +int sockaddr_storage_equal(const struct sockaddr_storage *a, + const struct sockaddr_storage *b); + +/* This function is an easier version of inet_ntop because you don't + need to pass a dest buffer. Instead, it returns a static buffer that + you can use until the function is called again (by the same or another + thread in the process). If there is a weird error (like sslen being + too short) then NULL will be returned. */ +const char *inet_ntop_ez(const struct sockaddr_storage *ss, size_t sslen); + + +#if !HAVE_GETNAMEINFO || !HAVE_GETADDRINFO +#if !defined(EAI_MEMORY) +#define EAI_ADDRFAMILY 1 /* address family for hostname not supported */ +#define EAI_AGAIN 2 /* temporary failure in name resolution */ +#define EAI_BADFLAGS 3 /* invalid value for ai_flags */ +#define EAI_FAIL 4 /* non-recoverable failure in name resolution */ +#define EAI_FAMILY 5 /* ai_family not supported */ +#define EAI_MEMORY 6 /* memory allocation failure */ +#define EAI_NODATA 7 /* no address associated with hostname */ +#define EAI_NONAME 8 /* hostname nor servname provided, or not known */ +#define EAI_SERVICE 9 /* servname not supported for ai_socktype */ +#define EAI_SOCKTYPE 10 /* ai_socktype not supported */ +#define EAI_SYSTEM 11 /* system error returned in errno */ +#define EAI_BADHINTS 12 +#define EAI_PROTOCOL 13 +#define EAI_MAX 14 +#endif /* EAI_MEMORY */ +#endif /* !HAVE_GETNAMEINFO || !HAVE_GETADDRINFO */ + +#if !HAVE_GETNAMEINFO +/* This replacement version is *NOT* a full implementation by any + stretch of the imagination */ +/* getnameinfo flags */ +#if !defined(NI_NAMEREQD) +#define NI_NOFQDN 8 +#define NI_NUMERICHOST 16 +#define NI_NAMEREQD 32 +#define NI_NUMERICSERV 64 +#define NI_DGRAM 128 +#endif + +struct sockaddr; +int getnameinfo(const struct sockaddr *sa, size_t salen, + char *host, size_t hostlen, + char *serv, size_t servlen, int flags); +#endif /* !HAVE_GETNAMEINFO */ + +#if !HAVE_GETADDRINFO +/* This replacement version is *NOT* a full implementation by any + stretch of the imagination */ +struct addrinfo { + int ai_flags; /* AI_PASSIVE, AI_CANONNAME, AI_NUMERICHOST */ + int ai_family; /* PF_xxx */ + int ai_socktype; /* SOCK_xxx */ + int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ + size_t ai_addrlen; /* length of ai_addr */ + char *ai_canonname; /* canonical name for nodename */ + struct sockaddr *ai_addr; /* binary address */ + struct addrinfo *ai_next; /* next structure in linked list */ +}; + +/* getaddrinfo Flags */ +#if !defined(AI_PASSIVE) || !defined(AI_CANONNAME) || !defined(AI_NUMERICHOST) +#define AI_PASSIVE 1 +#define AI_CANONNAME 2 +#define AI_NUMERICHOST 4 +#endif + +void freeaddrinfo(struct addrinfo *res); +int getaddrinfo(const char *node, const char *service, + const struct addrinfo *hints, struct addrinfo **res); + +#endif /* !HAVE_GETADDRINFO */ + +#ifndef HAVE_GAI_STRERROR +const char *gai_strerror(int errcode); +#endif + +int sockaddr_storage_inet_pton(const char * ip_str, struct sockaddr_storage * addr); +const char *sockaddr_storage_iptop(const struct sockaddr_storage * addr, char * dst); + +#endif /* NBASE_IPV6_H */ diff --git a/include/DomainExec/nbase/nbase_memalloc.c b/include/DomainExec/nbase/nbase_memalloc.c new file mode 100644 index 00000000..b40870e9 --- /dev/null +++ b/include/DomainExec/nbase/nbase_memalloc.c @@ -0,0 +1,185 @@ + +/*************************************************************************** + * nbase_memalloc.c -- A few simple functions related to memory * + * allocation. Right now they are just safe_ versions of well known calls * + * like malloc that quit if the allocation fails (so you don't have to * + * have a bunch of ugly checks in your code. These were written by * + * fyodor@nmap.org . * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nbase.h" +#include + +NORETURN static void fatal(char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); + +static void fatal(char *fmt, ...) { + va_list ap; + + va_start(ap, fmt); + fflush(stdout); + vfprintf(stderr, fmt, ap); + fprintf(stderr, "\nQUITTING!\n"); + va_end(ap); + exit(1); +} + +void *safe_malloc(size_t size) { + void *mymem; + + if ((int)size < 0) /* Catch caller errors */ + fatal("Tried to malloc negative amount of memory!!!"); + mymem = malloc(size); + if (mymem == NULL) + fatal("Malloc Failed! Probably out of space."); + return mymem; +} + +void *safe_realloc(void *ptr, size_t size) { + void *mymem; + + if ((int)size < 0) /* Catch caller errors */ + fatal("Tried to realloc negative amount of memory!!!"); + mymem = realloc(ptr, size); + if (mymem == NULL) + fatal("Realloc Failed! Probably out of space."); + return mymem; +} + +/* Zero-initializing version of safe_malloc */ +void *safe_zalloc(size_t size) { + void *mymem; + + if ((int)size < 0) + fatal("Tried to malloc negative amount of memory!!!"); + mymem = calloc(1, size); + if (mymem == NULL) + fatal("Malloc Failed! Probably out of space."); + return mymem; +} diff --git a/include/DomainExec/nbase/nbase_misc.c b/include/DomainExec/nbase/nbase_misc.c new file mode 100644 index 00000000..8c06b3b6 --- /dev/null +++ b/include/DomainExec/nbase/nbase_misc.c @@ -0,0 +1,947 @@ + +/*************************************************************************** + * nbase_misc.c -- Some small miscellaneous utility/compatibility * + * functions. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nbase.h" + +#ifndef WIN32 +#include +#ifndef errno +extern int errno; +#endif +#else +#include +#endif + +#include +#include +#include "nbase_ipv6.h" +#include "nbase_crc32ct.h" + +#include +#include + +#ifdef WIN32 +#include +#endif + +#ifndef INET6_ADDRSTRLEN +#define INET6_ADDRSTRLEN 46 +#endif + +/* Returns the UNIX/Windows errno-equivalent. Note that the Windows + call is socket/networking specific. The windows error number + returned is like WSAMSGSIZE, but nbase.h includes #defines to + correlate many of the common UNIX errors with their closest Windows + equivalents. So you can use EMSGSIZE or EINTR. */ +int socket_errno() { +#ifdef WIN32 + return WSAGetLastError(); +#else + return errno; +#endif +} + +/* We can't just use strerror to get socket errors on Windows because it has + its own set of error codes: WSACONNRESET not ECONNRESET for example. This + function will do the right thing on Windows. Call it like + socket_strerror(socket_errno()) +*/ +char *socket_strerror(int errnum) { +#ifdef WIN32 + static char buffer[128]; + + FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM | + FORMAT_MESSAGE_IGNORE_INSERTS | + FORMAT_MESSAGE_MAX_WIDTH_MASK, + 0, errnum, 0, buffer, sizeof(buffer), NULL); + + return buffer; +#else + return strerror(errnum); +#endif +} + +/* Compares two sockaddr_storage structures with a return value like strcmp. + First the address families are compared, then the addresses if the families + are equal. The structures must be real full-length sockaddr_storage + structures, not something shorter like sockaddr_in. */ +int sockaddr_storage_cmp(const struct sockaddr_storage *a, + const struct sockaddr_storage *b) { + if (a->ss_family < b->ss_family) + return -1; + else if (a->ss_family > b->ss_family) + return 1; + if (a->ss_family == AF_INET) { + struct sockaddr_in *sin_a = (struct sockaddr_in *) a; + struct sockaddr_in *sin_b = (struct sockaddr_in *) b; + if (sin_a->sin_addr.s_addr < sin_b->sin_addr.s_addr) + return -1; + else if (sin_a->sin_addr.s_addr > sin_b->sin_addr.s_addr) + return 1; + else + return 0; + } else if (a->ss_family == AF_INET6) { + struct sockaddr_in6 *sin6_a = (struct sockaddr_in6 *) a; + struct sockaddr_in6 *sin6_b = (struct sockaddr_in6 *) b; + return memcmp(sin6_a->sin6_addr.s6_addr, sin6_b->sin6_addr.s6_addr, + sizeof(sin6_a->sin6_addr.s6_addr)); + } else { + assert(0); + } + return 0; /* Not reached */ +} + +int sockaddr_storage_equal(const struct sockaddr_storage *a, + const struct sockaddr_storage *b) { + return sockaddr_storage_cmp(a, b) == 0; +} + +/* This function is an easier version of inet_ntop because you don't + need to pass a dest buffer. Instead, it returns a static buffer that + you can use until the function is called again (by the same or another + thread in the process). If there is a weird error (like sslen being + too short) then NULL will be returned. */ +const char *inet_ntop_ez(const struct sockaddr_storage *ss, size_t sslen) { + + const struct sockaddr_in *sin = (struct sockaddr_in *) ss; + static char str[INET6_ADDRSTRLEN]; +#if HAVE_IPV6 + const struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) ss; +#endif + + str[0] = '\0'; + + if (sin->sin_family == AF_INET) { + if (sslen < sizeof(struct sockaddr_in)) + return NULL; + return inet_ntop(AF_INET, &sin->sin_addr, str, sizeof(str)); + } +#if HAVE_IPV6 + else if(sin->sin_family == AF_INET6) { + if (sslen < sizeof(struct sockaddr_in6)) + return NULL; + return inet_ntop(AF_INET6, &sin6->sin6_addr, str, sizeof(str)); + } +#endif + //Some laptops report the ip and address family of disabled wifi cards as null + //so yes, we will hit this sometimes. + return NULL; +} + +/* Create a new socket inheritable by subprocesses. On non-Windows systems it's + just a normal socket. */ +int inheritable_socket(int af, int style, int protocol) { +#ifdef WIN32 + /* WSASocket is just like socket, except that the sockets it creates are + inheritable by subprocesses (such as are created by CreateProcess), while + those created by socket are not. */ + return WSASocket(af, style, protocol, NULL, 0, WSA_FLAG_OVERLAPPED); +#else + return socket(af, style, protocol); +#endif +} + +/* The dup function on Windows works only on file descriptors, not socket + handles. This function accomplishes the same thing for sockets. */ +int dup_socket(int sd) { +#ifdef WIN32 + HANDLE copy; + + if (DuplicateHandle(GetCurrentProcess(), (HANDLE) sd, + GetCurrentProcess(), ©, + 0, FALSE, DUPLICATE_SAME_ACCESS) == 0) { + return -1; + } + + return (int) copy; +#else + return dup(sd); +#endif +} + +int unblock_socket(int sd) { +#ifdef WIN32 + unsigned long one = 1; + + if (sd != 501) /* Hack related to WinIP Raw Socket support */ + ioctlsocket(sd, FIONBIO, &one); + + return 0; +#else + int options; + + /* Unblock our socket to prevent recvfrom from blocking forever on certain + * target ports. */ + options = fcntl(sd, F_GETFL); + if (options == -1) + return -1; + + return fcntl(sd, F_SETFL, O_NONBLOCK | options); +#endif /* WIN32 */ +} + +/* Convert a socket to blocking mode */ +int block_socket(int sd) { +#ifdef WIN32 + unsigned long options = 0; + + if (sd != 501) + ioctlsocket(sd, FIONBIO, &options); + + return 0; +#else + int options; + + options = fcntl(sd, F_GETFL); + if (options == -1) + return -1; + + return fcntl(sd, F_SETFL, (~O_NONBLOCK) & options); +#endif +} + +/* Use the SO_BINDTODEVICE sockopt to bind with a specific interface (Linux + only). Pass NULL or an empty string to remove device binding. */ +int socket_bindtodevice(int sd, const char *device) { + char padded[sizeof(int)]; + size_t len; + + len = strlen(device) + 1; + /* In Linux 2.6.20 and earlier, there is a bug in SO_BINDTODEVICE that causes + EINVAL to be returned if the optlen < sizeof(int); this happens for example + with the interface names "" and "lo". Pad the string with null characters + so it is above this limit if necessary. + http://article.gmane.org/gmane.linux.network/71887 + http://article.gmane.org/gmane.linux.network/72216 */ + if (len < sizeof(padded)) { + /* We rely on strncpy padding with nulls here. */ + strncpy(padded, device, sizeof(padded)); + device = padded; + len = sizeof(padded); + } + +#ifdef SO_BINDTODEVICE + /* Linux-specific sockopt asking to use a specific interface. See socket(7). */ + if (setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, device, len) < 0) + return 0; +#endif + + return 1; +} + +/* Convert a time specification into a count of seconds. A time specification is + * a non-negative real number, possibly followed by a units suffix. The suffixes + * are "ms" for milliseconds, "s" for seconds, "m" for minutes, or "h" for + * hours. Seconds is the default with no suffix. -1 is returned if the string + * can't be parsed. */ +double tval2secs(const char *tspec) { + double d; + char *tail; + + errno = 0; + d = strtod(tspec, &tail); + if (*tspec == '\0' || errno != 0) + return -1; + if (strcasecmp(tail, "ms") == 0) + return d / 1000.0; + else if (*tail == '\0' || strcasecmp(tail, "s") == 0) + return d; + else if (strcasecmp(tail, "m") == 0) + return d * 60.0; + else if (strcasecmp(tail, "h") == 0) + return d * 60.0 * 60.0; + else + return -1; +} + +long tval2msecs(const char *tspec) { + double s, ms; + + s = tval2secs(tspec); + if (s == -1) + return -1; + ms = s * 1000.0; + if (ms > LONG_MAX || ms < LONG_MIN) + return -1; + + return (long) ms; +} + +/* Returns the unit portion of a time specification (such as "ms", "s", "m", or + "h"). Returns NULL if there was a parsing error or no unit is present. */ +const char *tval_unit(const char *tspec) { + double d; + char *tail; + + errno = 0; + d = strtod(tspec, &tail); + /* Avoid GCC 4.6 error "variable 'd' set but not used + [-Wunused-but-set-variable]". */ + (void) d; + if (*tspec == '\0' || errno != 0 || *tail == '\0') + return NULL; + + return tail; +} + +/* A replacement for select on Windows that allows selecting on stdin + * (file descriptor 0) and selecting on zero file descriptors (just for + * the timeout). Plain Windows select doesn't work on non-sockets like + * stdin and returns an error if no file descriptors were given, because + * they were NULL or empty. This only works for sockets and stdin; if + * you have a descriptor referring to a normal open file in the set, + * Windows will return WSAENOTSOCK. */ +int fselect(int s, fd_set *rmaster, fd_set *wmaster, fd_set *emaster, struct timeval *tv) +{ +#ifdef WIN32 + static int stdin_thread_started = 0; + int fds_ready = 0; + int iter = -1, i; + struct timeval stv; + fd_set rset, wset, eset; + int r_stdin = rmaster != NULL && FD_ISSET(STDIN_FILENO, rmaster); + int e_stdin = emaster != NULL && FD_ISSET(STDIN_FILENO, emaster); + + /* Figure out whether there are any FDs in the sets, as @$@!$# Windows + returns WSAINVAL (10022) if you call a select() with no FDs, even though + the Linux man page says that doing so is a good, reasonably portable way + to sleep with subsecond precision. Sigh. */ + for(i = s; i > STDIN_FILENO; i--) { + if ((rmaster != NULL && FD_ISSET(i, rmaster)) + || (wmaster != NULL && FD_ISSET(i, wmaster)) + || (emaster != NULL && FD_ISSET(i, emaster))) + break; + s--; + } + + /* Handle the case where stdin is not in scope. */ + if (!(r_stdin || e_stdin)) { + if (s > 0) { + /* Do a normal select. */ + return select(s, rmaster, wmaster, emaster, tv); + } else { + /* No file descriptors given. Just sleep. */ + if (tv == NULL) { + /* Sleep forever. */ + while (1) + sleep(10000); + } else { + usleep(tv->tv_sec * 1000000UL + tv->tv_usec); + return 0; + } + } + } + + /* This is a hack for Windows, which doesn't allow select()ing on + * non-sockets (like stdin). We remove stdin from the fd_set and + * loop while select()ing on everything else, with a timeout of + * 125ms. Then we check if stdin is ready and increment fds_ready + * and set stdin in rmaster if it looks good. We just keep looping + * until we have something or it times out. + */ + + /* nbase_winunix.c has all the nasty details behind checking if + * stdin has input. It involves a background thread, which we start + * now if necessary. */ + if (!stdin_thread_started) { + int ret = win_stdin_start_thread(); + assert(ret != 0); + stdin_thread_started = 1; + } + + if (r_stdin) + FD_CLR(STDIN_FILENO, rmaster); + if (e_stdin) + FD_CLR(STDIN_FILENO, emaster); + + if (tv) { + int usecs = (tv->tv_sec * 1000000) + tv->tv_usec; + + iter = usecs / 125000; + + if (usecs % 125000) + iter++; + } + + FD_ZERO(&rset); + FD_ZERO(&wset); + FD_ZERO(&eset); + + while (!fds_ready && iter) { + stv.tv_sec = 0; + stv.tv_usec = 125000; + + if (rmaster) + rset = *rmaster; + if (wmaster) + wset = *wmaster; + if (emaster) + eset = *emaster; + + fds_ready = 0; + /* selecting on anything other than stdin? */ + if (s > 1) + fds_ready = select(s, &rset, &wset, &eset, &stv); + else + usleep(stv.tv_sec * 1000000UL + stv.tv_usec); + + if (fds_ready > -1 && r_stdin && win_stdin_ready()) { + FD_SET(STDIN_FILENO, &rset); + fds_ready++; + } + + if (tv) + iter--; + } + + if (rmaster) + *rmaster = rset; + if (wmaster) + *wmaster = wset; + if (emaster) + *emaster = eset; + + return fds_ready; +#else + return select(s, rmaster, wmaster, emaster, tv); +#endif +} + + +/* + * CRC32 Cyclic Redundancy Check + * + * From: http://www.ietf.org/rfc/rfc1952.txt + * + * Copyright (c) 1996 L. Peter Deutsch + * + * Permission is granted to copy and distribute this document for any + * purpose and without charge, including translations into other + * languages and incorporation into compilations, provided that the + * copyright notice and this notice are preserved, and that any + * substantive changes or deletions from the original are clearly + * marked. + * + */ + +/* Table of CRCs of all 8-bit messages. */ +static unsigned long crc_table[256]; + +/* Flag: has the table been computed? Initially false. */ +static int crc_table_computed = 0; + +/* Make the table for a fast CRC. */ +static void make_crc_table(void) +{ + unsigned long c; + int n, k; + + for (n = 0; n < 256; n++) { + c = (unsigned long) n; + for (k = 0; k < 8; k++) { + if (c & 1) { + c = 0xedb88320L ^ (c >> 1); + } else { + c = c >> 1; + } + } + crc_table[n] = c; + } + crc_table_computed = 1; +} + +/* + Update a running crc with the bytes buf[0..len-1] and return + the updated crc. The crc should be initialized to zero. Pre- and + post-conditioning (one's complement) is performed within this + function so it shouldn't be done by the caller. Usage example: + + unsigned long crc = 0L; + + while (read_buffer(buffer, length) != EOF) { + crc = update_crc(crc, buffer, length); + } + if (crc != original_crc) error(); +*/ +static unsigned long update_crc(unsigned long crc, + unsigned char *buf, int len) +{ + unsigned long c = crc ^ 0xffffffffL; + int n; + + if (!crc_table_computed) + make_crc_table(); + for (n = 0; n < len; n++) { + c = crc_table[(c ^ buf[n]) & 0xff] ^ (c >> 8); + } + return c ^ 0xffffffffL; +} + +/* Return the CRC of the bytes buf[0..len-1]. */ +unsigned long nbase_crc32(unsigned char *buf, int len) +{ + return update_crc(0L, buf, len); +} + + +/* + * CRC-32C (Castagnoli) Cyclic Redundancy Check. + * Taken straight from Appendix C of RFC 4960 (SCTP), with the difference that + * the remainder register (crc32) is initialized to 0xffffffffL rather than ~0L, + * for correct operation on platforms where unsigned long is longer than 32 + * bits. + */ + +/* Return the CRC-32C of the bytes buf[0..len-1] */ +unsigned long nbase_crc32c(unsigned char *buf, int len) +{ + int i; + unsigned long crc32 = 0xffffffffL; + unsigned long result; + unsigned char byte0, byte1, byte2, byte3; + + for (i = 0; i < len; i++) { + CRC32C(crc32, buf[i]); + } + + result = ~crc32; + + /* result now holds the negated polynomial remainder; + * since the table and algorithm is "reflected" [williams95]. + * That is, result has the same value as if we mapped the message + * to a polynomial, computed the host-bit-order polynomial + * remainder, performed final negation, then did an end-for-end + * bit-reversal. + * Note that a 32-bit bit-reversal is identical to four inplace + * 8-bit reversals followed by an end-for-end byteswap. + * In other words, the bytes of each bit are in the right order, + * but the bytes have been byteswapped. So we now do an explicit + * byteswap. On a little-endian machine, this byteswap and + * the final ntohl cancel out and could be elided. + */ + + byte0 = result & 0xff; + byte1 = (result >> 8) & 0xff; + byte2 = (result >> 16) & 0xff; + byte3 = (result >> 24) & 0xff; + crc32 = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3); + return crc32; +} + + +/* + * Adler32 Checksum Calculation. + * Taken straight from RFC 2960 (SCTP). + */ + +#define ADLER32_BASE 65521 /* largest prime smaller than 65536 */ + +/* + * Update a running Adler-32 checksum with the bytes buf[0..len-1] + * and return the updated checksum. The Adler-32 checksum should + * be initialized to 1. + */ +static unsigned long update_adler32(unsigned long adler, + unsigned char *buf, int len) +{ + unsigned long s1 = adler & 0xffff; + unsigned long s2 = (adler >> 16) & 0xffff; + int n; + + for (n = 0; n < len; n++) { + s1 = (s1 + buf[n]) % ADLER32_BASE; + s2 = (s2 + s1) % ADLER32_BASE; + } + return (s2 << 16) + s1; +} + +/* Return the Adler32 of the bytes buf[0..len-1] */ +unsigned long nbase_adler32(unsigned char *buf, int len) +{ + return update_adler32(1L, buf, len); +} + +#undef ADLER32_BASE + + +/* This function returns a string containing the hexdump of the supplied + * buffer. It uses current locale to determine if a character is printable or + * not. It prints 73char+\n wide lines like these: + +0000 e8 60 65 86 d7 86 6d 30 35 97 54 87 ff 67 05 9e .`e...m05.T..g.. +0010 07 5a 98 c0 ea ad 50 d2 62 4f 7b ff e1 34 f8 fc .Z....P.bO{..4.. +0020 c4 84 0a 6a 39 ad 3c 10 63 b2 22 c4 24 40 f4 b1 ...j9.<.c.".$@.. + + * The lines look basically like Wireshark's hex dump. + * WARNING: This function returns a pointer to a DYNAMICALLY allocated buffer + * that the caller is supposed to free(). + * */ +char *hexdump(const u8 *cp, u32 length){ + static char asciify[257]; /* Stores character table */ + int asc_init=0; /* Flag to generate table only once */ + u32 i=0, hex=0, asc=0; /* Array indexes */ + u32 line_count=0; /* For byte count at line start */ + char *current_line=NULL; /* Current line to write */ + char *buffer=NULL; /* Dynamic buffer we return */ + #define LINE_LEN 74 /* Length of printed line */ + char line2print[LINE_LEN]; /* Stores current line */ + char printbyte[16]; /* For byte conversion */ + int bytes2alloc; /* For buffer */ + memset(line2print, ' ', LINE_LEN); /* We fill the line with spaces */ + + /* On the first run, generate a list of nice printable characters + * (according to current locale) */ + if( asc_init==0){ + asc_init=1; + for(i=0; i<256; i++){ + if( isalnum(i) || isdigit(i) || ispunct(i) ){ asciify[i]=i; } + else{ asciify[i]='.'; } + } + } + /* Allocate enough space to print the hex dump */ + bytes2alloc=(length%16==0)? (1 + LINE_LEN * (length/16)) : (1 + LINE_LEN * (1+(length/16))) ; + buffer=(char *)safe_zalloc(bytes2alloc); + current_line=buffer; +#define HEX_START 7 +#define ASC_START 57 +/* This is how or line looks like. +0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f .`e...m05.T..g..[\n] +01234567890123456789012345678901234567890123456789012345678901234567890123 +0 1 2 3 4 5 6 7 + ^ ^ ^ + | | | + HEX_START ASC_START Newline +*/ + i=0; + while( i < length ){ + memset(line2print, ' ', LINE_LEN); /* Fill line with spaces */ + snprintf(line2print, sizeof(line2print), "%04x", (16*line_count++) % 0xFFFF); /* Add line No.*/ + line2print[4]=' '; /* Replace the '\0' inserted by snprintf() with a space */ + hex=HEX_START; asc=ASC_START; + do { /* Print 16 bytes in both hex and ascii */ + if (i%16 == 8) hex++; /* Insert space every 8 bytes */ + snprintf(printbyte, sizeof(printbyte), "%02x", cp[i]);/* First print the hex number */ + line2print[hex++]=printbyte[0]; + line2print[hex++]=printbyte[1]; + line2print[hex++]=' '; + line2print[asc++]=asciify[ cp[i] ]; /* Then print its ASCII equivalent */ + i++; + } while (i < length && i%16 != 0); + /* Copy line to output buffer */ + line2print[LINE_LEN-1]='\n'; + memcpy(current_line, line2print, LINE_LEN); + current_line += LINE_LEN; + } + buffer[bytes2alloc-1]='\0'; + return buffer; +} /* End of hexdump() */ + +/* This is like strtol or atoi, but it allows digits only. No whitespace, sign, + or radix prefix. */ +long parse_long(const char *s, char **tail) +{ + if (!isdigit((int) (unsigned char) *s)) { + *tail = (char *) s; + return 0; + } + + return strtol(s, (char **) tail, 10); +} + + + +/* This function takes a byte count and stores a short ascii equivalent + in the supplied buffer. Eg: 0.122MB, 10.322Kb or 128B. */ +char *format_bytecount(unsigned long long bytes, char *buf, size_t buflen) { + assert(buf != NULL); + + if (bytes < 1000) + Snprintf(buf, buflen, "%uB", (unsigned int) bytes); + else if (bytes < 1000000) + Snprintf(buf, buflen, "%.3fKB", bytes / 1000.0); + else + Snprintf(buf, buflen, "%.3fMB", bytes / 1000000.0); + + return buf; +} + +/* Returns one if the file pathname given exists, is not a directory and + * is readable by the executing process. Returns two if it is readable + * and is a directory. Otherwise returns 0. */ +int file_is_readable(const char *pathname) { + char *pathname_buf = strdup(pathname); + int status = 0; + struct stat st; + +#ifdef WIN32 + // stat on windows only works for "dir_name" not for "dir_name/" or "dir_name\\" + int pathname_len = strlen(pathname_buf); + char last_char = pathname_buf[pathname_len - 1]; + + if( last_char == '/' + || last_char == '\\') + pathname_buf[pathname_len - 1] = '\0'; + +#endif + + if (stat(pathname_buf, &st) == -1) + status = 0; + else if (access(pathname_buf, R_OK) != -1) + status = S_ISDIR(st.st_mode) ? 2 : 1; + + free(pathname_buf); + return status; +} + +#if HAVE_PROC_SELF_EXE +static char *executable_path_proc_self_exe(void) { + char buf[1024]; + char *path; + int n; + + n = readlink("/proc/self/exe", buf, sizeof(buf)); + if (n < 0 || n >= sizeof(buf)) + return NULL; + path = (char *) safe_malloc(n + 1); + /* readlink does not null-terminate. */ + memcpy(path, buf, n); + path[n] = '\0'; + + return path; +} +#endif + +#if HAVE_MACH_O_DYLD_H +#include +/* See the dyld(3) man page on OS X. */ +static char *executable_path_NSGetExecutablePath(void) { + char buf[1024]; + uint32_t size; + + size = sizeof(buf); + if (_NSGetExecutablePath(buf, &size) == 0) + return strdup(buf); + else + return NULL; +} +#endif + +#if WIN32 +static char *executable_path_GetModuleFileName(void) { + char buf[1024]; + int n; + + n = GetModuleFileName(GetModuleHandle(0), buf, sizeof(buf)); + if (n <= 0 || n >= sizeof(buf)) + return NULL; + + return strdup(buf); +} +#endif + +static char *executable_path_argv0(const char *argv0) { + if (argv0 == NULL) + return NULL; + /* We can get the path from argv[0] if it contains a directory separator. + (Otherwise it was looked up in $PATH). */ + if (strchr(argv0, '/') != NULL) + return strdup(argv0); +#if WIN32 + if (strchr(argv0, '\\') != NULL) + return strdup(argv0); +#endif + return NULL; +} + +char *executable_path(const char *argv0) { + char *path; + + path = NULL; +#if HAVE_PROC_SELF_EXE + if (path == NULL) + path = executable_path_proc_self_exe(); +#endif +#if HAVE_MACH_O_DYLD_H + if (path == NULL) + path = executable_path_NSGetExecutablePath(); +#endif +#if WIN32 + if (path == NULL) + path = executable_path_GetModuleFileName(); +#endif + if (path == NULL) + path = executable_path_argv0(argv0); + + return path; +} + +int sockaddr_storage_inet_pton(const char * ip_str, struct sockaddr_storage * addr) +{ + struct sockaddr_in * addrv4p = (struct sockaddr_in *) addr; +#if HAVE_IPV6 + struct sockaddr_in6 * addrv6p = (struct sockaddr_in6 *) addr; + if ( 1 == inet_pton(AF_INET6, ip_str, &(addrv6p->sin6_addr)) ) + { + addr->ss_family = AF_INET6; + return 1; + } +#endif // HAVE_IPV6 + + if ( 1 == inet_pton(AF_INET, ip_str, &(addrv4p->sin_addr)) ) + { + addr->ss_family = AF_INET; + return 1; + } + + return 0; +} + +const char *sockaddr_storage_iptop(const struct sockaddr_storage * addr, char * dst) +{ + switch (addr->ss_family){ + case AF_INET: + { + const struct sockaddr_in * ipv4_ptr = (const struct sockaddr_in *) addr; + return inet_ntop(addr->ss_family, &(ipv4_ptr->sin_addr), dst, INET_ADDRSTRLEN); + } +#if HAVE_IPV6 + case AF_INET6: + { + const struct sockaddr_in6 * addrv6p = (struct sockaddr_in6 *) addr; + return inet_ntop(addr->ss_family, &(addrv6p->sin6_addr), dst, INET6_ADDRSTRLEN); + } +#endif + default: + { + return NULL; + }} +} diff --git a/include/DomainExec/nbase/nbase_rnd.c b/include/DomainExec/nbase/nbase_rnd.c new file mode 100644 index 00000000..df02c996 --- /dev/null +++ b/include/DomainExec/nbase/nbase_rnd.c @@ -0,0 +1,430 @@ + +/*************************************************************************** + * nbase_rnd.c -- Some simple routines for obtaining random numbers for * + * casual use. These are pretty secure on systems with /dev/urandom, but * + * falls back to poor entropy for seeding on systems without such support. * + * * + * Based on DNET / OpenBSD arc4random(). * + * * + * Copyright (c) 2000 Dug Song * + * Copyright (c) 1996 David Mazieres * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nbase.h" +#include +#include +#include +#include +#include +#if HAVE_SYS_TIME_H +#include +#endif /* HAV_SYS_TIME_H */ +#ifdef WIN32 +#include +#endif /* WIN32 */ + +/* data for our random state */ +struct nrand_handle { + u8 i, j, s[256], *tmp; + int tmplen; +}; +typedef struct nrand_handle nrand_h; + +static void nrand_addrandom(nrand_h *rand, u8 *buf, int len) { + int i; + u8 si; + + /* Mix entropy in buf with s[]... + * + * This is the ARC4 key-schedule. It is rather poor and doesn't mix + * the key in very well. This causes a bias at the start of the stream. + * To eliminate most of this bias, the first N bytes of the stream should + * be dropped. + */ + rand->i--; + for (i = 0; i < 256; i++) { + rand->i = (rand->i + 1); + si = rand->s[rand->i]; + rand->j = (rand->j + si + buf[i % len]); + rand->s[rand->i] = rand->s[rand->j]; + rand->s[rand->j] = si; + } + rand->j = rand->i; +} + +static u8 nrand_getbyte(nrand_h *r) { + u8 si, sj; + + /* This is the core of ARC4 and provides the pseudo-randomness */ + r->i = (r->i + 1); + si = r->s[r->i]; + r->j = (r->j + si); + sj = r->s[r->j]; + r->s[r->i] = sj; /* The start of the the swap */ + r->s[r->j] = si; /* The other half of the swap */ + return (r->s[(si + sj) & 0xff]); +} + +int nrand_get(nrand_h *r, void *buf, size_t len) { + u8 *p; + size_t i; + + /* Hand out however many bytes were asked for */ + for (p = buf, i = 0; i < len; i++) { + p[i] = nrand_getbyte(r); + } + return (0); +} + +void nrand_init(nrand_h *r) { + u8 seed[256]; /* Starts out with "random" stack data */ + int i; + + /* Gather seed entropy with best the OS has to offer */ +#ifdef WIN32 + HCRYPTPROV hcrypt = 0; + + CryptAcquireContext(&hcrypt, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT); + CryptGenRandom(hcrypt, sizeof(seed), seed); + CryptReleaseContext(hcrypt, 0); +#else + struct timeval *tv = (struct timeval *)seed; + int *pid = (int *)(seed + sizeof(*tv)); + int fd; + + gettimeofday(tv, NULL); /* fill lowest seed[] with time */ + *pid = getpid(); /* fill next lowest seed[] with pid */ + + /* Try to fill the rest of the state with OS provided entropy */ + if ((fd = open("/dev/urandom", O_RDONLY)) != -1 || + (fd = open("/dev/arandom", O_RDONLY)) != -1) { + ssize_t n; + do { + errno = 0; + n = read(fd, seed + sizeof(*tv) + sizeof(*pid), + sizeof(seed) - sizeof(*tv) - sizeof(*pid)); + } while (n < 0 && errno == EINTR); + close(fd); + } +#endif + + /* Fill up our handle with starter values */ + for (i = 0; i < 256; i++) { r->s[i] = i; }; + r->i = r->j = 0; + + nrand_addrandom(r, seed, 128); /* lower half of seed data for entropy */ + nrand_addrandom(r, seed + 128, 128); /* Now use upper half */ + r->tmp = NULL; + r->tmplen = 0; + + /* This stream will start biased. Get rid of 1K of the stream */ + nrand_get(r, seed, 256); nrand_get(r, seed, 256); + nrand_get(r, seed, 256); nrand_get(r, seed, 256); +} + +int get_random_bytes(void *buf, int numbytes) { + static nrand_h state; + static int state_init = 0; + + /* Initialize if we need to */ + if (!state_init) { + nrand_init(&state); + state_init = 1; + } + + /* Now fill our buffer */ + nrand_get(&state, buf, numbytes); + + return 0; +} + +int get_random_int() { + int i; + get_random_bytes(&i, sizeof(int)); + return i; +} + +unsigned int get_random_uint() { + unsigned int i; + get_random_bytes(&i, sizeof(unsigned int)); + return i; +} + +u64 get_random_u64() { + u64 i; + get_random_bytes(&i, sizeof(i)); + return i; +} + + +u32 get_random_u32() { + u32 i; + get_random_bytes(&i, sizeof(i)); + return i; +} + +u16 get_random_u16() { + u16 i; + get_random_bytes(&i, sizeof(i)); + return i; +} + +u8 get_random_u8() { + u8 i; + get_random_bytes(&i, sizeof(i)); + return i; +} + +unsigned short get_random_ushort() { + unsigned short s; + get_random_bytes(&s, sizeof(unsigned short)); + return s; +} + + +/* This function is magic ;-) + * + * Sometimes Nmap wants to generate IPs that look random + * but don't have any duplicates. The strong RC4 generator + * can't be used for this purpose because it can generate duplicates + * if you get enough IPs (birthday paradox). + * + * This routine exploits the fact that a LCG won't repeat for the + * entire duration of its period. An LCG has some pretty bad + * properties though so this routine does extra work to try to + * tweak the LCG output so that is has very good statistics but + * doesn't repeat. The tweak used was mostly made up on the spot + * but is generally based on good ideas and has been moderately + * tested. See links and reasoning below. + */ +u32 get_random_unique_u32() { + static u32 state, tweak1, tweak2, tweak3; + static int state_init = 0; + u32 output; + + /* Initialize if we need to */ + if (!state_init) { + get_random_bytes(&state, sizeof(state)); + get_random_bytes(&tweak1, sizeof(tweak1)); + get_random_bytes(&tweak2, sizeof(tweak2)); + get_random_bytes(&tweak3, sizeof(tweak3)); + + state_init = 1; + } + + /* What is this math crap? + * + * The whole idea behind this generator is that an LCG can be constructed + * with a period of exactly 2^32. As long as the LCG is fed back onto + * itself the period will be 2^32. The tweak after the LCG is just + * a good permutation in GF(2^32). + * + * To accomplish the tweak the notion of rounds and round keys from + * block ciphers has been borrowed. The only special aspect of this + * block cipher is that the first round short-circuits the LCG. + * + * This block cipher uses three rounds. Each round is as follows: + * + * 1) Affine transform in GF(2^32) + * 2) Rotate left by round constant + * 3) XOR with round key + * + * For round one the affine transform is used as an LCG. + */ + + /* Reasoning: + * + * Affine transforms were chosen both to make a LCG and also + * to try to introduce non-linearity. + * + * The rotate up each round was borrowed from SHA-1 and was introduced + * to help obscure the obvious short cycles when you truncate an LCG with + * a power-of-two period like the one used. + * + * The XOR with the round key was borrowed from several different + * published functions (but see Xorshift) + * and provides a different sequence for the full LCG. + * There are 3 32 bit round keys. This generator can + * generate 2^96 different sequences of period 2^32. + * + * This generator was tested with Dieharder. It did not fail any test. + */ + + /* See: + * + * http://en.wikipedia.org/wiki/Galois_field + * http://en.wikipedia.org/wiki/Affine_cipher + * http://en.wikipedia.org/wiki/Linear_congruential_generator + * http://en.wikipedia.org/wiki/Xorshift + * http://en.wikipedia.org/wiki/Sha-1 + * + * http://seclists.org/nmap-dev/2009/q3/0695.html + */ + + + /* First off, we need to evolve the state with our LCG + * We'll use the LCG from Numerical Recipes (m=2^32, + * a=1664525, c=1013904223). All by itself this generator + * pretty bad. We're going to try to fix that without causing + * duplicates. + */ + state = (((state * 1664525) & 0xFFFFFFFF) + 1013904223) & 0xFFFFFFFF; + + output = state; + + /* With a normal LCG, we would just output the state. + * In this case, though, we are going to try to destroy the + * linear correlation between IPs by approximating a random permutation + * in GF(2^32) (collision-free) + */ + + /* Then rotate and XOR */ + output = ((output << 7) | (output >> (32 - 7))); + output = output ^ tweak1; /* This is the round key */ + + /* End round 1, start round 2 */ + + /* Then put it through an affine transform (glibc constants) */ + output = (((output * 1103515245) & 0xFFFFFFFF) + 12345) & 0xFFFFFFFF; + + /* Then rotate and XOR some more */ + output = ((output << 15) | (output >> (32 - 15))); + output = output ^ tweak2; + + /* End round 2, start round 3 */ + + /* Then put it through another affine transform (Quick C/C++ constants) */ + output = (((output * 214013) & 0xFFFFFFFF) + 2531011) & 0xFFFFFFFF; + + /* Then rotate and XOR some more */ + output = ((output << 5) | (output >> (32 - 5))); + output = output ^ tweak3; + + return output; +} diff --git a/include/DomainExec/nbase/nbase_str.c b/include/DomainExec/nbase/nbase_str.c new file mode 100644 index 00000000..e4baa948 --- /dev/null +++ b/include/DomainExec/nbase/nbase_str.c @@ -0,0 +1,389 @@ + +/*************************************************************************** + * nbase_str.c -- string related functions in the nbase library. These * + * were written by fyodor@nmap.org . * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nbase.h" +#include +#include +#include +#include + +#ifndef HAVE_STRCASESTR +char *strcasestr(const char *haystack, const char *pneedle) { + char buf[512]; + unsigned int needlelen; + const char *p; + char *needle, *q, *foundto; + + /* Should crash if !pneedle -- this is OK */ + if (!*pneedle) + return (char *)haystack; + if (!haystack) + return NULL; + + needlelen = (unsigned int)strlen(pneedle); + if (needlelen >= sizeof(buf)) + needle = (char *)safe_malloc(needlelen + 1); + else + needle = buf; + + p = pneedle; + q = needle; + + while ((*q++ = tolower((int)(unsigned char)*p++))) + ; + + p = haystack - 1; + foundto = needle; + while (*++p) { + if (tolower((int)(unsigned char)*p) == *foundto) { + if (!*++foundto) { + /* Yeah, we found it */ + if (needlelen >= sizeof(buf)) + free(needle); + return (char *)(p - needlelen + 1); + } + } else { + p -= foundto - needle; + foundto = needle; + } + } + if (needlelen >= sizeof(buf)) + free(needle); + return NULL; +} +#endif + +int Strncpy(char *dest, const char *src, size_t n) { + strncpy(dest, src, n); + if (dest[n - 1] == '\0') + return 0; + dest[n - 1] = '\0'; + return -1; +} + +int Vsnprintf(char *s, size_t n, const char *fmt, va_list ap) { + int ret; + + ret = vsnprintf(s, n, fmt, ap); + + if (ret < 0 || (unsigned)ret >= n) + s[n - 1] = '\0'; /* technically redundant */ + + return ret; +} + +int Snprintf(char *s, size_t n, const char *fmt, ...) { + va_list ap; + int ret; + + va_start(ap, fmt); + ret = Vsnprintf(s, n, fmt, ap); + va_end(ap); + + return ret; +} + +/* Make a new allocated null-terminated string from the bytes [start, end). */ +char *mkstr(const char *start, const char *end) { + char *s; + + assert(end >= start); + s = (char *)safe_malloc(end - start + 1); + memcpy(s, start, end - start); + s[end - start] = '\0'; + + return s; +} + +/* vsprintf into a dynamically allocated buffer, similar to asprintf in + Glibc. Return the length of the buffer or -1 on error. */ +int alloc_vsprintf(char **strp, const char *fmt, va_list va) { + va_list va_tmp; + char *s; + int size = 32; + int n; + + s = NULL; + size = 32; + for (;;) { + s = (char *)safe_realloc(s, size); + +#ifdef WIN32 + va_tmp = va; +#else + va_copy(va_tmp, va); +#endif + n = vsnprintf(s, size, fmt, va_tmp); + va_end(va_tmp); + + if (n >= size) + size = n + 1; + else if (n < 0) + size = size * 2; + else + break; + } + *strp = s; + + return n; +} + +/* Used by escape_windows_command_arg to append a character to the given buffer + at a given position, resizing the buffer if necessary. The position gets + moved by one byte after the call. */ +static char* safe_append_char(char* buf, char byte, unsigned int *rpos, unsigned int *rsize) +{ + if (*rpos >= *rsize) { + *rsize += 512; + buf = (char*) safe_realloc(buf, *rsize); + } + buf[(*rpos)++] = byte; + return buf; +} + +/* Escape a string so that it can be round-tripped into a command line string + and retrieved by the default C/C++ command line parser. You can escape a list + of strings with this function, join them with spaces, pass them to + CreateProcess, and the new process will get the same list of strings in its + argv array. + + http://msdn.microsoft.com/en-us/library/17w5ykft%28v=vs.85%29.aspx + http://blogs.msdn.com/b/twistylittlepassagesallalike/archive/2011/04/23/everyone-quotes-arguments-the-wrong-way.aspx + + Returns a dynamically allocated string. + + This function has a test program in test/test-escape_windows_command_arg.c. + Run that program after making any changes. */ +char *escape_windows_command_arg(const char *arg) +{ + const char *p; + char *ret; + unsigned int rpos = 0, rsize = 1; + + ret = (char *) safe_malloc(rsize); + ret = safe_append_char(ret, '"', &rpos, &rsize); + + for (p = arg; *p != '\0'; p++) { + unsigned int num_backslashes; + unsigned int i; + + num_backslashes = 0; + for (; *p == '\\'; p++) + num_backslashes++; + + if (*p == '\0') { + /* Escape all backslashes, but let the terminating double quotation + mark we add below be interpreted as a metacharacter. */ + for (i = 0; i < num_backslashes*2; i++) + ret = safe_append_char(ret, '\\', &rpos, &rsize); + break; + } else if (*p == '"') { + /* Escape all backslashes and the following double quotation + mark. */ + for (i = 0; i < num_backslashes*2 + 1; i++) + ret = safe_append_char(ret, '\\', &rpos, &rsize); + ret[rpos++] = *p; + } else { + /* Backslashes aren't special here. */ + for (i = 0; i < num_backslashes; i++) + ret = safe_append_char(ret, '\\', &rpos, &rsize); + ret = safe_append_char(ret, *p, &rpos, &rsize); + } + } + + ret = safe_append_char(ret, '"', &rpos, &rsize); + ret = safe_append_char(ret, '\0', &rpos, &rsize); + + return ret; +} + +/* Convert non-printable characters to replchar in the string */ +void replacenonprintable(char *str, int strlength, char replchar) { + int i; + + for (i = 0; i < strlength; i++) + if (!isprint((int)(unsigned char)str[i])) + str[i] = replchar; + + return; +} + +/* Returns the position of the last directory separator (slash, also backslash + on Win32) in a path. Returns -1 if none was found. */ +static int find_last_path_separator(const char *path) { +#ifndef WIN32 + const char *PATH_SEPARATORS = "/"; +#else + const char *PATH_SEPARATORS = "\\/"; +#endif + const char *p; + + p = path + strlen(path) - 1; + while (p >= path) { + if (strchr(PATH_SEPARATORS, *p) != NULL) + return (int)(p - path); + p--; + } + + return -1; +} + +/* Returns the directory name part of a path (everything up to the last + directory separator). If there is no separator, returns ".". If there is only + one separator and it is the first character, returns "/". Returns NULL on + error. The returned string must be freed. */ +char *path_get_dirname(const char *path) { + char *result; + int i; + + i = find_last_path_separator(path); + if (i == -1) + return strdup("."); + if (i == 0) + return strdup("/"); + + result = (char *)safe_malloc(i + 1); + strncpy(result, path, i); + result[i] = '\0'; + + return result; +} + +/* Returns the file name part of a path (everything after the last directory + separator). Returns NULL on error. The returned string must be freed. */ +char *path_get_basename(const char *path) { + int i; + + i = find_last_path_separator(path); + + return strdup(path + i + 1); +} diff --git a/include/DomainExec/nbase/nbase_time.c b/include/DomainExec/nbase/nbase_time.c new file mode 100644 index 00000000..90130e04 --- /dev/null +++ b/include/DomainExec/nbase/nbase_time.c @@ -0,0 +1,256 @@ + +/*************************************************************************** + * nbase_time.c -- Some small time-related utility/compatibility * + * functions. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nbase.h" +#if HAVE_UNISTD_H +#include +#endif +#include +#ifdef WIN32 +#include +#include +#endif + +#ifndef HAVE_USLEEP +void usleep(unsigned long usec) { +#ifdef HAVE_NANOSLEEP +struct timespec ts; +ts.tv_sec = usec / 1000000; +ts.tv_nsec = (usec % 1000000) * 1000; +nanosleep(&ts, NULL); +#else /* Windows style */ + Sleep( usec / 1000 ); +#endif /* HAVE_NANOSLEEP */ +} +#endif + +/* Thread safe time stuff */ +#ifdef WIN32 +/* On Windows, use CRT function localtime_s: + * errno_t localtime_s( + * struct tm* const tmDest, + * time_t const* const sourceTime + * ); + */ +int n_localtime(const time_t *timer, struct tm *result) { + return localtime_s(result, timer); +} + +int n_ctime(char *buffer, size_t bufsz, const time_t *timer) { + return ctime_s(buffer, bufsz, timer); +} + +#else /* WIN32 */ + +#include +#ifdef HAVE_LOCALTIME_S +/* C11 localtime_s similar to Posix localtime_r, but with validity checking: + * struct tm *localtime_s(const time_t *restrict time, struct tm *restrict result); + */ +int n_localtime(const time_t *timer, struct tm *result) { + struct tm *tmp = localtime_s(timer, result); + if (!tmp) { + return errno; + } + return 0; +} + +int n_ctime(char *buffer, size_t bufsz, const time_t *timer) { + return ctime_s(buffer, bufsz, timer); +} +#else +#ifdef HAVE_LOCALTIME_R +/* POSIX localtime_r thread-safe localtime function: + * struct tm *localtime_r(const time_t *timep, struct tm *result); + */ +int n_localtime(const time_t *timer, struct tm *result) { + struct tm *tmp = localtime_r(timer, result); + if (!tmp) { + return errno; + } + return 0; +} + +int n_ctime(char *buffer, size_t bufsz, const time_t *timer) { + char *tmp = ctime_r(timer, buffer); + if (!tmp) { + return errno; + } + return 0; +} + +#else +/* No thread-safe alternatives. */ +// Using C99's one-line commments since LGTM.com does not recognize C-style +// block comments. This may cause problems, but only for very old systems +// without a C99-compatible compiler that do not have localtime_r or +// localtime_s +int n_localtime(const time_t *timer, struct tm *result) { + struct tm *tmp = localtime(timer); // lgtm[cpp/potentially-dangerous-function] + if (tmp) + *result = *tmp; + else + return errno; + return 0; +} + +int n_ctime(char *buffer, size_t bufsz, const time_t *timer) { + char *tmp = ctime(timer); // lgtm[cpp/potentially-dangerous-function] + if (tmp) + Strncpy(buffer, tmp, bufsz); + else + return errno; + return 0; +} +#endif /* HAVE_LOCALTIME_R */ +#endif /* HAVE_LOCALTIME_S */ +#endif /* WIN32 */ + +#ifdef WIN32 +int gettimeofday(struct timeval *tv, struct timeval *tz) +{ + struct _timeb timebuffer; + + _ftime( &timebuffer ); + + tv->tv_sec = (long) timebuffer.time; + tv->tv_usec = timebuffer.millitm * 1000; + return 0; +}; + +unsigned int sleep(unsigned int seconds) +{ + Sleep(1000*seconds); + return(0); +}; +#endif /* WIN32 */ + diff --git a/include/DomainExec/nbase/nbase_winconfig.h b/include/DomainExec/nbase/nbase_winconfig.h new file mode 100644 index 00000000..cdd909f1 --- /dev/null +++ b/include/DomainExec/nbase/nbase_winconfig.h @@ -0,0 +1,225 @@ +/*************************************************************************** + * nbase_winconfig.h -- Since the Windows port is currently eschewing * + * autoconf-style configure scripts, nbase_winconfig.h contains the * + * platform-specific definitions for Windows and is used as a replacement * + * for nbase_config.h * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NBASE_WINCONFIG_H +#define NBASE_WINCONFIG_H + +/* Define the earliest version of Windows we support. These control +what parts of the Windows API are available. The available constants +are in . +http://msdn.microsoft.com/en-us/library/aa383745.aspx +http://blogs.msdn.com/oldnewthing/archive/2007/04/11/2079137.aspx */ +#undef _WIN32_WINNT +#define _WIN32_WINNT _WIN32_WINNT_WIN6 +#undef NTDDI_VERSION +#define NTDDI_VERSION NTDDI_WIN6 + +//This disables the warning 4800 http://msdn.microsoft.com/en-us/library/b6801kcy(v=vs.71).aspx +#pragma warning(disable : 4800) +/* It doesn't really have struct IP, but we use a different one instead + of the one that comes with Nmap */ +#define HAVE_STRUCT_IP 1 +/* #define HAVE_STRUCT_ICMP 1 */ +#define HAVE_STRNCASECMP 1 +#define HAVE_IP_IP_SUM 1 +#define STDC_HEADERS 1 +#define HAVE_STRING_H 1 +#define HAVE_MEMORY_H 1 +#define HAVE_FCNTL_H 1 +#define HAVE_ERRNO_H 1 +#define HAVE_SYS_STAT_H 1 +#define HAVE_MEMCPY 1 +#define HAVE_STRERROR 1 +/* #define HAVE_SYS_SOCKIO_H 1 */ +/* #undef HAVE_TERMIOS_H */ +#define HAVE_ERRNO_H 1 +#define HAVE_GAI_STRERROR 1 +/* #define HAVE_STRCASESTR 1 */ +#define HAVE_STRCASECMP 1 +#define HAVE_NETINET_IF_ETHER_H 1 +#define HAVE_SYS_STAT_H 1 +/* #define HAVE_INTTYPES_H */ + +/* These functions are available on Vista and later */ +#if defined(_WIN32_WINNT) && _WIN32_WINNT >= _WIN32_WINNT_WIN6 +#define HAVE_INET_PTON 1 +#define HAVE_INET_NTOP 1 +#endif + +#ifdef _MSC_VER +/* only comes with Visual Studio. */ +#define HAVE_WSPIAPI_H 1 +#else +#undef HAVE_WSPIAPI_H +#endif + +#define HAVE_GETADDRINFO 1 +#define HAVE_GETNAMEINFO 1 + +#define HAVE_SNPRINTF 1 +// #undef HAVE_VASPRINTF +#define HAVE_VSNPRINTF 1 + +typedef unsigned __int8 uint8_t; +typedef unsigned __int16 uint16_t; +typedef unsigned __int32 uint32_t; +typedef unsigned __int64 uint64_t; +typedef signed __int8 int8_t; +typedef signed __int16 int16_t; +typedef signed __int32 int32_t; +typedef signed __int64 int64_t; + +#define HAVE_IPV6 1 +#define HAVE_AF_INET6 1 +#define HAVE_SOCKADDR_STORAGE 1 + +/* Without these, Windows will give us all sorts of crap about using functions + like strcpy() even if they are done safely */ +#define _CRT_SECURE_NO_DEPRECATE 1 +#ifndef _CRT_SECURE_NO_WARNINGS +#define _CRT_SECURE_NO_WARNINGS 1 +#endif +#pragma warning(disable: 4996) + +#ifdef __GNUC__ +#define bzero(addr, num) __builtin_memset (addr, '\0', num) +#else +#define __attribute__(x) +#endif + +#define HAVE_OPENSSL 1 +#define HAVE_SSL_SET_TLSEXT_HOST_NAME 1 +/* Apparently __func__ isn't yet supported */ +#define __func__ __FUNCTION__ + +#endif /* NBASE_WINCONFIG_H */ diff --git a/include/DomainExec/nbase/nbase_winunix.c b/include/DomainExec/nbase/nbase_winunix.c new file mode 100644 index 00000000..7350d269 --- /dev/null +++ b/include/DomainExec/nbase/nbase_winunix.c @@ -0,0 +1,284 @@ +/*************************************************************************** + * nbase_winunix.h -- Background code that allows checking for input on * + * stdin on Windows without blocking. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include + +#include "nbase.h" + +#include "nbase_winunix.h" + +/* +This code makes it possible to check for input on stdin on Windows without +blocking. There are two obstacles that need to be overcome. The first is that +select on Windows works for sockets only, not stdin. The other is that the +Windows command shell doesn't echo typed characters to the screen unless the +program is actively reading from stdin (which would normally mean blocking). + +The strategy is to create a background thread that constantly reads from stdin. +The thread blocks while reading, which lets characters be echoed. The thread +writes each block of data into an anonymous pipe. We juggle file descriptors and +Windows file handles to make the rest of the program think that the other end of +the pipe is stdin. Only the thread keeps a reference to the real stdin. Windows +has a PeekNamedPipe function that we use to check for input in the pipe without +blocking. + +Call win_stdin_start_thread to start the thread and win_stdin_ready for the +non-blocking input check. Any other operations on stdin (read, scanf, etc.) +should be transparent, except I noticed that eof(0) returns 1 when there is +nothing in the pipe, but will return 0 again if more is written to the pipe. Any +data buffered but not delivered to the program before starting the background +thread may be lost when the thread is started. +*/ + +/* The background thread that reads and buffers the true stdin. */ +static HANDLE stdin_thread = NULL; + +/* This is a copy of the true stdin file handle before any redirection. It is + read by the thread. */ +static HANDLE thread_stdin_handle = NULL; +/* The thread writes to this pipe and standard input is reassigned to be the + read end of it. */ +static HANDLE stdin_pipe_r = NULL, stdin_pipe_w = NULL; + +/* This is the thread that reads from the true stdin (thread_stdin_handle) and + writes to stdin_pipe_w, which is reassigned to be the stdin that the rest of + the program sees. Once started, it never finishes except in case of error. + win_stdin_start_thread is responsible for setting up thread_stdin_handle. */ +static DWORD WINAPI win_stdin_thread_func(void *data) { + DWORD n, nwritten; + char buffer[BUFSIZ]; + + for (;;) { + if (ReadFile(thread_stdin_handle, buffer, sizeof(buffer), &n, NULL) == 0) + break; + if (n == -1 || n == 0) + break; + + if (WriteFile(stdin_pipe_w, buffer, n, &nwritten, NULL) == 0) + break; + if (nwritten != n) + break; + } + CloseHandle(thread_stdin_handle); + CloseHandle(stdin_pipe_w); + + return 0; +} + +/* Get the newline translation mode (_O_TEXT or _O_BINARY) of a file + descriptor. _O_TEXT does CRLF-LF translation and _O_BINARY does none. + Complementary to _setmode. */ +static int _getmode(int fd) +{ + int mode; + + /* There is no standard _getmode function, but _setmode returns the + previous value. Set it to a dummy value and set it back. */ + mode = _setmode(fd, _O_BINARY); + _setmode(fd, mode); + + return mode; +} + +/* Start the reader thread and do all the file handle/descriptor redirection. + Returns nonzero on success, zero on error. */ +int win_stdin_start_thread(void) { + int stdin_fd; + int stdin_fmode; + + assert(stdin_thread == NULL); + assert(stdin_pipe_r == NULL); + assert(stdin_pipe_w == NULL); + assert(thread_stdin_handle == NULL); + + /* Create the pipe that win_stdin_thread_func writes to. We reassign the + read end to be the new stdin that the rest of the program sees. */ + if (CreatePipe(&stdin_pipe_r, &stdin_pipe_w, NULL, 0) == 0) + return 0; + + /* Make a copy of the stdin handle to be used by win_stdin_thread_func. It + will remain a reference to the the true stdin after we fake stdin to read + from the pipe instead. */ + if (DuplicateHandle(GetCurrentProcess(), GetStdHandle(STD_INPUT_HANDLE), + GetCurrentProcess(), &thread_stdin_handle, + 0, FALSE, DUPLICATE_SAME_ACCESS) == 0) { + CloseHandle(stdin_pipe_r); + CloseHandle(stdin_pipe_w); + return 0; + } + + /* Set the stdin handle to read from the pipe. */ + if (SetStdHandle(STD_INPUT_HANDLE, stdin_pipe_r) == 0) { + CloseHandle(stdin_pipe_r); + CloseHandle(stdin_pipe_w); + CloseHandle(thread_stdin_handle); + return 0; + } + /* Need to redirect file descriptor 0 also. _open_osfhandle makes a new file + descriptor from an existing handle. */ + /* Remember the newline translation mode (_O_TEXT or _O_BINARY), and + restore it in the new file descriptor. */ + stdin_fmode = _getmode(STDIN_FILENO); + stdin_fd = _open_osfhandle((intptr_t) GetStdHandle(STD_INPUT_HANDLE), _O_RDONLY | stdin_fmode); + if (stdin_fd == -1) { + CloseHandle(stdin_pipe_r); + CloseHandle(stdin_pipe_w); + CloseHandle(thread_stdin_handle); + return 0; + } + dup2(stdin_fd, STDIN_FILENO); + + /* Finally, start up the thread. We don't bother keeping a reference to it + because it runs until program termination. From here on out all reads + from the stdin handle or file descriptor 0 will be reading from the + anonymous pipe that is fed by the thread. */ + stdin_thread = CreateThread(NULL, 0, win_stdin_thread_func, NULL, 0, NULL); + if (stdin_thread == NULL) { + CloseHandle(stdin_pipe_r); + CloseHandle(stdin_pipe_w); + CloseHandle(thread_stdin_handle); + return 0; + } + + return 1; +} + +/* Check if input is available on stdin, once all the above has taken place. */ +int win_stdin_ready(void) { + DWORD n; + + assert(stdin_pipe_r != NULL); + + if (!PeekNamedPipe(stdin_pipe_r, NULL, 0, NULL, &n, NULL)) + return 1; + + return n > 0; +} diff --git a/include/DomainExec/nbase/nbase_winunix.h b/include/DomainExec/nbase/nbase_winunix.h new file mode 100644 index 00000000..909fe605 --- /dev/null +++ b/include/DomainExec/nbase/nbase_winunix.h @@ -0,0 +1,266 @@ +/*************************************************************************** + * nbase_winunix.h -- Misc. compatibility routines that generally try to * + * reproduce UNIX-centric concepts on Windows. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NBASE_WINUNIX_H +#define NBASE_WINUNIX_H + + +#include "nbase_winconfig.h" + +/* Winsock defines its own error codes that are analogous to but + different from those in . The error macros have similar + names, for example + EINTR -> WSAEINTR + ECONNREFUSED -> WSAECONNREFUSED + But the values are different. The errno codes are small integers, + while the Winsock codes start at 10000 or so. + http://msdn.microsoft.com/en-us/library/ms737828 + + Later in this file there is a block of code that defines the errno + names to their Winsock equivalents, so that you can write code using + the errno names only, and have it still work on Windows. However this + causes some problems that are worked around in the following few + lines. First, we prohibit the inclusion of , so that the + only error codes visible are those we explicitly define in this file. + This will cause a compilation error if someone uses a code we're not + yet aware of instead of using an incompatible value at runtime. + Second, because is not defined, the C++0x header + doesn't compile, so we pretend not to have C++0x to + avoid it. */ +#if _MSC_VER < 1600 /* Breaks on VS2010 and later */ +#define _INC_ERRNO /* suppress errno.h */ +#define _ERRNO_H_ /* Also for errno.h suppression */ +#define _SYSTEM_ERROR_ +#undef _HAS_CPP0X +#define _HAS_CPP0X 0 +#else +/* VS2013: we include errno.h, then redefine the constants we want. + * This may work in other versions, but haven't tested (since the other method + * has been working just fine). */ +#include +#endif + +/* Suppress winsock.h */ +#define _WINSOCKAPI_ +#define WIN32_LEAN_AND_MEAN + +#include +#include +#include /* IPv6 stuff */ +#if HAVE_WSPIAPI_H +/* is necessary for getaddrinfo before Windows XP, but it isn't + available on some platforms like MinGW. */ +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#define SIOCGIFCONF 0x8912 /* get iface list */ + +#ifndef GLOBALS +#define GLOBALS 1 + +#endif + +#define munmap(ptr, len) win32_munmap(ptr, len) + +/* Windows error message names */ +#undef ECONNABORTED +#define ECONNABORTED WSAECONNABORTED +#undef ECONNRESET +#define ECONNRESET WSAECONNRESET +#undef ECONNREFUSED +#define ECONNREFUSED WSAECONNREFUSED +#undef EAGAIN +#define EAGAIN WSAEWOULDBLOCK +#undef EWOULDBLOCK +#define EWOULDBLOCK WSAEWOULDBLOCK +#undef EHOSTUNREACH +#define EHOSTUNREACH WSAEHOSTUNREACH +#undef ENETDOWN +#define ENETDOWN WSAENETDOWN +#undef ENETUNREACH +#define ENETUNREACH WSAENETUNREACH +#undef ENETRESET +#define ENETRESET WSAENETRESET +#undef ETIMEDOUT +#define ETIMEDOUT WSAETIMEDOUT +#undef EHOSTDOWN +#define EHOSTDOWN WSAEHOSTDOWN +#undef EINPROGRESS +#define EINPROGRESS WSAEINPROGRESS +#undef EINVAL +#define EINVAL WSAEINVAL /* Invalid argument */ +#undef EPERM +#define EPERM WSAEACCES /* Operation not permitted */ +#undef EACCES +#define EACCES WSAEACCES /* Operation not permitted */ +#undef EINTR +#define EINTR WSAEINTR /* Interrupted system call */ +#undef ENOBUFS +#define ENOBUFS WSAENOBUFS /* No buffer space available */ +#undef EMSGSIZE +#define EMSGSIZE WSAEMSGSIZE /* Message too long */ +#undef ENOMEM +#define ENOMEM WSAENOBUFS +#undef ENOTSOCK +#define ENOTSOCK WSAENOTSOCK +#undef EOPNOTSUPP +#define EOPNOTSUPP WSAEOPNOTSUPP +#undef EIO +#define EIO WSASYSCALLFAILURE + +/* +This is not used by our network code, and causes problems in programs using +Nbase that legitimately use ENOENT for file operations. +#undef ENOENT +#define ENOENT WSAENOENT +*/ + +#define close(x) closesocket(x) + +typedef unsigned short u_short_t; + +int win_stdin_start_thread(void); +int win_stdin_ready(void); + +#endif /* NBASE_WINUNIX_H */ diff --git a/include/DomainExec/nbase/snprintf.c b/include/DomainExec/nbase/snprintf.c new file mode 100644 index 00000000..0680786e --- /dev/null +++ b/include/DomainExec/nbase/snprintf.c @@ -0,0 +1,647 @@ +/* Note -- this file was obtained from tcpdump-2000-9-17 CVS snapshot * + * ( www.tcpdump.org). It has been modified slightly for * + * compatibility with libnbase. Modification details may be in the * + * nbase CHANGELOG - fyodor@nmap.org */ + + +/* + * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#if HAVE_CONFIG_H +#include "nbase_config.h" +#else +#ifdef WIN32 +#include "nbase_winconfig.h" +#endif /* WIN32 */ +#endif /* HAVE_CONFIG_H */ + +#ifndef lint +static const char rcsid[] __attribute__((unused)) = + "@(#) $Header$"; +#endif + +#include +#include +#include +#include +#include +#include + +#if HAVE_LIBIBERTY_H +#include +#endif + +#include "nbase.h" + +#ifndef min +#define min(a,b) ((a)>(b)?(b):(a)) +#endif +#ifndef max +#define max(a,b) ((b)>(a)?(b):(a)) +#endif + +enum format_flags { + minus_flag = 1, + plus_flag = 2, + space_flag = 4, + alternate_flag = 8, + zero_flag = 16 +}; + +/* + * Common state + */ + +struct state { + unsigned char *str; + unsigned char *s; + unsigned char *theend; + size_t sz; + size_t max_sz; + int (*append_char)(struct state *, unsigned char); + int (*reserve)(struct state *, size_t); + /* XXX - methods */ +}; + +#ifndef HAVE_VSNPRINTF +static int +sn_reserve (struct state *state, size_t n) +{ + return state->s + n > state->theend; +} + +static int +sn_append_char (struct state *state, unsigned char c) +{ + if (sn_reserve (state, 1)) { + return 1; + } else { + *state->s++ = c; + return 0; + } +} +#endif + +static int +as_reserve (struct state *state, size_t n) +{ + if (state->s + n > state->theend) { + int off = state->s - state->str; + unsigned char *tmp; + + if (state->max_sz && state->sz >= state->max_sz) + return 1; + + state->sz = max(state->sz * 2, state->sz + n); + if (state->max_sz) + state->sz = min(state->sz, state->max_sz); + tmp = safe_realloc(state->str, state->sz); + state->str = tmp; + state->s = state->str + off; + state->theend = state->str + state->sz - 1; + } + return 0; +} + +static int +as_append_char (struct state *state, unsigned char c) +{ + if(as_reserve (state, 1)) + return 1; + else { + *state->s++ = c; + return 0; + } +} + +static int +append_number(struct state *state, + unsigned long num, unsigned base, char *rep, + int width, int prec, int flags, int minusp) +{ + int len = 0; + int i; + + /* given precision, ignore zero flag */ + if(prec != -1) + flags &= ~zero_flag; + else + prec = 1; + /* zero value with zero precision -> "" */ + if(prec == 0 && num == 0) + return 0; + do{ + if((*state->append_char)(state, rep[num % base])) + return 1; + len++; + num /= base; + }while(num); + prec -= len; + /* pad with prec zeros */ + while(prec-- > 0){ + if((*state->append_char)(state, '0')) + return 1; + len++; + } + /* add length of alternate prefix (added later) to len */ + if(flags & alternate_flag && (base == 16 || base == 8)) + len += base / 8; + /* pad with zeros */ + if(flags & zero_flag){ + width -= len; + if(minusp || (flags & space_flag) || (flags & plus_flag)) + width--; + while(width-- > 0){ + if((*state->append_char)(state, '0')) + return 1; + len++; + } + } + /* add alternate prefix */ + if(flags & alternate_flag && (base == 16 || base == 8)){ + if(base == 16) + if((*state->append_char)(state, rep[10] + 23)) /* XXX */ + return 1; + if((*state->append_char)(state, '0')) + return 1; + } + /* add sign */ + if(minusp){ + if((*state->append_char)(state, '-')) + return 1; + len++; + } else if(flags & plus_flag) { + if((*state->append_char)(state, '+')) + return 1; + len++; + } else if(flags & space_flag) { + if((*state->append_char)(state, ' ')) + return 1; + len++; + } + if(flags & minus_flag) + /* swap before padding with spaces */ + for(i = 0; i < len / 2; i++){ + char c = state->s[-i-1]; + state->s[-i-1] = state->s[-len+i]; + state->s[-len+i] = c; + } + width -= len; + while(width-- > 0){ + if((*state->append_char)(state, ' ')) + return 1; + len++; + } + if(!(flags & minus_flag)) + /* swap after padding with spaces */ + for(i = 0; i < len / 2; i++){ + char c = state->s[-i-1]; + state->s[-i-1] = state->s[-len+i]; + state->s[-len+i] = c; + } + + return 0; +} + +static int +append_string (struct state *state, + unsigned char *arg, + int width, + int prec, + int flags) +{ + if(!arg) + arg = (unsigned char *) "(null)"; + if(prec != -1) + width -= prec; + else + width -= strlen((char *)arg); + if(!(flags & minus_flag)) + while(width-- > 0) + if((*state->append_char) (state, ' ')) + return 1; + if (prec != -1) { + while (*arg && prec--) + if ((*state->append_char) (state, *arg++)) + return 1; + } else { + while (*arg) + if ((*state->append_char) (state, *arg++)) + return 1; + } + if(flags & minus_flag) + while(width-- > 0) + if((*state->append_char) (state, ' ')) + return 1; + return 0; +} + +static int +append_char(struct state *state, + unsigned char arg, + int width, + int flags) +{ + while(!(flags & minus_flag) && --width > 0) + if((*state->append_char) (state, ' ')) + return 1; + + if((*state->append_char) (state, arg)) + return 1; + while((flags & minus_flag) && --width > 0) + if((*state->append_char) (state, ' ')) + return 1; + + return 0; +} + +/* + * This can't be made into a function... + */ + +#define PARSE_INT_FORMAT(res, arg, unsig) \ +if (long_flag) \ + res = (unsig long)va_arg(arg, unsig long); \ +else if (short_flag) \ + res = (unsig short)va_arg(arg, unsig int); \ +else \ + res = (unsig int)va_arg(arg, unsig int) + +/* + * zyxprintf - return 0 or -1 + */ + +static int +xyzprintf (struct state *state, const char *char_format, va_list ap) +{ + const unsigned char *format = (const unsigned char *)char_format; + unsigned char c; + + while((c = *format++)) { + if (c == '%') { + int flags = 0; + int width = 0; + int prec = -1; + int long_flag = 0; + int short_flag = 0; + + /* flags */ + while((c = *format++)){ + if(c == '-') + flags |= minus_flag; + else if(c == '+') + flags |= plus_flag; + else if(c == ' ') + flags |= space_flag; + else if(c == '#') + flags |= alternate_flag; + else if(c == '0') + flags |= zero_flag; + else + break; + } + + if((flags & space_flag) && (flags & plus_flag)) + flags ^= space_flag; + + if((flags & minus_flag) && (flags & zero_flag)) + flags ^= zero_flag; + + /* width */ + if (isdigit((int) c)) + do { + width = width * 10 + c - '0'; + c = *format++; + } while(isdigit((int) c)); + else if(c == '*') { + width = va_arg(ap, int); + c = *format++; + } + + /* precision */ + if (c == '.') { + prec = 0; + c = *format++; + if (isdigit((int) c)) + do { + prec = prec * 10 + c - '0'; + c = *format++; + } while(isdigit((int) c)); + else if (c == '*') { + prec = va_arg(ap, int); + c = *format++; + } + } + + /* size */ + + if (c == 'h') { + short_flag = 1; + c = *format++; + } else if (c == 'l') { + long_flag = 1; + c = *format++; + } + + switch (c) { + case 'c' : + if(append_char(state, va_arg(ap, int), width, flags)) + return -1; + break; + case 's' : + if (append_string(state, + va_arg(ap, unsigned char*), + width, + prec, + flags)) + return -1; + break; + case 'd' : + case 'i' : { + long arg; + unsigned long num; + int minusp = 0; + + PARSE_INT_FORMAT(arg, ap, signed); + + if (arg < 0) { + minusp = 1; + num = -arg; + } else + num = arg; + + if (append_number (state, num, 10, "0123456789", + width, prec, flags, minusp)) + return -1; + break; + } + case 'u' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 10, "0123456789", + width, prec, flags, 0)) + return -1; + break; + } + case 'o' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 010, "01234567", + width, prec, flags, 0)) + return -1; + break; + } + case 'x' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 0x10, "0123456789abcdef", + width, prec, flags, 0)) + return -1; + break; + } + case 'X' :{ + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 0x10, "0123456789ABCDEF", + width, prec, flags, 0)) + return -1; + break; + } + case 'p' : { + unsigned long arg = (unsigned long)va_arg(ap, void*); + + if (append_number (state, arg, 0x10, "0123456789ABCDEF", + width, prec, flags, 0)) + return -1; + break; + } + case 'n' : { + int *arg = va_arg(ap, int*); + *arg = state->s - state->str; + break; + } + case '\0' : + --format; + /* FALLTHROUGH */ + case '%' : + if ((*state->append_char)(state, c)) + return -1; + break; + default : + if ( (*state->append_char)(state, '%') + || (*state->append_char)(state, c)) + return -1; + break; + } + } else + if ((*state->append_char) (state, c)) + return -1; + } + return 0; +} + +#ifndef HAVE_SNPRINTF +int +snprintf (char *str, size_t sz, const char *format, ...) +{ + va_list args; + int ret; + + va_start(args, format); + ret = vsnprintf (str, sz, format, args); + va_end(args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + + tmp = safe_malloc (sz); + + va_start(args, format); + ret2 = vsprintf (tmp, format, args); + va_end(args); + if (ret != ret2 || strcmp(str, tmp)) + abort (); + free (tmp); + } +#endif + + return ret; +} +#endif + + +#ifndef HAVE_VASNPRINTF +int +vasnprintf (char **ret, size_t max_sz, const char *format, va_list args) +{ + int st; + size_t len; + struct state state; + + state.max_sz = max_sz; + state.sz = 1; + state.str = safe_malloc(state.sz); + state.s = state.str; + state.theend = state.s + state.sz - 1; + state.append_char = as_append_char; + state.reserve = as_reserve; + + st = xyzprintf (&state, format, args); + if (st) { + free (state.str); + *ret = NULL; + return -1; + } else { + char *tmp; + + *state.s = '\0'; + len = state.s - state.str; + tmp = safe_realloc(state.str, len+1); + if (tmp == NULL) { + free (state.str); + *ret = NULL; + return -1; + } + *ret = tmp; + return len; + } +} +#endif + +#ifndef HAVE_VASPRINTF +int +vasprintf (char **ret, const char *format, va_list args) +{ + return vasnprintf (ret, 0, format, args); +} +#endif + +#ifndef HAVE_ASPRINTF +int +asprintf (char **ret, const char *format, ...) +{ + va_list args; + int val; + + va_start(args, format); + val = vasprintf (ret, format, args); + va_end(args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + tmp = safe_malloc (val + 1); + + va_start(args, format); + ret2 = vsprintf (tmp, format, args); + va_end(args); + if (val != ret2 || strcmp(*ret, tmp)) + abort (); + free (tmp); + } +#endif + + return val; +} +#endif + +#ifndef HAVE_ASNPRINTF +int +asnprintf (char **ret, size_t max_sz, const char *format, ...) +{ + va_list args; + int val; + + va_start(args, format); + val = vasnprintf (ret, max_sz, format, args); + va_end(args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + tmp = safe_malloc (val + 1); + + va_start(args, format); + ret2 = vsprintf (tmp, format, args); + va_end(args); + if (val != ret2 || strcmp(*ret, tmp)) + abort (); + free (tmp); + } +#endif + + return val; +} +#endif + + + +#ifndef HAVE_VSNPRINTF +int +vsnprintf (char *str, size_t sz, const char *format, va_list args) +{ + struct state state; + int ret; + unsigned char *ustr = (unsigned char *)str; + + state.max_sz = 0; + state.sz = sz; + state.str = ustr; + state.s = ustr; + state.theend = ustr + sz - 1; + state.append_char = sn_append_char; + state.reserve = sn_reserve; + + ret = xyzprintf (&state, format, args); + *state.s = '\0'; + if (ret) + return -1; + else + return state.s - state.str; +} +#endif + diff --git a/include/DomainExec/nbase/strcasecmp.c b/include/DomainExec/nbase/strcasecmp.c new file mode 100644 index 00000000..f0809e74 --- /dev/null +++ b/include/DomainExec/nbase/strcasecmp.c @@ -0,0 +1,184 @@ + +/*************************************************************************** + * strcasecmp.c -- strcasecmp and strncasecmp for systems (like Windows) * + * which do not already have them. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#if !defined(HAVE_STRCASECMP) || !defined(HAVE_STRNCASECMP) +#include +#include +#include "nbase.h" +#endif + +#ifndef HAVE_STRCASECMP +int strcasecmp(const char *s1, const char *s2) +{ + int i, ret; + char *cp1, *cp2; + + cp1 = safe_malloc(strlen(s1) + 1); + cp2 = safe_malloc(strlen(s2) + 1); + + for (i = 0; i < strlen(s1) + 1; i++) + cp1[i] = tolower((int) (unsigned char) s1[i]); + for (i = 0; i < strlen(s2) + 1; i++) + cp2[i] = tolower((int) (unsigned char) s2[i]); + + ret = strcmp(cp1, cp2); + + free(cp1); + free(cp2); + + return ret; +} +#endif + +#ifndef HAVE_STRNCASECMP +int strncasecmp(const char *s1, const char *s2, size_t n) +{ + int i, ret; + char *cp1, *cp2; + + cp1 = safe_malloc(strlen(s1) + 1); + cp2 = safe_malloc(strlen(s2) + 1); + + for (i = 0; i < strlen(s1) + 1; i++) + cp1[i] = tolower((int) (unsigned char) s1[i]); + for (i = 0; i < strlen(s2) + 1; i++) + cp2[i] = tolower((int) (unsigned char) s2[i]); + + ret = strncmp(cp1, cp2, n); + + free(cp1); + free(cp2); + + return ret; +} +#endif + diff --git a/include/DomainExec/nbase/test/nmakefile b/include/DomainExec/nbase/test/nmakefile new file mode 100644 index 00000000..bf3f5214 --- /dev/null +++ b/include/DomainExec/nbase/test/nmakefile @@ -0,0 +1,13 @@ +# Build nbase in Visual C++ (so ..\nbase.lib exists). Then open a Visual +# Studio Command Prompt (from the Start menu), and run: +# nmake /F nmakefile + +!include + +all: test-escape_windows_command_arg + +.c.obj: + $(cc) /c /D WIN32=1 /I .. $*.c + +test-escape_windows_command_arg: test-escape_windows_command_arg.obj + $(link) /OUT:test-escape_windows_command_arg.exe test-escape_windows_command_arg.obj /NODEFAULTLIB:LIBCMT ..\nbase.lib shell32.lib diff --git a/include/DomainExec/nbase/test/test-escape_windows_command_arg.c b/include/DomainExec/nbase/test/test-escape_windows_command_arg.c new file mode 100644 index 00000000..4b7bcdc8 --- /dev/null +++ b/include/DomainExec/nbase/test/test-escape_windows_command_arg.c @@ -0,0 +1,204 @@ +/* +Usage: test-escape_windows_command_arg.exe + +This is a test program for the escape_windows_command_arg function from +nbase_str.c. Its code is strictly Windows-specific. Basically, it performs +escape_windows_command_arg on arrays of strings merging its results with spaces +and tests if an attempt to decode them with CommandLineToArgvW results in the +same strings. +*/ + +#include +#include +#include + +#include "nbase.h" + +#include + +const char *TESTS[][5] = { + { NULL }, + {"", NULL}, + {"", "", NULL}, + {"1", "2", "3", "4", NULL}, + {"a", "b", "c", NULL}, + {"a b", "c", NULL}, + {"a b c", NULL}, + {" a b c ", NULL}, + {"\"quote\"", NULL}, + {"back\\slash", NULL}, + {"backslash at end\\", NULL}, + {"double\"\"quote", NULL}, + {" a\nb\tc\rd\ne", NULL}, + {"..\\test\\toupper.lua", NULL}, + {"backslash at end\\", "som\\ething\"af\\te\\r", NULL}, + {"three\\\\\\backslashes", "som\\ething\"af\\te\\r", NULL}, + {"three\"\"\"quotes", "som\\ething\"af\\te\\r", NULL}, +}; + +static LPWSTR utf8_to_wchar(const char *s) +{ + LPWSTR result; + int size, ret; + + /* Get needed buffer size. */ + size = MultiByteToWideChar(CP_UTF8, 0, s, -1, NULL, 0); + if (size == 0) { + fprintf(stderr, "MultiByteToWideChar 1 failed: %d\n", GetLastError()); + exit(1); + } + result = (LPWSTR) malloc(sizeof(*result) * size); + ret = MultiByteToWideChar(CP_UTF8, 0, s, -1, result, size); + if (ret == 0) { + fprintf(stderr, "MultiByteToWideChar 2 failed: %d\n", GetLastError()); + exit(1); + } + + return result; +} + +static char *wchar_to_utf8(const LPWSTR s) +{ + char *result; + int size, ret; + + /* Get needed buffer size. */ + size = WideCharToMultiByte(CP_UTF8, 0, s, -1, NULL, 0, NULL, NULL); + if (size == 0) { + fprintf(stderr, "WideCharToMultiByte 1 failed: %d\n", GetLastError()); + exit(1); + } + result = (char *) malloc(size); + ret = WideCharToMultiByte(CP_UTF8, 0, s, -1, result, size, NULL, NULL); + if (ret == 0) { + fprintf(stderr, "WideCharToMultiByte 2 failed: %d\n", GetLastError()); + exit(1); + } + + return result; +} + +static char **wchar_to_utf8_array(const LPWSTR a[], unsigned int len) +{ + char **result; + unsigned int i; + + result = (char **) malloc(sizeof(*result) * len); + if (result == NULL) + return NULL; + for (i = 0; i < len; i++) + result[i] = wchar_to_utf8(a[i]); + + return result; +} + +static unsigned int nullarray_length(const char *a[]) +{ + unsigned int i; + + for (i = 0; a[i] != NULL; i++) + ; + + return i; +} + +static char *append(char *p, const char *s) +{ + size_t plen, slen; + + plen = strlen(p); + slen = strlen(s); + p = (char *) realloc(p, plen + slen + 1); + if (p == NULL) + return NULL; + + return strncat(p, s, plen+slen); +} + +/* Turns an array of strings into an escaped flat command line. */ +static LPWSTR build_commandline(const char *args[], unsigned int len) +{ + unsigned int i; + char *result; + + result = strdup("progname"); + for (i = 0; i < len; i++) { + result = append(result, " "); + result = append(result, escape_windows_command_arg(args[i])); + } + + return utf8_to_wchar(result); +} + +static int arrays_equal(const char **a, unsigned int alen, const char **b, unsigned int blen) +{ + unsigned int i; + + if (alen != blen) + return 0; + for (i = 0; i < alen; i++) { + if (strcmp(a[i], b[i]) != 0) + return 0; + } + + return 1; +} + +static char *format_array(const char **args, unsigned int len) +{ + char *result; + unsigned int i; + + result = strdup(""); + result = append(result, "{"); + for (i = 0; i < len; i++) { + if (i > 0) + result = append(result, ", "); + result = append(result, "["); + result = append(result, args[i]); + result = append(result, "]"); + } + result = append(result, "}"); + + return result; +} + +static int run_test(const char *args[]) +{ + LPWSTR *argvw; + char **result; + int args_len, argvw_len, result_len; + + args_len = nullarray_length(args); + argvw = CommandLineToArgvW(build_commandline(args, args_len), &argvw_len); + /* Account for added argv[0] in argvw. */ + result = wchar_to_utf8_array(argvw+1, argvw_len-1); + result_len = argvw_len - 1; + + if (arrays_equal((const char **) result, result_len, args, args_len)) { + printf("PASS %s\n", format_array(args, args_len)); + return 1; + } else { + printf("FAIL got %s\n", format_array((const char **) result, result_len)); + printf("expected %s\n", format_array(args, args_len)); + return 0; + } +} + +int main(int argc, char *argv[]) +{ + unsigned int num_tests, num_passed; + unsigned int i; + + num_tests = 0; + num_passed = 0; + for (i = 0; i < sizeof(TESTS) / sizeof(*TESTS); i++) { + num_tests++; + if (run_test(TESTS[i])) + num_passed++; + } + + printf("%ld / %ld tests passed.\n", num_passed, num_tests); + + return num_passed == num_tests ? 0 : 1; +} diff --git a/include/DomainExec/nsock/examples/Makefile b/include/DomainExec/nsock/examples/Makefile new file mode 100644 index 00000000..de40593d --- /dev/null +++ b/include/DomainExec/nsock/examples/Makefile @@ -0,0 +1,29 @@ +CC = gcc +CCOPT = +DEFS = +NBASEDIR=../../nbase +NSOCKLIB=../src/libnsock.a +NBASELIB=$(NBASEDIR)/libnbase.a +OPENSSLLIB=-lssl -lpcap -lcrypto +INCLS = -I../include -I$(NBASEDIR) +CFLAGS = -I/usr/local/include -Wall -g $(CCOPT) $(DEFS) $(INCLS) +LDFLAGS = +PCAPBASEDIR=../../libpcap +PCAPLIB=$(PCAPBASEDIR)/libpcap.a +RM = rm -f + +TARGETS = nsock_test_timers nsock_telnet + +all: $(TARGETS) + +nsock_telnet: nsock_telnet.o $(NSOCKLIB) + $(CC) -o $@ $(CFLAGS) nsock_telnet.o $(NSOCKLIB) $(NBASELIB) $(OPENSSLLIB) + +nsock_test_timers: nsock_test_timers.o $(NSOCKLIB) + $(CC) -o $@ $(CFLAGS) nsock_test_timers.o $(NSOCKLIB) $(NBASELIB) $(OPENSSLLIB) + +nsock_pcap: nsock_pcap.o $(NSOCKLIB) $(PCAPLIB) + $(CC) -o $@ $(CFLAGS) nsock_pcap.o $(NSOCKLIB) $(NBASELIB) $(OPENSSLLIB) $(PCAPLIB) + +clean: + $(RM) *.o $(TARGETS) diff --git a/include/DomainExec/nsock/examples/README b/include/DomainExec/nsock/examples/README new file mode 100644 index 00000000..d3c66f59 --- /dev/null +++ b/include/DomainExec/nsock/examples/README @@ -0,0 +1,9 @@ +$Id$ + +Here are some example programs, they weren't really written to +present nice and elegant use of the nsock library. They were +actually written for my testing purposes during development. So don't +be surprised if you see code that looks strange, or even downright +evil -- I'm testing the code reliability. + +-Fyodor \ No newline at end of file diff --git a/include/DomainExec/nsock/examples/nsock_telnet.c b/include/DomainExec/nsock/examples/nsock_telnet.c new file mode 100644 index 00000000..854f63cb --- /dev/null +++ b/include/DomainExec/nsock/examples/nsock_telnet.c @@ -0,0 +1,263 @@ +/*************************************************************************** + * nsock_telnet.c -- A simple "telnet" client -- a trivial example of * + * using the nsock parallel socket event library * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + + +#include "nsock.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +/* #include */ + +/* from nbase.h */ +int socket_errno(); + + +extern char *optarg; + +extern int optind; + +struct telnet_state { + nsock_iod tcp_nsi; + nsock_iod stdin_nsi; + nsock_event_id latest_readtcpev; + nsock_event_id latest_readstdinev; + void *ssl_session; +}; + +/* Tries to resolve given hostname and stores + result in ip . returns 0 if hostname cannot + be resolved */ +int resolve(char *hostname, struct in_addr *ip) { + struct hostent *h; + + if (!hostname || !*hostname) { + fprintf(stderr, "NULL or zero-length hostname passed to resolve(). Quitting.\n"); + exit(1); + } + + if (inet_aton(hostname, ip)) + return 1; /* damn, that was easy ;) */ + if ((h = gethostbyname(hostname))) { + memcpy(ip, h->h_addr_list[0], sizeof(struct in_addr)); + return 1; + } + return 0; +} + +void telnet_event_handler(nsock_pool nsp, nsock_event nse, void *mydata) { + nsock_iod nsi = nse_iod(nse); + enum nse_status status = nse_status(nse); + enum nse_type type = nse_type(nse); + struct sockaddr_in peer; + struct telnet_state *ts; + int nbytes; + char *str; + int read_timeout = -1; + int write_timeout = 2000; + ts = (struct telnet_state *)mydata; + + printf("telnet_event_handler: Received callback of type %s with status %s\n", nse_type2str(type), nse_status2str(status)); + + if (status == NSE_STATUS_SUCCESS) { + switch (type) { + case NSE_TYPE_CONNECT: + case NSE_TYPE_CONNECT_SSL: + nsock_iod_get_communication_info(nsi, NULL, NULL, NULL, (struct sockaddr *)&peer, sizeof peer); + printf("Successfully connected %sto %s:%hu -- start typing lines\n", (type == NSE_TYPE_CONNECT_SSL) ? "(SSL!) " : "", inet_ntoa(peer.sin_addr), ntohs(peer.sin_port)); + /* First of all, lets add STDIN to our list of watched filehandles */ + if ((ts->stdin_nsi = nsock_iod_new2(nsp, STDIN_FILENO, NULL)) == NULL) { + fprintf(stderr, "Failed to create stdin msi\n"); + exit(1); + } + + /* Now lets read from stdin and the network, line buffered (by nsock) */ + ts->latest_readtcpev = nsock_readlines(nsp, ts->tcp_nsi, telnet_event_handler, read_timeout, ts, 1); + ts->latest_readstdinev = nsock_readlines(nsp, ts->stdin_nsi, telnet_event_handler, read_timeout, ts, 1); + break; + case NSE_TYPE_READ: + str = nse_readbuf(nse, &nbytes); + if (nsi == ts->tcp_nsi) { + printf("%s", str); + /* printf("Read from tcp socket (%d bytes):\n%s", nbytes, str); */ + ts->latest_readtcpev = nsock_readlines(nsp, ts->tcp_nsi, telnet_event_handler, read_timeout, ts, 1); + } else { + /* printf("Read from stdin (%d bytes):\n%s", nbytes, str); */ + nsock_write(nsp, ts->tcp_nsi, telnet_event_handler, write_timeout, ts, str, nbytes); + ts->latest_readstdinev = nsock_readlines(nsp, ts->stdin_nsi, telnet_event_handler, read_timeout, ts, 1); + } + break; + case NSE_TYPE_WRITE: + /* Nothing to do, really */ + break; + case NSE_TYPE_TIMER: + break; + default: + fprintf(stderr, "telnet_event_handler: Got bogus type -- quitting\n"); + exit(1); + break; + } + } else if (status == NSE_STATUS_EOF) { + printf("Got EOF from %s\nCancelling outstanding readevents.\n", (nsi == ts->tcp_nsi) ? "tcp socket" : "stdin"); + /* One of these is the event I am currently handling! But I wanted to + be evil when testing this out... */ + if (nsock_event_cancel(nsp, ts->latest_readtcpev, 1) != 0) { + printf("Cancelled tcp event: %li\n", ts->latest_readtcpev); + } + if (nsock_event_cancel(nsp, ts->latest_readstdinev, 1) != 0) { + printf("Cancelled stdin event: %li\n", ts->latest_readstdinev); + } + } else if (status == NSE_STATUS_ERROR) { + if (nsock_iod_check_ssl(nsi)) { + printf("SSL %s failed: %s\n", nse_type2str(type), ERR_error_string(ERR_get_error(), NULL)); + } else { + int err; + + err = nse_errorcode(nse); + printf("%s failed: (%d) %s\n", nse_type2str(type), err, strerror(err)); + } + } + return; +} + +void usage() { + fprintf(stderr, "\nUsage: nsock_telnet [-s] [portnum]\n" " Where -s enables SSL for the connection\n\n"); + exit(1); +} + +int main(int argc, char *argv[]) { + struct in_addr target; + nsock_pool nsp; + nsock_event_id ev; + unsigned short portno; + enum nsock_loopstatus loopret; + struct telnet_state ts; + int c; + int usessl = 0; + struct timeval now; + struct sockaddr_in taddr; + + ts.stdin_nsi = NULL; + + while ((c = getopt(argc, argv, "s")) != -1) { + switch (c) { + case 's': + usessl = 1; + break; + default: + usage(); + break; + } + } + + if (argc - optind <= 0 || argc - optind > 2) + usage(); + + + if (!resolve(argv[optind], &target)) { + fprintf(stderr, "Failed to resolve target host: %s\nQUITTING.\n", argv[optind]); + exit(1); + } + optind++; + + if (optind < argc) + portno = atoi(argv[optind]); + else + portno = 23; + + /* OK, we start with creating a p00l */ + if ((nsp = nsock_pool_new(NULL)) == NULL) { + fprintf(stderr, "Failed to create new pool. QUITTING.\n"); + exit(1); + } + + gettimeofday(&now, NULL); + + if ((ts.tcp_nsi = nsock_iod_new(nsp, NULL)) == NULL) { + fprintf(stderr, "Failed to create new nsock_iod. QUITTING.\n"); + exit(1); + } + + taddr.sin_family = AF_INET; + taddr.sin_addr = target; + taddr.sin_port = portno; + + if (usessl) { + ts.ssl_session = NULL; + ev = nsock_connect_ssl(nsp, ts.tcp_nsi, telnet_event_handler, 10000, &ts, (struct sockaddr *)&taddr, sizeof taddr, IPPROTO_TCP, portno, ts.ssl_session); + } else + ev = nsock_connect_tcp(nsp, ts.tcp_nsi, telnet_event_handler, 10000, &ts, (struct sockaddr *)&taddr, sizeof taddr, portno); + + printf("The event id is %lu -- initiating l00p\n", ev); + + /* Now lets get this party started right! */ + loopret = nsock_loop(nsp, -1); + + printf("nsock_loop returned %d\n", (int)loopret); + + return 0; +} diff --git a/include/DomainExec/nsock/examples/nsock_test_timers.c b/include/DomainExec/nsock/examples/nsock_test_timers.c new file mode 100644 index 00000000..a02a3830 --- /dev/null +++ b/include/DomainExec/nsock/examples/nsock_test_timers.c @@ -0,0 +1,166 @@ +/*************************************************************************** + * nsock_test_timers.c -- A test program to exercise the nsock timer * + * routines. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + + +#include "nsock.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +nsock_event_id ev_ids[2048]; + +int num_ids = 0; + +nsock_event_id request_timer(nsock_pool nsp, nsock_ev_handler handler, int timeout_msecs, void *userdata) { + nsock_event_id id; + + id = nsock_timer_create(nsp, handler, timeout_msecs, userdata); + printf("%ld: Created timer ID %li for %d ms from now\n", time(NULL), id, timeout_msecs); + + return id; + +} + +int try_cancel_timer(nsock_pool nsp, int idx, int notify) { + int res; + + printf("%ld:Attempting to cancel id %li (idx %d) %s notify.\n", time(NULL), ev_ids[idx], idx, ((notify) ? "WITH" : "WITHOUT")); + res = nsock_event_cancel(nsp, ev_ids[idx], notify); + printf("Kill of %li %s\n", ev_ids[idx], (res == 0) ? "FAILED" : "SUCCEEDED"); + return res; +} + +void timer_handler(nsock_pool nsp, nsock_event nse, void *mydata) { + enum nse_status status = nse_status(nse); + enum nse_type type = nse_type(nse); + int rnd, rnd2; + + printf("%ld:timer_handler: Received callback of type %s; status %s; id %li\n", time(NULL), nse_type2str(type), nse_status2str(status), nse_id(nse)); + + rnd = rand() % num_ids; + rnd2 = rand() % 3; + + if (num_ids > (sizeof(ev_ids) / sizeof(nsock_event_id)) - 3) { + printf("\n\nSUCCEEDED DUE TO CREATING ENOUGH EVENTS THAT IT WAS GOING TO OVERFLOW MY BUFFER :)\n\n"); + exit(0); + } + + if (status == NSE_STATUS_SUCCESS) { + switch (rnd2) { + case 0: + /* do nothing */ + /* Actually I think I'll create two timers :) */ + ev_ids[num_ids++] = request_timer(nsp, timer_handler, rand() % 3000, NULL); + ev_ids[num_ids++] = request_timer(nsp, timer_handler, rand() % 3000, NULL); + break; + case 1: + /* Kill another id (which may or may not be active */ + try_cancel_timer(nsp, rnd, rand() % 2); + break; + case 2: + /* Create a new timer */ + ev_ids[num_ids++] = request_timer(nsp, timer_handler, rand() % 3000, NULL); + break; + default: + assert(0); + } + } +} + +int main(int argc, char *argv[]) { + nsock_pool nsp; + enum nsock_loopstatus loopret; + int num_loops = 0; + + srand(time(NULL)); + /* OK, we start with creating a p00l */ + if ((nsp = nsock_pool_new(NULL)) == NULL) { + fprintf(stderr, "Failed to create new pool. QUITTING.\n"); + exit(1); + } + + ev_ids[num_ids++] = request_timer(nsp, timer_handler, 1800, NULL); + ev_ids[num_ids++] = request_timer(nsp, timer_handler, 800, NULL); + ev_ids[num_ids++] = request_timer(nsp, timer_handler, 1300, NULL); + ev_ids[num_ids++] = request_timer(nsp, timer_handler, 0, NULL); + ev_ids[num_ids++] = request_timer(nsp, timer_handler, 100, NULL); + + /* Now lets get this party started right! */ + while (num_loops++ < 5) { + loopret = nsock_loop(nsp, 1500); + if (loopret == NSOCK_LOOP_TIMEOUT) + printf("Finished l00p #%d due to l00p timeout :) I may do another\n", num_loops); + else if (loopret == NSOCK_LOOP_NOEVENTS) { + printf("SUCCESS -- NO EVENTS LEFT\n"); + exit(0); + } else { + printf("nsock_loop FAILED!\n"); + exit(1); + } + } + printf("Trying to kill my msp!\n"); + nsock_pool_delete(nsp); + printf("SUCCESS -- completed %d l00ps.\n", num_loops); + + return 0; +} diff --git a/include/DomainExec/nsock/include/nsock.h b/include/DomainExec/nsock/include/nsock.h new file mode 100644 index 00000000..b4b4488c --- /dev/null +++ b/include/DomainExec/nsock/include/nsock.h @@ -0,0 +1,696 @@ +/*************************************************************************** + * nsock.h -- public interface definitions for the nsock parallel socket * + * event library * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NSOCK_H +#define NSOCK_H + +/* Keep assert() defined for security reasons */ +#undef NDEBUG + +#ifndef WIN32 +#include "nsock_config.h" +#else +#include "nsock_winconfig.h" +#endif + +#include +#include +#ifndef WIN32 +#include +#include +#include +#include +#else +#include /* for struct timeval... */ +#endif + +#if HAVE_SYS_UN_H +#include + +#ifndef SUN_LEN +#include +#define SUN_LEN(ptr) ((sizeof(*(ptr)) - sizeof((ptr)->sun_path)) \ + + strlen((ptr)->sun_path)) +#endif +#endif /* HAVE_SYS_UN_H */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* The read calls will generally return after reading at least this + * much data so that the caller can process it and so that the + * connection spewing data doesn't monopolize resources. The caller + * can always initiate another read request to ask for more. */ +#define NSOCK_READ_CHUNK_SIZE 0x8FFFF + +struct npool; +struct niod; +struct nevent; +struct proxy_chain; + +/* ------------------- TYPEDEFS ------------------- */ + +/* nsock_pool, nsock_iod, and nsock_event are opaque objects that should + * only be accessed using the appropriate accessor functions (described below). */ + +/* An nsock_pool aggregates and manages events and i/o descriptors */ +typedef struct npool *nsock_pool; + +/* nsock_iod is an I/O descriptor -- you create it and then use it to + * make calls to do connect()s, read()s, write()s, etc. A single IOD can handle + * multiple event calls, but only one at a time. Also the event calls must be in + * a "reasonable" order. For example, you might start with nsock_connect_tcp() + * followed by a bunch of nsock_read* and nsock_write* calls. Then you either + * destroy the iod for good with nsock_iod_delete() and allocate a new one via + * nsock_iod_new for your next connection. */ +typedef struct niod *nsock_iod; + +/* An event is created when you do various calls (for reading, writing, + * connecting, timers, etc) and is provided back to you in the callback when the + * call completes/fails. It is automatically destroyed after the callback */ +typedef struct nevent *nsock_event; + +/* Provided by calls which (internally) create an nsock_event. This allows you + * to cancel the event */ +typedef unsigned long nsock_event_id; + +/* This is used to save SSL sessionids between SSL connections */ +typedef void *nsock_ssl_session; +typedef void *nsock_ssl_ctx; +typedef void *nsock_ssl; + +typedef struct proxy_chain *nsock_proxychain; + + +/* Logging-related data structures */ + +typedef enum { + /* -- + * Actual message priority values */ + NSOCK_LOG_DBG_ALL, + NSOCK_LOG_DBG, + NSOCK_LOG_INFO, + NSOCK_LOG_ERROR, + /* -- + * No messages are issued by nsock with this value. + * Users can therefore set loglevel to NSOCK_LOG_NONE + * to disable logging */ + NSOCK_LOG_NONE +} nsock_loglevel_t; + +struct nsock_log_rec { + /* Message emission time */ + struct timeval time; + /* Message log level */ + nsock_loglevel_t level; + /* Source file */ + const char *file; + /* Statement line in nsock source */ + int line; + /* Function that emitted the message */ + const char *func; + /* Actual log message */ + char *msg; +}; + +/* Nsock logging function. This function receives all nsock log records whose + * level is greater than or equal to nsp loglevel. The rec structure is + * allocated and freed by nsock. */ +typedef void (*nsock_logger_t)(const struct nsock_log_rec *rec); + + +/* ------------------- PROTOTYPES ------------------- */ + +/* Here is the all important looping function that tells the event + * engine to start up and begin processing events. It will continue until all + * events have been delivered (including new ones started from event handlers), + * or the msec_timeout is reached, or a major error has occurred. Use -1 if you + * don't want to set a maximum time for it to run. A timeout of 0 will return + * after 1 non-blocking loop. The nsock loop can be restarted again after it + * returns. For example you could do a series of 15 second runs, allowing you + * to do other stuff between them. Or you could just schedule a timer to call + * you back every 15 seconds. */ +enum nsock_loopstatus { + NSOCK_LOOP_NOEVENTS = 2, + NSOCK_LOOP_TIMEOUT, + NSOCK_LOOP_ERROR, + NSOCK_LOOP_QUIT +}; + +enum nsock_loopstatus nsock_loop(nsock_pool nsp, int msec_timeout); + +/* Calling this function will cause nsock_loop to quit on its next iteration + * with a return value of NSOCK_LOOP_QUIT. */ +void nsock_loop_quit(nsock_pool nsp); + +/* This next function returns the errno style error code -- which is only valid + * if the status is NSOCK_LOOP_ERROR was returned by nsock_loop() */ +int nsock_pool_get_error(nsock_pool nsp); + +nsock_ssl nsock_iod_get_ssl(nsock_iod nsockiod); + +/* Note that nsock_iod_get_ssl_session will increment the usage count of the + * SSL_SESSION if inc_ref is not zero, since nsock does a free when the IOD + * is destroyed. It's up to any calling function/etc to do a SSL_SESSION_free() + * on it. Passing in inc_ref=0 doesn't increment, and is for informational + * purposes only. */ +nsock_ssl_session nsock_iod_get_ssl_session(nsock_iod nsockiod, int inc_ref); + +/* Sometimes it is useful to store a pointer to information inside the NSP so + * you can retrieve it during a callback. */ +void nsock_pool_set_udata(nsock_pool nsp, void *data); + +/* And the function above wouldn't make much sense if we didn't have a way to + * retrieve that data ... */ +void *nsock_pool_get_udata(nsock_pool nsp); + +/* Turns on or off broadcast support on new sockets. Default is off (0, false) + * set in nsock_pool_new(). Any non-zero (true) value sets SO_BROADCAST on all + * new sockets (value of optval will be used directly in the setsockopt() call). */ +void nsock_pool_set_broadcast(nsock_pool nsp, int optval); + +/* Sets the name of the interface for new sockets to bind to. */ +void nsock_pool_set_device(nsock_pool nsp, const char *device); + +/* Initializes an Nsock pool to create SSL connections. This sets an internal + * SSL_CTX, which is like a template that sets options for all connections that + * are made from it. Returns the SSL_CTX so you can set your own options. + * + * Use the NSOCK_SSL_MAX_SPEED to emphasize speed over security. + * Insecure ciphers are used when they are faster and no certificate + * verification is done. + * + * Returns the SSL_CTX so you can set your own options. + * By default, do no server certificate verification. To enable it, do + * something like: + * SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + * + * on the SSL_CTX returned. If you do, it is then up to the application to + * load trusted certificates with SSL_CTX_load_verify_locations or + * SSL_CTX_set_default_verify_paths, or else every connection will fail. It + * is also up to the application to do any further checks such as domain name + * validation. */ +#define NSOCK_SSL_MAX_SPEED (1 << 0) +nsock_ssl_ctx nsock_pool_ssl_init(nsock_pool ms_pool, int flags); + +/* Initializes an Nsock pool to create a DTLS connect. This sets and internal + * SSL_CTX, which is like a template that sets options for all connections that + * are made from it. Returns the SSL_CTX so tyou can set your own options. + * + * Functionally similar to nsock_pool_ssl_init, just for the DTLS */ +nsock_ssl_ctx nsock_pool_dtls_init(nsock_pool ms_pool, int flags); + +/* Enforce use of a given IO engine. + * The engine parameter is a zero-terminated string that will be + * strup()'ed by the library. No validity check is performed by this function, + * beware nsock_pool_new() will fatal() if an invalid/unavailable engine name was + * supplied before. + * Pass NULL to reset to default (use most efficient engine available). + * + * Function returns 0 on success and -1 on error. */ +int nsock_set_default_engine(char *engine); + +/* Get a comma-separated list of available engines. */ +const char *nsock_list_engines(void); + +/* And here is how you create an nsock_pool. This allocates, initializes, and + * returns an nsock_pool event aggregator. In the case of error, NULL will be + * returned. If you do not wish to immediately associate any userdata, pass in + * NULL. */ +nsock_pool nsock_pool_new(void *udata); + +/* If nsock_pool_new returned success, you must free the nsp when you are done with it + * to conserve memory (and in some cases, sockets). After this call, nsp may no + * longer be used. Any pending events are sent an NSE_STATUS_KILL callback and + * all outstanding iods are deleted. */ +void nsock_pool_delete(nsock_pool nsp); + +/* Logging subsystem: set custom logging function. + * A NULL logger will reset the default (stderr) logger. + * (See nsock_logger_t type definition). */ +void nsock_set_log_function(nsock_logger_t logger); + +nsock_loglevel_t nsock_get_loglevel(void); +void nsock_set_loglevel(nsock_loglevel_t loglevel); + +/* Parse a proxy chain description string and build a nsock_proxychain object + * accordingly. If the optional nsock_pool parameter is passed in, it gets + * associated to the chain object. The alternative is to pass nsp=NULL and call + * nsock_pool_set_proxychain() manually. Whatever is done, the chain object has + * to be deleted by the caller, using proxychain_delete(). */ +int nsock_proxychain_new(const char *proxystr, nsock_proxychain *chain, nsock_pool nspool); + +/* If nsock_proxychain_new() returned success, caller has to free the chain + * object using this function. */ +void nsock_proxychain_delete(nsock_proxychain chain); + +/* Assign a previously created proxychain object to a nsock pool. After this, + * new connections requests will be issued through the chain of proxies (if + * possible). */ +int nsock_pool_set_proxychain(nsock_pool nspool, nsock_proxychain chain); + +/* nsock_event handles a single event. Its ID is generally returned when the + * event is created, and the event itself is included in callbacks + * + * --------------------------------------------------------------------------- + * IF YOU ADD NEW NSE_TYPES YOU MUST INCREASE TYPE_CODE_NUM_BITS SO THAT IT IS + * ALWAYS log2(maximum_nse_type_value + 1) + * --------------------------------------------------------------------------- */ +#define TYPE_CODE_NUM_BITS 3 +enum nse_type { + NSE_TYPE_CONNECT = 0, + NSE_TYPE_CONNECT_SSL = 1, + NSE_TYPE_READ = 2, + NSE_TYPE_WRITE = 3, + NSE_TYPE_TIMER = 4, + NSE_TYPE_PCAP_READ = 5, + NSE_TYPE_MAX = 6, +}; /* At some point I was considering a NSE_TYPE_START and NSE_TYPE_CUSTOM */ + +/* Find the type of an event that spawned a callback */ +enum nse_type nse_type(nsock_event nse); + +/* Takes an nse_type (as returned by nse_type()) and returns a static string name + * that you can use for printing, etc. */ +const char *nse_type2str(enum nse_type type); + +/* Did the event succeed? What is the status? */ +enum nse_status { + NSE_STATUS_NONE = 0, /* User should never see this */ + NSE_STATUS_SUCCESS, /* Everything went A-OK! */ + NSE_STATUS_ERROR, /* Uh-oh! Problem, check the nse_errorcode() */ + NSE_STATUS_TIMEOUT, /* The async call surpassed the timeout you specified */ + NSE_STATUS_CANCELLED, /* Someone cancelled the event. (by calling nsock_event_cancel()). */ + NSE_STATUS_KILL, /* The event has been killed, this generally means the + nspool is being deleted -- you should free up any + resources you have allocated and exit. Don't you + dare make any more async nsock calls! */ + NSE_STATUS_EOF, /* We got EOF and NO DATA -- if we got data first, + SUCCESS is reported (see nse_eof()). */ + NSE_STATUS_PROXYERROR +}; + +enum nse_status nse_status(nsock_event nse); + +/* Takes an nse_status (as returned by nse_status() and returns a static string + * name that you can use for printing, etc. */ +const char *nse_status2str(enum nse_status status); + +/* This next function tells whether we received an EOF when we were reading. It + * is generally a better way to check for EOF than looking at the status because + * sometimes we read some data before getting the EOF, in which SUCCESS is + * returned (although another read attempt would return a status of EOF). + * nse_eof returns nonzero if we have reached EOF, zero if we have NOT reach + * EOF. */ +int nse_eof(nsock_event nse); + +/* This next function returns the errno style error code -- which is only valid + * if the status is NSE_STATUS_ERROR (this is a normal errno style error code). */ +int nse_errorcode(nsock_event nse); + +/* Every event has an ID which will be unique throughout the program's execution + * (for a given nsock_pool) unless you blow through 500,000,000 of them */ +nsock_event_id nse_id(nsock_event nse); + +/* If you did a read request, and the result was STATUS_SUCCESS, this function + * provides the buffer that was read in as well as the number of chars read. + * The buffer should not be modified or free'd . It is not guaranteed to be + * NUL-terminated and it may even contain nuls */ +char *nse_readbuf(nsock_event nse, int *nbytes); + +/* Obtains the nsock_iod (see below) associated with the event. Note that some + * events (such as timers) don't have an nsock_iod associated with them */ +nsock_iod nse_iod(nsock_event nse); + +/* nsock_iod is like a "file descriptor" for the nsock library. You use it to + * request events. And here is how you create an nsock_iod. nsock_iod_new + * returns NULL if the iod cannot be allocated. Pass NULL as udata if you + * don't want to immediately associate any user data with the IOD. */ +nsock_iod nsock_iod_new(nsock_pool nsockp, void *udata); + +/* This version allows you to associate an existing sd with the msi so that you + * can read/write it using the nsock infrastructure. For example, you may want + * to watch for data from STDIN_FILENO at the same time as you read/write + * various sockets. STDIN_FILENO is a special case, however. Any other sd is + * dup()ed, so you may close or otherwise manipulate your copy. The duped copy + * will be destroyed when the IOD is destroyed */ +nsock_iod nsock_iod_new2(nsock_pool nsockp, int sd, void *udata); + +/* If nsock_iod_new returned success, you must free the iod when you are done + * with it to conserve memory (and in some cases, sockets). After this call, + * nsockiod may no longer be used -- you need to create a new one with + * nsock_iod_new(). pending_response tells what to do with any events that are + * pending on this nsock_iod. This can be NSOCK_PENDING_NOTIFY (send a KILL + * notification to each event), NSOCK_PENDING_SILENT (do not send notification + * to the killed events), or NSOCK_PENDING_ERROR (print an error message and + * quit the program) */ +enum nsock_del_mode { + NSOCK_PENDING_NOTIFY, + NSOCK_PENDING_SILENT, + NSOCK_PENDING_ERROR, +}; + +void nsock_iod_delete(nsock_iod iod, enum nsock_del_mode pending_response); + +/* Sometimes it is useful to store a pointer to information inside + * the nsiod so you can retrieve it during a callback. */ +void nsock_iod_set_udata(nsock_iod iod, void *udata); + +/* And the function above wouldn't make much sense if we didn't have a way to + * retrieve that data ... */ +void *nsock_iod_get_udata(nsock_iod iod); + +/* I didn't want to do this. Its an ugly hack, but I suspect it will be + * necessary. I certainly can't reproduce in nsock EVERYTHING you might want + * to do with a socket. So I'm offering you this function to obtain the socket + * descriptor which is (usually) wrapped in a nsock_iod). You can do + * "reasonable" things with it, like setting socket receive buffers. But don't + * create havok by closing the descriptor! If the descriptor you get back is + * -1, the iod does not currently possess a valid descriptor */ +int nsock_iod_get_sd(nsock_iod iod); + +/* Returns the ID of an nsock_iod . This ID is always unique amongst ids for a + * given nspool (unless you blow through billions of them). */ +unsigned long nsock_iod_id(nsock_iod iod); + +/* Returns Packets received in bytes */ +unsigned long nsock_iod_get_read_count(nsock_iod iod); + +/* Returns Packets sent in bytes */ +unsigned long nsock_iod_get_write_count(nsock_iod iod); + +/* Returns 1 if an NSI is communicating via SSL, 0 otherwise */ +int nsock_iod_check_ssl(nsock_iod iod); + +/* Returns the remote peer port (or -1 if unavailable). Note the return value + * is a whole int so that -1 can be distinguished from 65535. Port is returned + * in host byte order. */ +int nsock_iod_get_peerport(nsock_iod iod); + +/* Sets the local address to bind to before connect() */ +int nsock_iod_set_localaddr(nsock_iod iod, struct sockaddr_storage *ss, size_t sslen); + +/* Sets IPv4 options to apply before connect(). It makes a copy of the options, + * so you can free() yours if necessary. This copy is freed when the iod is + * destroyed */ +int nsock_iod_set_ipoptions(nsock_iod iod, void *ipopts, size_t ipoptslen); + +/* Returns that host/port/protocol information for the last communication (or + * comm. attempt) this nsi has been involved with. By "involved" with I mean + * interactions like establishing (or trying to) a connection or sending a UDP + * datagram through an unconnected nsock_iod. AF is the address family (AF_INET + * or AF_INET6), Protocol is IPPROTO_TCP or IPPROTO_UDP. Pass NULL for + * information you do not need. If ANY of the information you requested is not + * available, 0 will be returned and the unavailable sockets are zeroed. If + * protocol or af is requested but not available, it will be set to -1 (and 0 + * returned). The pointers you pass in must be NULL or point to allocated + * address space. The sockaddr members should actually be sockaddr_storage, + * sockaddr_in6, or sockaddr_in with the socklen of them set appropriately (eg + * sizeof(sockaddr_storage) if that is what you are passing). */ +int nsock_iod_get_communication_info(nsock_iod iod, int *protocol, int *af, + struct sockaddr *local, + struct sockaddr *remote, size_t socklen); + +/* Set the hostname of the remote host, for when that matters. This is currently + * only used for Server Name Indication in SSL connections. */ +int nsock_iod_set_hostname(nsock_iod iod, const char *hostname); + +/* EVENT CREATION FUNCTIONS + * --- + * These functions request asynchronous + * notification of completion of an event. The handler will never be + * synchronously called back during the event creation call (that causes too + * many hard to debug errors and plus we don't want people to have to deal with + * callbacks until they actually call nsock_loop). */ + +/* These functions generally take a common 5 initial parameters: + * + * nsock_pool mst: + * The is the nsock_pool describing the events you have scheduled, etc + * + * nsock_iod nsiod: + * The I/O Descriptor that should be used in the request. Note that timer + * events don't have this argument since they don't use an iod. You can + * obtain it in the callback from the nsock_event. + * + * nsock_ev_handler handler: + * This is the function you want the system to call when your event is + * triggered (or times out, or hits an error, etc.). The function should be + * of this form: void funcname(nsock_pool nsp, nsock_event nse, void *userdata) + * + * int timeout_msecs: + * The timeout for the request in milliseconds. If the request hasn't + * completed (or in a few cases started) within the timeout specified, the + * handler will be called with a TIMEOUT status and the request will be + * aborted. + * + * void *userdata: + * The nsock_event that comes back can optionally have a pointer associated + * with it. You can set that pointer here. If you don't want one, just + * pass NULL. + * + * These functions return an nsock_event_id which can be used to cancel the + * event if necessary. + */ +typedef void (*nsock_ev_handler)(nsock_pool, nsock_event, void *); + +/* Initialize an unconnected UDP socket. */ +int nsock_setup_udp(nsock_pool nsp, nsock_iod ms_iod, int af); + +#if HAVE_SYS_UN_H + +/* Request a UNIX domain sockets connection to the same system (by path to socket). + * This function connects to the socket of type SOCK_STREAM. ss should be a + * sockaddr_storage, sockaddr_un as appropriate (just like what you would pass to + * connect). sslen should be the sizeof the structure you are passing in. */ +nsock_event_id nsock_connect_unixsock_stream(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, + int timeout_msecs, void *userdata, struct sockaddr *ss, + size_t sslen); + +/* Request a UNIX domain sockets connection to the same system (by path to socket). + * This function connects to the socket of type SOCK_DGRAM. ss should be a + * sockaddr_storage, sockaddr_un as appropriate (just like what you would pass to + * connect). sslen should be the sizeof the structure you are passing in. */ +nsock_event_id nsock_connect_unixsock_datagram(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, + void *userdata, struct sockaddr *ss, size_t sslen); +#endif /* HAVE_SYS_UN_H */ + +/* Request a TCP connection to another system (by IP address). The in_addr is + * normal network byte order, but the port number should be given in HOST BYTE + * ORDER. ss should be a sockaddr_storage, sockaddr_in6, or sockaddr_in as + * appropriate (just like what you would pass to connect). sslen should be the + * sizeof the structure you are passing in. */ +nsock_event_id nsock_connect_tcp(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, int timeout_msecs, + void *userdata, struct sockaddr *ss, size_t sslen, unsigned short port); + +nsock_event_id nsock_connect_tcp_direct(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, + int timeout_msecs, void *userdata, struct sockaddr *ss, + size_t sslen, unsigned short port); + + +/* For now this is a copy of nsock_connect_tcp, except that it takes targetname as + * a char * argument and passes a dummy sockaddr to nsock_connect_internal */ +nsock_event_id nsock_connect_tcp_socks4a(nsock_pool nsp, nsock_iod nsiod, + nsock_ev_handler handler, int timeout_msecs, + void *userdata, const char *targetname, + unsigned short port); + + +/* Request an SCTP association to another system (by IP address). The in_addr is + * normal network byte order, but the port number should be given in HOST BYTE + * ORDER. ss should be a sockaddr_storage, sockaddr_in6, or sockaddr_in as + * appropriate (just like what you would pass to connect). sslen should be the + * sizeof the structure you are passing in. */ +nsock_event_id nsock_connect_sctp(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, int timeout_msecs, + void *userdata, struct sockaddr *ss, size_t sslen, unsigned short port); + +/* Request a UDP "connection" to another system (by IP address). The in_addr is + * normal network byte order, but the port number should be given in HOST BYTE + * ORDER. Since this is UDP, no packets are actually sent. The destination IP + * and port are just associated with the nsiod (an actual OS connect() call is + * made). You can then use the normal nsock write calls on the socket. There + * is no timeout since this call always calls your callback at the next + * opportunity. The advantages to having a connected UDP socket (as opposed to + * just specifying an address with sendto()) are that we can now use a consistent + * set of write/read calls for TCP/UDP, received packets from the non-partner + * are automatically dropped by the OS, and the OS can provide asynchronous + * errors (see Unix Network Programming pp224). ss should be a + * sockaddr_storage, sockaddr_in6, or sockaddr_in as appropriate (just like what + * you would pass to connect). sslen should be the sizeof the structure you are + * passing in. */ +nsock_event_id nsock_connect_udp(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, void *userdata, + struct sockaddr *ss, size_t sslen, unsigned short port); + +/* Request an SSL over TCP/SCTP connection to another system (by IP address). + * The in_addr is normal network byte order, but the port number should be given + * in HOST BYTE ORDER. This function will call back only after it has made the + * connection AND done the initial SSL negotiation. From that point on, you use + * the normal read/write calls and decryption will happen transparently. ss + * should be a sockaddr_storage, sockaddr_in6, or sockaddr_in as appropriate + * (just like what you would pass to connect). sslen should be the sizeof the + * structure you are passing in. */ +nsock_event_id nsock_connect_ssl(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, int timeout_msecs, + void *userdata, struct sockaddr *ss, size_t sslen, int proto, unsigned short port, nsock_ssl_session ssl_session); + +/* Request ssl connection over already established TCP/SCTP connection. nsiod + * must be socket that is already connected to target using nsock_connect_tcp or + * nsock_connect_sctp. All parameters have the same meaning as in + * 'nsock_connect_ssl' */ +nsock_event_id nsock_reconnect_ssl(nsock_pool nsp, nsock_iod nsiod, + nsock_ev_handler handler, int timeout_msecs, void *userdata, nsock_ssl_session ssl_session); + +/* Read up to nlines lines (terminated with \n, which of course inclues \r\n), + * or until EOF, or until the timeout, whichever comes first. Note that + * NSE_STATUS_SUCCESS will be returned in the case of EOF or timeout if at least + * 1 char has been read. Also note that you may get more than 'nlines' back -- + * we just stop once "at least" 'nlines' is read */ +nsock_event_id nsock_readlines(nsock_pool nsp, nsock_iod nsiod, + nsock_ev_handler handler, int timeout_msecs, void *userdata, int nlines); + +/* Same as above, except it tries to read at least 'nbytes' instead of 'nlines'. */ +nsock_event_id nsock_readbytes(nsock_pool nsp, nsock_iod nsiod, + nsock_ev_handler handler, int timeout_msecs, void *userdata, int nbytes); + +/* The simplest read function -- returns NSE_STATUS_SUCCESS when it reads + * anything, otherwise it returns timeout, eof, or error as appropriate */ +nsock_event_id nsock_read(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, int timeout_msecs, void *userdata); + +/* Write some data to the socket. If the write is not COMPLETED within + * timeout_msecs , NSE_STATUS_TIMEOUT will be returned. If you are supplying + * NUL-terminated data, you can optionally pass -1 for datalen and nsock_write + * will figure out the length itself */ +nsock_event_id nsock_write(nsock_pool nsp, nsock_iod nsiod, + nsock_ev_handler handler, int timeout_msecs, void *userdata, const char *data, int datalen); + +nsock_event_id nsock_sendto(nsock_pool ms_pool, nsock_iod ms_iod, nsock_ev_handler handler, int timeout_msecs, + void *userdata, struct sockaddr *saddr, size_t sslen, unsigned short port, const char *data, int datalen); + +/* Same as nsock_write except you can use a printf-style format and you can only + * use this for ASCII strings */ +nsock_event_id nsock_printf(nsock_pool nsp, nsock_iod nsiod, + nsock_ev_handler handler, int timeout_msecs, void *userdata, char *format, ... ); + +/* Send back an NSE_TYPE_TIMER after the number of milliseconds specified. Of + * course it can also return due to error, cancellation, etc. */ +nsock_event_id nsock_timer_create(nsock_pool nsp, nsock_ev_handler handler, int timeout_msecs, void *userdata); + +/* Cancel an event (such as a timer or read request). If notify is nonzero, the + * requester will be sent an event CANCELLED status back to the given handler. + * But in some cases there is no need to do this (like if the function deleting + * it is the one which created it), in which case 0 can be passed to skip the + * step. This function returns zero if the event is not found, nonzero + * otherwise */ +int nsock_event_cancel(nsock_pool ms_pool, nsock_event_id id, int notify ); + +/* Grab the latest time as recorded by the nsock library, which does so at least + * once per event loop (in main_loop). Not only does this function (generally) + * avoid a system call, but in many circumstances it is better to use nsock's + * time rather than the system time. If nsock has never obtained the time when + * you call it, it will do so before returning */ +const struct timeval *nsock_gettimeofday(); + + +#ifdef HAVE_PCAP +/* Open pcap device and connect it to nsp. Other parameters have the + * same meaning as for pcap_open_live in pcap(3). + * + * device: pcap-style device name + * snaplen: size of packet to be copied to handler + * promisc: whether to open device in promiscuous mode + * bpf_fmt: berkeley filter + * + * return value: 0 if everything was okay, or error code if error occurred. + * */ +int nsock_pcap_open(nsock_pool nsp, nsock_iod nsiod, const char *pcap_device, + int snaplen, int promisc, const char *bpf_fmt, ...); + +/* Requests exactly one packet to be captured.from pcap. + * See nsock_read() for parameters description. */ +nsock_event_id nsock_pcap_read_packet(nsock_pool nsp, nsock_iod nsiod, + nsock_ev_handler handler, + int timeout_msecs, void *userdata); + +/* Gets packet data. This should be called after successful receipt of packet + * to get packet. If you're not interested in some values, just pass NULL + * instead of valid pointer. + * l3_data is just after l2_data in buffer. Feel free to treat l2_data as one + * buffer with size of (l2_len + l3_len). + * Ts time is fixed for systems that don't support proper timing, like Windows. + * So TS is pointing to time when packet was received or to the time _after_. + * As a result you'll get longer times than you should, but it's safer to + * think that host is a bit further. + * */ +void nse_readpcap(nsock_event nsee, const unsigned char **l2_data, + size_t *l2_len, const unsigned char **l3_data, size_t *l3_len, + size_t *packet_len, struct timeval *ts); + +/* Well. Just pcap-style datalink. + * Like DLT_EN10MB or DLT_SLIP. Check in pcap(3) manpage. */ +int nsock_iod_linktype(nsock_iod iod); + +/* Is this nsiod a pcap descriptor? */ +int nsock_iod_is_pcap(nsock_iod iod); + +#endif /* HAVE_PCAP */ + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + +#endif /* NSOCK_H */ + diff --git a/include/DomainExec/nsock/include/nsock_config.h.in b/include/DomainExec/nsock/include/nsock_config.h.in new file mode 100644 index 00000000..b9521a0d --- /dev/null +++ b/include/DomainExec/nsock/include/nsock_config.h.in @@ -0,0 +1,136 @@ +/* ../include/nsock_config.h.in. Generated from configure.ac by autoheader. */ + +/* BSD/OS */ +#undef BSDI + +/* DEC Alpha */ +#undef DEC + +/* FreeBSD */ +#undef FREEBSD + +/* SSL ALPN protos support */ +#undef HAVE_ALPN_SUPPORT + +/* DTLS_client_method available */ +#undef HAVE_DTLS_CLIENT_METHOD + +/* epoll is available */ +#undef HAVE_EPOLL + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have the `kevent' function. */ +#undef HAVE_KEVENT + +/* Define to 1 if you have the `kqueue' function. */ +#undef HAVE_KQUEUE + +/* Define to 1 if you have the `nsl' library (-lnsl). */ +#undef HAVE_LIBNSL + +/* Define to 1 if you have the `posix4' library (-lposix4). */ +#undef HAVE_LIBPOSIX4 + +/* Define to 1 if you have the `socket' library (-lsocket). */ +#undef HAVE_LIBSOCKET + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETDB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NET_BPF_H + +/* openssl is available */ +#undef HAVE_OPENSSL + +/* libpcap is available */ +#undef HAVE_PCAP + +/* poll is available */ +#undef HAVE_POLL + +/* SSL_set_tlsext_host_name available */ +#undef HAVE_SSL_SET_TLSEXT_HOST_NAME + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_IOCTL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_UN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* HP-UX */ +#undef HPUX + +/* IRIX */ +#undef IRIX + +/* Linux */ +#undef LINUX + +/* Apple OS X */ +#undef MACOSX + +/* NetBSD */ +#undef NETBSD + +/* OpenBSD */ +#undef OPENBSD + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Possibly using libpcap prior to 1.1.0. */ +#undef PCAP_NETMASK_UNKNOWN + +/* Sun/Oracle Solaris */ +#undef SOLARIS + +/* BPF packet capture on Solaris */ +#undef SOLARIS_BPF_PCAP_CAPTURE + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* SunOS 4 */ +#undef SUNOS diff --git a/include/DomainExec/nsock/include/nsock_winconfig.h b/include/DomainExec/nsock/include/nsock_winconfig.h new file mode 100644 index 00000000..b9a0859c --- /dev/null +++ b/include/DomainExec/nsock/include/nsock_winconfig.h @@ -0,0 +1,74 @@ + +/*************************************************************************** + * nsock_winconfig.h -- Since the Windows port is currently eschewing * + * autoconf-style configure scripts, nsock_winconfig.h contains the * + * platform-specific definitions for Windows and is used as a replacement * + * for config.h * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +#ifndef NSOCK_WINCONFIG_H +#define NSOCK_WINCONFIG_H + +#ifndef DISABLE_NSOCK_PCAP +#define HAVE_PCAP 1 +#endif + +/* Need this for _WIN32_WINNT below */ +#include + /* WSAPoll() isn't available before Vista */ +#if defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0600) +#define HAVE_POLL 1 +#define HAVE_IOCP 1 +#endif + +#endif /* NSOCK_WINCONFIG_H */ diff --git a/include/DomainExec/nsock/nsock.vcxproj b/include/DomainExec/nsock/nsock.vcxproj new file mode 100644 index 00000000..94564603 --- /dev/null +++ b/include/DomainExec/nsock/nsock.vcxproj @@ -0,0 +1,237 @@ + + + + + DebugNoPcap + Win32 + + + Debug + Win32 + + + ReleaseNoPcap + Win32 + + + Release + Win32 + + + Static + Win32 + + + + {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4} + nsock + Win32Proj + 10.0 + + + + StaticLibrary + MultiByte + v142 + + + StaticLibrary + MultiByte + v142 + + + StaticLibrary + MultiByte + v142 + + + StaticLibrary + MultiByte + v142 + + + StaticLibrary + MultiByte + v142 + + + + + + + + + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.30319.1 + .\ + Debug\ + .\ + .\ + Release\ + Release\ + $(Configuration)\ + $(Configuration)\ + $(Configuration)\ + $(Configuration)\ + + + + Disabled + ..\nbase\;include;..\mswin32\pcap-include;..\mswin32;..\;..\mswin32\OpenSSL\include;%(AdditionalIncludeDirectories) + WIN32;_LIB;%(PreprocessorDefinitions) + true + + + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + EditAndContinue + CompileAsCpp + + + $(OutDir)nsock.lib + + + + + /D "_CRT_SECURE_NO_DEPRECATE" %(AdditionalOptions) + ..\nbase\;include;..\mswin32\pcap-include;..\mswin32;..\;..\mswin32\OpenSSL\include;%(AdditionalIncludeDirectories) + WIN32;_LIB;%(PreprocessorDefinitions) + + + + + Level3 + ProgramDatabase + CompileAsCpp + + + $(OutDir)nsock.lib + + + + + /D "_CRT_SECURE_NO_DEPRECATE" %(AdditionalOptions) + ..\nbase\;include;..\mswin32\pcap-include;..\mswin32;..\;..\mswin32\OpenSSL\include;%(AdditionalIncludeDirectories) + WIN32;_LIB;%(PreprocessorDefinitions);DISABLE_NSOCK_PCAP + + + MultiThreaded + + + Level3 + ProgramDatabase + CompileAsCpp + + + $(OutDir)nsock.lib + + + + + /D "DISABLE_NSOCK_PCAP" %(AdditionalOptions) + Disabled + ..\nbase\;include;..\mswin32\pcap-include;..\mswin32;..\;..\mswin32\OpenSSL\include;%(AdditionalIncludeDirectories) + WIN32;_LIB;%(PreprocessorDefinitions) + true + + + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + EditAndContinue + CompileAsCpp + + + $(OutDir)nsock.lib + + + + + /D "_CRT_SECURE_NO_DEPRECATE" +/D "DISABLE_NSOCK_PCAP" %(AdditionalOptions) + ..\nbase\;include;..\mswin32\pcap-include;..\mswin32;..\;..\mswin32\OpenSSL\include;%(AdditionalIncludeDirectories) + WIN32;_LIB;%(PreprocessorDefinitions) + + + + + Level3 + ProgramDatabase + CompileAsCpp + + + $(OutDir)nsock.lib + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + {b630c8f7-3138-43e8-89ed-78742fa2ac5f} + false + + + + + + \ No newline at end of file diff --git a/include/DomainExec/nsock/src/Makefile.in b/include/DomainExec/nsock/src/Makefile.in new file mode 100644 index 00000000..badfef5f --- /dev/null +++ b/include/DomainExec/nsock/src/Makefile.in @@ -0,0 +1,98 @@ +NSOCK_VERSION = 0.02 +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +sbindir = @sbindir@ +mandir = @mandir@ +srcdir = @srcdir@ +datarootdir = @datarootdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +CCOPT = +DEFS = @DEFS@ -DNSOCK_VERSION=\"$(NSOCK_VERSION)\" +# With GCC, add extra security checks to source code. +DEFS += -D_FORTIFY_SOURCE=2 +INCLS = -I../include +CFLAGS = @CFLAGS@ $(CCOPT) +# CFLAGS = -g -Wall $(DEFS) $(INCLS) +CPPFLAGS = @CPPFLAGS@ $(DEFS) $(INCLS) +STATIC = +LDFLAGS = @LDFLAGS@ $(STATIC) +SHTOOL = ./shtool +INSTALL = $(SHTOOL) install +MAKEDEPEND = @MAKEDEPEND@ +RPMTDIR=$(HOME)/rpmdir +NBASEDIR=@NBASEDIR@ +NSOCKTESTDIR=@NSOCKTESTDIR@ + +TARGET = libnsock.a + +SRCS = error.c filespace.c gh_heap.c nsock_connect.c nsock_core.c \ + nsock_iod.c nsock_read.c nsock_timers.c nsock_write.c \ + nsock_ssl.c nsock_event.c nsock_pool.c netutils.c nsock_pcap.c \ + nsock_engines.c engine_select.c engine_epoll.c engine_kqueue.c \ + engine_poll.c nsock_proxy.c nsock_log.c proxy_http.c proxy_socks4.c + +OBJS = error.o filespace.o gh_heap.o nsock_connect.o nsock_core.o \ + nsock_iod.o nsock_read.o nsock_timers.o nsock_write.o \ + nsock_ssl.o nsock_event.o nsock_pool.o netutils.o nsock_pcap.o \ + nsock_engines.o engine_select.o engine_epoll.o engine_kqueue.o \ + engine_poll.o nsock_proxy.o nsock_log.o proxy_http.o proxy_socks4.o + +DEPS = error.h filespace.h gh_list.h nsock_internal.h netutils.h nsock_pcap.h \ + nsock_log.h nsock_proxy.h gh_heap.h ../include/nsock.h \ + $(NBASEDIR)/libnbase.a + +.c.o: + $(CC) -c $(CPPFLAGS) $(CFLAGS) $< -o $@ + +all: $(TARGET) + +$(TARGET): $(DEPS) $(OBJS) + rm -f $@ + $(AR) cr $@ $(OBJS) + $(RANLIB) $@ + +$(NBASEDIR)/libnbase.a: $(NBASEDIR)/Makefile + cd $(NBASEDIR) && $(MAKE) + +clean-test: + cd $(NSOCKTESTDIR) && $(MAKE) clean + +clean: clean-test + rm -f $(OBJS) $(TARGET) + +distclean: clean + rm -f Makefile makefile.dep config.log config.status ../include/nsock_config.h $(NSOCKTESTDIR)/Makefile + +depend: + $(MAKEDEPEND) $(INCLS) -s "# DO NOT DELETE" -- $(DEFS) -- $(SRCS) + +check: + cd $(NSOCKTESTDIR) && $(MAKE) && ./run_tests.sh + +${srcdir}/configure: configure.ac + cd ${srcdir} && autoconf + +# autoheader might not change config.h.in, so touch a stamp file. +${srcdir}/config.h.in: stamp-h.in +${srcdir}/stamp-h.in: configure.ac acconfig.h \ + config.h.top config.h.bot + cd ${srcdir} && autoheader + echo timestamp > ${srcdir}/stamp-h.in + +config.h: stamp-h +stamp-h: config.h.in config.status + ./config.status + +Makefile: Makefile.in config.status + ./config.status + +config.status: configure + ./config.status --recheck + +makefile.dep: + $(CC) -MM $(CPPFLAGS) $(SRCS) > $@ +-include makefile.dep diff --git a/include/DomainExec/nsock/src/acinclude.m4 b/include/DomainExec/nsock/src/acinclude.m4 new file mode 100644 index 00000000..696cd341 --- /dev/null +++ b/include/DomainExec/nsock/src/acinclude.m4 @@ -0,0 +1,141 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_have_epoll.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_HAVE_EPOLL([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# AX_HAVE_EPOLL_PWAIT([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# +# DESCRIPTION +# +# This macro determines whether the system supports the epoll I/O event +# interface. A neat usage example would be: +# +# AX_HAVE_EPOLL( +# [AX_CONFIG_FEATURE_ENABLE(epoll)], +# [AX_CONFIG_FEATURE_DISABLE(epoll)]) +# AX_CONFIG_FEATURE( +# [epoll], [This platform supports epoll(7)], +# [HAVE_EPOLL], [This platform supports epoll(7).]) +# +# The epoll interface was added to the Linux kernel in version 2.5.45, and +# the macro verifies that a kernel newer than this is installed. This +# check is somewhat unreliable if doesn't match the +# running kernel, but it is necessary regardless, because glibc comes with +# stubs for the epoll_create(), epoll_wait(), etc. that allow programs to +# compile and link even if the kernel is too old; the problem would then +# be detected only at runtime. +# +# Linux kernel version 2.6.19 adds the epoll_pwait() call in addition to +# epoll_wait(). The availability of that function can be tested with the +# second macro. Generally speaking, it is safe to assume that +# AX_HAVE_EPOLL would succeed if AX_HAVE_EPOLL_PWAIT has, but not the +# other way round. +# +# LICENSE +# +# Copyright (c) 2008 Peter Simons +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 10 + +AC_DEFUN([AX_HAVE_EPOLL], [dnl + ax_have_epoll_cppflags="${CPPFLAGS}" + AC_CHECK_HEADER([linux/version.h], [CPPFLAGS="${CPPFLAGS} -DHAVE_LINUX_VERSION_H"]) + AC_MSG_CHECKING([for Linux epoll(7) interface]) + AC_CACHE_VAL([ax_cv_have_epoll], [dnl + AC_LINK_IFELSE([dnl + AC_LANG_PROGRAM([dnl +#include +#ifdef HAVE_LINUX_VERSION_H +# include +# if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,45) +# error linux kernel version is too old to have epoll +# endif +#endif +], [dnl +int fd, rc; +struct epoll_event ev; +fd = epoll_create(128); +rc = epoll_wait(fd, &ev, 1, 0);])], + [ax_cv_have_epoll=yes], + [ax_cv_have_epoll=no])]) + CPPFLAGS="${ax_have_epoll_cppflags}" + AS_IF([test "${ax_cv_have_epoll}" = "yes"], + [AC_MSG_RESULT([yes]) +$1],[AC_MSG_RESULT([no]) +$2]) +])dnl + +AC_DEFUN([AX_HAVE_EPOLL_PWAIT], [dnl + ax_have_epoll_cppflags="${CPPFLAGS}" + AC_CHECK_HEADER([linux/version.h], + [CPPFLAGS="${CPPFLAGS} -DHAVE_LINUX_VERSION_H"]) + AC_MSG_CHECKING([for Linux epoll(7) interface with signals extension]) + AC_CACHE_VAL([ax_cv_have_epoll_pwait], [dnl + AC_LINK_IFELSE([dnl + AC_LANG_PROGRAM([dnl +#ifdef HAVE_LINUX_VERSION_H +# include +# if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +# error linux kernel version is too old to have epoll_pwait +# endif +#endif +#include +#include +], [dnl +int fd, rc; +struct epoll_event ev; +fd = epoll_create(128); +rc = epoll_wait(fd, &ev, 1, 0); +rc = epoll_pwait(fd, &ev, 1, 0, (sigset_t const *)(0));])], + [ax_cv_have_epoll_pwait=yes], + [ax_cv_have_epoll_pwait=no])]) + CPPFLAGS="${ax_have_epoll_cppflags}" + AS_IF([test "${ax_cv_have_epoll_pwait}" = "yes"], + [AC_MSG_RESULT([yes]) +$1],[AC_MSG_RESULT([no]) +$2]) +])dnl + +AC_DEFUN([AX_HAVE_POLL], [dnl + AC_MSG_CHECKING([for poll(2)]) + AC_CACHE_VAL([ax_cv_have_poll], [dnl + AC_LINK_IFELSE([dnl + AC_LANG_PROGRAM( + [#include ], + [int rc; rc = poll((struct pollfd *)(0), 0, 0);])], + [ax_cv_have_poll=yes], + [ax_cv_have_poll=no])]) + AS_IF([test "${ax_cv_have_poll}" = "yes"], + [AC_MSG_RESULT([yes]) +$1],[AC_MSG_RESULT([no]) +$2]) +])dnl + +dnl Checks if PCAP_NETMASK_UNKNOWN is defined (has been since libpcap 1.1.1) +dnl Sets it to 0 (no checking) if it's not defined. +AC_DEFUN([PCAP_DEFINE_NETMASK_UNKNOWN], +[ + AC_MSG_CHECKING(if PCAP_NETMASK_UNKNOWN is defined/handled by libpcap) + AC_CACHE_VAL(ac_cv_have_pcap_netmask_unknown, + AC_TRY_COMPILE( + [ + #include + ], + [ + int i = PCAP_NETMASK_UNKNOWN; + ], + ac_cv_have_pcap_netmask_unknown=yes, + ac_cv_have_pcap_netmask_unknown=no)) + if test $ac_cv_have_pcap_netmask_unknown = no; then + AC_DEFINE(PCAP_NETMASK_UNKNOWN, 0, [Possibly using libpcap prior to 1.1.0.]) + fi + AC_MSG_RESULT($ac_cv_have_pcap_netmask_unknown) +]) + diff --git a/include/DomainExec/nsock/src/aclocal.m4 b/include/DomainExec/nsock/src/aclocal.m4 new file mode 100644 index 00000000..18ba297b --- /dev/null +++ b/include/DomainExec/nsock/src/aclocal.m4 @@ -0,0 +1,15 @@ +# generated automatically by aclocal 1.15.1 -*- Autoconf -*- + +# Copyright (C) 1996-2017 Free Software Foundation, Inc. + +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) +m4_include([acinclude.m4]) diff --git a/include/DomainExec/nsock/src/configure b/include/DomainExec/nsock/src/configure new file mode 100644 index 00000000..e0f69b04 --- /dev/null +++ b/include/DomainExec/nsock/src/configure @@ -0,0 +1,6290 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.69. +# +# +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, +$0: including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME= +PACKAGE_TARNAME= +PACKAGE_VERSION= +PACKAGE_STRING= +PACKAGE_BUGREPORT= +PACKAGE_URL= + +ac_unique_file="nsock_core.c" +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +ac_subst_vars='LTLIBOBJS +LIBOBJS +NSOCKTESTDIR +NBASEDIR +LIBNBASE_LIBS +OPENSSL_LIBS +RANLIB +LIBPCAP_LIBS +EGREP +GREP +CPP +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +with_localdirs +with_libpcap +with_openssl +with_libnbase +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures this package to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + + cat <<\_ACEOF + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-localdirs Explicitly ask compiler to use /usr/local/{include,libs} if they exist + --with-libpcap=DIR Look for pcap headers in DIR/include. + --with-libpcap=included Always use version included with Nmap + --without-libpcap Disable pcap functions. + --with-openssl=DIR Use optional openssl libs and includes from + [DIR]/lib/ and [DIR]/include/openssl/) + --with-libnbase=DIR Look for nbase include/libs in DIR + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to the package provider. +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +configure +generated by GNU Autoconf 2.69 + +Copyright (C) 2012 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_mongrel + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_func +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by $as_me, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + +if test "${top_nmap_srcdir+set}" != set; then + top_nmap_srcdir=../.. + export top_nmap_srcdir +fi + +ac_config_files="$ac_config_files Makefile ../tests/Makefile" + + +ac_config_headers="$ac_config_headers ../include/nsock_config.h" + + +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if ${ac_cv_build+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if ${ac_cv_host+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + + + + + +case "$host" in + *alpha-dec-osf*) + +$as_echo "#define DEC 1" >>confdefs.h + + ;; + *-netbsd* | *-knetbsd*-gnu) + +$as_echo "#define NETBSD 1" >>confdefs.h + + ;; + *-openbsd*) + +$as_echo "#define OPENBSD 1" >>confdefs.h + + ;; + *-sgi-irix5*) + $as_echo "#define IRIX 1" >>confdefs.h + + ;; + *-sgi-irix6*) + $as_echo "#define IRIX 1" >>confdefs.h + + ;; + *-hpux*) + +$as_echo "#define HPUX 1" >>confdefs.h + + ;; + *-solaris2.1[1-9]*) + $as_echo "#define SOLARIS 1" >>confdefs.h + + # Solaris 11 and later use BPF packet capture rather than DLPI. + +$as_echo "#define SOLARIS_BPF_PCAP_CAPTURE 1" >>confdefs.h + + ;; + *-solaris2.0*) + $as_echo "#define SOLARIS 1" >>confdefs.h + + ;; + *-solaris2.[1-9][0-9]*) + $as_echo "#define SOLARIS 1" >>confdefs.h + + ;; + *-solaris2.1*) + $as_echo "#define SOLARIS 1" >>confdefs.h + + ;; + *-solaris2.2*) + $as_echo "#define SOLARIS 1" >>confdefs.h + + ;; + *-solaris2.3*) + $as_echo "#define SOLARIS 1" >>confdefs.h + + ;; + *-solaris2.4*) + $as_echo "#define SOLARIS 1" >>confdefs.h + + ;; + *-solaris2.5.1) + $as_echo "#define SOLARIS 1" >>confdefs.h + + ;; + *-solaris*) + $as_echo "#define SOLARIS 1" >>confdefs.h + + ;; + *-sunos4*) + +$as_echo "#define SUNOS 1" >>confdefs.h + + ;; + *-linux*) + +$as_echo "#define LINUX 1" >>confdefs.h + + ;; + *-freebsd* | *-kfreebsd*-gnu | *-dragonfly*) + +$as_echo "#define FREEBSD 1" >>confdefs.h + + ;; + *-bsdi*) + +$as_echo "#define BSDI 1" >>confdefs.h + + ;; + *-apple-darwin*) + +$as_echo "#define MACOSX 1" >>confdefs.h + + ;; +esac + + + +# Check whether --with-localdirs was given. +if test "${with_localdirs+set}" = set; then : + withval=$with_localdirs; case "$with_localdirs" in + yes) + user_localdirs=1 + ;; + no) + user_localdirs=0 + ;; + esac + +else + user_localdirs=0 +fi + + +if test "$user_localdirs" = 1; then + if test -d /usr/local/lib; then + LDFLAGS="$LDFLAGS -L/usr/local/lib" + fi + if test -d /usr/local/include; then + CPPFLAGS="$CPPFLAGS -I/usr/local/include" + fi +fi + +have_libpcap=no + +# By default, search for pcap library +test "${with_libpcap+set}" != "set" && with_libpcap=yes + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if ${ac_cv_objext+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + +# Check whether --with-libpcap was given. +if test "${with_libpcap+set}" = set; then : + withval=$with_libpcap; case "$with_libpcap" in + yes) + ac_fn_c_check_header_mongrel "$LINENO" "pcap.h" "ac_cv_header_pcap_h" "$ac_includes_default" +if test "x$ac_cv_header_pcap_h" = xyes; then : + + have_libpcap=yes + LIBPCAP_LIBS=-lpcap +fi + + + ;; + included) + have_libpcap=no + ;; + no) + ;; + *) + _cppflags=$CPPFLAGS + _ldflags=$LDFLAGS + + CPPFLAGS="-I$with_libpcap/include $CPPFLAGS" + LDFLAGS="-L$with_libpcap/lib $LDFLAGS" + + ac_fn_c_check_header_mongrel "$LINENO" "pcap.h" "ac_cv_header_pcap_h" "$ac_includes_default" +if test "x$ac_cv_header_pcap_h" = xyes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap_datalink in -lpcap" >&5 +$as_echo_n "checking for pcap_datalink in -lpcap... " >&6; } +if ${ac_cv_lib_pcap_pcap_datalink+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpcap $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pcap_datalink (); +int +main () +{ +return pcap_datalink (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_pcap_pcap_datalink=yes +else + ac_cv_lib_pcap_pcap_datalink=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pcap_pcap_datalink" >&5 +$as_echo "$ac_cv_lib_pcap_pcap_datalink" >&6; } +if test "x$ac_cv_lib_pcap_pcap_datalink" = xyes; then : + have_libpcap=yes + LIBPCAP_LIBS=-lpcap + LIBPCAP_INC=$with_libpcap/include + LIBPCAP_LIB=$with_libpcap/lib +fi + +fi + + + + LDFLAGS=$_ldflags + CPPFLAGS=$_cppflags + ;; + esac + +fi + + +if test "$with_libpcap" != "no" -a "$have_libpcap" = "no"; then + LIBPCAP_INC=${top_nmap_srcdir}/libpcap + LIBPCAP_LIB=${top_nmap_srcdir}/libpcap + LIBPCAP_LIBS=${LIBPCAP_LIB}/libpcap.a + have_libpcap=yes +fi +if test "$have_libpcap" != "no"; then + +$as_echo "#define HAVE_PCAP 1" >>confdefs.h + + if test "${LIBPCAP_INC+set}" = "set"; then + CPPFLAGS="-I$LIBPCAP_INC $CPPFLAGS" + LDFLAGS="-L$LIBPCAP_LIB $LDFLAGS" + fi +fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if PCAP_NETMASK_UNKNOWN is defined/handled by libpcap" >&5 +$as_echo_n "checking if PCAP_NETMASK_UNKNOWN is defined/handled by libpcap... " >&6; } + if ${ac_cv_have_pcap_netmask_unknown+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +int +main () +{ + + int i = PCAP_NETMASK_UNKNOWN; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_pcap_netmask_unknown=yes +else + ac_cv_have_pcap_netmask_unknown=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + if test $ac_cv_have_pcap_netmask_unknown = no; then + +$as_echo "#define PCAP_NETMASK_UNKNOWN 0" >>confdefs.h + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pcap_netmask_unknown" >&5 +$as_echo "$ac_cv_have_pcap_netmask_unknown" >&6; } + + + ax_have_epoll_cppflags="${CPPFLAGS}" + ac_fn_c_check_header_mongrel "$LINENO" "linux/version.h" "ac_cv_header_linux_version_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_version_h" = xyes; then : + CPPFLAGS="${CPPFLAGS} -DHAVE_LINUX_VERSION_H" +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Linux epoll(7) interface" >&5 +$as_echo_n "checking for Linux epoll(7) interface... " >&6; } + if ${ax_cv_have_epoll+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +#ifdef HAVE_LINUX_VERSION_H +# include +# if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,45) +# error linux kernel version is too old to have epoll +# endif +#endif + +int +main () +{ +int fd, rc; +struct epoll_event ev; +fd = epoll_create(128); +rc = epoll_wait(fd, &ev, 1, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ax_cv_have_epoll=yes +else + ax_cv_have_epoll=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi + + CPPFLAGS="${ax_have_epoll_cppflags}" + if test "${ax_cv_have_epoll}" = "yes"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_EPOLL 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for poll(2)" >&5 +$as_echo_n "checking for poll(2)... " >&6; } + if ${ax_cv_have_poll+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ +int rc; rc = poll((struct pollfd *)(0), 0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ax_cv_have_poll=yes +else + ax_cv_have_poll=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi + + if test "${ax_cv_have_poll}" = "yes"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_POLL 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi + +for ac_func in kqueue kevent +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + $as_echo "#define HAVE_KQUEUE 1" >>confdefs.h + +fi +done + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + if test -n "$GCC"; then + CFLAGS="$CFLAGS -Wall " + fi +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + + + +ac_fn_c_check_func "$LINENO" "gethostent" "ac_cv_func_gethostent" +if test "x$ac_cv_func_gethostent" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostent in -lnsl" >&5 +$as_echo_n "checking for gethostent in -lnsl... " >&6; } +if ${ac_cv_lib_nsl_gethostent+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnsl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gethostent (); +int +main () +{ +return gethostent (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_nsl_gethostent=yes +else + ac_cv_lib_nsl_gethostent=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostent" >&5 +$as_echo "$ac_cv_lib_nsl_gethostent" >&6; } +if test "x$ac_cv_lib_nsl_gethostent" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBNSL 1 +_ACEOF + + LIBS="-lnsl $LIBS" + +fi + +fi + +ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt" +if test "x$ac_cv_func_setsockopt" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5 +$as_echo_n "checking for setsockopt in -lsocket... " >&6; } +if ${ac_cv_lib_socket_setsockopt+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsocket $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char setsockopt (); +int +main () +{ +return setsockopt (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_socket_setsockopt=yes +else + ac_cv_lib_socket_setsockopt=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5 +$as_echo "$ac_cv_lib_socket_setsockopt" >&6; } +if test "x$ac_cv_lib_socket_setsockopt" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBSOCKET 1 +_ACEOF + + LIBS="-lsocket $LIBS" + +fi + +fi + + +ac_fn_c_check_func "$LINENO" "nanosleep" "ac_cv_func_nanosleep" +if test "x$ac_cv_func_nanosleep" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nanosleep in -lposix4" >&5 +$as_echo_n "checking for nanosleep in -lposix4... " >&6; } +if ${ac_cv_lib_posix4_nanosleep+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lposix4 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char nanosleep (); +int +main () +{ +return nanosleep (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_posix4_nanosleep=yes +else + ac_cv_lib_posix4_nanosleep=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_posix4_nanosleep" >&5 +$as_echo "$ac_cv_lib_posix4_nanosleep" >&6; } +if test "x$ac_cv_lib_posix4_nanosleep" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBPOSIX4 1 +_ACEOF + + LIBS="-lposix4 $LIBS" + +fi + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +for ac_header in net/bpf.h sys/ioctl.h sys/un.h netdb.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +# We test whether they specified openssl desires explicitly +use_openssl="yes" +specialssldir="" + +# Check whether --with-openssl was given. +if test "${with_openssl+set}" = set; then : + withval=$with_openssl; case "$with_openssl" in + yes) + ;; + no) + use_openssl="no" + ;; + *) + specialssldir="$with_openssl" + CPPFLAGS="$CPPFLAGS -I$with_openssl/include" + LDFLAGS="$LDFLAGS -L$with_openssl/lib" + ;; + esac + +fi + + +# If they didn't specify it, we try to find it +if test "$use_openssl" = "yes" -a -z "$specialssldir"; then + ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_ssl_h" = xyes; then : + +else + use_openssl="no" + if test "$with_openssl" = "yes"; then + as_fn_error $? "OpenSSL was explicitly requested but openssl/ssl.h was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl." "$LINENO" 5 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find openssl/ssl.h so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&5 +$as_echo "$as_me: WARNING: Failed to find openssl/ssl.h so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&2;} + +fi + + + +# use_openssl="yes" given explicitly in next 2 rules to avoid adding lib to $LIBS + if test "$use_openssl" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BIO_int_ctrl in -lcrypto" >&5 +$as_echo_n "checking for BIO_int_ctrl in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_BIO_int_ctrl+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char BIO_int_ctrl (); +int +main () +{ +return BIO_int_ctrl (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_crypto_BIO_int_ctrl=yes +else + ac_cv_lib_crypto_BIO_int_ctrl=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_BIO_int_ctrl" >&5 +$as_echo "$ac_cv_lib_crypto_BIO_int_ctrl" >&6; } +if test "x$ac_cv_lib_crypto_BIO_int_ctrl" = xyes; then : + use_openssl="yes" +else + use_openssl="no" + if test "$with_openssl" = "yes"; then + as_fn_error $? "OpenSSL was explicitly requested but libcrypto was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl." "$LINENO" 5 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&5 +$as_echo "$as_me: WARNING: Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&2;} + +fi + + fi + + if test "$use_openssl" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 +$as_echo_n "checking for SSL_new in -lssl... " >&6; } +if ${ac_cv_lib_ssl_SSL_new+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lssl -lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char SSL_new (); +int +main () +{ +return SSL_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_ssl_SSL_new=yes +else + ac_cv_lib_ssl_SSL_new=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_new" >&5 +$as_echo "$ac_cv_lib_ssl_SSL_new" >&6; } +if test "x$ac_cv_lib_ssl_SSL_new" = xyes; then : + use_openssl="yes" +else + use_openssl="no" + if test "$with_openssl" = "yes"; then + as_fn_error $? "OpenSSL was explicitly requested but libssl was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl." "$LINENO" 5 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&5 +$as_echo "$as_me: WARNING: Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&2;} +fi + + fi +fi + +# OpenSSL requires dlopen on some platforms +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 +$as_echo_n "checking for library containing dlopen... " >&6; } +if ${ac_cv_search_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +for ac_lib in '' dl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_dlopen=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_dlopen+:} false; then : + break +fi +done +if ${ac_cv_search_dlopen+:} false; then : + +else + ac_cv_search_dlopen=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 +$as_echo "$ac_cv_search_dlopen" >&6; } +ac_res=$ac_cv_search_dlopen +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + +OPENSSL_LIBS= +if test "$use_openssl" = "yes"; then + +$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h + + OPENSSL_LIBS="-lssl -lcrypto" + LIBS_TMP="$LIBS" + LIBS="$OPENSSL_LIBS $LIBS" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_set_tlsext_host_name" >&5 +$as_echo_n "checking for SSL_set_tlsext_host_name... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +SSL_set_tlsext_host_name(NULL, NULL) + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; +$as_echo "#define HAVE_SSL_SET_TLSEXT_HOST_NAME 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DTLS_client_method" >&5 +$as_echo_n "checking for DTLS_client_method... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +DTLS_client_method() + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; +$as_echo "#define HAVE_DTLS_CLIENT_METHOD 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_set_alpn_protos" >&5 +$as_echo_n "checking for SSL_set_alpn_protos... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +SSL_set_alpn_protos(NULL, NULL, 0) + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; +$as_echo "#define HAVE_ALPN_SUPPORT 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$LIBS_TMP" + +fi + + + + + +# Check whether --with-libnbase was given. +if test "${with_libnbase+set}" = set; then : + withval=$with_libnbase; case "$with_libnbase" in + yes) + ;; + *) + NBASEDIR="$with_libnbase" + ;; + esac +else + NBASEDIR="${top_nmap_srcdir}/nbase" + +fi + + +NSOCKTESTDIR="../tests" + +LDFLAGS="$LDFLAGS -L$NBASEDIR" +CPPFLAGS="$CPPFLAGS -I$NBASEDIR" +LIBNBASE_LIBS="$LIBS -lnbase" + + + + + + + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by $as_me, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" +config_headers="$ac_config_headers" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Report bugs to the package provider." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +config.status +configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "../tests/Makefile") CONFIG_FILES="$CONFIG_FILES ../tests/Makefile" ;; + "../include/nsock_config.h") CONFIG_HEADERS="$CONFIG_HEADERS ../include/nsock_config.h" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi + ;; + + + esac + +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + diff --git a/include/DomainExec/nsock/src/configure.ac b/include/DomainExec/nsock/src/configure.ac new file mode 100644 index 00000000..07290842 --- /dev/null +++ b/include/DomainExec/nsock/src/configure.ac @@ -0,0 +1,309 @@ +# Require autoconf 2.13 -*- mode: fundamental; -*- + +# Because nsock is usually distributed with Nmap, the necessary files +# config.guess, config.guess, and install-sh are not distributed with +# nbase. Rather they are gotten from Nmap. + +AC_PREREQ(2.13) + +dnl Process this file with autoconf to produce a configure script. +AC_INIT(nsock_core.c) + +dnl Find the Nmap source for nbase, etc. +if test "${top_nmap_srcdir+set}" != set; then + top_nmap_srcdir=../.. + export top_nmap_srcdir +fi + +dnl Generate these files +AC_CONFIG_FILES([Makefile ../tests/Makefile]) + +dnl use nsock_config.h instad of -D macros +AC_CONFIG_HEADER(../include/nsock_config.h) + +dnl Host specific hacks +AC_CANONICAL_HOST + +AH_TEMPLATE(SOLARIS, [Sun/Oracle Solaris]) +AH_TEMPLATE(IRIX, [IRIX]) + +case "$host" in + *alpha-dec-osf*) + AC_DEFINE(DEC, 1, [DEC Alpha]) + ;; + *-netbsd* | *-knetbsd*-gnu) + AC_DEFINE(NETBSD, 1, [NetBSD]) + ;; + *-openbsd*) + AC_DEFINE(OPENBSD, 1, [OpenBSD]) + ;; + *-sgi-irix5*) + AC_DEFINE(IRIX) + ;; + *-sgi-irix6*) + AC_DEFINE(IRIX) + ;; + *-hpux*) + AC_DEFINE(HPUX, 1, [HP-UX]) + ;; + *-solaris2.1[[1-9]]*) + AC_DEFINE(SOLARIS) + # Solaris 11 and later use BPF packet capture rather than DLPI. + AC_DEFINE(SOLARIS_BPF_PCAP_CAPTURE, 1, [BPF packet capture on Solaris]) + ;; + *-solaris2.0*) + AC_DEFINE(SOLARIS) + ;; + *-solaris2.[[1-9]][[0-9]]*) + AC_DEFINE(SOLARIS) + ;; + *-solaris2.1*) + AC_DEFINE(SOLARIS) + ;; + *-solaris2.2*) + AC_DEFINE(SOLARIS) + ;; + *-solaris2.3*) + AC_DEFINE(SOLARIS) + ;; + *-solaris2.4*) + AC_DEFINE(SOLARIS) + ;; + *-solaris2.5.1) + AC_DEFINE(SOLARIS) + ;; + *-solaris*) + AC_DEFINE(SOLARIS) + ;; + *-sunos4*) + AC_DEFINE(SUNOS, 1, [SunOS 4]) + ;; + *-linux*) + AC_DEFINE(LINUX, 1, [Linux]) + ;; + *-freebsd* | *-kfreebsd*-gnu | *-dragonfly*) + AC_DEFINE(FREEBSD, 1, [FreeBSD]) + ;; + *-bsdi*) + AC_DEFINE(BSDI, 1, [BSD/OS]) + ;; + *-apple-darwin*) + AC_DEFINE(MACOSX, 1, [Apple OS X]) + ;; +esac + + +AC_ARG_WITH(localdirs, + [ --with-localdirs Explicitly ask compiler to use /usr/local/{include,libs} if they exist ], + [ case "$with_localdirs" in + yes) + user_localdirs=1 + ;; + no) + user_localdirs=0 + ;; + esac + ], + [ user_localdirs=0 ] ) + +if test "$user_localdirs" = 1; then + if test -d /usr/local/lib; then + LDFLAGS="$LDFLAGS -L/usr/local/lib" + fi + if test -d /usr/local/include; then + CPPFLAGS="$CPPFLAGS -I/usr/local/include" + fi +fi + +dnl Check whether libpcap is already available +have_libpcap=no + +# By default, search for pcap library +test "${with_libpcap+set}" != "set" && with_libpcap=yes + +AC_ARG_WITH(libpcap, +AC_HELP_STRING([--with-libpcap=DIR], [Look for pcap headers in DIR/include.]) +AC_HELP_STRING([--with-libpcap=included], [Always use version included with Nmap]) +AC_HELP_STRING([--without-libpcap], [Disable pcap functions.]), +[ case "$with_libpcap" in + yes) + AC_CHECK_HEADER(pcap.h,[ + have_libpcap=yes + LIBPCAP_LIBS=-lpcap ]) + ;; + included) + have_libpcap=no + ;; + no) + ;; + *) + _cppflags=$CPPFLAGS + _ldflags=$LDFLAGS + + CPPFLAGS="-I$with_libpcap/include $CPPFLAGS" + LDFLAGS="-L$with_libpcap/lib $LDFLAGS" + + AC_CHECK_HEADER(pcap.h,[ + AC_CHECK_LIB(pcap, pcap_datalink, + [have_libpcap=yes + LIBPCAP_LIBS=-lpcap + LIBPCAP_INC=$with_libpcap/include + LIBPCAP_LIB=$with_libpcap/lib])]) + + LDFLAGS=$_ldflags + CPPFLAGS=$_cppflags + ;; + esac] +) + +if test "$with_libpcap" != "no" -a "$have_libpcap" = "no"; then + LIBPCAP_INC=${top_nmap_srcdir}/libpcap + LIBPCAP_LIB=${top_nmap_srcdir}/libpcap + LIBPCAP_LIBS=${LIBPCAP_LIB}/libpcap.a + have_libpcap=yes +fi +if test "$have_libpcap" != "no"; then + AC_DEFINE(HAVE_PCAP, 1, [libpcap is available]) + if test "${LIBPCAP_INC+set}" = "set"; then + CPPFLAGS="-I$LIBPCAP_INC $CPPFLAGS" + LDFLAGS="-L$LIBPCAP_LIB $LDFLAGS" + fi +fi +AC_SUBST(LIBPCAP_LIBS) + +PCAP_DEFINE_NETMASK_UNKNOWN + +AX_HAVE_EPOLL([AC_DEFINE(HAVE_EPOLL, 1, [epoll is available])], ) +AX_HAVE_POLL([AC_DEFINE(HAVE_POLL, 1, [poll is available])], ) +AC_CHECK_FUNCS(kqueue kevent, [AC_DEFINE(HAVE_KQUEUE)], ) + +dnl Checks for programs. +AC_PROG_CC + if test -n "$GCC"; then + CFLAGS="$CFLAGS -Wall " + fi +AC_PROG_RANLIB +dnl AC_PROG_INSTALL +dnl AC_PATH_PROG(MAKEDEPEND, makedepend) + +dnl Checks for libraries. +dnl AC_CHECK_LIB(m, pow) + +dnl If any socket libraries needed +AC_CHECK_FUNC(gethostent, , AC_CHECK_LIB(nsl, gethostent)) +AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) + +dnl need posix4/nanosleep for solaris 2.4 +AC_CHECK_FUNC(nanosleep, , AC_CHECK_LIB(posix4, nanosleep)) + +dnl Checks for header files. +AC_HEADER_STDC +AC_CHECK_HEADERS(net/bpf.h sys/ioctl.h sys/un.h netdb.h) + +# We test whether they specified openssl desires explicitly +use_openssl="yes" +specialssldir="" +AC_ARG_WITH(openssl, +AC_HELP_STRING([--with-openssl=DIR],[Use optional openssl libs and includes from [DIR]/lib/ and [DIR]/include/openssl/)]), +[ case "$with_openssl" in + yes) + ;; + no) + use_openssl="no" + ;; + *) + specialssldir="$with_openssl" + CPPFLAGS="$CPPFLAGS -I$with_openssl/include" + LDFLAGS="$LDFLAGS -L$with_openssl/lib" + ;; + esac] +) + +# If they didn't specify it, we try to find it +if test "$use_openssl" = "yes" -a -z "$specialssldir"; then + AC_CHECK_HEADER(openssl/ssl.h,, + [ use_openssl="no" + if test "$with_openssl" = "yes"; then + AC_MSG_ERROR([OpenSSL was explicitly requested but openssl/ssl.h was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.]) + fi + AC_MSG_WARN([Failed to find openssl/ssl.h so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) + ]) + +# use_openssl="yes" given explicitly in next 2 rules to avoid adding lib to $LIBS + if test "$use_openssl" = "yes"; then + AC_CHECK_LIB(crypto, BIO_int_ctrl, + [ use_openssl="yes"], + [ use_openssl="no" + if test "$with_openssl" = "yes"; then + AC_MSG_ERROR([OpenSSL was explicitly requested but libcrypto was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.]) + fi + AC_MSG_WARN([Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) + ]) + fi + + if test "$use_openssl" = "yes"; then + AC_CHECK_LIB(ssl, SSL_new, + [ use_openssl="yes" ], + [ use_openssl="no" + if test "$with_openssl" = "yes"; then + AC_MSG_ERROR([OpenSSL was explicitly requested but libssl was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.]) + fi + AC_MSG_WARN([Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) ], + [ -lcrypto ]) + fi +fi + +# OpenSSL requires dlopen on some platforms +AC_SEARCH_LIBS(dlopen, dl) + +OPENSSL_LIBS= +if test "$use_openssl" = "yes"; then + AC_DEFINE(HAVE_OPENSSL, 1, [openssl is available]) + OPENSSL_LIBS="-lssl -lcrypto" + LIBS_TMP="$LIBS" + LIBS="$OPENSSL_LIBS $LIBS" + AC_MSG_CHECKING([for SSL_set_tlsext_host_name]) + AC_TRY_LINK([#include ], [SSL_set_tlsext_host_name(NULL, NULL)], + [AC_MSG_RESULT([yes]); AC_DEFINE(HAVE_SSL_SET_TLSEXT_HOST_NAME, 1, [SSL_set_tlsext_host_name available])], + [AC_MSG_RESULT([no])]) + AC_MSG_CHECKING([for DTLS_client_method]) + AC_TRY_LINK([#include ], [DTLS_client_method()], + [AC_MSG_RESULT([yes]); AC_DEFINE(HAVE_DTLS_CLIENT_METHOD, 1, [DTLS_client_method available])], + [AC_MSG_RESULT([no])]) + AC_MSG_CHECKING([for SSL_set_alpn_protos]) + AC_TRY_LINK([#include ], [SSL_set_alpn_protos(NULL, NULL, 0)], + [AC_MSG_RESULT([yes]); AC_DEFINE(HAVE_ALPN_SUPPORT, 1, [SSL ALPN protos support])], + [AC_MSG_RESULT([no])]) + LIBS="$LIBS_TMP" + +fi + +AC_SUBST(OPENSSL_LIBS) + +dnl Checks for typedefs, structures, and compiler characteristics. + +AC_ARG_WITH(libnbase, +[ --with-libnbase=DIR Look for nbase include/libs in DIR], +[ case "$with_libnbase" in + yes) + ;; + *) + NBASEDIR="$with_libnbase" + ;; + esac], +NBASEDIR="${top_nmap_srcdir}/nbase" +) + +NSOCKTESTDIR="../tests" + +LDFLAGS="$LDFLAGS -L$NBASEDIR" +CPPFLAGS="$CPPFLAGS -I$NBASEDIR" +LIBNBASE_LIBS="$LIBS -lnbase" + +AC_SUBST(LIBNBASE_LIBS) +AC_SUBST(NBASEDIR) +AC_SUBST(NSOCKTESTDIR) + +AC_SUBST(CFLAGS) + +AC_OUTPUT() diff --git a/include/DomainExec/nsock/src/engine_epoll.c b/include/DomainExec/nsock/src/engine_epoll.c new file mode 100644 index 00000000..edc4fdcd --- /dev/null +++ b/include/DomainExec/nsock/src/engine_epoll.c @@ -0,0 +1,358 @@ +/*************************************************************************** + * engine_epoll.c -- epoll(7) based IO engine. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#endif + +#if HAVE_EPOLL + +#include +#include + +#include "nsock_internal.h" +#include "nsock_log.h" + +#if HAVE_PCAP +#include "nsock_pcap.h" +#endif + +#define INITIAL_EV_COUNT 128 + +#define EPOLL_R_FLAGS (EPOLLIN | EPOLLPRI) +#define EPOLL_W_FLAGS EPOLLOUT + +/* EPOLLRDHUP was introduced later and might be unavailable on older systems. */ +#ifndef EPOLLRDHUP + #define EPOLLRDHUP 0 +#endif +#define EPOLL_X_FLAGS (EPOLLERR | EPOLLRDHUP| EPOLLHUP) + + +/* --- ENGINE INTERFACE PROTOTYPES --- */ +static int epoll_init(struct npool *nsp); +static void epoll_destroy(struct npool *nsp); +static int epoll_iod_register(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev); +static int epoll_iod_unregister(struct npool *nsp, struct niod *iod); +static int epoll_iod_modify(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr); +static int epoll_loop(struct npool *nsp, int msec_timeout); + +extern struct io_operations posix_io_operations; + +/* ---- ENGINE DEFINITION ---- */ +struct io_engine engine_epoll = { + "epoll", + epoll_init, + epoll_destroy, + epoll_iod_register, + epoll_iod_unregister, + epoll_iod_modify, + epoll_loop, + &posix_io_operations +}; + + +/* --- INTERNAL PROTOTYPES --- */ +static void iterate_through_event_lists(struct npool *nsp, int evcount); + +/* defined in nsock_core.c */ +void process_iod_events(struct npool *nsp, struct niod *nsi, int ev); +void process_event(struct npool *nsp, gh_list_t *evlist, struct nevent *nse, int ev); +void process_expired_events(struct npool *nsp); +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT +int pcap_read_on_nonselect(struct npool *nsp); +#endif +#endif + +/* defined in nsock_event.c */ +void update_first_events(struct nevent *nse); + + +extern struct timeval nsock_tod; + + +/* + * Engine specific data structure + */ +struct epoll_engine_info { + /* file descriptor corresponding to our epoll instance */ + int epfd; + /* number of epoll_events we can deal with */ + int evlen; + /* list of epoll events, resized if necessary (when polling over large numbers of IODs) */ + struct epoll_event *events; +}; + + +int epoll_init(struct npool *nsp) { + struct epoll_engine_info *einfo; + + einfo = (struct epoll_engine_info *)safe_malloc(sizeof(struct epoll_engine_info)); + + einfo->epfd = epoll_create(10); /* argument is ignored */ + einfo->evlen = INITIAL_EV_COUNT; + einfo->events = (struct epoll_event *)safe_malloc(einfo->evlen * sizeof(struct epoll_event)); + + nsp->engine_data = (void *)einfo; + + return 1; +} + +void epoll_destroy(struct npool *nsp) { + struct epoll_engine_info *einfo = (struct epoll_engine_info *)nsp->engine_data; + + assert(einfo != NULL); + close(einfo->epfd); + free(einfo->events); + free(einfo); +} + +int epoll_iod_register(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev) { + int sd; + struct epoll_event epev; + struct epoll_engine_info *einfo = (struct epoll_engine_info *)nsp->engine_data; + + assert(!IOD_PROPGET(iod, IOD_REGISTERED)); + + iod->watched_events = ev; + + memset(&epev, 0x00, sizeof(struct epoll_event)); + epev.events = EPOLLET; + epev.data.ptr = (void *)iod; + + if (ev & EV_READ) + epev.events |= EPOLL_R_FLAGS; + if (ev & EV_WRITE) + epev.events |= EPOLL_W_FLAGS; + + sd = nsock_iod_get_sd(iod); + if (epoll_ctl(einfo->epfd, EPOLL_CTL_ADD, sd, &epev) < 0) + fatal("Unable to register IOD #%lu: %s", iod->id, strerror(errno)); + + IOD_PROPSET(iod, IOD_REGISTERED); + return 1; +} + +int epoll_iod_unregister(struct npool *nsp, struct niod *iod) { + iod->watched_events = EV_NONE; + + /* some IODs can be unregistered here if they're associated to an event that was + * immediately completed */ + if (IOD_PROPGET(iod, IOD_REGISTERED)) { + struct epoll_engine_info *einfo = (struct epoll_engine_info *)nsp->engine_data; + int sd; + + sd = nsock_iod_get_sd(iod); + epoll_ctl(einfo->epfd, EPOLL_CTL_DEL, sd, NULL); + + IOD_PROPCLR(iod, IOD_REGISTERED); + } + return 1; +} + +int epoll_iod_modify(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr) { + int sd; + struct epoll_event epev; + int new_events; + struct epoll_engine_info *einfo = (struct epoll_engine_info *)nsp->engine_data; + + assert((ev_set & ev_clr) == 0); + assert(IOD_PROPGET(iod, IOD_REGISTERED)); + + memset(&epev, 0x00, sizeof(struct epoll_event)); + epev.events = EPOLLET; + epev.data.ptr = (void *)iod; + + new_events = iod->watched_events; + new_events |= ev_set; + new_events &= ~ev_clr; + + if (new_events == iod->watched_events) + return 1; /* nothing to do */ + + iod->watched_events = new_events; + + /* regenerate the current set of events for this IOD */ + if (iod->watched_events & EV_READ) + epev.events |= EPOLL_R_FLAGS; + if (iod->watched_events & EV_WRITE) + epev.events |= EPOLL_W_FLAGS; + + sd = nsock_iod_get_sd(iod); + + if (epoll_ctl(einfo->epfd, EPOLL_CTL_MOD, sd, &epev) < 0) + fatal("Unable to update events for IOD #%lu: %s", iod->id, strerror(errno)); + + return 1; +} + +int epoll_loop(struct npool *nsp, int msec_timeout) { + int results_left = 0; + int event_msecs; /* msecs before an event goes off */ + int combined_msecs; + int sock_err = 0; + unsigned int iod_count; + struct epoll_engine_info *einfo = (struct epoll_engine_info *)nsp->engine_data; + + assert(msec_timeout >= -1); + + if (nsp->events_pending == 0) + return 0; /* No need to wait on 0 events ... */ + + + iod_count = gh_list_count(&nsp->active_iods); + if (iod_count > einfo->evlen) { + einfo->evlen = iod_count * 2; + einfo->events = (struct epoll_event *)safe_realloc(einfo->events, einfo->evlen * sizeof(struct epoll_event)); + } + + do { + struct nevent *nse; + + nsock_log_debug_all("wait for events"); + + nse = next_expirable_event(nsp); + if (!nse) + event_msecs = -1; /* None of the events specified a timeout */ + else + event_msecs = MAX(0, TIMEVAL_MSEC_SUBTRACT(nse->timeout, nsock_tod)); + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT + /* Force a low timeout when capturing packets on systems where + * the pcap descriptor is not select()able. */ + if (gh_list_count(&nsp->pcap_read_events) > 0) + if (event_msecs > PCAP_POLL_INTERVAL) + event_msecs = PCAP_POLL_INTERVAL; +#endif +#endif + + /* We cast to unsigned because we want -1 to be very high (since it means no + * timeout) */ + combined_msecs = MIN((unsigned)event_msecs, (unsigned)msec_timeout); + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT + /* do non-blocking read on pcap devices that doesn't support select() + * If there is anything read, just leave this loop. */ + if (pcap_read_on_nonselect(nsp)) { + /* okay, something was read. */ + } else +#endif +#endif + { + results_left = epoll_wait(einfo->epfd, einfo->events, einfo->evlen, combined_msecs); + if (results_left == -1) + sock_err = socket_errno(); + } + + gettimeofday(&nsock_tod, NULL); /* Due to epoll delay */ + } while (results_left == -1 && sock_err == EINTR); /* repeat only if signal occurred */ + + if (results_left == -1 && sock_err != EINTR) { + nsock_log_error("nsock_loop error %d: %s", sock_err, socket_strerror(sock_err)); + nsp->errnum = sock_err; + return -1; + } + + iterate_through_event_lists(nsp, results_left); + + return 1; +} + + +/* ---- INTERNAL FUNCTIONS ---- */ +static inline int get_evmask(struct epoll_engine_info *einfo, int n) { + int evmask = EV_NONE; + + if (einfo->events[n].events & EPOLL_R_FLAGS) + evmask |= EV_READ; + if (einfo->events[n].events & EPOLL_W_FLAGS) + evmask |= EV_WRITE; + if (einfo->events[n].events & EPOLL_X_FLAGS) + evmask |= EV_EXCEPT; + + return evmask; +} + +/* Iterate through all the event lists (such as connect_events, read_events, + * timer_events, etc) and take action for those that have completed (due to + * timeout, i/o, etc) */ +void iterate_through_event_lists(struct npool *nsp, int evcount) { + struct epoll_engine_info *einfo = (struct epoll_engine_info *)nsp->engine_data; + int n; + + for (n = 0; n < evcount; n++) { + struct niod *nsi = (struct niod *)einfo->events[n].data.ptr; + + assert(nsi); + + /* process all the pending events for this IOD */ + process_iod_events(nsp, nsi, get_evmask(einfo, n)); + + if (nsi->state == NSIOD_STATE_DELETED) { + gh_list_remove(&nsp->active_iods, &nsi->nodeq); + gh_list_prepend(&nsp->free_iods, &nsi->nodeq); + } + } + + /* iterate through timers and expired events */ + process_expired_events(nsp); +} + +#endif /* HAVE_EPOLL */ + diff --git a/include/DomainExec/nsock/src/engine_iocp.c b/include/DomainExec/nsock/src/engine_iocp.c new file mode 100644 index 00000000..c563b9db --- /dev/null +++ b/include/DomainExec/nsock/src/engine_iocp.c @@ -0,0 +1,779 @@ +/*************************************************************************** + * engine_iocp.c -- I/O Completion Ports based IO engine. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#if WIN32 +#include "nsock_winconfig.h" +#endif + +#if HAVE_IOCP + +#include +#include + +#include "nsock_internal.h" +#include "nsock_log.h" + +#if HAVE_PCAP +#include "nsock_pcap.h" +#endif + + +/* --- ENGINE INTERFACE PROTOTYPES --- */ +static int iocp_init(struct npool *nsp); +static void iocp_destroy(struct npool *nsp); +static int iocp_iod_register(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev); +static int iocp_iod_unregister(struct npool *nsp, struct niod *iod); +static int iocp_iod_modify(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr); +static int iocp_loop(struct npool *nsp, int msec_timeout); + +int iocp_iod_connect(struct npool *nsp, int sockfd, const struct sockaddr *addr, socklen_t addrlen); +int iocp_iod_read(struct npool *nsp, int sockfd, void *buf, size_t len, int flags, struct sockaddr *src_addr, socklen_t *addrlen); +int iocp_iod_write(struct npool *nsp, int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen); + +struct io_operations iocp_io_operations = { + iocp_iod_connect, + iocp_iod_read, + iocp_iod_write +}; + +/* ---- ENGINE DEFINITION ---- */ +struct io_engine engine_iocp = { + "iocp", + iocp_init, + iocp_destroy, + iocp_iod_register, + iocp_iod_unregister, + iocp_iod_modify, + iocp_loop, + &iocp_io_operations +}; + +/* +* Engine specific data structure +*/ +struct iocp_engine_info { + /* The handle to the Completion Port*/ + HANDLE iocp; + + /* We put the current eov to be processed here in order to be retrieved by nsock_core */ + struct extended_overlapped *eov; + + /* The overlapped_entry list used to retrieve completed packets from the port */ + OVERLAPPED_ENTRY *eov_list; + unsigned long capacity; + + /* How many Completion Packets we actually retreieved */ + unsigned long entries_removed; + + gh_list_t active_eovs; + gh_list_t free_eovs; +}; + +struct extended_overlapped { + /* Overlapped structure used for overlapped operations */ + OVERLAPPED ov; + + /* Did we get an error when we initiated the operation? + Put the error code here and post it to the main loop */ + int err; + + /* The event may have expired and was recycled, we can't trust + a pointer to the nevent structure to tell us the real nevent */ + nsock_event_id nse_id; + + /* A pointer to the event */ + struct nevent *nse; + + /* Needed for WSARecv/WSASend */ + WSABUF wsabuf; + + /* This is the buffer we will read data in */ + char *readbuf; + + /* The struct npool keeps track of EOVs that have been allocated so that it + * can destroy them if the msp is deleted. This pointer makes it easy to + * remove this struct extended_overlapped from the allocated list when necessary */ + gh_lnode_t nodeq; + + int eov_received; +}; + +/* --- INTERNAL PROTOTYPES --- */ +static void iterate_through_event_lists(struct npool *nsp); +static void terminate_overlapped_event(struct npool *nsp, struct nevent *nse); +static void initiate_overlapped_event(struct npool *nsp, struct nevent *nse); +static int get_overlapped_result(struct npool *nsp, int fd, const void *buffer, size_t count); +static void force_operation(struct npool *nsp, struct nevent *nse); +static void free_eov(struct npool *nsp, struct extended_overlapped *eov); +static int map_faulty_errors(int err); + +/* defined in nsock_core.c */ +void process_iod_events(struct npool *nsp, struct niod *nsi, int ev); +void process_event(struct npool *nsp, gh_list_t *evlist, struct nevent *nse, int ev); +void process_expired_events(struct npool *nsp); +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT +int pcap_read_on_nonselect(struct npool *nsp); +#endif +#endif + +/* defined in nsock_event.c */ +void update_first_events(struct nevent *nse); + + +extern struct timeval nsock_tod; + +int iocp_init(struct npool *nsp) { + struct iocp_engine_info *iinfo; + + iinfo = (struct iocp_engine_info *)safe_malloc(sizeof(struct iocp_engine_info)); + + gh_list_init(&iinfo->active_eovs); + gh_list_init(&iinfo->free_eovs); + + iinfo->iocp = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, NULL, 0); + iinfo->capacity = 10; + iinfo->eov = NULL; + iinfo->entries_removed = 0; + iinfo->eov_list = (OVERLAPPED_ENTRY *)safe_malloc(iinfo->capacity * sizeof(OVERLAPPED_ENTRY)); + nsp->engine_data = (void *)iinfo; + + return 1; +} + +void iocp_destroy(struct npool *nsp) { + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nsp->engine_data; + + assert(iinfo != NULL); + + struct extended_overlapped *eov; + gh_lnode_t *current; + + while ((current = gh_list_pop(&iinfo->active_eovs))) { + eov = container_of(current, struct extended_overlapped, nodeq); + if (eov->readbuf) { + free(eov->readbuf); + eov->readbuf = NULL; + } + free(eov); + } + + while ((current = gh_list_pop(&iinfo->free_eovs))) { + eov = container_of(current, struct extended_overlapped, nodeq); + free(eov); + } + + gh_list_free(&iinfo->active_eovs); + gh_list_free(&iinfo->free_eovs); + + CloseHandle(iinfo->iocp); + free(iinfo->eov_list); + + free(iinfo); +} + +int iocp_iod_register(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev) { + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nsp->engine_data; + HANDLE result; + + assert(!IOD_PROPGET(iod, IOD_REGISTERED)); + iod->watched_events = ev; + result = CreateIoCompletionPort((HANDLE)iod->sd, iinfo->iocp, NULL, 0); + assert(result); + + IOD_PROPSET(iod, IOD_REGISTERED); + + initiate_overlapped_event(nsp, nse); + + return 1; +} + +/* Sadly a socket can't be unassociated with a completion port */ +int iocp_iod_unregister(struct npool *nsp, struct niod *iod) { + + if (IOD_PROPGET(iod, IOD_REGISTERED)) { + /* Nuke all uncompleted operations on that iod */ + CancelIo((HANDLE)iod->sd); + IOD_PROPCLR(iod, IOD_REGISTERED); + } + + return 1; +} + +int iocp_iod_modify(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr) { + int new_events; + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nsp->engine_data; + + assert((ev_set & ev_clr) == 0); + assert(IOD_PROPGET(iod, IOD_REGISTERED)); + + new_events = iod->watched_events; + new_events |= ev_set; + new_events &= ~ev_clr; + + if (ev_set != EV_NONE) + initiate_overlapped_event(nsp, nse); + else if (ev_clr != EV_NONE) + terminate_overlapped_event(nsp, nse); + + if (new_events == iod->watched_events) + return 1; /* nothing to do */ + + iod->watched_events = new_events; + + return 1; +} + +int iocp_loop(struct npool *nsp, int msec_timeout) { + int event_msecs; /* msecs before an event goes off */ + int combined_msecs; + int sock_err = 0; + BOOL bRet; + unsigned long total_events; + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nsp->engine_data; + + assert(msec_timeout >= -1); + + if (nsp->events_pending == 0) + return 0; /* No need to wait on 0 events ... */ + + + struct nevent *nse; + + /* Make sure the preallocated space for the retrieved events is big enough */ + total_events = gh_list_count(&nsp->connect_events) + gh_list_count(&nsp->read_events) + gh_list_count(&nsp->write_events); + if (iinfo->capacity < total_events) { + iinfo->capacity *= 2; + iinfo->eov_list = (OVERLAPPED_ENTRY *)safe_realloc(iinfo->eov_list, iinfo->capacity * sizeof(OVERLAPPED_ENTRY)); + } + + nsock_log_debug_all("wait for events"); + + nse = next_expirable_event(nsp); + if (!nse) + event_msecs = -1; /* None of the events specified a timeout */ + else + event_msecs = MAX(0, TIMEVAL_MSEC_SUBTRACT(nse->timeout, nsock_tod)); + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT + /* Force a low timeout when capturing packets on systems where + * the pcap descriptor is not select()able. */ + if (gh_list_count(&nsp->pcap_read_events) > 0) + if (event_msecs > PCAP_POLL_INTERVAL) + event_msecs = PCAP_POLL_INTERVAL; +#endif +#endif + + /* We cast to unsigned because we want -1 to be very high (since it means no + * timeout) */ + combined_msecs = MIN((unsigned)event_msecs, (unsigned)msec_timeout); + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT + /* do non-blocking read on pcap devices that doesn't support select() + * If there is anything read, just leave this loop. */ + if (pcap_read_on_nonselect(nsp)) { + /* okay, something was read. */ + } + else +#endif +#endif + /* It is mandatory these values are reset before calling GetQueuedCompletionStatusEx */ + iinfo->entries_removed = 0; + memset(iinfo->eov_list, 0, iinfo->capacity * sizeof(OVERLAPPED_ENTRY)); + bRet = GetQueuedCompletionStatusEx(iinfo->iocp, iinfo->eov_list, iinfo->capacity, &iinfo->entries_removed, combined_msecs, FALSE); + + gettimeofday(&nsock_tod, NULL); /* Due to iocp delay */ + if (!bRet) { + sock_err = socket_errno(); + if (!iinfo->eov && sock_err != WAIT_TIMEOUT) { + nsock_log_error("nsock_loop error %d: %s", sock_err, socket_strerror(sock_err)); + nsp->errnum = sock_err; + return -1; + } + } + + iterate_through_event_lists(nsp); + + return 1; +} + + +/* ---- INTERNAL FUNCTIONS ---- */ + +/* Iterate through all the event lists (such as connect_events, read_events, +* timer_events, etc) and take action for those that have completed (due to +* timeout, i/o, etc) */ +void iterate_through_event_lists(struct npool *nsp) { + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nsp->engine_data; + + for (unsigned long i = 0; i < iinfo->entries_removed; i++) { + + iinfo->eov = (struct extended_overlapped *)iinfo->eov_list[i].lpOverlapped; + /* We can't rely on iinfo->entries_removed to tell us the real number of + * events to process */ + if (!iinfo->eov || !iinfo->eov->nse) + continue; + + /* We check if this is from a cancelled operation */ + if (iinfo->eov->nse->id != iinfo->eov->nse_id || + iinfo->eov->nse->event_done) { + free_eov(nsp, iinfo->eov); + iinfo->eov = NULL; + continue; + } + + if (!HasOverlappedIoCompleted((OVERLAPPED *)iinfo->eov)) + continue; + + struct niod *nsi = iinfo->eov->nse->iod; + struct nevent *nse = iinfo->eov->nse; + gh_list_t *evlist = NULL; + int ev = 0; + + switch (nse->type) { + case NSE_TYPE_CONNECT: + case NSE_TYPE_CONNECT_SSL: + ev = EV_READ; + evlist = &nsp->connect_events; + break; + case NSE_TYPE_READ: + ev = EV_READ; + evlist = &nsp->read_events; + break; + case NSE_TYPE_WRITE: + ev = EV_WRITE; + evlist = &nsp->write_events; + break; + } + + /* Setting the connect error for nsock_core to get in handle_connect_result */ + if (nse->type == NSE_TYPE_CONNECT || nse->type == NSE_TYPE_CONNECT_SSL) { + setsockopt(nse->iod->sd, SOL_SOCKET, SO_UPDATE_CONNECT_CONTEXT, NULL, 0); + DWORD dwRes; + if (!GetOverlappedResult((HANDLE)nse->iod->sd, (LPOVERLAPPED)iinfo->eov, &dwRes, FALSE)) { + int err = map_faulty_errors(socket_errno()); + if (err) + setsockopt(nse->iod->sd, SOL_SOCKET, SO_ERROR, (char *)&err, sizeof(err)); + } + } + + process_event(nsp, evlist, nse, ev); + + if (nse->event_done) { + /* event is done, remove it from the event list and update IOD pointers + * to the first events of each kind */ + update_first_events(nse); + gh_list_remove(evlist, &nse->nodeq_io); + gh_list_append(&nsp->free_events, &nse->nodeq_io); + + if (nse->timeout.tv_sec) + gh_heap_remove(&nsp->expirables, &nse->expire); + } else + initiate_overlapped_event(nsp, nse); + + if (nsi->state == NSIOD_STATE_DELETED) { + gh_list_remove(&nsp->active_iods, &nsi->nodeq); + gh_list_prepend(&nsp->free_iods, &nsi->nodeq); + } + + iinfo->eov = NULL; + } + + /* iterate through timers and expired events */ + process_expired_events(nsp); +} + +static int errcode_is_failure(int err) { +#ifndef WIN32 + return err != EINTR && err != EAGAIN && err != EBUSY; +#else + return err != EINTR && err != EAGAIN && err != WSA_IO_PENDING && err != ERROR_NETNAME_DELETED; +#endif +} + +static int map_faulty_errors(int err) { + /* This actually happens https://svn.boost.org/trac/boost/ticket/10744 */ + switch (err) { + case ERROR_NETWORK_UNREACHABLE: return WSAENETUNREACH; + case ERROR_HOST_UNREACHABLE: return WSAEHOSTUNREACH; + case ERROR_CONNECTION_REFUSED: return WSAECONNREFUSED; + case ERROR_SEM_TIMEOUT: return WSAETIMEDOUT; + } + return err; +} + +static struct extended_overlapped *new_eov(struct npool *nsp, struct nevent *nse) { + struct extended_overlapped *eov; + gh_lnode_t *lnode; + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nsp->engine_data; + + lnode = gh_list_pop(&iinfo->free_eovs); + if (!lnode) + eov = (struct extended_overlapped *)safe_malloc(sizeof(struct extended_overlapped)); + else + eov = container_of(lnode, struct extended_overlapped, nodeq); + + memset(eov, 0, sizeof(struct extended_overlapped)); + nse->eov = eov; + eov->nse = nse; + eov->nse_id = nse->id; + eov->err = 0; + eov->eov_received = false; + gh_list_prepend(&iinfo->active_eovs, &eov->nodeq); + + /* Make the read buffer equal to the size of the buffer in do_actual_read() */ + if (nse->type == NSE_TYPE_READ && !eov->readbuf && !nse->iod->ssl) + eov->readbuf = (char*)safe_malloc(READ_BUFFER_SZ * sizeof(char)); + + return eov; +} + +/* This needs to be called after getting the overlapped event in */ +static void free_eov(struct npool *nsp, struct extended_overlapped *eov) { + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nsp->engine_data; + struct nevent *nse = eov->nse; + + gh_list_remove(&iinfo->active_eovs, &eov->nodeq); + + if (eov->readbuf) { + free(eov->readbuf); + eov->readbuf = NULL; + } + + gh_list_prepend(&iinfo->free_eovs, &eov->nodeq); + + eov->nse = NULL; + if (nse) + nse->eov = NULL; +} + + +static void call_connect_overlapped(struct npool *nsp, struct nevent *nse) { + BOOL ok; + DWORD numBytes = 0; + int one = 1; + SOCKET sock = nse->iod->sd; + GUID guid = WSAID_CONNECTEX; + struct sockaddr_in addr; + LPFN_CONNECTEX ConnectExPtr = NULL; + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nse->iod->nsp->engine_data; + struct extended_overlapped *eov = new_eov(nsp, nse); + int ret; + struct sockaddr_storage *ss = &nse->iod->peer; + size_t sslen = nse->iod->peerlen; + + if (nse->iod->lastproto != IPPROTO_TCP) { + if (connect(sock, (struct sockaddr *)ss, sslen) == -1) { + int err = socket_errno(); + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = err; + } else { + force_operation(nsp, nse); + } + return; + } + + ret = WSAIoctl(sock, SIO_GET_EXTENSION_FUNCTION_POINTER, + (void*)&guid, sizeof(guid), (void*)&ConnectExPtr, sizeof(ConnectExPtr), + &numBytes, NULL, NULL); + if (ret) + fatal("Error initiating event type(%d)", nse->type); + + ret = setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (const char *)&one, sizeof(one)); + if (ret == -1) { + int err = socket_errno(); + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = err; + return; + } + + /* ConnectEx doesn't automatically bind the socket */ + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = INADDR_ANY; + addr.sin_port = 0; + if (!nse->iod->locallen) { + ret = bind(sock, (SOCKADDR*)&addr, sizeof(addr)); + if (ret) { + int err = socket_errno(); + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = err; + return; + } + } + + ok = ConnectExPtr(sock, (SOCKADDR*)ss, sslen, NULL, 0, NULL, (LPOVERLAPPED)eov); + if (!ok) { + int err = socket_errno(); + if (err != ERROR_IO_PENDING) { + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = err; + } + } +} + +static void call_read_overlapped(struct nevent *nse) { + DWORD flags = 0; + int err = 0; + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nse->iod->nsp->engine_data; + + struct extended_overlapped *eov = new_eov(nse->iod->nsp, nse); + + eov->wsabuf.buf = eov->readbuf; + eov->wsabuf.len = READ_BUFFER_SZ; + + err = WSARecvFrom(nse->iod->sd, &eov->wsabuf, 1, NULL, &flags, + (struct sockaddr *)&nse->iod->peer, (LPINT)&nse->iod->peerlen, (LPOVERLAPPED)eov, NULL); + if (err) { + err = socket_errno(); + if (errcode_is_failure(err)) { + eov->err = err; + /* Send the error to the main loop to be picked up by the appropriate handler */ + BOOL bRet = PostQueuedCompletionStatus(iinfo->iocp, -1, (ULONG_PTR)nse->iod, (LPOVERLAPPED)eov); + if (!bRet) + fatal("Error initiating event type(%d)", nse->type); + } + } +} + +static void call_write_overlapped(struct nevent *nse) { + int err; + char *str; + int bytesleft; + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nse->iod->nsp->engine_data; + + struct extended_overlapped *eov = new_eov(nse->iod->nsp, nse); + + str = fs_str(&nse->iobuf) + nse->writeinfo.written_so_far; + bytesleft = fs_length(&nse->iobuf) - nse->writeinfo.written_so_far; + + eov->wsabuf.buf = str; + eov->wsabuf.len = bytesleft; + + if (nse->writeinfo.dest.ss_family == AF_UNSPEC) + err = WSASend(nse->iod->sd, &eov->wsabuf, 1, NULL, 0, (LPWSAOVERLAPPED)eov, NULL); + else + err = WSASendTo(nse->iod->sd, &eov->wsabuf, 1, NULL, 0, + (struct sockaddr *)&nse->writeinfo.dest, (int)nse->writeinfo.destlen, + (LPWSAOVERLAPPED)eov, NULL); + if (err) { + err = socket_errno(); + if (errcode_is_failure(err)) { + eov->err = err; + /* Send the error to the main loop to be picked up by the appropriate handler */ + BOOL bRet = PostQueuedCompletionStatus(iinfo->iocp, -1, (ULONG_PTR)nse->iod, (LPOVERLAPPED)eov); + if (!bRet) + fatal("Error initiating event type(%d)", nse->type); + } + } +} + +/* Anything that isn't an overlapped operation uses this to get processed by the main loop */ +static void force_operation(struct npool *nsp, struct nevent *nse) { + BOOL bRet; + struct extended_overlapped *eov; + + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nsp->engine_data; + eov = new_eov(nse->iod->nsp, nse); + + bRet = PostQueuedCompletionStatus(iinfo->iocp, 0, (ULONG_PTR)nse->iod, (LPOVERLAPPED)eov); + if (!bRet) + fatal("Error initiating event type(%d)", nse->type); +} + +/* Either initiate a I/O read or force a SSL_read */ +static void initiate_read(struct npool *nsp, struct nevent *nse) { + if (!nse->iod->ssl) + call_read_overlapped(nse); + else + force_operation(nsp, nse); +} + +/* Either initiate a I/O write or force a SSL_write */ +static void initiate_write(struct npool *nsp, struct nevent *nse) { + if (!nse->iod->ssl) + call_write_overlapped(nse); + else + force_operation(nsp, nse); +} + +/* Force a PCAP read */ +static void initiate_pcap_read(struct npool *nsp, struct nevent *nse) { + force_operation(nsp, nse); +} + +static void initiate_connect(struct npool *nsp, struct nevent *nse) { + int sslconnect_inprogress = 0; + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nsp->engine_data; + +#if HAVE_OPENSSL + sslconnect_inprogress = nse->type == NSE_TYPE_CONNECT_SSL && nse->iod && + (nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ || + nse->sslinfo.ssl_desire == SSL_ERROR_WANT_WRITE); +#endif + + if (sslconnect_inprogress) + force_operation(nsp, nse); + else + call_connect_overlapped(nsp, nse); +} + +/* Start the overlapped I/O operation */ +static void initiate_overlapped_event(struct npool *nsp, struct nevent *nse) { + if (nse->eov) + terminate_overlapped_event(nsp, nse); + + switch (nse->type) { + case NSE_TYPE_CONNECT: + case NSE_TYPE_CONNECT_SSL: + initiate_connect(nsp, nse); + break; + case NSE_TYPE_READ: + initiate_read(nsp, nse); + break; + case NSE_TYPE_WRITE: + initiate_write(nsp, nse); + break; +#if HAVE_PCAP + case NSE_TYPE_PCAP_READ: + initiate_pcap_read(nsp, nse); + break; +#endif + default: fatal("Event type(%d) not supported by engine IOCP\n", nse->type); + } +} + +/* Terminate an overlapped I/O operation that expired */ +static void terminate_overlapped_event(struct npool *nsp, struct nevent *nse) { + bool eov_done = true; + + if (nse->eov) { + if (!HasOverlappedIoCompleted((LPOVERLAPPED)nse->eov)) { + CancelIoEx((HANDLE)nse->iod->sd, (LPOVERLAPPED)nse->eov); + eov_done = false; + } + + if (eov_done) + free_eov(nsp, nse->eov); + } +} + +/* Retrieve the ammount of bytes transferred or set the appropriate error */ +static int get_overlapped_result(struct npool *nsp, int fd, const void *buffer, size_t count) { + char *buf = (char *)buffer; + DWORD dwRes = 0; + int err; + static struct extended_overlapped *old_eov = NULL; + struct iocp_engine_info *iinfo = (struct iocp_engine_info *)nsp->engine_data; + + struct extended_overlapped *eov = iinfo->eov; + struct nevent *nse = eov->nse; + + /* If the operation failed at initialization, set the error for nsock_core.c to see */ + if (eov->err) { + SetLastError(map_faulty_errors(eov->err)); + return -1; + } + + if (!GetOverlappedResult((HANDLE)fd, (LPOVERLAPPED)eov, &dwRes, FALSE)) { + err = socket_errno(); + if (errcode_is_failure(err)) { + eov->eov_received = true; + SetLastError(map_faulty_errors(err)); + return -1; + } + } + eov->eov_received = true; + + if (nse->type == NSE_TYPE_READ && buf) + memcpy(buf, eov->wsabuf.buf, dwRes); + + /* If the read buffer wasn't big enough, subsequent calls from do_actual_read will make us + read with recvfrom the rest of the returned data */ + if (nse->type == NSE_TYPE_READ && dwRes == eov->wsabuf.len && old_eov == eov) { + struct sockaddr_storage peer; + socklen_t peerlen = sizeof(peer); + dwRes = recvfrom(fd, buf, READ_BUFFER_SZ, 0, (struct sockaddr *)&peer, &peerlen); + } + + if (nse->type != NSE_TYPE_READ || (nse->type == NSE_TYPE_READ && dwRes < eov->wsabuf.len)) { + old_eov = NULL; + } else if (nse->type == NSE_TYPE_READ && dwRes == eov->wsabuf.len) { + old_eov = eov; + } + + return dwRes; +} + +int iocp_iod_connect(struct npool *nsp, int sockfd, const struct sockaddr *addr, socklen_t addrlen) { + return 0; +} + +int iocp_iod_read(struct npool *nsp, int sockfd, void *buf, size_t len, int flags, struct sockaddr *src_addr, socklen_t *addrlen) { + return get_overlapped_result(nsp, sockfd, buf, len); +} + +int iocp_iod_write(struct npool *nsp, int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen) { + return get_overlapped_result(nsp, sockfd, buf, len); +} + +#endif /* HAVE_IOCP */ diff --git a/include/DomainExec/nsock/src/engine_kqueue.c b/include/DomainExec/nsock/src/engine_kqueue.c new file mode 100644 index 00000000..0a9b4a14 --- /dev/null +++ b/include/DomainExec/nsock/src/engine_kqueue.c @@ -0,0 +1,372 @@ +/*************************************************************************** + * engine_kqueue.c -- BSD kqueue(2) based IO engine. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#endif + +#if HAVE_KQUEUE + +#include +#include +#include +#include + +#include "nsock_internal.h" +#include "nsock_log.h" + +#if HAVE_PCAP +#include "nsock_pcap.h" +#endif + +#define INITIAL_EV_COUNT 128 + + +/* --- ENGINE INTERFACE PROTOTYPES --- */ +static int kqueue_init(struct npool *nsp); +static void kqueue_destroy(struct npool *nsp); +static int kqueue_iod_register(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev); +static int kqueue_iod_unregister(struct npool *nsp, struct niod *iod); +static int kqueue_iod_modify(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr); +static int kqueue_loop(struct npool *nsp, int msec_timeout); + +extern struct io_operations posix_io_operations; + +/* ---- ENGINE DEFINITION ---- */ +struct io_engine engine_kqueue = { + "kqueue", + kqueue_init, + kqueue_destroy, + kqueue_iod_register, + kqueue_iod_unregister, + kqueue_iod_modify, + kqueue_loop, + &posix_io_operations +}; + + +/* --- INTERNAL PROTOTYPES --- */ +static void iterate_through_event_lists(struct npool *nsp, int evcount); + +/* defined in nsock_core.c */ +void process_iod_events(struct npool *nsp, struct niod *nsi, int ev); +void process_event(struct npool *nsp, gh_list_t *evlist, struct nevent *nse, int ev); +void process_expired_events(struct npool *nsp); +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT +int pcap_read_on_nonselect(struct npool *nsp); +#endif +#endif + +/* defined in nsock_event.c */ +void update_first_events(struct nevent *nse); + + +extern struct timeval nsock_tod; + + +/* + * Engine specific data structure + */ +struct kqueue_engine_info { + int kqfd; + int maxfd; + size_t evlen; + struct kevent *events; +}; + + +int kqueue_init(struct npool *nsp) { + struct kqueue_engine_info *kinfo; + + kinfo = (struct kqueue_engine_info *)safe_malloc(sizeof(struct kqueue_engine_info)); + + kinfo->kqfd = kqueue(); + kinfo->maxfd = -1; + kinfo->evlen = INITIAL_EV_COUNT; + kinfo->events = (struct kevent *)safe_malloc(INITIAL_EV_COUNT * sizeof(struct kevent)); + + nsp->engine_data = (void *)kinfo; + + return 1; +} + +void kqueue_destroy(struct npool *nsp) { + struct kqueue_engine_info *kinfo = (struct kqueue_engine_info *)nsp->engine_data; + + assert(kinfo != NULL); + close(kinfo->kqfd); + free(kinfo->events); + free(kinfo); +} + +int kqueue_iod_register(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev) { + struct kqueue_engine_info *kinfo = (struct kqueue_engine_info *)nsp->engine_data; + + assert(!IOD_PROPGET(iod, IOD_REGISTERED)); + + IOD_PROPSET(iod, IOD_REGISTERED); + iod->watched_events = EV_NONE; + + kqueue_iod_modify(nsp, iod, nse, ev, EV_NONE); + + if (nsock_iod_get_sd(iod) > kinfo->maxfd) + kinfo->maxfd = nsock_iod_get_sd(iod); + + return 1; +} + +int kqueue_iod_unregister(struct npool *nsp, struct niod *iod) { + struct kqueue_engine_info *kinfo = (struct kqueue_engine_info *)nsp->engine_data; + + /* some IODs can be unregistered here if they're associated to an event that was + * immediately completed */ + if (IOD_PROPGET(iod, IOD_REGISTERED)) { + kqueue_iod_modify(nsp, iod, NULL, EV_NONE, EV_READ|EV_WRITE); + IOD_PROPCLR(iod, IOD_REGISTERED); + + if (nsock_iod_get_sd(iod) == kinfo->maxfd) + kinfo->maxfd--; + } + iod->watched_events = EV_NONE; + return 1; +} + +#define EV_SETFLAG(_set, _ev) (((_set) & (_ev)) ? (EV_ADD|EV_ENABLE) : (EV_ADD|EV_DISABLE)) + +int kqueue_iod_modify(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr) { + struct kevent kev[2]; + int new_events, i; + struct kqueue_engine_info *kinfo = (struct kqueue_engine_info *)nsp->engine_data; + + assert((ev_set & ev_clr) == 0); + assert(IOD_PROPGET(iod, IOD_REGISTERED)); + + new_events = iod->watched_events; + new_events |= ev_set; + new_events &= ~ev_clr; + + if (new_events == iod->watched_events) + return 1; /* nothing to do */ + + i = 0; + if ((ev_set ^ ev_clr) & EV_READ) { + EV_SET(&kev[i], nsock_iod_get_sd(iod), EVFILT_READ, EV_SETFLAG(ev_set, EV_READ), 0, 0, (void *)iod); + i++; + } + if ((ev_set ^ ev_clr) & EV_WRITE) { + EV_SET(&kev[i], nsock_iod_get_sd(iod), EVFILT_WRITE, EV_SETFLAG(ev_set, EV_WRITE), 0, 0, (void *)iod); + i++; + } + + if (i > 0 && kevent(kinfo->kqfd, kev, i, NULL, 0, NULL) < 0) + fatal("Unable to update events for IOD #%lu: %s", iod->id, strerror(errno)); + + iod->watched_events = new_events; + return 1; +} + +int kqueue_loop(struct npool *nsp, int msec_timeout) { + int results_left = 0; + int event_msecs; /* msecs before an event goes off */ + int combined_msecs; + struct timespec ts, *ts_p; + int sock_err = 0; + struct kqueue_engine_info *kinfo = (struct kqueue_engine_info *)nsp->engine_data; + + assert(msec_timeout >= -1); + + if (nsp->events_pending == 0) + return 0; /* No need to wait on 0 events ... */ + + + if (gh_list_count(&nsp->active_iods) > kinfo->evlen) { + kinfo->evlen = gh_list_count(&nsp->active_iods) * 2; + kinfo->events = (struct kevent *)safe_realloc(kinfo->events, kinfo->evlen * sizeof(struct kevent)); + } + + do { + struct nevent *nse; + + nsock_log_debug_all("wait for events"); + + nse = next_expirable_event(nsp); + if (!nse) + event_msecs = -1; /* None of the events specified a timeout */ + else + event_msecs = MAX(0, TIMEVAL_MSEC_SUBTRACT(nse->timeout, nsock_tod)); + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT + /* Force a low timeout when capturing packets on systems where + * the pcap descriptor is not select()able. */ + if (gh_list_count(&nsp->pcap_read_events) > 0) + if (event_msecs > PCAP_POLL_INTERVAL) + event_msecs = PCAP_POLL_INTERVAL; +#endif +#endif + + /* We cast to unsigned because we want -1 to be very high (since it means no + * timeout) */ + combined_msecs = MIN((unsigned)event_msecs, (unsigned)msec_timeout); + + /* Set up the timeval pointer we will give to kevent() */ + memset(&ts, 0, sizeof(struct timespec)); + if (combined_msecs >= 0) { + ts.tv_sec = combined_msecs / 1000; + ts.tv_nsec = (combined_msecs % 1000) * 1000000L; + ts_p = &ts; + } else { + ts_p = NULL; + } + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT + /* do non-blocking read on pcap devices that doesn't support select() + * If there is anything read, just leave this loop. */ + if (pcap_read_on_nonselect(nsp)) { + /* okay, something was read. */ + } else +#endif +#endif + { + results_left = kevent(kinfo->kqfd, NULL, 0, kinfo->events, kinfo->evlen, ts_p); + if (results_left == -1) + sock_err = socket_errno(); + } + + gettimeofday(&nsock_tod, NULL); /* Due to kevent delay */ + } while (results_left == -1 && sock_err == EINTR); /* repeat only if signal occurred */ + + if (results_left == -1 && sock_err != EINTR) { + nsock_log_error("nsock_loop error %d: %s", sock_err, socket_strerror(sock_err)); + nsp->errnum = sock_err; + return -1; + } + + iterate_through_event_lists(nsp, results_left); + + return 1; +} + + +/* ---- INTERNAL FUNCTIONS ---- */ + +static inline int get_evmask(struct niod *nsi, const struct kevent *kev) { + int evmask = EV_NONE; + + /* generate the corresponding event mask with nsock event flags */ + if (kev->flags & EV_ERROR) { + evmask |= EV_EXCEPT; + + if (kev->data == EPIPE && (nsi->watched_events & EV_READ)) + evmask |= EV_READ; + } else { + switch (kev->filter) { + case EVFILT_READ: + evmask |= EV_READ; + break; + + case EVFILT_WRITE: + evmask |= EV_WRITE; + break; + + default: + fatal("Unsupported filter value: %d\n", (int)kev->filter); + } + } + return evmask; +} + +/* Iterate through all the event lists (such as connect_events, read_events, + * timer_events, etc) and take action for those that have completed (due to + * timeout, i/o, etc) */ +void iterate_through_event_lists(struct npool *nsp, int evcount) { + int n; + struct kqueue_engine_info *kinfo = (struct kqueue_engine_info *)nsp->engine_data; + struct niod *nsi; + + for (n = 0; n < evcount; n++) { + struct kevent *kev = &kinfo->events[n]; + + nsi = (struct niod *)kev->udata; + + /* process all the pending events for this IOD */ + process_iod_events(nsp, nsi, get_evmask(nsi, kev)); + + IOD_PROPSET(nsi, IOD_PROCESSED); + } + + for (n = 0; n < evcount; n++) { + struct kevent *kev = &kinfo->events[n]; + + nsi = (struct niod *)kev->udata; + + if (nsi->state == NSIOD_STATE_DELETED) { + if (IOD_PROPGET(nsi, IOD_PROCESSED)) { + IOD_PROPCLR(nsi, IOD_PROCESSED); + gh_list_remove(&nsp->active_iods, &nsi->nodeq); + gh_list_prepend(&nsp->free_iods, &nsi->nodeq); + } + } + } + + /* iterate through timers and expired events */ + process_expired_events(nsp); +} + +#endif /* HAVE_KQUEUE */ + diff --git a/include/DomainExec/nsock/src/engine_poll.c b/include/DomainExec/nsock/src/engine_poll.c new file mode 100644 index 00000000..9492a7fb --- /dev/null +++ b/include/DomainExec/nsock/src/engine_poll.c @@ -0,0 +1,433 @@ +/*************************************************************************** + * engine_poll.c -- poll(2) based IO engine. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef WIN32 +/* Allow the use of POLLRDHUP, if available. */ +#define _GNU_SOURCE +#endif + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#elif WIN32 +#include "nsock_winconfig.h" +#endif + +#if HAVE_POLL + +#include + +#ifndef WIN32 +#include +#else +#include +#endif /* ^WIN32 */ + +#include "nsock_internal.h" +#include "nsock_log.h" + +#if HAVE_PCAP +#include "nsock_pcap.h" +#endif + +#define EV_LIST_INIT_SIZE 1024 + +#ifdef WIN32 + #define Poll WSAPoll + #define POLLFD WSAPOLLFD +#else + #define Poll poll + #define POLLFD struct pollfd +#endif + +#ifdef WIN32 + #define POLL_R_FLAGS (POLLIN) +#else + #define POLL_R_FLAGS (POLLIN | POLLPRI) +#endif /* WIN32 */ + +#define POLL_W_FLAGS POLLOUT +#ifdef POLLRDHUP + #define POLL_X_FLAGS (POLLERR | POLLHUP | POLLRDHUP) +#else + /* POLLRDHUP was introduced later and might be unavailable on older systems. */ + #define POLL_X_FLAGS (POLLERR | POLLHUP) +#endif /* POLLRDHUP */ + +extern struct io_operations posix_io_operations; + +/* --- ENGINE INTERFACE PROTOTYPES --- */ +static int poll_init(struct npool *nsp); +static void poll_destroy(struct npool *nsp); +static int poll_iod_register(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev); +static int poll_iod_unregister(struct npool *nsp, struct niod *iod); +static int poll_iod_modify(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr); +static int poll_loop(struct npool *nsp, int msec_timeout); + + +/* ---- ENGINE DEFINITION ---- */ +struct io_engine engine_poll = { + "poll", + poll_init, + poll_destroy, + poll_iod_register, + poll_iod_unregister, + poll_iod_modify, + poll_loop, + &posix_io_operations +}; + + +/* --- INTERNAL PROTOTYPES --- */ +static void iterate_through_event_lists(struct npool *nsp); + +/* defined in nsock_core.c */ +void process_iod_events(struct npool *nsp, struct niod *nsi, int ev); +void process_event(struct npool *nsp, gh_list_t *evlist, struct nevent *nse, int ev); +void process_expired_events(struct npool *nsp); +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT +int pcap_read_on_nonselect(struct npool *nsp); +#endif +#endif + +/* defined in nsock_event.c */ +void update_first_events(struct nevent *nse); + + +extern struct timeval nsock_tod; + + +/* + * Engine specific data structure + */ +struct poll_engine_info { + int capacity; + int max_fd; + /* index of the highest poll event */ + POLLFD *events; +}; + + + +static inline int lower_max_fd(struct poll_engine_info *pinfo) { + do { + pinfo->max_fd--; + } while (pinfo->max_fd >= 0 && pinfo->events[pinfo->max_fd].fd == -1); + + return pinfo->max_fd; +} + +static inline int evlist_grow(struct poll_engine_info *pinfo) { + int i; + + i = pinfo->capacity; + + if (pinfo->capacity == 0) { + pinfo->capacity = EV_LIST_INIT_SIZE; + pinfo->events = (POLLFD *)safe_malloc(sizeof(POLLFD) * pinfo->capacity); + } else { + pinfo->capacity *= 2; + pinfo->events = (POLLFD *)safe_realloc(pinfo->events, sizeof(POLLFD) * pinfo->capacity); + } + + while (i < pinfo->capacity) { + pinfo->events[i].fd = -1; + pinfo->events[i].events = 0; + pinfo->events[i].revents = 0; + i++; + } + return pinfo->capacity; +} + + +int poll_init(struct npool *nsp) { + struct poll_engine_info *pinfo; + + pinfo = (struct poll_engine_info *)safe_malloc(sizeof(struct poll_engine_info)); + pinfo->capacity = 0; + pinfo->max_fd = -1; + evlist_grow(pinfo); + + nsp->engine_data = (void *)pinfo; + + return 1; +} + +void poll_destroy(struct npool *nsp) { + struct poll_engine_info *pinfo = (struct poll_engine_info *)nsp->engine_data; + + assert(pinfo != NULL); + free(pinfo->events); + free(pinfo); +} + +int poll_iod_register(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev) { + struct poll_engine_info *pinfo = (struct poll_engine_info *)nsp->engine_data; + int sd; + + assert(!IOD_PROPGET(iod, IOD_REGISTERED)); + + iod->watched_events = ev; + + sd = nsock_iod_get_sd(iod); + while (pinfo->capacity < sd + 1) + evlist_grow(pinfo); + + pinfo->events[sd].fd = sd; + pinfo->events[sd].events = 0; + pinfo->events[sd].revents = 0; + + pinfo->max_fd = MAX(pinfo->max_fd, sd); + + if (ev & EV_READ) + pinfo->events[sd].events |= POLL_R_FLAGS; + if (ev & EV_WRITE) + pinfo->events[sd].events |= POLL_W_FLAGS; +#ifndef WIN32 + if (ev & EV_EXCEPT) + pinfo->events[sd].events |= POLL_X_FLAGS; +#endif + + IOD_PROPSET(iod, IOD_REGISTERED); + return 1; +} + +int poll_iod_unregister(struct npool *nsp, struct niod *iod) { + iod->watched_events = EV_NONE; + + /* some IODs can be unregistered here if they're associated to an event that was + * immediately completed */ + if (IOD_PROPGET(iod, IOD_REGISTERED)) { + struct poll_engine_info *pinfo = (struct poll_engine_info *)nsp->engine_data; + int sd; + + sd = nsock_iod_get_sd(iod); + pinfo->events[sd].fd = -1; + pinfo->events[sd].events = 0; + pinfo->events[sd].revents = 0; + + if (pinfo->max_fd == sd) + lower_max_fd(pinfo); + + IOD_PROPCLR(iod, IOD_REGISTERED); + } + return 1; +} + +int poll_iod_modify(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr) { + int sd; + int new_events; + struct poll_engine_info *pinfo = (struct poll_engine_info *)nsp->engine_data; + + assert((ev_set & ev_clr) == 0); + assert(IOD_PROPGET(iod, IOD_REGISTERED)); + + new_events = iod->watched_events; + new_events |= ev_set; + new_events &= ~ev_clr; + + if (new_events == iod->watched_events) + return 1; /* nothing to do */ + + iod->watched_events = new_events; + + sd = nsock_iod_get_sd(iod); + + pinfo->events[sd].fd = sd; + pinfo->events[sd].events = 0; + + /* regenerate the current set of events for this IOD */ + if (iod->watched_events & EV_READ) + pinfo->events[sd].events |= POLL_R_FLAGS; + if (iod->watched_events & EV_WRITE) + pinfo->events[sd].events |= POLL_W_FLAGS; + + return 1; +} + +int poll_loop(struct npool *nsp, int msec_timeout) { + int results_left = 0; + int event_msecs; /* msecs before an event goes off */ + int combined_msecs; + int sock_err = 0; + struct poll_engine_info *pinfo = (struct poll_engine_info *)nsp->engine_data; + + assert(msec_timeout >= -1); + + if (nsp->events_pending == 0) + return 0; /* No need to wait on 0 events ... */ + + do { + struct nevent *nse; + + nsock_log_debug_all("wait for events"); + + nse = next_expirable_event(nsp); + if (!nse) + event_msecs = -1; /* None of the events specified a timeout */ + else + event_msecs = MAX(0, TIMEVAL_MSEC_SUBTRACT(nse->timeout, nsock_tod)); + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT + /* Force a low timeout when capturing packets on systems where + * the pcap descriptor is not select()able. */ + if (gh_list_count(&nsp->pcap_read_events) > 0) + if (event_msecs > PCAP_POLL_INTERVAL) + event_msecs = PCAP_POLL_INTERVAL; +#endif +#endif + + /* We cast to unsigned because we want -1 to be very high (since it means no + * timeout) */ + combined_msecs = MIN((unsigned)event_msecs, (unsigned)msec_timeout); + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT + /* do non-blocking read on pcap devices that doesn't support select() + * If there is anything read, just leave this loop. */ + if (pcap_read_on_nonselect(nsp)) { + /* okay, something was read. */ + } else +#endif +#endif + { + results_left = Poll(pinfo->events, pinfo->max_fd + 1, combined_msecs); + if (results_left == -1) + sock_err = socket_errno(); + } + + gettimeofday(&nsock_tod, NULL); /* Due to poll delay */ + } while (results_left == -1 && sock_err == EINTR); /* repeat only if signal occurred */ + + if (results_left == -1 && sock_err != EINTR) { +#ifdef WIN32 + for (int i = 0; sock_err != EINVAL || i <= pinfo->max_fd; i++) { + if (sock_err != EINVAL || pinfo->events[i].fd != -1) { +#endif + nsock_log_error("nsock_loop error %d: %s", sock_err, socket_strerror(sock_err)); + nsp->errnum = sock_err; + return -1; +#ifdef WIN32 + } + } +#endif + } + + iterate_through_event_lists(nsp); + + return 1; +} + + +/* ---- INTERNAL FUNCTIONS ---- */ + +static inline int get_evmask(struct npool *nsp, struct niod *nsi) { + struct poll_engine_info *pinfo = (struct poll_engine_info *)nsp->engine_data; + int sd, evmask = EV_NONE; + POLLFD *pev; + + if (nsi->state != NSIOD_STATE_DELETED + && nsi->events_pending + && IOD_PROPGET(nsi, IOD_REGISTERED)) { + +#if HAVE_PCAP + if (nsi->pcap) + sd = ((mspcap *)nsi->pcap)->pcap_desc; + else +#endif + sd = nsi->sd; + + assert(sd < pinfo->capacity); + pev = &pinfo->events[sd]; + + if (pev->revents & POLL_R_FLAGS) + evmask |= EV_READ; + if (pev->revents & POLL_W_FLAGS) + evmask |= EV_WRITE; + if (pev->events && (pev->revents & POLL_X_FLAGS)) + evmask |= EV_EXCEPT; + } + return evmask; +} + +/* Iterate through all the event lists (such as connect_events, read_events, + * timer_events, etc) and take action for those that have completed (due to + * timeout, i/o, etc) */ +void iterate_through_event_lists(struct npool *nsp) { + gh_lnode_t *current, *next, *last; + + last = gh_list_last_elem(&nsp->active_iods); + + for (current = gh_list_first_elem(&nsp->active_iods); + current != NULL && gh_lnode_prev(current) != last; + current = next) { + struct niod *nsi = container_of(current, struct niod, nodeq); + + process_iod_events(nsp, nsi, get_evmask(nsp, nsi)); + + next = gh_lnode_next(current); + if (nsi->state == NSIOD_STATE_DELETED) { + gh_list_remove(&nsp->active_iods, current); + gh_list_prepend(&nsp->free_iods, current); + } + } + + /* iterate through timers and expired events */ + process_expired_events(nsp); +} + +#endif /* HAVE_POLL */ diff --git a/include/DomainExec/nsock/src/engine_select.c b/include/DomainExec/nsock/src/engine_select.c new file mode 100644 index 00000000..c5dff15c --- /dev/null +++ b/include/DomainExec/nsock/src/engine_select.c @@ -0,0 +1,399 @@ +/*************************************************************************** + * engine_select.c -- select(2) based IO engine. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef WIN32 +#include +#endif + +#include + +#include "nsock_internal.h" +#include "nsock_log.h" + +#if HAVE_PCAP +#include "nsock_pcap.h" +#endif + +extern struct io_operations posix_io_operations; + + +/* --- ENGINE INTERFACE PROTOTYPES --- */ +static int select_init(struct npool *nsp); +static void select_destroy(struct npool *nsp); +static int select_iod_register(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev); +static int select_iod_unregister(struct npool *nsp, struct niod *iod); +static int select_iod_modify(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr); +static int select_loop(struct npool *nsp, int msec_timeout); + + +/* ---- ENGINE DEFINITION ---- */ +struct io_engine engine_select = { + "select", + select_init, + select_destroy, + select_iod_register, + select_iod_unregister, + select_iod_modify, + select_loop, + &posix_io_operations +}; + + +/* --- INTERNAL PROTOTYPES --- */ +static void iterate_through_event_lists(struct npool *nsp); + +/* defined in nsock_core.c */ +void process_event(struct npool *nsp, gh_list_t *evlist, struct nevent *nse, int ev); +void process_iod_events(struct npool *nsp, struct niod *nsi, int ev); +void process_expired_events(struct npool *nsp); + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT +int pcap_read_on_nonselect(struct npool *nsp); +#endif +#endif + +/* defined in nsock_event.c */ +void update_first_events(struct nevent *nse); + + +extern struct timeval nsock_tod; + + +/* + * Engine specific data structure + */ +struct select_engine_info { + /* Descriptors which have pending READ events */ + fd_set fds_master_r; + + /* Descriptors we are trying to WRITE to */ + fd_set fds_master_w; + + /* Looking for exceptional events -- used with connect */ + fd_set fds_master_x; + + /* For keeping track of the select results */ + fd_set fds_results_r, fds_results_w, fds_results_x; + + /* The highest sd we have set in any of our fd_set's (max_sd + 1 is used in + * select() calls). Note that it can be -1, when there are no valid sockets */ + int max_sd; +}; + + +int select_init(struct npool *nsp) { + struct select_engine_info *sinfo; + + sinfo = (struct select_engine_info *)safe_malloc(sizeof(struct select_engine_info)); + + FD_ZERO(&sinfo->fds_master_r); + FD_ZERO(&sinfo->fds_master_w); + FD_ZERO(&sinfo->fds_master_x); + + sinfo->max_sd = -1; + + nsp->engine_data = (void *)sinfo; + + return 1; +} + +void select_destroy(struct npool *nsp) { + assert(nsp->engine_data != NULL); + free(nsp->engine_data); +} + +int select_iod_register(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev) { + assert(!IOD_PROPGET(iod, IOD_REGISTERED)); + + iod->watched_events = ev; + select_iod_modify(nsp, iod, nse, ev, EV_NONE); + IOD_PROPSET(iod, IOD_REGISTERED); + return 1; +} + +int select_iod_unregister(struct npool *nsp, struct niod *iod) { + struct select_engine_info *sinfo = (struct select_engine_info *)nsp->engine_data; + + iod->watched_events = EV_NONE; + + /* some IODs can be unregistered here if they're associated to an event that was + * immediately completed */ + if (IOD_PROPGET(iod, IOD_REGISTERED)) { +#if HAVE_PCAP + if (iod->pcap) { + int sd = ((mspcap *)iod->pcap)->pcap_desc; + if (sd >= 0) { + checked_fd_clr(sd, &sinfo->fds_master_r); + checked_fd_clr(sd, &sinfo->fds_results_r); + } + } else +#endif + { + checked_fd_clr(iod->sd, &sinfo->fds_master_r); + checked_fd_clr(iod->sd, &sinfo->fds_master_w); + checked_fd_clr(iod->sd, &sinfo->fds_master_x); + checked_fd_clr(iod->sd, &sinfo->fds_results_r); + checked_fd_clr(iod->sd, &sinfo->fds_results_w); + checked_fd_clr(iod->sd, &sinfo->fds_results_x); + } + + if (sinfo->max_sd == iod->sd) + sinfo->max_sd--; + + IOD_PROPCLR(iod, IOD_REGISTERED); + } + return 1; +} + +int select_iod_modify(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr) { + int sd; + struct select_engine_info *sinfo = (struct select_engine_info *)nsp->engine_data; + + assert((ev_set & ev_clr) == 0); + + iod->watched_events |= ev_set; + iod->watched_events &= ~ev_clr; + + ev_set |= EV_EXCEPT; + ev_clr &= ~EV_EXCEPT; + + sd = nsock_iod_get_sd(iod); + + /* -- set events -- */ + if (ev_set & EV_READ) + checked_fd_set(sd, &sinfo->fds_master_r); + + if (ev_set & EV_WRITE) + checked_fd_set(sd, &sinfo->fds_master_w); + + if (ev_set & EV_EXCEPT) + checked_fd_set(sd, &sinfo->fds_master_x); + + /* -- clear events -- */ + if (ev_clr & EV_READ) + checked_fd_clr(sd, &sinfo->fds_master_r); + + if (ev_clr & EV_WRITE) + checked_fd_clr(sd, &sinfo->fds_master_w); + + if (ev_clr & EV_EXCEPT) + checked_fd_clr(sd, &sinfo->fds_master_x); + + + /* -- update max_sd -- */ + if (ev_set != EV_NONE) + sinfo->max_sd = MAX(sinfo->max_sd, sd); + else if (ev_clr != EV_NONE && iod->events_pending == 1 && (sinfo->max_sd == sd)) + sinfo->max_sd--; + + return 1; +} + +int select_loop(struct npool *nsp, int msec_timeout) { + int results_left = 0; + int event_msecs; /* msecs before an event goes off */ + int combined_msecs; + int sock_err = 0; + struct timeval select_tv; + struct timeval *select_tv_p; + struct select_engine_info *sinfo = (struct select_engine_info *)nsp->engine_data; + + assert(msec_timeout >= -1); + + if (nsp->events_pending == 0) + return 0; /* No need to wait on 0 events ... */ + + do { + struct nevent *nse; + + nsock_log_debug_all("wait for events"); + + nse = next_expirable_event(nsp); + if (!nse) + event_msecs = -1; /* None of the events specified a timeout */ + else + event_msecs = MAX(0, TIMEVAL_MSEC_SUBTRACT(nse->timeout, nsock_tod)); + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT + /* Force a low timeout when capturing packets on systems where + * the pcap descriptor is not select()able. */ + if (gh_list_count(&nsp->pcap_read_events)) + if (event_msecs > PCAP_POLL_INTERVAL) + event_msecs = PCAP_POLL_INTERVAL; +#endif +#endif + + /* We cast to unsigned because we want -1 to be very high (since it means no + * timeout) */ + combined_msecs = MIN((unsigned)event_msecs, (unsigned)msec_timeout); + + /* Set up the timeval pointer we will give to select() */ + memset(&select_tv, 0, sizeof(select_tv)); + if (combined_msecs > 0) { + select_tv.tv_sec = combined_msecs / 1000; + select_tv.tv_usec = (combined_msecs % 1000) * 1000; + select_tv_p = &select_tv; + } else if (combined_msecs == 0) { + /* we want the tv_sec and tv_usec to be zero but they already are from bzero */ + select_tv_p = &select_tv; + } else { + assert(combined_msecs == -1); + select_tv_p = NULL; + } + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT + /* do non-blocking read on pcap devices that doesn't support select() + * If there is anything read, just leave this loop. */ + if (pcap_read_on_nonselect(nsp)) { + /* okay, something was read. */ + } else +#endif +#endif + { + /* Set up the descriptors for select */ + sinfo->fds_results_r = sinfo->fds_master_r; + sinfo->fds_results_w = sinfo->fds_master_w; + sinfo->fds_results_x = sinfo->fds_master_x; + + results_left = fselect(sinfo->max_sd + 1, &sinfo->fds_results_r, + &sinfo->fds_results_w, &sinfo->fds_results_x, select_tv_p); + + if (results_left == -1) + sock_err = socket_errno(); + } + + gettimeofday(&nsock_tod, NULL); /* Due to select delay */ + } while (results_left == -1 && sock_err == EINTR); /* repeat only if signal occurred */ + + if (results_left == -1 && sock_err != EINTR) { + nsock_log_error("nsock_loop error %d: %s", sock_err, socket_strerror(sock_err)); + nsp->errnum = sock_err; + return -1; + } + + iterate_through_event_lists(nsp); + + return 1; +} + + +/* ---- INTERNAL FUNCTIONS ---- */ + +static inline int get_evmask(const struct npool *nsp, const struct niod *nsi) { + struct select_engine_info *sinfo = (struct select_engine_info *)nsp->engine_data; + int sd, evmask; + + evmask = EV_NONE; + +#if HAVE_PCAP +#ifndef PCAP_CAN_DO_SELECT + if (nsi->pcap) { + /* Always assume readable for a non-blocking read. We can't check checked_fd_isset + because we don't have a pcap_desc. */ + evmask |= EV_READ; + return evmask; + } +#endif +#endif + +#if HAVE_PCAP + if (nsi->pcap) + sd = ((mspcap *)nsi->pcap)->pcap_desc; + else +#endif + sd = nsi->sd; + + assert(sd >= 0); + + if (checked_fd_isset(sd, &sinfo->fds_results_r)) + evmask |= EV_READ; + if (checked_fd_isset(sd, &sinfo->fds_results_w)) + evmask |= EV_WRITE; + if (checked_fd_isset(sd, &sinfo->fds_results_x)) + evmask |= EV_EXCEPT; + + return evmask; +} + +/* Iterate through all the event lists (such as connect_events, read_events, + * timer_events, etc) and take action for those that have completed (due to + * timeout, i/o, etc) */ +void iterate_through_event_lists(struct npool *nsp) { + gh_lnode_t *current, *next, *last; + + last = gh_list_last_elem(&nsp->active_iods); + + for (current = gh_list_first_elem(&nsp->active_iods); + current != NULL && gh_lnode_prev(current) != last; + current = next) { + struct niod *nsi = container_of(current, struct niod, nodeq); + + if (nsi->state != NSIOD_STATE_DELETED && nsi->events_pending) + process_iod_events(nsp, nsi, get_evmask(nsp, nsi)); + + next = gh_lnode_next(current); + if (nsi->state == NSIOD_STATE_DELETED) { + gh_list_remove(&nsp->active_iods, current); + gh_list_prepend(&nsp->free_iods, current); + } + } + + /* iterate through timers and expired events */ + process_expired_events(nsp); +} diff --git a/include/DomainExec/nsock/src/error.c b/include/DomainExec/nsock/src/error.c new file mode 100644 index 00000000..8d317638 --- /dev/null +++ b/include/DomainExec/nsock/src/error.c @@ -0,0 +1,89 @@ +/*************************************************************************** + * error.c -- a few simple routines for dealing with errors (quitting, * + * printing error messages, etc. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "error.h" + +#include +#include +#include + +void fatal(char *fmt, ...) { + va_list ap; + + va_start(ap, fmt); + fflush(stdout); + vfprintf(stderr, fmt, ap); + fprintf(stderr, "\n"); + va_end(ap); + + exit(1); +} + +void pfatal(char *fmt, ...) { + va_list ap; + + va_start(ap, fmt); + fflush(stdout); + vfprintf(stderr, fmt, ap); + fprintf(stderr, ": "); + perror(""); + fprintf(stderr, "\n"); + va_end(ap); + + exit(1); +} + diff --git a/include/DomainExec/nsock/src/error.h b/include/DomainExec/nsock/src/error.h new file mode 100644 index 00000000..ae3eaf82 --- /dev/null +++ b/include/DomainExec/nsock/src/error.h @@ -0,0 +1,91 @@ +/*************************************************************************** + * error.h -- a few simple routines for dealing with errors (quitting, * + * printing error messages, etc. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef ERROR_H +#define ERROR_H + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#include "nbase_config.h" +#endif + +#ifdef WIN32 +#include "nbase_winconfig.h" +#endif + +#include +#include +#include +#if HAVE_UNISTD_H +#include +#endif + +#if defined(__GNUC__) +#define NORETURN __attribute__((noreturn)) +#elif defined(_MSC_VER) +#define NORETURN __declspec(noreturn) +#else +#define NORETURN +#endif + +NORETURN void fatal(char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); + +NORETURN void pfatal(char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); + +#endif /* ERROR_H */ diff --git a/include/DomainExec/nsock/src/filespace.c b/include/DomainExec/nsock/src/filespace.c new file mode 100644 index 00000000..1f473860 --- /dev/null +++ b/include/DomainExec/nsock/src/filespace.c @@ -0,0 +1,118 @@ +/*************************************************************************** + * filespace.c -- a simple mechanism for storing dynamic amounts of data * + * in a simple to use, and quick to append-to structure. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nsock_internal.h" +#include "filespace.h" + +#include + +#define FS_INITSIZE_DEFAULT 1024 + + +/* Assumes space for fs has already been allocated */ +int filespace_init(struct filespace *fs, int initial_size) { + memset(fs, 0, sizeof(struct filespace)); + if (initial_size == 0) + initial_size = FS_INITSIZE_DEFAULT; + + fs->current_alloc = initial_size; + fs->str = (char *)safe_malloc(fs->current_alloc); + fs->str[0] = '\0'; + fs->pos = fs->str; + return 0; +} + +int fs_free(struct filespace *fs) { + if (fs->str) + free(fs->str); + + fs->current_alloc = fs->current_size = 0; + fs->pos = fs->str = NULL; + return 0; +} + +/* Concatenate a string to the end of a filespace */ +int fs_cat(struct filespace *fs, const char *str, int len) { + if (len < 0) + return -1; + + if (len == 0) + return 0; + + if (fs->current_alloc - fs->current_size < len + 2) { + char *tmpstr; + + fs->current_alloc = (int)(fs->current_alloc * 1.4 + 1); + fs->current_alloc += 100 + len; + + tmpstr = (char *)safe_malloc(fs->current_alloc); + memcpy(tmpstr, fs->str, fs->current_size); + + fs->pos = (fs->pos - fs->str) + tmpstr; + + if (fs->str) + free(fs->str); + + fs->str = tmpstr; + } + memcpy(fs->str + fs->current_size, str, len); + + fs->current_size += len; + fs->str[fs->current_size] = '\0'; + return 0; +} + diff --git a/include/DomainExec/nsock/src/filespace.h b/include/DomainExec/nsock/src/filespace.h new file mode 100644 index 00000000..08008f8e --- /dev/null +++ b/include/DomainExec/nsock/src/filespace.h @@ -0,0 +1,106 @@ +/*************************************************************************** + * filespace.h -- a simple mechanism for storing dynamic amounts of data * + * in a simple to use, and quick to append-to structure. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef FILESPACE_H +#define FILESPACE_H + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#include "nbase_config.h" +#endif + +#ifdef WIN32 +#include "nbase_winconfig.h" +#endif + +#include +#include +#if HAVE_STRING_H +#include +#endif +#if HAVE_STRINGS_H +#include +#endif + + +struct filespace { + int current_size; + int current_alloc; + + /* Current position in the filespace */ + char *pos; + char *str; +}; + + +static inline int fs_length(const struct filespace *fs) { + return fs->current_size; +} + +static inline char *fs_str(const struct filespace *fs) { + return fs->str; +} + + +int filespace_init(struct filespace *fs, int initial_size); + +int fs_free(struct filespace *fs); + +int fs_cat(struct filespace *fs, const char *str, int len); + +#endif /* FILESPACE_H */ + diff --git a/include/DomainExec/nsock/src/gh_heap.c b/include/DomainExec/nsock/src/gh_heap.c new file mode 100644 index 00000000..57f6bfff --- /dev/null +++ b/include/DomainExec/nsock/src/gh_heap.c @@ -0,0 +1,249 @@ +/*************************************************************************** + * gh_heap.c -- heap based priority queue. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#include "nbase_config.h" +#endif + +#ifdef WIN32 +#include "nbase_winconfig.h" +#endif + +#include +#include "gh_heap.h" + +#define GH_SLOTS 128 + + +static gh_hnode_t **hnode_ptr(gh_heap_t *heap, unsigned int index) { + assert(index <= heap->count); + return &(heap->slots[index]); +} + +gh_hnode_t *gh_heap_find(gh_heap_t *heap, unsigned int index) { + if (index >= heap->count) + return NULL; + + return *hnode_ptr(heap, index); +} + +static int hnode_up(gh_heap_t *heap, gh_hnode_t *hnode) +{ + unsigned int cur_idx = hnode->index; + gh_hnode_t **cur_ptr = hnode_ptr(heap, cur_idx); + unsigned int parent_idx; + gh_hnode_t **parent_ptr; + int action = 0; + + assert(*cur_ptr == hnode); + + while (cur_idx > 0) { + parent_idx = (cur_idx - 1) >> 1; + + parent_ptr = hnode_ptr(heap, parent_idx); + assert((*parent_ptr)->index == parent_idx); + + if (heap->cmp_op(*parent_ptr, hnode)) + break; + + (*parent_ptr)->index = cur_idx; + *cur_ptr = *parent_ptr; + cur_ptr = parent_ptr; + cur_idx = parent_idx; + action = 1; + } + + hnode->index = cur_idx; + *cur_ptr = hnode; + + return action; +} + +static int hnode_down(gh_heap_t *heap, gh_hnode_t *hnode) +{ + unsigned int count = heap->count; + unsigned int ch1_idx, ch2_idx, cur_idx; + gh_hnode_t **ch1_ptr, **ch2_ptr, **cur_ptr; + gh_hnode_t *ch1, *ch2; + int action = 0; + + cur_idx = hnode->index; + cur_ptr = hnode_ptr(heap, cur_idx); + assert(*cur_ptr == hnode); + + while (cur_idx < count) { + ch1_idx = (cur_idx << 1) + 1; + if (ch1_idx >= count) + break; + + ch1_ptr = hnode_ptr(heap, ch1_idx); + ch1 = *ch1_ptr; + + ch2_idx = ch1_idx + 1; + if (ch2_idx < count) { + ch2_ptr = hnode_ptr(heap, ch2_idx); + ch2 = *ch2_ptr; + + if (heap->cmp_op(ch2, ch1)) { + ch1_idx = ch2_idx; + ch1_ptr = ch2_ptr; + ch1 = ch2; + } + } + + assert(ch1->index == ch1_idx); + + if (heap->cmp_op(hnode, ch1)) + break; + + ch1->index = cur_idx; + *cur_ptr = ch1; + cur_ptr = ch1_ptr; + cur_idx = ch1_idx; + action = 1; + } + + hnode->index = cur_idx; + *cur_ptr = hnode; + + return action; +} + +static int heap_grow(gh_heap_t *heap) { + int newsize; + + /* Do we really need to grow? */ + assert(heap->count == heap->highwm); + + newsize = heap->count + GH_SLOTS; + heap->slots = (gh_hnode_t **)safe_realloc(heap->slots, + newsize * sizeof(gh_hnode_t *)); + heap->highwm += GH_SLOTS; + return 0; +} + +int gh_heap_init(gh_heap_t *heap, gh_heap_cmp_t cmp_op) { + int rc; + + if (!cmp_op) + return -1; + + heap->cmp_op = cmp_op; + heap->count = 0; + heap->highwm = 0; + heap->slots = NULL; + + rc = heap_grow(heap); + if (rc) + gh_heap_free(heap); + + return rc; +} + +void gh_heap_free(gh_heap_t *heap) { + if (heap->highwm) { + assert(heap->slots); + free(heap->slots); + } + memset(heap, 0, sizeof(gh_heap_t)); +} + +int gh_heap_push(gh_heap_t *heap, gh_hnode_t *hnode) { + gh_hnode_t **new_ptr; + unsigned int new_index = heap->count; + + assert(!gh_hnode_is_valid(hnode)); + + if (new_index == heap->highwm) + heap_grow(heap); + + hnode->index = new_index; + new_ptr = hnode_ptr(heap, new_index); + heap->count++; + *new_ptr = hnode; + + hnode_up(heap, hnode); + return 0; +} + +int gh_heap_remove(gh_heap_t *heap, gh_hnode_t *hnode) +{ + unsigned int count = heap->count; + unsigned int cur_idx = hnode->index; + gh_hnode_t **cur_ptr; + gh_hnode_t *last; + + assert(gh_hnode_is_valid(hnode)); + assert(cur_idx < count); + + cur_ptr = hnode_ptr(heap, cur_idx); + assert(*cur_ptr == hnode); + + count--; + last = *hnode_ptr(heap, count); + heap->count = count; + if (last == hnode) + return 0; + + last->index = cur_idx; + *cur_ptr = last; + if (!hnode_up(heap, *cur_ptr)) + hnode_down(heap, *cur_ptr); + + gh_hnode_invalidate(hnode); + return 0; +} diff --git a/include/DomainExec/nsock/src/gh_heap.h b/include/DomainExec/nsock/src/gh_heap.h new file mode 100644 index 00000000..60c8c34a --- /dev/null +++ b/include/DomainExec/nsock/src/gh_heap.h @@ -0,0 +1,147 @@ +/*************************************************************************** + * gh_heap.h -- heap based priority queues. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef GH_HEAP_H +#define GH_HEAP_H + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#include "nbase_config.h" +#endif + +#ifdef WIN32 +#include "nbase_winconfig.h" +#endif + +#include "error.h" +#include + + +#if !defined(container_of) +#include + +#define container_of(ptr, type, member) \ + ((type *)((char *)(ptr) - offsetof(type, member))) +#endif + + +typedef struct { + unsigned int index; +} gh_hnode_t; + +/* POISON value, set heap node index to this value to indicate that the node is + * inactive (not part of a heap) */ +#define GH_HEAP_GUARD 0x19890721 + +/* Node comparison function. + * Here lies all the intelligence of the tree. + * Return 1 if hnode1 < hnode2, 0 otherwise. */ +typedef int (*gh_heap_cmp_t)(gh_hnode_t *hnode1, gh_hnode_t *hnode2); + + +typedef struct gh_heap { + gh_heap_cmp_t cmp_op; + unsigned int count; + unsigned int highwm; + gh_hnode_t **slots; +} gh_heap_t; + + +int gh_heap_init(gh_heap_t *heap, gh_heap_cmp_t cmp_op); + +void gh_heap_free(gh_heap_t *heap); + +int gh_heap_push(gh_heap_t *heap, gh_hnode_t *node); + +int gh_heap_remove(gh_heap_t *heap, gh_hnode_t *node); + +gh_hnode_t *gh_heap_find(gh_heap_t *heap, unsigned int index); + + +static inline gh_hnode_t *gh_heap_min(gh_heap_t *heap) { + if (heap->count == 0) + return NULL; + + return gh_heap_find(heap, 0); +} + +static inline gh_hnode_t *gh_heap_pop(gh_heap_t *heap) { + gh_hnode_t *hnode; + + hnode = gh_heap_find(heap, 0); + if (hnode != NULL) + gh_heap_remove(heap, hnode); + + return hnode; +} + +static inline size_t gh_heap_count(gh_heap_t *heap) { + return heap->count; +} + +static inline int gh_heap_is_empty(gh_heap_t *heap) { + return heap->count == 0; +} + +static inline void gh_hnode_invalidate(gh_hnode_t *node) { + node->index = GH_HEAP_GUARD; +} + +static inline int gh_hnode_is_valid(const gh_hnode_t *node) { + return (node && node->index != GH_HEAP_GUARD); +} + +#endif /* GH_HEAP_H */ diff --git a/include/DomainExec/nsock/src/gh_list.h b/include/DomainExec/nsock/src/gh_list.h new file mode 100644 index 00000000..3582c216 --- /dev/null +++ b/include/DomainExec/nsock/src/gh_list.h @@ -0,0 +1,298 @@ +/*************************************************************************** + * gh_list.h -- a simple doubly-linked list implementation. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef GH_LIST_H +#define GH_LIST_H + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#include "nbase_config.h" +#endif + +#ifdef WIN32 +#include "nbase_winconfig.h" +#endif + +#include "error.h" +#include + +#define GH_LIST_MAGIC 0xBADFACE +#define GH_LIST_PARANOID 0 + + +typedef struct gh_list_node { + struct gh_list_node *next; + struct gh_list_node *prev; +} gh_lnode_t; + +typedef struct gh_list { + /* Number of elements in the list */ + unsigned int count; + gh_lnode_t *first; + gh_lnode_t *last; +} gh_list_t; + + +/* That one's an efficiency killer but it should reveal + * any inconsistency in nsock's lists management. To be + * called on every list we get and return. */ +static inline void paranoid_list_check(gh_list_t *list) { +#if GH_LIST_PARANOID + switch (list->count) { + case 0: + assert(list->first == NULL); + assert(list->last == NULL); + break; + + case 1: + assert(list->first); + assert(list->last); + assert(list->first == list->last); + break; + + default: + assert(list->first); + assert(list->last); + assert(list->first != list->last); + break; + } +#endif +} + +static inline int gh_list_init(gh_list_t *newlist) { + newlist->count = 0; + newlist->first = NULL; + newlist->last = NULL; + return 0; +} + +static inline int gh_list_append(gh_list_t *list, gh_lnode_t *lnode) { + gh_lnode_t *oldlast; + + paranoid_list_check(list); + + oldlast = list->last; + if (oldlast) + oldlast->next = lnode; + + lnode->prev = oldlast; + lnode->next = NULL; + + list->count++; + list->last = lnode; + + if (list->count == 1) + list->first = lnode; + + paranoid_list_check(list); + return 0; +} + +static inline int gh_list_prepend(gh_list_t *list, gh_lnode_t *lnode) { + gh_lnode_t *oldfirst; + + paranoid_list_check(list); + + oldfirst = list->first; + if (oldfirst) + oldfirst->prev = lnode; + + lnode->next = oldfirst; + lnode->prev = NULL; + + list->count++; + list->first = lnode; + + if (list->count == 1) + list->last = lnode; + + paranoid_list_check(list); + return 0; +} + +static inline int gh_list_insert_before(gh_list_t *list, gh_lnode_t *before, + gh_lnode_t *lnode) { + paranoid_list_check(list); + + lnode->prev = before->prev; + lnode->next = before; + + if (before->prev) + before->prev->next = lnode; + else + list->first = lnode; + + before->prev = lnode; + list->count++; + + paranoid_list_check(list); + return 0; +} + +static inline gh_lnode_t *gh_list_pop(gh_list_t *list) { + gh_lnode_t *elem; + + paranoid_list_check(list); + + elem = list->first; + if (!elem) { + paranoid_list_check(list); + return NULL; + } + + list->first = list->first->next; + if (list->first) + list->first->prev = NULL; + + list->count--; + + if (list->count < 2) + list->last = list->first; + + elem->prev = NULL; + elem->next = NULL; + + paranoid_list_check(list); + return elem; +} + +static inline int gh_list_remove(gh_list_t *list, gh_lnode_t *lnode) { + paranoid_list_check(list); + + if (lnode->prev) { + lnode->prev->next = lnode->next; + } else { + assert(list->first == lnode); + list->first = lnode->next; + } + + if (lnode->next) { + lnode->next->prev = lnode->prev; + } else { + assert(list->last == lnode); + list->last = lnode->prev; + } + + lnode->prev = NULL; + lnode->next = NULL; + + list->count--; + + paranoid_list_check(list); + return 0; +} + +static inline int gh_list_free(gh_list_t *list) { + paranoid_list_check(list); + + while (list->count > 0) + gh_list_pop(list); + + paranoid_list_check(list); + memset(list, 0, sizeof(gh_list_t)); + return 0; +} + +static inline int gh_list_move_front(gh_list_t *list, gh_lnode_t *lnode) { + paranoid_list_check(list); + if (list->first == lnode) + return 0; + + /* remove element from its current position */ + lnode->prev->next = lnode->next; + + if (lnode->next) { + lnode->next->prev = lnode->prev; + } else { + assert(list->last == lnode); + list->last = lnode->prev; + } + + /* add element to the beginning of the list */ + list->first->prev = lnode; + lnode->next = list->first; + lnode->prev = NULL; + list->first = lnode; + + paranoid_list_check(list); + return 0; +} + +/* Take a LIST ELEMENT (not just the data) and return the next one */ +static inline gh_lnode_t *gh_lnode_next(gh_lnode_t *elem) { + return elem->next; +} + +/* Same as above but return the previous element */ +static inline gh_lnode_t *gh_lnode_prev(gh_lnode_t *elem) { + return elem->prev; +} + +/* Take a LIST (not a list element) and return the first element */ +static inline gh_lnode_t *gh_list_first_elem(gh_list_t *list) { + return list->first; +} + +/* Same as above but return the last element */ +static inline gh_lnode_t *gh_list_last_elem(gh_list_t *list) { + return list->last; +} + +static inline unsigned int gh_list_count(gh_list_t *list) { + return list->count; +} + +#endif /* GH_LIST_H */ diff --git a/include/DomainExec/nsock/src/netutils.c b/include/DomainExec/nsock/src/netutils.c new file mode 100644 index 00000000..863de89c --- /dev/null +++ b/include/DomainExec/nsock/src/netutils.c @@ -0,0 +1,197 @@ +/*************************************************************************** + * netutils.c -- This contains some useful little network/socket related * + * utility functions. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "netutils.h" +#include "error.h" + +#if WIN32 +#include "Winsock2.h" +#endif + +#if HAVE_SYS_TIME_H +#include +#endif +#if HAVE_SYS_RESOURCE_H +#include +#endif +#if HAVE_UNISTD_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_SOCKET_H +#include +#endif +#if HAVE_FCNTL_H +#include +#endif +#if HAVE_SYS_UN_H +#include +#endif + +static int netutils_debugging = 0; + +/* maximize the number of file descriptors (including sockets) allowed for this + * process and return that maximum value (note -- you better not actually open + * this many -- stdin, stdout, other files opened by libraries you use, etc. all + * count toward this limit. Leave a little slack */ +int maximize_fdlimit(void) { + +#ifndef WIN32 + struct rlimit r; + static int maxfds = -1; + + if (maxfds > 0) + return maxfds; + +#if(defined(RLIMIT_NOFILE)) + if (!getrlimit(RLIMIT_NOFILE, &r)) { + r.rlim_cur = r.rlim_max; + if (setrlimit(RLIMIT_NOFILE, &r)) + if (netutils_debugging) + perror("setrlimit RLIMIT_NOFILE failed"); + + if (!getrlimit(RLIMIT_NOFILE, &r)) { + maxfds = r.rlim_cur; + return maxfds; + } else { + return 0; + } + } +#endif + +#if(defined(RLIMIT_OFILE) && !defined(RLIMIT_NOFILE)) + if (!getrlimit(RLIMIT_OFILE, &r)) { + r.rlim_cur = r.rlim_max; + if (setrlimit(RLIMIT_OFILE, &r)) + if (netutils_debugging) + perror("setrlimit RLIMIT_OFILE failed"); + + if (!getrlimit(RLIMIT_OFILE, &r)) { + maxfds = r.rlim_cur; + return maxfds; + } else { + return 0; + } + } +#endif +#endif /* !WIN32 */ + return 0; +} + +#if HAVE_SYS_UN_H + #define PEER_STR_LEN sizeof(((struct sockaddr_un *) 0)->sun_path) +#else + #define PEER_STR_LEN sizeof("[ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255]:xxxxx") +#endif + +#if HAVE_SYS_UN_H +/* Get the UNIX domain socket path or empty string if the address family != AF_UNIX. */ +const char *get_unixsock_path(const struct sockaddr_storage *addr) { + struct sockaddr_un *su = (struct sockaddr_un *)addr; + + if (!addr || addr->ss_family != AF_UNIX) + return ""; + + return (const char *)su->sun_path; +} +#endif + +static int get_port(const struct sockaddr_storage *ss) { + if (ss->ss_family == AF_INET) + return ntohs(((struct sockaddr_in *) ss)->sin_port); +#if HAVE_IPV6 + else if (ss->ss_family == AF_INET6) + return ntohs(((struct sockaddr_in6 *) ss)->sin6_port); +#endif + + return -1; +} + +static char *get_addr_string(const struct sockaddr_storage *ss, size_t sslen) { + static char buffer[PEER_STR_LEN]; + +#if HAVE_SYS_UN_H + if (ss->ss_family == AF_UNIX) { + sprintf(buffer, "%s", get_unixsock_path(ss)); + return buffer; + } +#endif + + sprintf(buffer, "%s:%d", inet_ntop_ez(ss, sslen), get_port(ss)); + return buffer; +} + +/* Get the peer/host address string. + * In case we have support for UNIX domain sockets, function returns + * string containing path to UNIX socket if the address family is AF_UNIX, + * otherwise it returns string containing "
:". */ +char *get_peeraddr_string(const struct niod *iod) { + if (iod->peerlen > 0) + return get_addr_string(&iod->peer, iod->peerlen); + else + return "peer unspecified"; +} + +/* Get the local bind address string. */ +char *get_localaddr_string(const struct niod *iod) { + return get_addr_string(&iod->local, iod->locallen); +} diff --git a/include/DomainExec/nsock/src/netutils.h b/include/DomainExec/nsock/src/netutils.h new file mode 100644 index 00000000..e12e64af --- /dev/null +++ b/include/DomainExec/nsock/src/netutils.h @@ -0,0 +1,100 @@ +/*************************************************************************** + * netutils.h -- This contains some useful little network/socket related * + * utility functions. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NETUTILS_H +#define NETUTILS_H + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#include "nbase_config.h" +#endif + +#if HAVE_NETINET_IN_H +#include +#endif + +#include "nsock_internal.h" + +#ifdef WIN32 +#include "nbase_winconfig.h" +/* nbase_winunix.h somehow reason.h to get included */ +#include "nbase_winunix.h" +#endif + +#if HAVE_SYS_UN_H +#include +#endif + +/* Maximize the number of file descriptors (including sockets) allowed for this + * process and return that maximum value (note -- you better not actually open + * this many -- stdin, stdout, other files opened by libraries you use, etc. all + * count toward this limit. Leave a little slack */ +int maximize_fdlimit(void); + +/* Get the UNIX domain socket path or empty string if the address family != AF_UNIX. */ +const char *get_unixsock_path(const struct sockaddr_storage *addr); + +/* Get the peer address string. In case of a Unix domain socket, returns the + * path to UNIX socket, otherwise it returns string containing + * "
:". */ +char *get_peeraddr_string(const struct niod *iod); + +/* Get the local bind address string. */ +char *get_localaddr_string(const struct niod *iod); + +#endif /* NETUTILS_H */ + diff --git a/include/DomainExec/nsock/src/nsock_connect.c b/include/DomainExec/nsock/src/nsock_connect.c new file mode 100644 index 00000000..3072f5dd --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_connect.c @@ -0,0 +1,607 @@ +/*************************************************************************** + * nsock_connect.c -- This contains the functions for requesting TCP * + * connections from the nsock parallel socket event library * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nsock.h" +#include "nsock_internal.h" +#include "nsock_log.h" +#include "nsock_proxy.h" +#include "netutils.h" + +#include +#include +#include + + +static int mksock_bind_addr(struct npool *ms, struct niod *iod) { + int rc; + int one = 1; + + rc = setsockopt(iod->sd, SOL_SOCKET, SO_REUSEADDR, (const char *)&one, sizeof(one)); + if (rc == -1) { + int err = socket_errno(); + + nsock_log_error("Setting of SO_REUSEADDR failed (#%li): %s (%d)", iod->id, + socket_strerror(err), err); + } + + nsock_log_info("Binding to %s (IOD #%li)", get_localaddr_string(iod), iod->id); + rc = bind(iod->sd, (struct sockaddr *)&iod->local, (int) iod->locallen); + if (rc == -1) { + int err = socket_errno(); + + nsock_log_error("Bind to %s failed (IOD #%li): %s (%d)", + get_localaddr_string(iod), iod->id, + socket_strerror(err), err); + } + return 0; +} + +static int mksock_set_ipopts(struct npool *ms, struct niod *iod) { + int rc; + + errno = 0; + rc = setsockopt(iod->sd, IPPROTO_IP, IP_OPTIONS, (const char *)iod->ipopts, + iod->ipoptslen); + if (rc == -1) { + int err = socket_errno(); + + nsock_log_error("Setting of IP options failed (IOD #%li): %s (%d)", + iod->id, socket_strerror(err), err); + } + return 0; +} + +static int mksock_bind_device(struct npool *ms, struct niod *iod) { + int rc; + + rc = socket_bindtodevice(iod->sd, ms->device); + if (!rc) { + int err = socket_errno(); + + if (err != EPERM) + nsock_log_error("Setting of SO_BINDTODEVICE failed (IOD #%li): %s (%d)", + iod->id, socket_strerror(err), err); + else + nsock_log_debug_all("Setting of SO_BINDTODEVICE failed (IOD #%li): %s (%d)", + iod->id, socket_strerror(err), err); + } + return 0; +} + +static int mksock_set_broadcast(struct npool *ms, struct niod *iod) { + int rc; + int one = 1; + + rc = setsockopt(iod->sd, SOL_SOCKET, SO_BROADCAST, + (const char *)&one, sizeof(one)); + if (rc == -1) { + int err = socket_errno(); + + nsock_log_error("Setting of SO_BROADCAST failed (IOD #%li): %s (%d)", + iod->id, socket_strerror(err), err); + } + return 0; +} +/* Create the actual socket (nse->iod->sd) underlying the iod. This unblocks the + * socket, binds to the localaddr address, sets IP options, and sets the + * broadcast flag. Trying to change these functions after making this call will + * not have an effect. This function needs to be called before you try to read + * or write on the iod. */ +static int nsock_make_socket(struct npool *ms, struct niod *iod, int family, int type, int proto) { + + /* inheritable_socket is from nbase */ + iod->sd = (int)inheritable_socket(family, type, proto); + if (iod->sd == -1) { + nsock_log_error("Socket trouble: %s", socket_strerror(socket_errno())); + return -1; + } + + unblock_socket(iod->sd); + + iod->lastproto = proto; + + if (iod->locallen) + mksock_bind_addr(ms, iod); + + if (iod->ipoptslen && family == AF_INET) + mksock_set_ipopts(ms, iod); + + if (ms->device) + mksock_bind_device(ms, iod); + + if (ms->broadcast && type != SOCK_STREAM) + mksock_set_broadcast(ms, iod); + + /* mksock_* functions can raise warnings/errors + * but we don't let them stop us for now. */ + return iod->sd; +} + +int nsock_setup_udp(nsock_pool nsp, nsock_iod ms_iod, int af) { + struct npool *ms = (struct npool *)nsp; + struct niod *nsi = (struct niod *)ms_iod; + + assert(nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN); + + nsock_log_info("UDP unconnected socket (IOD #%li)", nsi->id); + + if (nsock_make_socket(ms, nsi, af, SOCK_DGRAM, IPPROTO_UDP) == -1) + return -1; + + return nsi->sd; +} + +/* This does the actual logistics of requesting a connection. It is shared + * by nsock_connect_tcp and nsock_connect_ssl, among others */ +void nsock_connect_internal(struct npool *ms, struct nevent *nse, int type, int proto, struct sockaddr_storage *ss, size_t sslen, + unsigned short port) { + + struct sockaddr_in *sin; +#if HAVE_IPV6 + struct sockaddr_in6 *sin6; +#endif + struct niod *iod = nse->iod; + + if (iod->px_ctx /* proxy enabled */ + && proto == IPPROTO_TCP /* restrict proxying to TCP connections */ + && (nse->handler != nsock_proxy_ev_dispatch)) { /* for reentrancy */ + struct proxy_node *current; + + nsock_log_debug_all("TCP connection request (EID %lu) redirected through proxy chain", + (long)nse->id); + + current = iod->px_ctx->px_current; + assert(current != NULL); + + memcpy(&iod->px_ctx->target_ss, ss, sslen); + iod->px_ctx->target_sslen = sslen; + iod->px_ctx->target_port = port; + + ss = ¤t->ss; + sslen = current->sslen; + port = current->port; + + iod->px_ctx->target_handler = nse->handler; + nse->handler = nsock_proxy_ev_dispatch; + + iod->px_ctx->target_ev_type = nse->type; + nse->type = NSE_TYPE_CONNECT; + } + + sin = (struct sockaddr_in *)ss; +#if HAVE_IPV6 + sin6 = (struct sockaddr_in6 *)ss; +#endif + + /* Now it is time to actually attempt the connection */ + if (nsock_make_socket(ms, iod, ss->ss_family, type, proto) == -1) { + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = socket_errno(); + } else { + if (ss->ss_family == AF_INET) { + sin->sin_port = htons(port); + } +#if HAVE_IPV6 + else if (ss->ss_family == AF_INET6) { + sin6->sin6_port = htons(port); + } +#endif +#if HAVE_SYS_UN_H + else if (ss->ss_family == AF_UNIX) { + /* Nothing more to do for Unix socket */ + } +#endif + else { + fatal("Unknown address family %d\n", ss->ss_family); + } + + assert(sslen <= sizeof(iod->peer)); + if (&iod->peer != ss) + memcpy(&iod->peer, ss, sslen); + iod->peerlen = sslen; + + if (ms->engine->io_operations->iod_connect(ms, iod->sd, (struct sockaddr *)ss, sslen) == -1) { + int err = socket_errno(); + + if ((proto == IPPROTO_UDP) || (err != EINPROGRESS && err != EAGAIN)) { + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = err; + } + } + /* The callback handle_connect_result handles the connection once it completes. */ + } +} + +#if HAVE_SYS_UN_H + +/* Request a UNIX domain sockets connection to the same system (by path to socket). + * This function connects to the socket of type SOCK_STREAM. ss should be a + * sockaddr_storage, sockaddr_un as appropriate (just like what you would pass to + * connect). sslen should be the sizeof the structure you are passing in. */ +nsock_event_id nsock_connect_unixsock_stream(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, int timeout_msecs, + void *userdata, struct sockaddr *saddr, size_t sslen) { + struct niod *nsi = (struct niod *)nsiod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + struct sockaddr_storage *ss = (struct sockaddr_storage *)saddr; + + assert(nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN); + + nse = event_new(ms, NSE_TYPE_CONNECT, nsi, timeout_msecs, handler, userdata); + assert(nse); + + nsock_log_info("UNIX domain socket (STREAM) connection requested to %s (IOD #%li) EID %li", + get_unixsock_path(ss), nsi->id, nse->id); + + nsock_connect_internal(ms, nse, SOCK_STREAM, 0, ss, sslen, 0); + nsock_pool_add_event(ms, nse); + + return nse->id; + +} + +/* Request a UNIX domain sockets connection to the same system (by path to socket). + * This function connects to the socket of type SOCK_DGRAM. ss should be a + * sockaddr_storage, sockaddr_un as appropriate (just like what you would pass to + * connect). sslen should be the sizeof the structure you are passing in. */ +nsock_event_id nsock_connect_unixsock_datagram(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, + void *userdata, struct sockaddr *saddr, size_t sslen) { + struct niod *nsi = (struct niod *)nsiod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + struct sockaddr_storage *ss = (struct sockaddr_storage *)saddr; + + assert(nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN); + + nse = event_new(ms, NSE_TYPE_CONNECT, nsi, -1, handler, userdata); + assert(nse); + + nsock_log_info("UNIX domain socket (DGRAM) connection requested to %s (IOD #%li) EID %li", + get_unixsock_path(ss), nsi->id, nse->id); + + nsock_connect_internal(ms, nse, SOCK_DGRAM, 0, ss, sslen, 0); + nsock_pool_add_event(ms, nse); + + return nse->id; +} + +#endif /* HAVE_SYS_UN_H */ + +/* Request a TCP connection to another system (by IP address). The in_addr is + * normal network byte order, but the port number should be given in HOST BYTE + * ORDER. ss should be a sockaddr_storage, sockaddr_in6, or sockaddr_in as + * appropriate (just like what you would pass to connect). sslen should be the + * sizeof the structure you are passing in. */ +nsock_event_id nsock_connect_tcp(nsock_pool nsp, nsock_iod ms_iod, nsock_ev_handler handler, int timeout_msecs, + void *userdata, struct sockaddr *saddr, size_t sslen, unsigned short port) { + struct niod *nsi = (struct niod *)ms_iod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + struct sockaddr_storage *ss = (struct sockaddr_storage *)saddr; + + assert(nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN); + + nse = event_new(ms, NSE_TYPE_CONNECT, nsi, timeout_msecs, handler, userdata); + assert(nse); + + nsock_log_info("TCP connection requested to %s:%hu (IOD #%li) EID %li", + inet_ntop_ez(ss, sslen), port, nsi->id, nse->id); + + /* Do the actual connect() */ + nsock_connect_internal(ms, nse, SOCK_STREAM, IPPROTO_TCP, ss, sslen, port); + nsock_pool_add_event(ms, nse); + + return nse->id; +} + + +/* Currently a copy of nsock_connect_tcp, called by l_connect only when a + * socks4a proxy is specified. This will help us to avoid targetname + * resolution later on for socks4a connections. */ +nsock_event_id nsock_connect_tcp_socks4a(nsock_pool nsp, nsock_iod ms_iod, + nsock_ev_handler handler, int timeout_msecs, + void *userdata, const char *targetname, + unsigned short port) { + struct niod *nsi = (struct niod *)ms_iod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + + nsi->hostname = (char *)safe_malloc(strlen(targetname)); + strncpy(nsi->hostname, targetname, strlen(targetname)); + assert(nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN); + + nse = event_new(ms, NSE_TYPE_CONNECT, nsi, timeout_msecs, handler, userdata); + assert(nse); + + nsock_log_info("TCP connection requested to %s:%hu (IOD #%li) EID %li", + targetname, port, nsi->id, nse->id); + + /* For now this holder is needed to keep nsock_connect_internal working */ + struct sockaddr_storage ss; + + /* Do the actual connect() */ + nsock_connect_internal(ms, nse, SOCK_STREAM, IPPROTO_TCP, &ss, sizeof(ss), port); + nsock_pool_add_event(ms, nse); + + return nse->id; +} + + +/* Request an SCTP association to another system (by IP address). The in_addr + * is normal network byte order, but the port number should be given in HOST + * BYTE ORDER. ss should be a sockaddr_storage, sockaddr_in6, or sockaddr_in as + * appropriate (just like what you would pass to connect). sslen should be the + * sizeof the structure you are passing in. */ +nsock_event_id nsock_connect_sctp(nsock_pool nsp, nsock_iod ms_iod, nsock_ev_handler handler, int timeout_msecs, + void *userdata, struct sockaddr *saddr, size_t sslen, unsigned short port) { + + struct niod *nsi = (struct niod *)ms_iod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + struct sockaddr_storage *ss = (struct sockaddr_storage *)saddr; + + assert(nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN); + + nse = event_new(ms, NSE_TYPE_CONNECT, nsi, timeout_msecs, handler, userdata); + assert(nse); + + nsock_log_info("SCTP association requested to %s:%hu (IOD #%li) EID %li", + inet_ntop_ez(ss, sslen), port, nsi->id, nse->id); + + /* Do the actual connect() */ + nsock_connect_internal(ms, nse, SOCK_STREAM, IPPROTO_SCTP, ss, sslen, port); + nsock_pool_add_event(ms, nse); + + return nse->id; +} + +/* Request an SSL over TCP/SCTP/UDP connection to another system (by IP address). + * The in_addr is normal network byte order, but the port number should be given + * in HOST BYTE ORDER. This function will call back only after it has made the + * connection AND done the initial SSL negotiation. From that point on, you use + * the normal read/write calls and decryption will happen transparently. ss + * should be a sockaddr_storage, sockaddr_in6, or sockaddr_in as appropriate + * (just like what you would pass to connect). sslen should be the sizeof the + * structure you are passing in. */ +nsock_event_id nsock_connect_ssl(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, int timeout_msecs, + void *userdata, struct sockaddr *saddr, size_t sslen, int proto, unsigned short port, nsock_ssl_session ssl_session) { + +#ifndef HAVE_OPENSSL + fatal("nsock_connect_ssl called - but nsock was built w/o SSL support. QUITTING"); + return (nsock_event_id)0; /* UNREACHED */ +#else + struct sockaddr_storage *ss = (struct sockaddr_storage *)saddr; + struct niod *nsi = (struct niod *)nsiod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + + if (!ms->sslctx) + { + if (proto == IPPROTO_UDP) + nsock_pool_dtls_init(ms, 0); + else + nsock_pool_ssl_init(ms, 0); + } + + assert(nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN); + + nse = event_new(ms, NSE_TYPE_CONNECT_SSL, nsi, timeout_msecs, handler, userdata); + assert(nse); + + /* Set our SSL_SESSION so we can benefit from session-id reuse. */ + /* but not with DTLS; save space in ClientHello message */ + if (proto != IPPROTO_UDP) + nsi_set_ssl_session(nsi, (SSL_SESSION *)ssl_session); + + if (proto == IPPROTO_UDP) + nsock_log_info("DTLS connection requested to %s:%hu/udp (IOD #%li) EID %li", + + inet_ntop_ez(ss, sslen), port, nsi->id, nse->id); + else + nsock_log_info("SSL connection requested to %s:%hu/%s (IOD #%li) EID %li", + inet_ntop_ez(ss, sslen), port, (proto == IPPROTO_TCP ? "tcp" : "sctp"), + nsi->id, nse->id); + + /* Do the actual connect() */ + nsock_connect_internal(ms, nse, (proto == IPPROTO_UDP ? SOCK_DGRAM : SOCK_STREAM), proto, ss, sslen, port); + + nsock_pool_add_event(ms, nse); + + return nse->id; +#endif /* HAVE_OPENSSL */ +} + +/* Request ssl connection over already established connection. nsiod must be + * socket that is already connected to target using nsock_connect_tcp or + * nsock_connect_sctp. All parameters have the same meaning as in + * 'nsock_connect_ssl' */ +nsock_event_id nsock_reconnect_ssl(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, int timeout_msecs, + void *userdata, nsock_ssl_session ssl_session) { + +#ifndef HAVE_OPENSSL + fatal("nsock_reconnect_ssl called - but nsock was built w/o SSL support. QUITTING"); + return (nsock_event_id) 0; /* UNREACHED */ +#else + struct niod *nsi = (struct niod *)nsiod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + + if (!ms->sslctx) + nsock_pool_ssl_init(ms, 0); + + nse = event_new(ms, NSE_TYPE_CONNECT_SSL, nsi, timeout_msecs, handler, userdata); + assert(nse); + + /* Set our SSL_SESSION so we can benefit from session-id reuse. */ + nsi_set_ssl_session(nsi, (SSL_SESSION *)ssl_session); + + nsock_log_info("SSL reconnection requested (IOD #%li) EID %li", + nsi->id, nse->id); + + /* Do the actual connect() */ + nse->event_done = 0; + nse->status = NSE_STATUS_SUCCESS; + nsock_pool_add_event(ms, nse); + + return nse->id; +#endif /* HAVE_OPENSSL */ +} + +/* Request a UDP "connection" to another system (by IP address). The in_addr is + * normal network byte order, but the port number should be given in HOST BYTE + * ORDER. Since this is UDP, no packets are actually sent. The destination IP + * and port are just associated with the nsiod (an actual OS connect() call is + * made). You can then use the normal nsock write calls on the socket. There + * is no timeout since this call always calls your callback at the next + * opportunity. The advantages to having a connected UDP socket (as opposed to + * just specifying an address with sendto() are that we can now use a consistent + * set of write/read calls for TCP/UDP, received packets from the non-partner + * are automatically dropped by the OS, and the OS can provide asynchronous + * errors (see Unix Network Programming pp224). ss should be a + * sockaddr_storage, sockaddr_in6, or sockaddr_in as appropriate (just like what + * you would pass to connect). sslen should be the sizeof the structure you are + * passing in. */ +nsock_event_id nsock_connect_udp(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, void *userdata, + struct sockaddr *saddr, size_t sslen, unsigned short port) { + + struct niod *nsi = (struct niod *)nsiod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + struct sockaddr_storage *ss = (struct sockaddr_storage *)saddr; + + assert(nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN); + + nse = event_new(ms, NSE_TYPE_CONNECT, nsi, -1, handler, userdata); + assert(nse); + + nsock_log_info("UDP connection requested to %s:%hu (IOD #%li) EID %li", + inet_ntop_ez(ss, sslen), port, nsi->id, nse->id); + + nsock_connect_internal(ms, nse, SOCK_DGRAM, IPPROTO_UDP, ss, sslen, port); + nsock_pool_add_event(ms, nse); + + return nse->id; +} + +/* Returns that host/port/protocol information for the last communication (or + * comm. attempt) this nsi has been involved with. By "involved" with I mean + * interactions like establishing (or trying to) a connection or sending a UDP + * datagram through an unconnected nsock_iod. AF is the address family (AF_INET + * or AF_INET6), Protocl is IPPROTO_TCP or IPPROTO_UDP. Pass NULL for + * information you do not need. If ANY of the information you requested is not + * available, 0 will be returned and the unavailable sockets are zeroed. If + * protocol or af is requested but not available, it will be set to -1 (and 0 + * returned). The pointers you pass in must be NULL or point to allocated + * address space. The sockaddr members should actually be sockaddr_storage, + * sockaddr_in6, or sockaddr_in with the socklen of them set appropriately (eg + * sizeof(sockaddr_storage) if that is what you are passing). */ +int nsock_iod_get_communication_info(nsock_iod iod, int *protocol, int *af, + struct sockaddr *local, + struct sockaddr *remote, size_t socklen) { + struct niod *nsi = (struct niod *)iod; + int ret = 1; + struct sockaddr_storage ss; + socklen_t slen = sizeof(ss); + int res; + + assert(socklen > 0); + + if (nsi->peerlen > 0) { + if (remote) + memcpy(remote, &(nsi->peer), MIN((unsigned)socklen, nsi->peerlen)); + if (protocol) { + *protocol = nsi->lastproto; + if (*protocol == -1) res = 0; + } + if (af) { + *af = nsi->peer.ss_family; + } + if (local) { + if (nsi->sd >= 0) { + res = getsockname(nsi->sd, (struct sockaddr *)&ss, &slen); + if (res == -1) { + memset(local, 0, socklen); + ret = 0; + } else { + assert(slen > 0); + memcpy(local, &ss, MIN((unsigned)slen, socklen)); + } + } else { + memset(local, 0, socklen); + ret = 0; + } + } + } else { + if (local || remote || protocol || af) + ret = 0; + + if (remote) + memset(remote, 0, socklen); + + if (local) + memset(local, 0, socklen); + + if (protocol) + *protocol = -1; + + if (af) + *af = -1; + } + return ret; +} + diff --git a/include/DomainExec/nsock/src/nsock_core.c b/include/DomainExec/nsock/src/nsock_core.c new file mode 100644 index 00000000..73a1a65e --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_core.c @@ -0,0 +1,1415 @@ +/*************************************************************************** + * nsock_core.c -- This contains the core engine routines for the nsock * + * parallel socket event library. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2019 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nsock_internal.h" +#include "gh_list.h" +#include "filespace.h" +#include "nsock_log.h" + +#include +#if HAVE_ERRNO_H +#include +#endif +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_SOCKET_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_ARPA_INET_H +#include +#endif +#if HAVE_STRING_H +#include +#endif + +#include "netutils.h" + +#if HAVE_PCAP +#include "nsock_pcap.h" +#endif + +/* Nsock time of day -- we update this at least once per nsock_loop round (and + * after most calls that are likely to block). Other nsock files should grab + * this */ +struct timeval nsock_tod; + +/* Internal function defined in nsock_event.c + * Update the nse->iod first events, assuming nse is about to be deleted */ +void update_first_events(struct nevent *nse); + + + +/* Each iod has a count of pending socket reads, socket writes, and pcap reads. + * When a descriptor's count is nonzero, its bit must be set in the appropriate + * master fd_set, and when the count is zero the bit must be cleared. What we + * are simulating is an fd_set with a counter for each socket instead of just an + * on/off switch. The fd_set's bits aren't enough by itself because a descriptor + * may for example have two reads pending at once, and the bit must not be + * cleared after the first is completed. + * The socket_count_* functions return the event to transmit to update_events() + */ +int socket_count_zero(struct niod *iod, struct npool *ms) { + iod->readsd_count = 0; + iod->writesd_count = 0; +#if HAVE_PCAP + iod->readpcapsd_count = 0; +#endif + return nsock_engine_iod_unregister(ms, iod); +} + +static int socket_count_read_inc(struct niod *iod) { + assert(iod->readsd_count >= 0); + iod->readsd_count++; + return EV_READ; +} + +static int socket_count_read_dec(struct niod *iod) { + assert(iod->readsd_count > 0); + iod->readsd_count--; + return (iod->readsd_count == 0) ? EV_READ : EV_NONE; +} + +static int socket_count_write_inc(struct niod *iod) { + assert(iod->writesd_count >= 0); + iod->writesd_count++; + return EV_WRITE; +} + +static int socket_count_write_dec(struct niod *iod) { + assert(iod->writesd_count > 0); + iod->writesd_count--; + return (iod->writesd_count == 0) ? EV_WRITE : EV_NONE; +} + +#if HAVE_PCAP +static int socket_count_readpcap_inc(struct niod *iod) { + assert(iod->readpcapsd_count >= 0); + iod->readpcapsd_count++; + return EV_READ; +} + +static int socket_count_readpcap_dec(struct niod *iod) { + assert(iod->readpcapsd_count > 0); + iod->readpcapsd_count--; + return (iod->readpcapsd_count == 0) ? EV_READ : EV_NONE; +} +#endif + +#if HAVE_OPENSSL +/* Call socket_count_read_dec or socket_count_write_dec on nse->iod depending on + * the current value of nse->sslinfo.ssl_desire. */ +static int socket_count_dec_ssl_desire(struct nevent *nse) { + assert(nse->iod->ssl != NULL); + assert(nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ || + nse->sslinfo.ssl_desire == SSL_ERROR_WANT_WRITE); + + if (nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ) + return socket_count_read_dec(nse->iod); + else + return socket_count_write_dec(nse->iod); +} +#endif + +static int should_clear_ev_read(const struct niod *iod, int ev_set) { + return (ev_set & EV_READ) && +#if HAVE_PCAP + !iod->readpcapsd_count && +#endif + !iod->readsd_count; +} + +static int should_clear_ev_write(const struct niod *iod, int ev_set) { + return (ev_set & EV_WRITE) && !iod->writesd_count; +} + +/* Update the events that the IO engine should watch for a given IOD. + * + * ev_inc is a set of events for which the event counters should be increased. + * These events will therefore be watched by the IO engine for this IOD. + * + * ev_dec is a set of events for which the event counters should be decreased. + * If this counter reaches zero, the event won't be watched anymore by the + * IO engine for this IOD. + */ +static void update_events(struct niod * iod, struct npool *ms, struct nevent *nse, int ev_inc, int ev_dec) { + int setmask, clrmask, ev_temp; + + /* Filter out events that belong to both sets. */ + ev_temp = ev_inc ^ ev_dec; + ev_inc = ev_inc & ev_temp; + ev_dec = ev_dec & ev_temp; + + setmask = ev_inc; + clrmask = EV_NONE; + + if (should_clear_ev_read(iod, ev_dec)) + clrmask |= EV_READ; + + if (should_clear_ev_write(iod, ev_dec)) + clrmask |= EV_WRITE; + + /* EV_EXCEPT is systematically set and cannot be removed */ + if (ev_inc & EV_EXCEPT) + nsock_log_info("Invalid event set, no need to specify EV_EXCEPT"); + + if (ev_dec & EV_EXCEPT) + nsock_log_info("Invalid event set, refusing to clear EV_EXCEPT"); + + if (!IOD_PROPGET(iod, IOD_REGISTERED)) { + assert(clrmask == EV_NONE); + nsock_engine_iod_register(ms, iod, nse, setmask); + } else { + nsock_engine_iod_modify(ms, iod, nse, setmask, clrmask); + } +} + +/* Add a new event for a given IOD. nevents are stored in separate event lists + * (in the nsock pool) and are grouped by IOD within each list. + * + * This function appends the event _before_ the first similar event we have for + * the given IOD, or append it to the end of the list if no similar event is + * already present. + * + * Note that adding the event before the similar ones is important for + * reentrancy, as it will prevent the new event to be processed in the event + * loop just after its addition. + */ +static int iod_add_event(struct niod *iod, struct nevent *nse) { + struct npool *nsp = iod->nsp; + + switch (nse->type) { + case NSE_TYPE_CONNECT: + case NSE_TYPE_CONNECT_SSL: + if (iod->first_connect) + gh_list_insert_before(&nsp->connect_events, + iod->first_connect, &nse->nodeq_io); + else + gh_list_append(&nsp->connect_events, &nse->nodeq_io); + iod->first_connect = &nse->nodeq_io; + break; + + case NSE_TYPE_READ: + if (iod->first_read) + gh_list_insert_before(&nsp->read_events, iod->first_read, &nse->nodeq_io); + else + gh_list_append(&nsp->read_events, &nse->nodeq_io); + iod->first_read = &nse->nodeq_io; + break; + + case NSE_TYPE_WRITE: + if (iod->first_write) + gh_list_insert_before(&nsp->write_events, iod->first_write, &nse->nodeq_io); + else + gh_list_append(&nsp->write_events, &nse->nodeq_io); + iod->first_write = &nse->nodeq_io; + break; + +#if HAVE_PCAP + case NSE_TYPE_PCAP_READ: { + char add_read = 0, add_pcap_read = 0; + +#if PCAP_BSD_SELECT_HACK + /* BSD hack mode: add event to both read and pcap_read lists */ + add_read = add_pcap_read = 1; +#else + if (((mspcap *)iod->pcap)->pcap_desc >= 0) { + add_read = 1; + } else { + add_pcap_read = 1; + } +#endif + if (add_read) { + if (iod->first_read) + gh_list_insert_before(&nsp->read_events, iod->first_read, &nse->nodeq_io); + else + gh_list_append(&nsp->read_events, &nse->nodeq_io); + iod->first_read = &nse->nodeq_io; + } + if (add_pcap_read) { + if (iod->first_pcap_read) + gh_list_insert_before(&nsp->pcap_read_events, iod->first_pcap_read, + &nse->nodeq_pcap); + else + gh_list_append(&nsp->pcap_read_events, &nse->nodeq_pcap); + iod->first_pcap_read = &nse->nodeq_pcap; + } + break; + } +#endif + + default: + fatal("Unknown event type (%d) for IOD #%lu\n", nse->type, iod->id); + } + + return 0; +} + +/* A handler function is defined for each of the main event types (read, write, + * connect, timer, etc) -- the handler is called when new information is + * available for the event. The handler makes any necessary updates to the + * event based on any new information available. If the event becomes ready for + * delivery, the handler sets nse->event_done and fills out the relevant event + * fields (status, errnum) as applicable. The handlers also take care of event + * type specific teardown (such as clearing socket descriptors from select/poll + * lists). If event_done is not set, the handler will be called again in the + * case of more information or an event timeout */ + +/* The event type handlers -- the first three arguments of each are the same: + * struct npool *ms struct nevent *nse -- the event we have new info on enum nse_status -- + * The reason for the call, usually NSE_STATUS_SUCCESS (which generally means a + * successful I/O call or NSE_STATUS_TIMEOUT or NSE_STATUS_CANCELLED + * + * Some of the event type handlers have other parameters, specific to their + * needs. All the handlers can assume that the calling function has checked + * that select or poll said their descriptors were readable/writeable (as + * appropriate). + * + * The idea is that each handler will take care of the stuff that is specific + * to it and the calling function will handle the stuff that can be generalized + * to dispatching/deleting/etc. all events. But the calling function may use + * type-specific info to determine whether the handler should be called at all + * (to save CPU time). */ + +/* handle_connect_results assumes that select or poll have already shown the + * descriptor to be active */ +void handle_connect_result(struct npool *ms, struct nevent *nse, enum nse_status status) { + int optval; + socklen_t optlen = sizeof(int); + struct niod *iod = nse->iod; + assert(iod != NULL); +#if HAVE_OPENSSL + int sslerr; + int rc = 0; + int sslconnect_inprogress = nse->type == NSE_TYPE_CONNECT_SSL && nse->iod && + (nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ || + nse->sslinfo.ssl_desire == SSL_ERROR_WANT_WRITE); +#else + int sslconnect_inprogress = 0; +#endif + + if (status == NSE_STATUS_TIMEOUT || status == NSE_STATUS_CANCELLED) { + nse->status = status; + nse->event_done = 1; + } else if (sslconnect_inprogress) { + /* Do nothing */ + } else if (status == NSE_STATUS_SUCCESS) { + /* First we want to determine whether the socket really is connected */ + if (getsockopt(iod->sd, SOL_SOCKET, SO_ERROR, (char *)&optval, &optlen) != 0) + optval = socket_errno(); /* Stupid Solaris */ + + if (optval == 0) { + nse->status = NSE_STATUS_SUCCESS; + } + else { + nse->status = NSE_STATUS_ERROR; + nse->errnum = optval; + } + + /* Now special code for the SSL case where the TCP connection was successful. */ + if (nse->type == NSE_TYPE_CONNECT_SSL && + nse->status == NSE_STATUS_SUCCESS) { +#if HAVE_OPENSSL + assert(ms->sslctx != NULL); + /* Reuse iod->ssl if present. If set, this is the second try at connection + without the SSL_OP_NO_SSLv2 option set. */ + if (iod->ssl == NULL) { + iod->ssl = SSL_new(ms->sslctx); + if (!iod->ssl) + fatal("SSL_new failed: %s", ERR_error_string(ERR_get_error(), NULL)); + } + +#if HAVE_SSL_SET_TLSEXT_HOST_NAME + /* Avoid sending SNI extension with DTLS because many servers don't allow + * fragmented ClientHello messages. */ + if (iod->hostname != NULL && iod->lastproto != IPPROTO_UDP) { + if (SSL_set_tlsext_host_name(iod->ssl, iod->hostname) != 1) + fatal("SSL_set_tlsext_host_name failed: %s", ERR_error_string(ERR_get_error(), NULL)); + } +#endif + + /* Associate our new SSL with the connected socket. It will inherit the + * non-blocking nature of the sd */ + if (SSL_set_fd(iod->ssl, iod->sd) != 1) + fatal("SSL_set_fd failed: %s", ERR_error_string(ERR_get_error(), NULL)); + + /* Event not done -- need to do SSL connect below */ + nse->sslinfo.ssl_desire = SSL_ERROR_WANT_CONNECT; +#endif + } else { + /* This is not an SSL connect (in which case we are always done), or the + * TCP connect() underlying the SSL failed (in which case we are also done */ + nse->event_done = 1; + } + } else { + fatal("Unknown status (%d)", status); + } + + /* At this point the TCP connection is done, whether successful or not. + * Therefore decrease the read/write listen counts that were incremented in + * nsock_pool_add_event. In the SSL case, we may increase one of the counts depending + * on whether SSL_connect returns an error of SSL_ERROR_WANT_READ or + * SSL_ERROR_WANT_WRITE. In that case we will re-enter this function, but we + * don't want to execute this block again. */ + if (iod->sd != -1 && !sslconnect_inprogress) { + int ev = EV_NONE; + + ev |= socket_count_read_dec(iod); + ev |= socket_count_write_dec(iod); + update_events(iod, ms, nse, EV_NONE, ev); + } + +#if HAVE_OPENSSL + if (nse->type == NSE_TYPE_CONNECT_SSL && !nse->event_done) { + /* Lets now start/continue/finish the connect! */ + if (iod->ssl_session) { + rc = SSL_set_session(iod->ssl, iod->ssl_session); + if (rc == 0) + nsock_log_error("Uh-oh: SSL_set_session() failed - please tell dev@nmap.org"); + iod->ssl_session = NULL; /* No need for this any more */ + } + + /* If this is a reinvocation of handle_connect_result, clear out the listen + * bits that caused it, based on the previous SSL desire. */ + if (sslconnect_inprogress) { + int ev; + + ev = socket_count_dec_ssl_desire(nse); + update_events(iod, ms, nse, EV_NONE, ev); + } + + rc = SSL_connect(iod->ssl); + if (rc == 1) { + /* Woop! Connect is done! */ + nse->event_done = 1; + /* Check that certificate verification was okay, if requested. */ + if (nsi_ssl_post_connect_verify(iod)) { + nse->status = NSE_STATUS_SUCCESS; + } else { + nsock_log_error("certificate verification error for EID %li: %s", + nse->id, ERR_error_string(ERR_get_error(), NULL)); + nse->status = NSE_STATUS_ERROR; + } + } else { + long options = SSL_get_options(iod->ssl); + + sslerr = SSL_get_error(iod->ssl, rc); + if (rc == -1 && sslerr == SSL_ERROR_WANT_READ) { + nse->sslinfo.ssl_desire = sslerr; + socket_count_read_inc(iod); + update_events(iod, ms, nse, EV_READ, EV_NONE); + } else if (rc == -1 && sslerr == SSL_ERROR_WANT_WRITE) { + nse->sslinfo.ssl_desire = sslerr; + socket_count_write_inc(iod); + update_events(iod, ms, nse, EV_WRITE, EV_NONE); +#if SSL_OP_NO_SSLv2 != 0 + } else if (iod->lastproto != IPPROTO_UDP && !(options & SSL_OP_NO_SSLv2)) { + /* SSLv2 does not apply to DTLS, so ensure lastproto was not UDP. */ + int saved_ev; + + /* SSLv3-only and TLSv1-only servers can't be connected to when the + * SSL_OP_NO_SSLv2 option is not set, which is the case when the pool + * was initialized with nsock_pool_ssl_init_max_speed. Try reconnecting + * with SSL_OP_NO_SSLv2. Never downgrade a NO_SSLv2 connection to one + * that might use SSLv2. */ + nsock_log_info("EID %li reconnecting with SSL_OP_NO_SSLv2", nse->id); + + saved_ev = iod->watched_events; + nsock_engine_iod_unregister(ms, iod); + close(iod->sd); + nsock_connect_internal(ms, nse, SOCK_STREAM, iod->lastproto, &iod->peer, + iod->peerlen, nsock_iod_get_peerport(iod)); + nsock_engine_iod_register(ms, iod, nse, saved_ev); + + /* Use SSL_free here because SSL_clear keeps session info, which + * doesn't work when changing SSL versions (as we're clearly trying to + * do by adding SSL_OP_NO_SSLv2). */ + SSL_free(iod->ssl); + iod->ssl = SSL_new(ms->sslctx); + if (!iod->ssl) + fatal("SSL_new failed: %s", ERR_error_string(ERR_get_error(), NULL)); + + SSL_set_options(iod->ssl, options | SSL_OP_NO_SSLv2); + socket_count_read_inc(nse->iod); + socket_count_write_inc(nse->iod); + update_events(iod, ms, nse, EV_READ|EV_WRITE, EV_NONE); + nse->sslinfo.ssl_desire = SSL_ERROR_WANT_CONNECT; +#endif + } else { + nsock_log_info("EID %li %s", + nse->id, ERR_error_string(ERR_get_error(), NULL)); + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = EIO; + } + } + } +#endif +} + +static int errcode_is_failure(int err) { +#ifndef WIN32 + return err != EINTR && err != EAGAIN && err != EBUSY; +#else + return err != EINTR && err != EAGAIN; +#endif +} + +void handle_write_result(struct npool *ms, struct nevent *nse, enum nse_status status) { + int bytesleft; + char *str; + int res; + int err; + struct niod *iod = nse->iod; + + if (status == NSE_STATUS_TIMEOUT || status == NSE_STATUS_CANCELLED) { + nse->event_done = 1; + nse->status = status; + } else if (status == NSE_STATUS_SUCCESS) { + str = fs_str(&nse->iobuf) + nse->writeinfo.written_so_far; + bytesleft = fs_length(&nse->iobuf) - nse->writeinfo.written_so_far; + if (nse->writeinfo.written_so_far > 0) + assert(bytesleft > 0); +#if HAVE_OPENSSL + if (iod->ssl) + res = SSL_write(iod->ssl, str, bytesleft); + else +#endif + res = ms->engine->io_operations->iod_write(ms, nse->iod->sd, str, bytesleft, 0, (struct sockaddr *)&nse->writeinfo.dest, (int)nse->writeinfo.destlen); + if (res == bytesleft) { + nse->event_done = 1; + nse->status = NSE_STATUS_SUCCESS; + } else if (res >= 0) { + nse->writeinfo.written_so_far += res; + } else { + assert(res == -1); + if (iod->ssl) { +#if HAVE_OPENSSL + err = SSL_get_error(iod->ssl, res); + if (err == SSL_ERROR_WANT_READ) { + int evclr; + + evclr = socket_count_dec_ssl_desire(nse); + socket_count_read_inc(iod); + update_events(iod, ms, nse, EV_READ, evclr); + nse->sslinfo.ssl_desire = err; + } else if (err == SSL_ERROR_WANT_WRITE) { + int evclr; + + evclr = socket_count_dec_ssl_desire(nse); + socket_count_write_inc(iod); + update_events(iod, ms, nse, EV_WRITE, evclr); + nse->sslinfo.ssl_desire = err; + } else { + /* Unexpected error */ + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = EIO; + } +#endif + } else { + err = socket_errno(); + if (errcode_is_failure(err)) { + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = err; + } + } + } + + if (res >= 0) + nse->iod->write_count += res; + } + + if (nse->event_done && nse->iod->sd != -1) { + int ev = EV_NONE; + +#if HAVE_OPENSSL + if (nse->iod->ssl != NULL) + ev |= socket_count_dec_ssl_desire(nse); + else +#endif + ev |= socket_count_write_dec(nse->iod); + update_events(nse->iod, ms, nse, EV_NONE, ev); + } +} + +void handle_timer_result(struct npool *ms, struct nevent *nse, enum nse_status status) { + /* Ooh this is a hard job :) */ + nse->event_done = 1; + nse->status = status; +} + +/* Returns -1 if an error, otherwise the number of newly written bytes */ +static int do_actual_read(struct npool *ms, struct nevent *nse) { + char buf[READ_BUFFER_SZ]; + int buflen = 0; + struct niod *iod = nse->iod; + int err = 0; + int max_chunk = NSOCK_READ_CHUNK_SIZE; + int startlen = fs_length(&nse->iobuf); + int enotsock = 0; /* Did we get ENOTSOCK once? */ + + if (nse->readinfo.read_type == NSOCK_READBYTES) + max_chunk = nse->readinfo.num; + + if (!iod->ssl) { + do { + struct sockaddr_storage peer; + socklen_t peerlen; + peerlen = sizeof(peer); + + if (enotsock) { + peer.ss_family = AF_UNSPEC; + peerlen = 0; + buflen = read(iod->sd, buf, sizeof(buf)); + } + else { + buflen = ms->engine->io_operations->iod_read(ms, iod->sd, buf, sizeof(buf), 0, (struct sockaddr *)&peer, &peerlen); + + /* Using recv() was failing, at least on UNIX, for non-network sockets + * (i.e. stdin) in this case, a read() is done - as on ENOTSOCK we may + * have a non-network socket */ + if (buflen == -1) { + if (socket_errno() == ENOTSOCK) { + enotsock = 1; + peer.ss_family = AF_UNSPEC; + peerlen = 0; + buflen = read(iod->sd, buf, sizeof(buf)); + } + } + } + if (buflen == -1) { + err = socket_errno(); + } + else { + /* Windows will ignore src_addr and addrlen arguments to recvfrom on TCP + * sockets, so peerlen is still sizeof(peer) and peer is junk. Instead, + * only set this if it's not already set. + */ + if (peerlen > 0 && iod->peerlen == 0) { + assert(peerlen <= sizeof(iod->peer)); + memcpy(&iod->peer, &peer, peerlen); + iod->peerlen = peerlen; + } + if (buflen > 0) { + if (fs_cat(&nse->iobuf, buf, buflen) == -1) { + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = ENOMEM; + return -1; + } + + /* Sometimes a service just spews and spews data. So we return after a + * somewhat large amount to avoid monopolizing resources and avoid DOS + * attacks. */ + if (fs_length(&nse->iobuf) > max_chunk) + return fs_length(&nse->iobuf) - startlen; + + /* No good reason to read again if we we were successful in the read but + * didn't fill up the buffer. Especially for UDP, where we want to + * return only one datagram at a time. The consistency of the above + * assignment of iod->peer depends on not consolidating more than one + * UDP read buffer. */ + if (buflen < sizeof(buf)) + return fs_length(&nse->iobuf) - startlen; + } + } + } while (buflen > 0 || (buflen == -1 && err == EINTR)); + + if (buflen == -1) { + if (err != EINTR && err != EAGAIN) { + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = err; + return -1; + } + } + } else { +#if HAVE_OPENSSL + /* OpenSSL read */ + while ((buflen = SSL_read(iod->ssl, buf, sizeof(buf))) > 0) { + + if (fs_cat(&nse->iobuf, buf, buflen) == -1) { + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = ENOMEM; + return -1; + } + + /* Sometimes a service just spews and spews data. So we return + * after a somewhat large amount to avoid monopolizing resources + * and avoid DOS attacks. */ + if (fs_length(&nse->iobuf) > max_chunk) + return fs_length(&nse->iobuf) - startlen; + } + + if (buflen == -1) { + err = SSL_get_error(iod->ssl, buflen); + if (err == SSL_ERROR_WANT_READ) { + int evclr; + + evclr = socket_count_dec_ssl_desire(nse); + socket_count_read_inc(iod); + update_events(iod, ms, nse, EV_READ, evclr); + nse->sslinfo.ssl_desire = err; + } else if (err == SSL_ERROR_WANT_WRITE) { + int evclr; + + evclr = socket_count_dec_ssl_desire(nse); + socket_count_write_inc(iod); + update_events(iod, ms, nse, EV_WRITE, evclr); + nse->sslinfo.ssl_desire = err; + } else { + /* Unexpected error */ + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = EIO; + nsock_log_info("SSL_read() failed for reason %s on NSI %li", + ERR_error_string(err, NULL), iod->id); + return -1; + } + } +#endif /* HAVE_OPENSSL */ + } + + if (buflen == 0) { + nse->event_done = 1; + nse->eof = 1; + if (fs_length(&nse->iobuf) > 0) { + nse->status = NSE_STATUS_SUCCESS; + return fs_length(&nse->iobuf) - startlen; + } else { + nse->status = NSE_STATUS_EOF; + return 0; + } + } + + return fs_length(&nse->iobuf) - startlen; +} + + +void handle_read_result(struct npool *ms, struct nevent *nse, enum nse_status status) { + unsigned int count; + char *str; + int rc, len; + struct niod *iod = nse->iod; + + if (status == NSE_STATUS_TIMEOUT) { + nse->event_done = 1; + if (fs_length(&nse->iobuf) > 0) + nse->status = NSE_STATUS_SUCCESS; + else + nse->status = NSE_STATUS_TIMEOUT; + } else if (status == NSE_STATUS_CANCELLED) { + nse->status = status; + nse->event_done = 1; + } else if (status == NSE_STATUS_SUCCESS) { + rc = do_actual_read(ms, nse); + /* printf("DBG: Just read %d new bytes%s.\n", rc, iod->ssl? "( SSL!)" : ""); */ + if (rc > 0) { + nse->iod->read_count += rc; + /* We decide whether we have read enough to return */ + switch (nse->readinfo.read_type) { + case NSOCK_READ: + nse->status = NSE_STATUS_SUCCESS; + nse->event_done = 1; + break; + case NSOCK_READBYTES: + if (fs_length(&nse->iobuf) >= nse->readinfo.num) { + nse->status = NSE_STATUS_SUCCESS; + nse->event_done = 1; + } + /* else we are not done */ + break; + case NSOCK_READLINES: + /* Lets count the number of lines we have ... */ + count = 0; + len = fs_length(&nse->iobuf) -1; + str = fs_str(&nse->iobuf); + for (count=0; len >= 0; len--) { + if (str[len] == '\n') { + count++; + if ((int)count >= nse->readinfo.num) + break; + } + } + if ((int) count >= nse->readinfo.num) { + nse->event_done = 1; + nse->status = NSE_STATUS_SUCCESS; + } + /* Else we are not done */ + break; + default: + fatal("Unknown operation type (%d)", (int)nse->readinfo.read_type); + } + } + } else { + fatal("Unknown status (%d)", status); + } + + /* If there are no more reads for this IOD, we are done reading on the socket + * so we can take it off the descriptor list ... */ + if (nse->event_done && iod->sd >= 0) { + int ev = EV_NONE; + +#if HAVE_OPENSSL + if (nse->iod->ssl != NULL) + ev |= socket_count_dec_ssl_desire(nse); + else +#endif + ev |= socket_count_read_dec(nse->iod); + update_events(nse->iod, ms, nse, EV_NONE, ev); + } +} + +#if HAVE_PCAP +void handle_pcap_read_result(struct npool *ms, struct nevent *nse, enum nse_status status) { + struct niod *iod = nse->iod; + mspcap *mp = (mspcap *)iod->pcap; + + switch (status) { + case NSE_STATUS_TIMEOUT: + nse->status = NSE_STATUS_TIMEOUT; + nse->event_done = 1; + break; + + case NSE_STATUS_CANCELLED: + nse->status = NSE_STATUS_CANCELLED; + nse->event_done = 1; + break; + + case NSE_STATUS_SUCCESS: + /* check if we already have something read */ + if (fs_length(&(nse->iobuf)) == 0) { + nse->status = NSE_STATUS_TIMEOUT; + nse->event_done = 0; + } else { + nse->status = NSE_STATUS_SUCCESS; /* we have full buffer */ + nse->event_done = 1; + } + break; + + default: + fatal("Unknown status (%d) for nsock event #%lu", status, nse->id); + } + + /* If there are no more read events, we are done reading on the socket so we + * can take it off the descriptor list... */ + if (nse->event_done && mp->pcap_desc >= 0) { + int ev; + + ev = socket_count_readpcap_dec(iod); + update_events(iod, ms, nse, EV_NONE, ev); + } +} + +/* Returns whether something was read */ +int pcap_read_on_nonselect(struct npool *nsp) { + gh_lnode_t *current, *next; + struct nevent *nse; + int ret = 0; + + for (current = gh_list_first_elem(&nsp->pcap_read_events); + current != NULL; + current = next) { + nse = lnode_nevent2(current); + if (do_actual_pcap_read(nse) == 1) { + /* something received */ + ret++; + break; + } + next = gh_lnode_next(current); + } + return ret; +} +#endif /* HAVE_PCAP */ + +/* Here is the all important looping function that tells the event engine to + * start up and begin processing events. It will continue until all events have + * been delivered (including new ones started from event handlers), or the + * msec_timeout is reached, or a major error has occurred. Use -1 if you don't + * want to set a maximum time for it to run. A timeout of 0 will return after 1 + * non-blocking loop. The nsock loop can be restarted again after it returns. + * For example you could do a series of 15 second runs, allowing you to do other + * stuff between them */ +enum nsock_loopstatus nsock_loop(nsock_pool nsp, int msec_timeout) { + struct npool *ms = (struct npool *)nsp; + struct timeval loop_timeout; + int msecs_left; + unsigned long loopnum = 0; + enum nsock_loopstatus quitstatus = NSOCK_LOOP_ERROR; + + gettimeofday(&nsock_tod, NULL); + + if (msec_timeout < -1) { + ms->errnum = EINVAL; + return NSOCK_LOOP_ERROR; + } + TIMEVAL_MSEC_ADD(loop_timeout, nsock_tod, msec_timeout); + msecs_left = msec_timeout; + + if (msec_timeout >= 0) + nsock_log_debug("nsock_loop() started (timeout=%dms). %d events pending", + msec_timeout, ms->events_pending); + else + nsock_log_debug("nsock_loop() started (no timeout). %d events pending", + ms->events_pending); + + while (1) { + if (ms->quit) { + /* We've been asked to quit the loop through nsock_loop_quit. */ + ms->quit = 0; + quitstatus = NSOCK_LOOP_QUIT; + break; + } + + if (ms->events_pending == 0) { + /* if no events at all are pending, then none can be created until + * we quit nsock_loop() -- so we do that now. */ + quitstatus = NSOCK_LOOP_NOEVENTS; + break; + } + + if (msec_timeout >= 0) { + msecs_left = MAX(0, TIMEVAL_MSEC_SUBTRACT(loop_timeout, nsock_tod)); + if (msecs_left == 0 && loopnum > 0) { + quitstatus = NSOCK_LOOP_TIMEOUT; + break; + } + } + + if (nsock_engine_loop(ms, msecs_left) == -1) { + quitstatus = NSOCK_LOOP_ERROR; + break; + } + + gettimeofday(&nsock_tod, NULL); /* we do this at end because there is one + * at beginning of function */ + loopnum++; + } + + return quitstatus; +} + +void process_event(struct npool *nsp, gh_list_t *evlist, struct nevent *nse, int ev) { + int match_r = ev & EV_READ; + int match_w = ev & EV_WRITE; + int match_x = ev & EV_EXCEPT; +#if HAVE_OPENSSL + int desire_r = 0, desire_w = 0; +#endif + + nsock_log_debug_all("Processing event %lu (timeout in %ldms, done=%d)", + nse->id, + (long)TIMEVAL_MSEC_SUBTRACT(nse->timeout, nsock_tod), + nse->event_done); + + if (!nse->event_done) { + switch (nse->type) { + case NSE_TYPE_CONNECT: + case NSE_TYPE_CONNECT_SSL: + if (ev != EV_NONE) + handle_connect_result(nsp, nse, NSE_STATUS_SUCCESS); + if (event_timedout(nse)) + handle_connect_result(nsp, nse, NSE_STATUS_TIMEOUT); + break; + + case NSE_TYPE_READ: +#if HAVE_OPENSSL + desire_r = nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ; + desire_w = nse->sslinfo.ssl_desire == SSL_ERROR_WANT_WRITE; + if (nse->iod->ssl && ((desire_r && match_r) || (desire_w && match_w))) + handle_read_result(nsp, nse, NSE_STATUS_SUCCESS); + else +#endif + if ((!nse->iod->ssl && match_r) || match_x) + handle_read_result(nsp, nse, NSE_STATUS_SUCCESS); + + if (event_timedout(nse)) + handle_read_result(nsp, nse, NSE_STATUS_TIMEOUT); + + break; + + case NSE_TYPE_WRITE: +#if HAVE_OPENSSL + desire_r = nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ; + desire_w = nse->sslinfo.ssl_desire == SSL_ERROR_WANT_WRITE; + if (nse->iod->ssl && ((desire_r && match_r) || (desire_w && match_w))) + handle_write_result(nsp, nse, NSE_STATUS_SUCCESS); + else +#endif + if ((!nse->iod->ssl && match_w) || match_x) + handle_write_result(nsp, nse, NSE_STATUS_SUCCESS); + + if (event_timedout(nse)) + handle_write_result(nsp, nse, NSE_STATUS_TIMEOUT); + break; + + case NSE_TYPE_TIMER: + if (event_timedout(nse)) + handle_timer_result(nsp, nse, NSE_STATUS_SUCCESS); + break; + +#if HAVE_PCAP + case NSE_TYPE_PCAP_READ:{ + nsock_log_debug_all("PCAP iterating %lu", nse->id); + + if (ev & EV_READ) { + /* buffer empty? check it! */ + if (fs_length(&(nse->iobuf)) == 0) + do_actual_pcap_read(nse); + } + + /* if already received something */ + if (fs_length(&(nse->iobuf)) > 0) + handle_pcap_read_result(nsp, nse, NSE_STATUS_SUCCESS); + + if (event_timedout(nse)) + handle_pcap_read_result(nsp, nse, NSE_STATUS_TIMEOUT); + + #if PCAP_BSD_SELECT_HACK + /* If event occurred, and we're in BSD_HACK mode, then this event was added + * to two queues. read_event and pcap_read_event + * Of course we should destroy it only once. + * I assume we're now in read_event, so just unlink this event from + * pcap_read_event */ + if (((mspcap *)nse->iod->pcap)->pcap_desc >= 0 + && nse->event_done + && evlist == &nsp->read_events) { + /* event is done, list is read_events and we're in BSD_HACK mode. + * So unlink event from pcap_read_events */ + update_first_events(nse); + gh_list_remove(&nsp->pcap_read_events, &nse->nodeq_pcap); + + nsock_log_debug_all("PCAP NSE #%lu: Removing event from PCAP_READ_EVENTS", + nse->id); + } + if (((mspcap *)nse->iod->pcap)->pcap_desc >= 0 + && nse->event_done + && evlist == &nsp->pcap_read_events) { + update_first_events(nse); + gh_list_remove(&nsp->read_events, &nse->nodeq_io); + nsock_log_debug_all("PCAP NSE #%lu: Removing event from READ_EVENTS", + nse->id); + } + #endif + break; + } +#endif + default: + fatal("Event has unknown type (%d)", nse->type); + } + } + + if (nse->event_done) { + /* Security sanity check: don't return a functional SSL iod without + * setting an SSL data structure. */ + if (nse->type == NSE_TYPE_CONNECT_SSL && nse->status == NSE_STATUS_SUCCESS) + assert(nse->iod->ssl != NULL); + + nsock_log_debug_all("NSE #%lu: Sending event", nse->id); + + /* WooHoo! The event is ready to be sent */ + event_dispatch_and_delete(nsp, nse, 1); + } +} + +void process_iod_events(struct npool *nsp, struct niod *nsi, int ev) { + int i = 0; + /* store addresses of the pointers to the first elements of each kind instead + * of storing the values, as a connect can add a read for instance */ + gh_lnode_t **start_elems[] = { + &nsi->first_connect, + &nsi->first_read, + &nsi->first_write, +#if HAVE_PCAP + &nsi->first_pcap_read, +#endif + NULL + }; + gh_list_t *evlists[] = { + &nsp->connect_events, + &nsp->read_events, + &nsp->write_events, +#if HAVE_PCAP + &nsp->pcap_read_events, +#endif + NULL + }; + + assert(nsp == nsi->nsp); + nsock_log_debug_all("Processing events on IOD %lu (ev=%d)", nsi->id, ev); + + /* We keep the events separate because we want to handle them in the + * order: connect => read => write => timer for several reasons: + * + * 1) Makes sure we have gone through all the net i/o events before + * a timer expires (would be a shame to timeout after the data was + * available but before we delivered the events + * + * 2) The connect() results often lead to a read or write that can be + * processed in the same cycle. In the same way, read() often + * leads to write(). + */ + for (i = 0; evlists[i] != NULL; i++) { + gh_lnode_t *current, *next, *last; + + /* for each list, get the last event and don't look past it as an event + * could add another event in the same list and so on... */ + last = gh_list_last_elem(evlists[i]); + + for (current = *start_elems[i]; + current != NULL && gh_lnode_prev(current) != last; + current = next) { + struct nevent *nse; + +#if HAVE_PCAP + if (evlists[i] == &nsi->nsp->pcap_read_events) + nse = lnode_nevent2(current); + else +#endif + nse = lnode_nevent(current); + + /* events are grouped by IOD. Break if we're done with the events for the + * current IOD */ + if (nse->iod != nsi) + break; + + process_event(nsp, evlists[i], nse, ev); + next = gh_lnode_next(current); + + if (nse->event_done) { + /* event is done, remove it from the event list and update IOD pointers + * to the first events of each kind */ + update_first_events(nse); + gh_list_remove(evlists[i], current); + gh_list_append(&nsp->free_events, &nse->nodeq_io); + + if (nse->timeout.tv_sec) + gh_heap_remove(&nsp->expirables, &nse->expire); + } + } + } +} + +static int nevent_unref(struct npool *nsp, struct nevent *nse) { + switch (nse->type) { + case NSE_TYPE_CONNECT: + case NSE_TYPE_CONNECT_SSL: + gh_list_remove(&nsp->connect_events, &nse->nodeq_io); + break; + + case NSE_TYPE_READ: + gh_list_remove(&nsp->read_events, &nse->nodeq_io); + break; + + case NSE_TYPE_WRITE: + gh_list_remove(&nsp->write_events, &nse->nodeq_io); + break; + +#if HAVE_PCAP + case NSE_TYPE_PCAP_READ: { + char read = 0; + char pcap = 0; + +#if PCAP_BSD_SELECT_HACK + read = pcap = 1; +#else + if (((mspcap *)nse->iod->pcap)->pcap_desc >= 0) + read = 1; + else + pcap = 1; +#endif /* PCAP_BSD_SELECT_HACK */ + + if (read) + gh_list_remove(&nsp->read_events, &nse->nodeq_io); + if (pcap) + gh_list_remove(&nsp->pcap_read_events, &nse->nodeq_pcap); + + break; + } +#endif /* HAVE_PCAP */ + + case NSE_TYPE_TIMER: + /* Nothing to do */ + break; + + default: + fatal("Unknown event type %d", nse->type); + } + gh_list_append(&nsp->free_events, &nse->nodeq_io); + return 0; +} + +void process_expired_events(struct npool *nsp) { + for (;;) { + gh_hnode_t *hnode; + struct nevent *nse; + + hnode = gh_heap_min(&nsp->expirables); + if (!hnode) + break; + + nse = container_of(hnode, struct nevent, expire); + if (!event_timedout(nse)) + break; + + gh_heap_pop(&nsp->expirables); + process_event(nsp, NULL, nse, EV_NONE); + assert(nse->event_done); + update_first_events(nse); + nevent_unref(nsp, nse); + } +} + +/* Calling this function will cause nsock_loop to quit on its next iteration + * with a return value of NSOCK_LOOP_QUIT. */ +void nsock_loop_quit(nsock_pool nsp) { + struct npool *ms = (struct npool *)nsp; + ms->quit = 1; +} + +/* Grab the latest time as recorded by the nsock library, which does so at least + * once per event loop (in main_loop). Not only does this function (generally) + * avoid a system call, but in many circumstances it is better to use nsock's + * time rather than the system time. If nsock has never obtained the time when + * you call it, it will do so before returning */ +const struct timeval *nsock_gettimeofday() { + if (nsock_tod.tv_sec == 0) + gettimeofday(&nsock_tod, NULL); + return &nsock_tod; +} + +/* Adds an event to the appropriate nsp event list, handles housekeeping such as + * adjusting the descriptor select/poll lists, registering the timeout value, + * etc. */ +void nsock_pool_add_event(struct npool *nsp, struct nevent *nse) { + nsock_log_debug("NSE #%lu: Adding event (timeout in %ldms)", + nse->id, + (long)TIMEVAL_MSEC_SUBTRACT(nse->timeout, nsock_tod)); + + nsp->events_pending++; + + if (!nse->event_done && nse->timeout.tv_sec) { + /* This event is expirable, add it to the queue */ + gh_heap_push(&nsp->expirables, &nse->expire); + } + + /* Now we do the event type specific actions */ + switch (nse->type) { + case NSE_TYPE_CONNECT: + case NSE_TYPE_CONNECT_SSL: + if (!nse->event_done) { + assert(nse->iod->sd >= 0); + socket_count_read_inc(nse->iod); + socket_count_write_inc(nse->iod); + update_events(nse->iod, nsp, nse, EV_READ|EV_WRITE, EV_NONE); + } + iod_add_event(nse->iod, nse); + break; + + case NSE_TYPE_READ: + if (!nse->event_done) { + assert(nse->iod->sd >= 0); + socket_count_read_inc(nse->iod); + update_events(nse->iod, nsp, nse, EV_READ, EV_NONE); +#if HAVE_OPENSSL + if (nse->iod->ssl) + nse->sslinfo.ssl_desire = SSL_ERROR_WANT_READ; +#endif + } + iod_add_event(nse->iod, nse); + break; + + case NSE_TYPE_WRITE: + if (!nse->event_done) { + assert(nse->iod->sd >= 0); + socket_count_write_inc(nse->iod); + update_events(nse->iod, nsp, nse, EV_WRITE, EV_NONE); +#if HAVE_OPENSSL + if (nse->iod->ssl) + nse->sslinfo.ssl_desire = SSL_ERROR_WANT_WRITE; +#endif + } + iod_add_event(nse->iod, nse); + break; + + case NSE_TYPE_TIMER: + /* nothing to do */ + break; + +#if HAVE_PCAP + case NSE_TYPE_PCAP_READ: { + mspcap *mp = (mspcap *)nse->iod->pcap; + + assert(mp); + if (mp->pcap_desc >= 0) { /* pcap descriptor present */ + if (!nse->event_done) { + socket_count_readpcap_inc(nse->iod); + update_events(nse->iod, nsp, nse, EV_READ, EV_NONE); + } + nsock_log_debug_all("PCAP NSE #%lu: Adding event to READ_EVENTS", nse->id); + + #if PCAP_BSD_SELECT_HACK + /* when using BSD hack we must do pcap_next() after select(). + * Let's insert this pcap to bot queues, to selectable and nonselectable. + * This will result in doing pcap_next_ex() just before select() */ + nsock_log_debug_all("PCAP NSE #%lu: Adding event to PCAP_READ_EVENTS", nse->id); + #endif + } else { + /* pcap isn't selectable. Add it to pcap-specific queue. */ + nsock_log_debug_all("PCAP NSE #%lu: Adding event to PCAP_READ_EVENTS", nse->id); + } + iod_add_event(nse->iod, nse); + break; + } +#endif + + default: + fatal("Unknown nsock event type (%d)", nse->type); + } + + /* It can happen that the event already completed. In which case we can + * already deliver it, even though we're probably not inside nsock_loop(). */ + if (nse->event_done) { + event_dispatch_and_delete(nsp, nse, 1); + update_first_events(nse); + nevent_unref(nsp, nse); + } +} + +/* An event has been completed and the handler is about to be called. This + * function writes out tracing data about the event if necessary */ +void nsock_trace_handler_callback(struct npool *ms, struct nevent *nse) { + struct niod *nsi; + char *str; + int strlength = 0; + char displaystr[256]; + char errstr[256]; + + if (NsockLogLevel > NSOCK_LOG_INFO) + return; + + nsi = nse->iod; + + if (nse->status == NSE_STATUS_ERROR) + Snprintf(errstr, sizeof(errstr), "[%s (%d)] ", socket_strerror(nse->errnum), + nse->errnum); + else + errstr[0] = '\0'; + + /* Some types have special tracing treatment */ + switch (nse->type) { + case NSE_TYPE_CONNECT: + case NSE_TYPE_CONNECT_SSL: + nsock_log_info("Callback: %s %s %sfor EID %li [%s]", + nse_type2str(nse->type), nse_status2str(nse->status), + errstr, nse->id, get_peeraddr_string(nsi)); + break; + + case NSE_TYPE_READ: + if (nse->status != NSE_STATUS_SUCCESS) { + nsock_log_info("Callback: %s %s %sfor EID %li [%s]", + nse_type2str(nse->type), nse_status2str(nse->status), + errstr, nse->id, get_peeraddr_string(nsi)); + } else { + str = nse_readbuf(nse, &strlength); + if (strlength < 80) { + memcpy(displaystr, ": ", 2); + memcpy(displaystr + 2, str, strlength); + displaystr[2 + strlength] = '\0'; + replacenonprintable(displaystr + 2, strlength, '.'); + } else { + displaystr[0] = '\0'; + } + nsock_log_info("Callback: %s %s for EID %li [%s] %s(%d bytes)%s", + nse_type2str(nse->type), nse_status2str(nse->status), + nse->id, + get_peeraddr_string(nsi), + nse_eof(nse) ? "[EOF]" : "", strlength, displaystr); + } + break; + + case NSE_TYPE_WRITE: + nsock_log_info("Callback: %s %s %sfor EID %li [%s]", + nse_type2str(nse->type), nse_status2str(nse->status), + errstr, nse->id, get_peeraddr_string(nsi)); + break; + + case NSE_TYPE_TIMER: + nsock_log_info("Callback: %s %s %sfor EID %li", + nse_type2str(nse->type), nse_status2str(nse->status), + errstr, nse->id); + break; + +#if HAVE_PCAP + case NSE_TYPE_PCAP_READ: + nsock_log_info("Callback: %s %s %sfor EID %li ", + nse_type2str(nse->type), nse_status2str(nse->status), + errstr, nse->id); + break; +#endif + + default: + fatal("Invalid nsock event type (%d)", nse->type); + } +} + diff --git a/include/DomainExec/nsock/src/nsock_engines.c b/include/DomainExec/nsock/src/nsock_engines.c new file mode 100644 index 00000000..9418a5e0 --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_engines.c @@ -0,0 +1,191 @@ +/*************************************************************************** + * nsock_engines.c -- This contains the functions and definitions to * + * manage the list of available IO engines. Each IO engine leverages a * + * specific IO notification function to wait for events. Nsock will try * + * to use the most efficient engine for your system. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#endif + +#include "nsock_internal.h" + +#if HAVE_IOCP + extern struct io_engine engine_iocp; + #define ENGINE_IOCP &engine_iocp, +#else + #define ENGINE_IOCP +#endif /* HAVE_IOCP */ + +#if HAVE_EPOLL + extern struct io_engine engine_epoll; + #define ENGINE_EPOLL &engine_epoll, +#else + #define ENGINE_EPOLL +#endif /* HAVE_EPOLL */ + +#if HAVE_KQUEUE + extern struct io_engine engine_kqueue; + #define ENGINE_KQUEUE &engine_kqueue, +#else + #define ENGINE_KQUEUE +#endif /* HAVE_KQUEUE */ + +#if HAVE_POLL + extern struct io_engine engine_poll; + #define ENGINE_POLL &engine_poll, +#else + #define ENGINE_POLL +#endif /* HAVE_POLL */ + +/* select() based engine is the fallback engine, we assume it's always available */ +extern struct io_engine engine_select; +#define ENGINE_SELECT &engine_select, + +/* Available IO engines. This depends on which IO management interfaces are + * available on your system. Engines must be sorted by order of preference */ +static struct io_engine *available_engines[] = { + ENGINE_EPOLL + ENGINE_KQUEUE + ENGINE_POLL + ENGINE_IOCP + ENGINE_SELECT + NULL +}; + +static char *engine_hint; + +int posix_iod_connect(struct npool *nsp, int sockfd, const struct sockaddr *addr, socklen_t addrlen) { + return connect(sockfd, addr, addrlen); +} + +int posix_iod_read(struct npool *nsp, int sockfd, void *buf, size_t len, int flags, struct sockaddr *src_addr, socklen_t *addrlen) { + return recvfrom(sockfd, (char *)buf, len, flags, src_addr, addrlen); +} + +int posix_iod_write(struct npool *nsp, int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen) { + struct sockaddr_storage *dest = (struct sockaddr_storage *)dest_addr; + if (dest->ss_family == AF_UNSPEC) + return send(sockfd, (char *)buf, len, flags); + else + return sendto(sockfd, (char *)buf, len, flags, dest_addr, addrlen); +} + +struct io_operations posix_io_operations = { + posix_iod_connect, + posix_iod_read, + posix_iod_write +}; + +struct io_engine *get_io_engine(void) { + struct io_engine *engine = NULL; + int i; + + if (!engine_hint) { + engine = available_engines[0]; + } else { + for (i = 0; available_engines[i] != NULL; i++) + if (strcmp(engine_hint, available_engines[i]->name) == 0) { + engine = available_engines[i]; + break; + } + } + + if (!engine) + fatal("No suitable IO engine found! (%s)\n", + engine_hint ? engine_hint : "no hint"); + + return engine; +} + +int nsock_set_default_engine(char *engine) { + if (engine_hint) + free(engine_hint); + + if (engine) { + int i; + + for (i = 0; available_engines[i] != NULL; i++) { + if (strcmp(engine, available_engines[i]->name) == 0) { + engine_hint = strdup(engine); + return 0; + } + } + return -1; + } + /* having engine = NULL is fine. This is actually the + * way to tell nsock to use the default engine again. */ + engine_hint = NULL; + return 0; +} + +const char *nsock_list_engines(void) { + return +#if HAVE_IOCP + "iocp " +#endif +#if HAVE_EPOLL + "epoll " +#endif +#if HAVE_KQUEUE + "kqueue " +#endif +#if HAVE_POLL + "poll " +#endif + "select"; +} + diff --git a/include/DomainExec/nsock/src/nsock_event.c b/include/DomainExec/nsock/src/nsock_event.c new file mode 100644 index 00000000..baa81fb7 --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_event.c @@ -0,0 +1,542 @@ +/*************************************************************************** + * nsock_event.c -- Functions dealing with nsock_events (and their * + * struct nevent internal representation. An event is created when you do * + * various calls (for reading, writing, connecting, timers, etc) and is * + * provided back to you in the callback when the call completes or * + * fails. It is automatically destroyed after the callback returns * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nsock_internal.h" +#include "nsock_log.h" +#include "gh_list.h" + +#if HAVE_PCAP +#include "nsock_pcap.h" +#endif + +#include + +extern struct timeval nsock_tod; + +/* Find the type of an event that spawned a callback */ +enum nse_type nse_type(nsock_event nse) { + struct nevent *me = (struct nevent *)nse; + return me->type; +} + +enum nse_status nse_status(nsock_event nse) { + struct nevent *me = (struct nevent *)nse; + return me->status; +} + +int nse_eof(nsock_event nse) { + struct nevent *me = (struct nevent *)nse; + return me->eof; +} + +/* Obtains the nsock_iod (see below) associated with the event. Note that + * some events (such as timers) don't have an nsock_iod associated with them */ +nsock_iod nse_iod(nsock_event ms_event) { + struct nevent *nse = (struct nevent *)ms_event; + return (nsock_iod) nse->iod; +} + +/* This next function returns the errno style error code -- which is only valid + * if the status is NSE_STATUS_ERROR */ +int nse_errorcode(nsock_event nse) { + struct nevent *me = (struct nevent *)nse; + return me->errnum; +} + +/* Every event has an ID which will be unique throughout the program's execution + * unless you use (literally) billions of them */ +nsock_event_id nse_id(nsock_event nse) { + struct nevent *me = (struct nevent *)nse; + return me->id; +} + +/* If you did a read request, and the result was STATUS_SUCCESS, this function + * provides the buffer that was read in as well as the number of chars read. + * The buffer should not be modified or free'd */ +char *nse_readbuf(nsock_event nse, int *nbytes) { + struct nevent *me = (struct nevent *)nse; + + if (nbytes) + *nbytes = fs_length(&(me->iobuf)); + return fs_str(&(me->iobuf)); +} + +static void first_ev_next(struct nevent *nse, gh_lnode_t **first, int nodeq2) { + if (!first || !*first) + return; + + if (&nse->nodeq_io == *first || &nse->nodeq_pcap == *first) { + gh_lnode_t *next; + + next = gh_lnode_next(*first); + if (next) { + struct nevent *newevent; + + if (nodeq2) + newevent = lnode_nevent2(next); + else + newevent = lnode_nevent(next); + + if (newevent->iod == nse->iod) + *first = next; + else + *first = NULL; + } else { + *first = NULL; + } + } +} + +void update_first_events(struct nevent *nse) { + switch (get_event_id_type(nse->id)) { + case NSE_TYPE_CONNECT: + case NSE_TYPE_CONNECT_SSL: + first_ev_next(nse, &nse->iod->first_connect, 0); + break; + + case NSE_TYPE_READ: + first_ev_next(nse, &nse->iod->first_read, 0); + break; + + case NSE_TYPE_WRITE: + first_ev_next(nse, &nse->iod->first_write, 0); + break; + +#if HAVE_PCAP + case NSE_TYPE_PCAP_READ: + first_ev_next(nse, &nse->iod->first_read, 0); + first_ev_next(nse, &nse->iod->first_pcap_read, 1); + break; +#endif + + case NSE_TYPE_TIMER: + /* nothing to do */ + break; + + default: + fatal("Bogus event type in update_first_events"); + break; + } +} + +/* Cancel an event (such as a timer or read request). If notify is nonzero, the + * requester will be sent an event CANCELLED status back to the given handler. + * But in some cases there is no need to do this (like if the function deleting + * it is the one which created it), in which case 0 can be passed to skip the + * step. This function returns zero if the event is not found, nonzero + * otherwise. */ +int nsock_event_cancel(nsock_pool ms_pool, nsock_event_id id, int notify) { + struct npool *nsp = (struct npool *)ms_pool; + enum nse_type type; + unsigned int i; + gh_list_t *event_list = NULL, *event_list2 = NULL; + gh_lnode_t *current, *next; + struct nevent *nse = NULL; + + assert(nsp); + + type = get_event_id_type(id); + nsock_log_info("Event #%li (type %s) cancelled", id, nse_type2str(type)); + + /* First we figure out what list it is in */ + switch (type) { + case NSE_TYPE_CONNECT: + case NSE_TYPE_CONNECT_SSL: + event_list = &nsp->connect_events; + break; + + case NSE_TYPE_READ: + event_list = &nsp->read_events; + break; + + case NSE_TYPE_WRITE: + event_list = &nsp->write_events; + break; + + case NSE_TYPE_TIMER: + for (i = 0; i < gh_heap_count(&nsp->expirables); i++) { + gh_hnode_t *hnode; + + hnode = gh_heap_find(&nsp->expirables, i); + nse = container_of(hnode, struct nevent, expire); + if (nse->id == id) + return nevent_delete(nsp, nse, NULL, NULL, notify); + } + return 0; + +#if HAVE_PCAP + case NSE_TYPE_PCAP_READ: + event_list = &nsp->read_events; + event_list2 = &nsp->pcap_read_events; + break; +#endif + + default: + fatal("Bogus event type in nsock_event_cancel"); break; + } + + /* Now we try to find the event in the list */ + for (current = gh_list_first_elem(event_list); current != NULL; current = next) { + next = gh_lnode_next(current); + nse = lnode_nevent(current); + if (nse->id == id) + break; + } + + if (current == NULL && event_list2) { + event_list = event_list2; + for (current = gh_list_first_elem(event_list); current != NULL; current = next) { + next = gh_lnode_next(current); + nse = lnode_nevent2(current); + if (nse->id == id) + break; + } + } + if (current == NULL) + return 0; + + return nevent_delete(nsp, nse, event_list, current, notify); +} + +/* An internal function for cancelling an event when you already have a pointer + * to the struct nevent (use nsock_event_cancel if you just have an ID). The + * event_list passed in should correspond to the type of the event. For example, + * with NSE_TYPE_READ, you would pass in &nsp->read_events;. elem is the list + * element in event_list which holds the event. Pass a nonzero for notify if + * you want the program owning the event to be notified that it has been + * cancelled */ +int nevent_delete(struct npool *nsp, struct nevent *nse, gh_list_t *event_list, + gh_lnode_t *elem, int notify) { + if (nse->event_done) { + /* This event has already been marked for death somewhere else -- it will be + * gone soon (and if we try to kill it now all hell will break loose due to + * reentrancy. */ + return 0; + } + + nsock_log_info("%s on event #%li (type %s)", __func__, nse->id, + nse_type2str(nse->type)); + + /* Now that we found the event... we go through the motions of cleanly + * cancelling it */ + switch (nse->type) { + case NSE_TYPE_CONNECT: + case NSE_TYPE_CONNECT_SSL: + handle_connect_result(nsp, nse, NSE_STATUS_CANCELLED); + break; + + case NSE_TYPE_READ: + handle_read_result(nsp, nse, NSE_STATUS_CANCELLED); + break; + + case NSE_TYPE_WRITE: + handle_write_result(nsp, nse, NSE_STATUS_CANCELLED); + break; + + case NSE_TYPE_TIMER: + handle_timer_result(nsp, nse, NSE_STATUS_CANCELLED); + break; + +#if HAVE_PCAP + case NSE_TYPE_PCAP_READ: + handle_pcap_read_result(nsp, nse, NSE_STATUS_CANCELLED); + break; +#endif + + default: + fatal("Invalid nsock event type (%d)", nse->type); + } + + assert(nse->event_done); + + if (nse->timeout.tv_sec) + gh_heap_remove(&nsp->expirables, &nse->expire); + + if (event_list) { + update_first_events(nse); + gh_list_remove(event_list, elem); + } + + gh_list_append(&nsp->free_events, &nse->nodeq_io); + + nsock_log_debug_all("NSE #%lu: Removing event from list", nse->id); + +#if HAVE_PCAP +#if PCAP_BSD_SELECT_HACK + if (nse->type == NSE_TYPE_PCAP_READ) { + nsock_log_debug_all("PCAP NSE #%lu: CANCEL TEST pcap=%p read=%p curr=%p sd=%i", + nse->id, &nsp->pcap_read_events, &nsp->read_events, + event_list,((mspcap *)nse->iod->pcap)->pcap_desc); + + /* If event occurred, and we're in BSD_HACK mode, then this event was added to + * two queues. read_event and pcap_read_event Of course we should + * destroy it only once. I assume we're now in read_event, so just unlink + * this event from pcap_read_event */ + if (((mspcap *)nse->iod->pcap)->pcap_desc >= 0 && event_list == &nsp->read_events) { + /* event is done, list is read_events and we're in BSD_HACK mode. So unlink + * event from pcap_read_events */ + gh_list_remove(&nsp->pcap_read_events, &nse->nodeq_pcap); + nsock_log_debug_all("PCAP NSE #%lu: Removing event from PCAP_READ_EVENTS", nse->id); + } + + if (((mspcap *)nse->iod->pcap)->pcap_desc >= 0 && event_list == &nsp->pcap_read_events) { + /* event is done, list is read_events and we're in BSD_HACK mode. + * So unlink event from read_events */ + gh_list_remove(&nsp->read_events, &nse->nodeq_io); + + nsock_log_debug_all("PCAP NSE #%lu: Removing event from READ_EVENTS", nse->id); + } + } +#endif +#endif + event_dispatch_and_delete(nsp, nse, notify); + return 1; +} + +/* Adjust various statistics, dispatches the event handler (if notify is + * nonzero) and then deletes the event. This function does NOT delete the event + * from any lists it might be on (eg nsp->read_list etc.) nse->event_done + * MUST be true when you call this */ +void event_dispatch_and_delete(struct npool *nsp, struct nevent *nse, int notify) { + assert(nsp); + assert(nse); + + assert(nse->event_done); + + nsp->events_pending--; + assert(nsp->events_pending >= 0); + + if (nse->iod) { + nse->iod->events_pending--; + assert(nse->iod->events_pending >= 0); + } + + if (notify) { + nsock_trace_handler_callback(nsp, nse); + nse->handler(nsp, nse, nse->userdata); + } + + /* FIXME: We should be updating stats here ... */ + + /* Now we clobber the event ... */ + event_delete(nsp, nse); +} + +/* OK -- the idea is that we want the type included in the rightmost two bits + * and the serial number in the leftmost 30 or 62. But we also want to insure a + * correct wrap-around in the case of an obscene number of event. One + * definition of a "correct" wraparound is that it goes from the highest number + * back to one (not zero) because we don't want event numbers to ever be zero. + * */ +nsock_event_id get_new_event_id(struct npool *ms, enum nse_type type) { + int type_code = (int)type; + unsigned long serial = ms->next_event_serial++; + unsigned long max_serial_allowed; + int shiftbits; + + assert(type < NSE_TYPE_MAX); + + shiftbits = sizeof(nsock_event_id) * 8 - TYPE_CODE_NUM_BITS; + max_serial_allowed = ((unsigned long)1 << shiftbits) - 1; + if (serial == max_serial_allowed) { + /* then the next serial will be one because 0 is forbidden */ + ms->next_event_serial = 1; + } + + return (serial << TYPE_CODE_NUM_BITS) | type_code; +} + +/* Take an event ID and return the type (NSE_TYPE_CONNECT, etc */ +enum nse_type get_event_id_type(nsock_event_id event_id) { + return (enum nse_type)((event_id & ((1 << TYPE_CODE_NUM_BITS) - 1))); +} + +/* Create a new event structure -- must be deleted later with event_delete, + * unless it returns NULL (failure). NULL can be passed in for the struct niod + * and the userdata if not available */ +struct nevent *event_new(struct npool *nsp, enum nse_type type, + struct niod *iod, int timeout_msecs, + nsock_ev_handler handler, void *userdata) { + struct nevent *nse; + gh_lnode_t *lnode; + + /* Bring us up to date for the timeout calculation. */ + gettimeofday(&nsock_tod, NULL); + + if (iod) { + iod->events_pending++; + assert(iod->state != NSIOD_STATE_DELETED); + } + + /* First we check if one is available from the free list ... */ + lnode = gh_list_pop(&nsp->free_events); + if (!lnode) + nse = (struct nevent *)safe_malloc(sizeof(*nse)); + else + nse = lnode_nevent(lnode); + + memset(nse, 0, sizeof(*nse)); + + nse->id = get_new_event_id(nsp, type); + nse->type = type; + nse->status = NSE_STATUS_NONE; + gh_hnode_invalidate(&nse->expire); +#if HAVE_OPENSSL + nse->sslinfo.ssl_desire = SSL_ERROR_NONE; +#endif + + if (type == NSE_TYPE_READ || type == NSE_TYPE_WRITE) + filespace_init(&(nse->iobuf), 1024); + +#if HAVE_PCAP + if (type == NSE_TYPE_PCAP_READ) { + mspcap *mp; + int sz; + + assert(iod != NULL); + mp = (mspcap *)iod->pcap; + assert(mp); + + sz = mp->snaplen+1 + sizeof(nsock_pcap); + filespace_init(&(nse->iobuf), sz); + } +#endif + + if (timeout_msecs != -1) { + assert(timeout_msecs >= 0); + TIMEVAL_MSEC_ADD(nse->timeout, nsock_tod, timeout_msecs); + } + + nse->iod = iod; + nse->handler = handler; + nse->userdata = userdata; + + if (nse->iod == NULL) + nsock_log_debug("%s (IOD #NULL) (EID #%li)", __func__, nse->id); + else + nsock_log_debug("%s (IOD #%li) (EID #%li)", __func__, nse->iod->id, + nse->id); + return nse; +} + +/* Free an struct nevent which was allocated with event_new, including all internal + * resources. Note -- we assume that nse->iod->events_pending (if it exists) + * has ALREADY been decremented (done during event_dispatch_and_delete) -- so + * remember to do this if you call event_delete() directly */ +void event_delete(struct npool *nsp, struct nevent *nse) { + if (nse->iod == NULL) + nsock_log_debug("%s (IOD #NULL) (EID #%li)", __func__, nse->id); + else + nsock_log_debug("%s (IOD #%li) (EID #%li)", __func__, nse->iod->id, nse->id); + + /* First free the IOBuf inside it if necessary */ + if (nse->type == NSE_TYPE_READ || nse->type == NSE_TYPE_WRITE) { + fs_free(&nse->iobuf); + } + #if HAVE_PCAP + if (nse->type == NSE_TYPE_PCAP_READ) { + fs_free(&nse->iobuf); + nsock_log_debug_all("PCAP removed %lu", nse->id); + } + #endif + + /* Now we add the event back into the free pool */ + nse->event_done = 1; +} + + +/* Takes an nse_type (as returned by nse_type() and returns a static string name + * that you can use for printing, etc. */ +const char *nse_type2str(enum nse_type type) { + switch (type) { + case NSE_TYPE_CONNECT: return "CONNECT"; + case NSE_TYPE_CONNECT_SSL: return "SSL-CONNECT"; + case NSE_TYPE_READ: return "READ"; + case NSE_TYPE_WRITE: return "WRITE"; + case NSE_TYPE_TIMER: return "TIMER"; + case NSE_TYPE_PCAP_READ: return "READ-PCAP"; + default: + return "UNKNOWN!"; + } +} + +/* Takes an nse_status (as returned by nse_status() and returns a static string + * name that you can use for printing, etc. */ +const char *nse_status2str(enum nse_status status) { + switch (status) { + case NSE_STATUS_NONE: return "NONE"; + case NSE_STATUS_SUCCESS: return "SUCCESS"; + case NSE_STATUS_ERROR: return "ERROR"; + case NSE_STATUS_TIMEOUT: return "TIMEOUT"; + case NSE_STATUS_CANCELLED: return "CANCELLED"; + case NSE_STATUS_KILL: return "KILL"; + case NSE_STATUS_EOF: return "EOF"; + case NSE_STATUS_PROXYERROR: return "PROXY ERROR"; + default: + return "UNKNOWN!"; + } +} + +int event_timedout(struct nevent *nse) { + if (nse->event_done) + return 0; + + return (nse->timeout.tv_sec && !TIMEVAL_AFTER(nse->timeout, nsock_tod)); +} diff --git a/include/DomainExec/nsock/src/nsock_internal.h b/include/DomainExec/nsock/src/nsock_internal.h new file mode 100644 index 00000000..db89f94f --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_internal.h @@ -0,0 +1,523 @@ +/*************************************************************************** + * nsock_internal.h -- PRIVATE interface definitions for the guts of the * + * nsock parallel socket event library. Applications calling this library * + * should NOT include this. even LOOK at these :). * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NSOCK_INTERNAL_H +#define NSOCK_INTERNAL_H + +#include + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#include "nbase_config.h" +#endif + +#ifdef WIN32 +#include "nbase_winconfig.h" +#include +#endif + +#include "gh_list.h" +#include "gh_heap.h" +#include "filespace.h" +#include "nsock.h" /* The public interface -- I need it for some enum defs */ +#include "nsock_ssl.h" +#include "nsock_proxy.h" + +#if HAVE_SYS_TIME_H +#include +#endif +#if HAVE_UNISTD_H +#include +#endif +#if HAVE_SYS_SOCKET_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_ARPA_INET_H +#include +#endif +#if HAVE_STRING_H +#include +#endif +#if HAVE_STRINGS_H +#include +#endif +#if HAVE_SYS_UN_H +#include +#endif + +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif + + +/* ------------------- CONSTANTS ------------------- */ +#define READ_BUFFER_SZ 8192 + +enum nsock_read_types { + NSOCK_READLINES, + NSOCK_READBYTES, + NSOCK_READ +}; + +enum iod_state { + NSIOD_STATE_DELETED, + NSIOD_STATE_INITIAL, + + /* sd was provided to us in nsock_iod_new2 (see nsock_iod.c) */ + NSIOD_STATE_UNKNOWN, + + NSIOD_STATE_CONNECTED_TCP, + NSIOD_STATE_CONNECTED_UDP +}; + +/* XXX: ensure that these values can be OR'ed when adding new ones */ +#define EV_NONE 0x00 +#define EV_READ 0x01 +#define EV_WRITE 0x02 +#define EV_EXCEPT 0x04 + + +/* ------------------- STRUCTURES ------------------- */ + +struct readinfo { + enum nsock_read_types read_type; + /* num lines; num bytes; whatever (depends on read_type) */ + int num; +}; + +struct writeinfo { + struct sockaddr_storage dest; + size_t destlen; + /* Number of bytes successfully written */ + int written_so_far; +}; + +/* Remember that callers of this library should NOT be accessing these + * fields directly */ +struct npool { + /* User data, NULL if unset */ + void *userdata; + + /* IO Engine vtable */ + struct io_engine *engine; + /* IO Engine internal data */ + void *engine_data; + + /* Active network events */ + gh_list_t connect_events; + gh_list_t read_events; + gh_list_t write_events; +#if HAVE_PCAP + gh_list_t pcap_read_events; +#endif + gh_heap_t expirables; + + /* Active iods and related lists of events */ + gh_list_t active_iods; + + /* struct niod structures that have been freed for reuse */ + gh_list_t free_iods; + /* When an event is deleted, we stick it here for later reuse */ + gh_list_t free_events; + + /* Number of events pending (total) on all lists */ + int events_pending; + + /* Serial # of next event (used to create next nsock_event_id */ + unsigned long next_event_serial; + /* Serial # of next iod to be created */ + unsigned long next_iod_serial; + + /* If nsock_loop() returns NSOCK_LOOP_ERROR, this is where we describe the + * error (errnum fashion) */ + int errnum; + + /* If true, new sockets will have SO_BROADCAST set */ + int broadcast; + + /* Interface to bind to; only supported on Linux with SO_BINDTODEVICE sockopt. */ + const char *device; + + /* If true, exit the next iteration of nsock_loop with a status of + * NSOCK_LOOP_QUIT. */ + int quit; + +#if HAVE_OPENSSL + /* The SSL Context (options and such) */ + SSL_CTX *sslctx; +#endif + + /* Optional proxy chain (NULL is not set). Can only be set once per NSP (using + * nsock_proxychain_new() or nsock_pool_set_proxychain(). */ + struct proxy_chain *px_chain; + +}; + + +/* nsock_iod is like a "file descriptor" for the nsock library. You use it to + * request events. */ +struct niod { + /* The socket descriptor related to the event */ + int sd; + + /* Number of pending events on this iod */ + int events_pending; + + /* Pending events */ + gh_lnode_t *first_connect; + gh_lnode_t *first_read; + gh_lnode_t *first_write; +#if HAVE_PCAP + gh_lnode_t *first_pcap_read; +#endif + + int readsd_count; + int writesd_count; +#if HAVE_PCAP + int readpcapsd_count; +#endif + + int watched_events; + + /* The struct npool used to create the iod (used for deletion) */ + struct npool *nsp; + + enum iod_state state; + + /* The host and port we are connected to using sd (saves a call to getpeername) */ + struct sockaddr_storage peer; + /* The host and port to bind to with sd */ + struct sockaddr_storage local; + + /* The length of peer/local actually used (sizeof(sockaddr_in) or + * sizeof(sockaddr_in6), SUN_LEN(sockaddr_un), or 0 if peer/local + * has not been filled in */ + size_t locallen; + size_t peerlen; + + /* -1 if none yet, otherwise IPPROTO_TCP, etc. */ + int lastproto; + + /* The struct npool keeps track of NIODs that have been allocated so that it + * can destroy them if the msp is deleted. This pointer makes it easy to + * remove this struct niod from the allocated list when necessary */ + gh_lnode_t nodeq; + +#define IOD_REGISTERED 0x01 +#define IOD_PROCESSED 0x02 /* internally used by engine_kqueue.c */ + +#define IOD_PROPSET(iod, flag) ((iod)->_flags |= (flag)) +#define IOD_PROPCLR(iod, flag) ((iod)->_flags &= ~(flag)) +#define IOD_PROPGET(iod, flag) (((iod)->_flags & (flag)) != 0) + char _flags; + + /* Used for SSL Server Name Indication. */ + char *hostname; + +#if HAVE_OPENSSL + /* An SSL connection (or NULL if none) */ + SSL *ssl; + /* SSL SESSION ID (or NULL if none) */ + SSL_SESSION *ssl_session; +#else + /* Because there are many if (nsi->ssl) cases in the code */ + char *ssl; +#endif + /* Every iod has an id which is always unique for the same nspool (unless you + * create billions of them) */ + unsigned long id; + + /* No. of bytes read from the sd*/ + unsigned long read_count; + /* No. of bytes written to the sd */ + unsigned long write_count; + + void *userdata; + + /* IP options to set on socket before connect() */ + void *ipopts; + int ipoptslen; + + /* Pointer to mspcap struct (used only if pcap support is included) */ + void *pcap; + + struct proxy_chain_context *px_ctx; + +}; + + +/* nsock_event_t handles a single event. Its ID is generally returned when the + * event is created, and the event is included in callbacks */ +struct nevent { + /* Every event has an ID which is unique for a given nsock unless you blow + * through more than 500,000,000 events */ + nsock_event_id id; + + enum nse_type type; + enum nse_status status; + + /* For write events, this is the data to be written, for read events, this is + * what we will read into */ + struct filespace iobuf; + + /* The timeout of the event -- absolute time + * except that tv_sec == 0 means no timeout */ + struct timeval timeout; + + /* Info pertaining to READ requests */ + struct readinfo readinfo; + /* Info pertaining to WRITE requests */ + struct writeinfo writeinfo; + +#if HAVE_OPENSSL + struct sslinfo sslinfo; +#endif + + /* If we return a status of NSE_STATUS_ERROR, this must be set */ + int errnum; + + /* The nsock I/O descriptor related to event (if applicable) */ + struct niod *iod; + + /* The handler to call when event is complete */ + nsock_ev_handler handler; + + /* slot in the expirable binheap */ + gh_hnode_t expire; + + /* For some reasons (see nsock_pcap.c) we register pcap events as both read + * and pcap_read events when in PCAP_BSD_SELECT_HACK mode. We then need two + * gh_lnode_t handles. To make code simpler, we _always_ use _nodeq_pcap for + * pcap_read events and _nodeq_io for the other ones. + * When not in PCAP_BSD_SELECT_HACK mode we define both handles as members + * of an union to optimize memory footprint. */ + gh_lnode_t nodeq_io; + gh_lnode_t nodeq_pcap; + + /* Optional (NULL if unset) pointer to pass to the handler */ + void *userdata; + + /* If this event is all filled out and ready for immediate delivery, + * event_done is nonzero. Used when event is finished at unexpected time and + * we want to dispatch it later to avoid duplicating stat update code and all + * that other crap */ + unsigned int event_done: 1; + unsigned int eof: 1; + +#if HAVE_IOCP + struct extended_overlapped *eov; +#endif +}; + +struct io_operations { + int(*iod_connect)(struct npool *nsp, int sockfd, const struct sockaddr *addr, socklen_t addrlen); + + int(*iod_read)(struct npool *nsp, int sockfd, void *buf, size_t len, int flags, + struct sockaddr *src_addr, socklen_t *addrlen); + + int(*iod_write)(struct npool *nsp, int sockfd, const void *buf, size_t len, int flags, + const struct sockaddr *dest_addr, socklen_t addrlen); +}; + +struct io_engine { + /* Human readable identifier for this engine. */ + const char *name; + + /* Engine constructor */ + int (*init)(struct npool *nsp); + + /* Engine destructor */ + void (*destroy)(struct npool *nsp); + + /* Register a new IOD to the engine */ + int(*iod_register)(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev); + + /* Remove a registered IOD */ + int(*iod_unregister)(struct npool *nsp, struct niod *iod); + + /* Modify events for a registered IOD. + * - ev_set represent the events to add + * - ev_clr represent the events to delete (if set) */ + int (*iod_modify)(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr); + + /* Main engine loop */ + int (*loop)(struct npool *nsp, int msec_timeout); + + /* I/O operations */ + struct io_operations *io_operations; +}; + +/* ----------- NSOCK I/O ENGINE CONVENIENCE WRAPPERS ------------ */ +static inline int nsock_engine_init(struct npool *nsp) { + return nsp->engine->init(nsp); +} + +static inline void nsock_engine_destroy(struct npool *nsp) { + nsp->engine->destroy(nsp); + return; +} + +static inline int nsock_engine_iod_register(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev) { + return nsp->engine->iod_register(nsp, iod, nse, ev); +} + +static inline int nsock_engine_iod_unregister(struct npool *nsp, struct niod *iod) { + return nsp->engine->iod_unregister(nsp, iod); +} + +static inline int nsock_engine_iod_modify(struct npool *nsp, struct niod *iod, struct nevent *nse, int ev_set, int ev_clr) { + return nsp->engine->iod_modify(nsp, iod, nse, ev_set, ev_clr); +} + +static inline int nsock_engine_loop(struct npool *nsp, int msec_timeout) { + return nsp->engine->loop(nsp, msec_timeout); +} + +/* ------------------- PROTOTYPES ------------------- */ + +int event_timedout(struct nevent *nse); + +/* Get a new nsock_event_id, given a type */ +nsock_event_id get_new_event_id(struct npool *nsp, enum nse_type type); + +/* Take an event ID and return the type (NSE_TYPE_CONNECT, etc */ +enum nse_type get_event_id_type(nsock_event_id event_id); + +/* Create a new event structure -- must be deleted later with event_delete, + * unless it returns NULL (failure). NULL can be passed in for the struct niod and + * the userdata if not available. */ +struct nevent *event_new(struct npool *nsp, enum nse_type type, struct niod *iod, + int timeout_msecs, nsock_ev_handler handler, void *userdata); + +/* An internal function for cancelling an event when you already have a pointer + * to the struct nevent (use nsock_event_cancel if you just have an ID). The + * event_list passed in should correspond to the type of the event. For + * example, with NSE_TYPE_READ, you would pass in &iod->read_events;. elem + * is the list element in event_list which holds the event. Pass a nonzero for + * notify if you want the program owning the event to be notified that it has + * been cancelled */ +int nevent_delete(struct npool *nsp, struct nevent *nse, gh_list_t *event_list, gh_lnode_t *elem, int notify); + +/* Adjust various statistics, dispatches the event handler (if notify is + * nonzero) and then deletes the event. This function does NOT delete the event + * from any lists it might be on (eg nsp->read_list etc.) nse->event_done + * MUST be true when you call this */ +void event_dispatch_and_delete(struct npool *nsp, struct nevent *nse, int notify); + +/* Free an struct nevent which was allocated with event_new, including all internal + * resources. Note -- we assume that nse->iod->events_pending (if it exists) + * has ALREADY been decremented (done during event_dispatch_and_delete) -- so + * remember to do this if you call event_delete() directly */ +void event_delete(struct npool *nsp, struct nevent *nse); + +/* Add an event to the appropriate nsp event list, handles housekeeping such as + * adjusting the descriptor select/poll lists, registering the timeout value, + * etc. */ +void nsock_pool_add_event(struct npool *nsp, struct nevent *nse); + +void nsock_connect_internal(struct npool *ms, struct nevent *nse, int type, int proto, struct sockaddr_storage *ss, size_t sslen, unsigned short port); + +/* Comments on using the following handle_*_result functions are available in nsock_core.c */ + +/* handle_connect_results assumes that select or poll have already shown the + * descriptor to be active */ +void handle_connect_result(struct npool *ms, struct nevent *nse, enum nse_status status); + +void handle_read_result(struct npool *ms, struct nevent *nse, enum nse_status status); + +void handle_write_result(struct npool *ms, struct nevent *nse, enum nse_status status); + +void handle_timer_result(struct npool *ms, struct nevent *nse, enum nse_status status); + +#if HAVE_PCAP +void handle_pcap_read_result(struct npool *ms, struct nevent *nse, enum nse_status status); +#endif + +/* An event has been completed and the handler is about to be called. This + * function writes out tracing data about the event if necessary */ +void nsock_trace_handler_callback(struct npool *ms, struct nevent *nse); + +#if HAVE_OPENSSL +/* Sets the ssl session of an nsock_iod, increments usage count. The session + * should not have been set yet (as no freeing is done) */ +void nsi_set_ssl_session(struct niod *iod, SSL_SESSION *sessid); +#endif + +static inline struct nevent *next_expirable_event(struct npool *nsp) { + gh_hnode_t *hnode; + + hnode = gh_heap_min(&nsp->expirables); + if (!hnode) + return NULL; + + return container_of(hnode, struct nevent, expire); +} + +static inline struct nevent *lnode_nevent(gh_lnode_t *lnode) { + return container_of(lnode, struct nevent, nodeq_io); +} + +static inline struct nevent *lnode_nevent2(gh_lnode_t *lnode) { + return container_of(lnode, struct nevent, nodeq_pcap); +} + +#endif /* NSOCK_INTERNAL_H */ + diff --git a/include/DomainExec/nsock/src/nsock_iod.c b/include/DomainExec/nsock/src/nsock_iod.c new file mode 100644 index 00000000..e79f1d42 --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_iod.c @@ -0,0 +1,459 @@ +/*************************************************************************** + * nsock_iod.c -- This contains the functions relating to nsock_iod (and * + * its nsock internal manifestation -- nsockiod. This is is similar to a * + * file descriptor in that you create it and then use it to initiate * + * connections, read/write data, etc. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nsock.h" +#include "nsock_internal.h" +#include "nsock_log.h" +#include "gh_list.h" +#include "netutils.h" + +#if HAVE_PCAP +#include "nsock_pcap.h" +#endif + +#include + + +/* nsock_iod is like a "file descriptor" for the nsock library. You use it to + * request events. And here is how you create an nsock_iod. nsock_iod_new returns + * NULL if the iod cannot be allocated. Pass NULL as userdata if you don't want + * to immediately associate any user data with the iod. */ +nsock_iod nsock_iod_new(nsock_pool nsockp, void *userdata) { + return nsock_iod_new2(nsockp, -1, userdata); +} + +/* This version allows you to associate an existing sd with the msi so that you + * can read/write it using the nsock infrastructure. For example, you may want + * to watch for data from STDIN_FILENO at the same time as you read/write + * various sockets. STDIN_FILENO is a special case, however. Any other sd is + * dup()ed, so you may close or otherwise manipulate your copy. The duped copy + * will be destroyed when the nsi is destroyed. */ +nsock_iod nsock_iod_new2(nsock_pool nsockp, int sd, void *userdata) { + struct npool *nsp = (struct npool *)nsockp; + gh_lnode_t *lnode; + struct niod *nsi; + + lnode = gh_list_pop(&nsp->free_iods); + if (!lnode) { + nsi = (struct niod *)safe_malloc(sizeof(*nsi)); + memset(nsi, 0, sizeof(*nsi)); + } else { + nsi = container_of(lnode, struct niod, nodeq); + } + + if (sd == -1) { + nsi->sd = -1; + nsi->state = NSIOD_STATE_INITIAL; + } else if (sd == STDIN_FILENO) { + nsi->sd = STDIN_FILENO; + nsi->state = NSIOD_STATE_UNKNOWN; + } else { + nsi->sd = dup_socket(sd); + if (nsi->sd == -1) { + free(nsi); + return NULL; + } + unblock_socket(nsi->sd); + nsi->state = NSIOD_STATE_UNKNOWN; + } + + nsi->first_connect = NULL; + nsi->first_read = NULL; + nsi->first_write = NULL; +#if HAVE_PCAP + nsi->first_pcap_read = NULL; + nsi->readpcapsd_count = 0; +#endif + nsi->readsd_count = 0; + nsi->write_count = 0; + + nsi->userdata = userdata; + nsi->nsp = (struct npool *)nsockp; + + nsi->_flags = 0; + + nsi->read_count = 0; + nsi->write_count = 0; + + nsi->hostname = NULL; + + nsi->ipopts = NULL; + nsi->ipoptslen = 0; + +#if HAVE_OPENSSL + nsi->ssl_session = NULL; +#endif + + if (nsp->px_chain) { + nsi->px_ctx = proxy_chain_context_new(nsp); + } else { + nsi->px_ctx = NULL; + } + + nsi->id = nsp->next_iod_serial++; + if (nsi->id == 0) + nsi->id = nsp->next_iod_serial++; + + /* The nsp keeps track of active iods so it can delete them if it is deleted */ + gh_list_append(&nsp->active_iods, &nsi->nodeq); + + nsock_log_info("nsock_iod_new (IOD #%lu)", nsi->id); + + return (nsock_iod)nsi; +} + +/* Defined in nsock_core.c. */ +int socket_count_zero(struct niod *iod, struct npool *ms); + +/* If nsock_iod_new returned success, you must free the iod when you are done with + * it to conserve memory (and in some cases, sockets). After this call, + * nsockiod may no longer be used -- you need to create a new one with + * nsock_iod_new(). pending_response tells what to do with any events that are + * pending on this nsock_iod. This can be NSOCK_PENDING_NOTIFY (send a KILL + * notification to each event), NSOCK_PENDING_SILENT (do not send notification + * to the killed events), or NSOCK_PENDING_ERROR (print an error message and + * quit the program) */ +void nsock_iod_delete(nsock_iod nsockiod, enum nsock_del_mode pending_response) { +#if HAVE_PCAP +#define NUM_EVT_TYPES 4 +#else +#define NUM_EVT_TYPES 3 +#endif + struct niod *nsi = (struct niod *)nsockiod; + gh_lnode_t *evlist_ar[NUM_EVT_TYPES]; + gh_list_t *corresp_list[NUM_EVT_TYPES]; + int i; + gh_lnode_t *current, *next; + + assert(nsi); + + if (nsi->state == NSIOD_STATE_DELETED) { + /* This nsi is already marked as deleted, will probably be removed from the + * list very soon. Just return to avoid breaking reentrancy. */ + return; + } + + nsock_log_info("nsock_iod_delete (IOD #%lu)", nsi->id); + + if (nsi->events_pending > 0) { + /* shit -- they killed the struct niod while an event was still pending on it. + * Maybe I should store the pending events in the iod. On the other hand, + * this should be a pretty rare occurrence and so I'll save space and hassle + * by just locating the events here by searching through the active events + * list */ + if (pending_response == NSOCK_PENDING_ERROR) + fatal("nsock_iod_delete called with argument NSOCK_PENDING_ERROR on a nsock_iod that has %d pending event(s) associated with it", nsi->events_pending); + + assert(pending_response == NSOCK_PENDING_NOTIFY || pending_response == NSOCK_PENDING_SILENT); + + evlist_ar[0] = nsi->first_connect; + evlist_ar[1] = nsi->first_read; + evlist_ar[2] = nsi->first_write; +#if HAVE_PCAP + evlist_ar[3] = nsi->first_pcap_read; +#endif + + corresp_list[0] = &nsi->nsp->connect_events; + corresp_list[1] = &nsi->nsp->read_events; + corresp_list[2] = &nsi->nsp->write_events; +#if HAVE_PCAP + corresp_list[3] = &nsi->nsp->pcap_read_events; +#endif + + for (i = 0; i < NUM_EVT_TYPES && nsi->events_pending > 0; i++) { + for (current = evlist_ar[i]; current != NULL; current = next) { + struct nevent *nse; + + next = gh_lnode_next(current); + nse = lnode_nevent(current); + + /* we're done with this list of events for the current IOD */ + if (nse->iod != nsi) + break; + + nevent_delete(nsi->nsp, nse, corresp_list[i], current, pending_response == NSOCK_PENDING_NOTIFY); + } + } + } + + if (nsi->events_pending != 0) + fatal("Trying to delete NSI, but could not find %d of the purportedly pending events on that IOD.\n", nsi->events_pending); + + /* Make sure we no longer select on this socket, in case the socket counts + * weren't already decremented to zero. */ + if (nsi->sd >= 0) + socket_count_zero(nsi, nsi->nsp); + + free(nsi->hostname); + +#if HAVE_OPENSSL + /* Close any SSL resources */ + if (nsi->ssl) { + /* No longer free session because copy nsi stores is not reference counted */ +#if 0 + if (nsi->ssl_session) + SSL_SESSION_free(nsi->ssl_session); + nsi->ssl_session = NULL; +#endif + + if (SSL_shutdown(nsi->ssl) == -1) { + nsock_log_info("nsock_iod_delete: SSL shutdown failed (%s) on NSI %li", + ERR_reason_error_string(SSL_get_error(nsi->ssl, -1)), nsi->id); + } + + /* I don't really care if the SSL_shutdown() succeeded politely. I could + * make the SD blocking temporarily for this, but I'm hoping it will succeed + * 95% of the time because we can usually write to a socket. */ + SSL_free(nsi->ssl); + nsi->ssl = NULL; + } +#endif + + if (nsi->sd >= 0 && nsi->sd != STDIN_FILENO) { + close(nsi->sd); + nsi->sd = -1; + } + + nsi->state = NSIOD_STATE_DELETED; + nsi->userdata = NULL; + + if (nsi->ipoptslen) + free(nsi->ipopts); + +#if HAVE_PCAP + if (nsi->pcap){ + mspcap *mp = (mspcap *)nsi->pcap; + + if (mp->pt){ + pcap_close(mp->pt); + mp->pt = NULL; + } + if (mp->pcap_desc) { + /* pcap_close() will close the associated pcap descriptor */ + mp->pcap_desc = -1; + } + if (mp->pcap_device) { + free(mp->pcap_device); + mp->pcap_device = NULL; + } + free(mp); + nsi->pcap = NULL; + } +#endif + + if (nsi->px_ctx) + proxy_chain_context_delete(nsi->px_ctx); +} + +/* Returns the ID of an nsock_iod . This ID is always unique amongst ids for a + * given nspool (unless you blow through billions of them). */ +unsigned long nsock_iod_id(nsock_iod nsockiod) { + assert(nsockiod); + return ((struct niod *)nsockiod)->id; +} + +/* Returns the SSL object inside an nsock_iod, or NULL if unset. */ +nsock_ssl nsock_iod_get_ssl(nsock_iod iod) { +#if HAVE_OPENSSL + return ((struct niod *)iod)->ssl; +#else + return NULL; +#endif +} + +/* Returns the SSL_SESSION of an nsock_iod. + * Increments its usage count if inc_ref is not zero. */ +nsock_ssl_session nsock_iod_get_ssl_session(nsock_iod iod, int inc_ref) { +#if HAVE_OPENSSL + if (inc_ref) + return SSL_get1_session(((struct niod *)iod)->ssl); + else + return SSL_get0_session(((struct niod *)iod)->ssl); +#else + return NULL; +#endif +} + +/* sets the ssl session of an nsock_iod, increments usage count. The session + * should not have been set yet (as no freeing is done) */ +#if HAVE_OPENSSL +void nsi_set_ssl_session(struct niod *iod, SSL_SESSION *sessid) { + if (sessid) { + iod->ssl_session = sessid; + /* No reference counting for the copy stored briefly in nsiod */ + } +} +#endif + +/* Sometimes it is useful to store a pointer to information inside the struct niod so + * you can retrieve it during a callback. */ +void nsock_iod_set_udata(nsock_iod iod, void *udata) { + assert(iod); + ((struct niod *)iod)->userdata = udata; +} + +/* And the function above wouldn't make much sense if we didn't have a way to + * retrieve that data... */ +void *nsock_iod_get_udata(nsock_iod iod) { + assert(iod); + return ((struct niod *)iod)->userdata; +} + +/* Returns 1 if an NSI is communicating via SSL, 0 otherwise. */ +int nsock_iod_check_ssl(nsock_iod iod) { + return (((struct niod *)iod)->ssl) ? 1 : 0; +} + +/* Returns the remote peer port (or -1 if unavailable). Note the return value + * is a whole int so that -1 can be distinguished from 65535. Port is returned + * in host byte order. */ +int nsock_iod_get_peerport(nsock_iod iod) { + struct niod *nsi = (struct niod *)iod; + int fam; + + if (nsi->peerlen <= 0) + return -1; + + fam = ((struct sockaddr_in *)&nsi->peer)->sin_family; + + if (fam == AF_INET) + return ntohs(((struct sockaddr_in *)&nsi->peer)->sin_port); +#if HAVE_IPV6 + else if (fam == AF_INET6) + return ntohs(((struct sockaddr_in6 *)&nsi->peer)->sin6_port); +#endif + + return -1; +} + +/* Sets the local address to bind to before connect() */ +int nsock_iod_set_localaddr(nsock_iod iod, struct sockaddr_storage *ss, + size_t sslen) { + struct niod *nsi = (struct niod *)iod; + + assert(nsi); + + if (sslen > sizeof(nsi->local)) + return -1; + + memcpy(&nsi->local, ss, sslen); + nsi->locallen = sslen; + return 0; +} + +/* Sets IPv4 options to apply before connect(). It makes a copy of the options, + * so you can free() yours if necessary. This copy is freed when the iod is + * destroyed. */ +int nsock_iod_set_ipoptions(nsock_iod iod, void *opts, size_t optslen) { + struct niod *nsi = (struct niod *)iod; + + assert(nsi); + + if (optslen > 44) + return -1; + + nsi->ipopts = safe_malloc(optslen); + memcpy(nsi->ipopts, opts, optslen); + nsi->ipoptslen = optslen; + return 0; +} + +/* I didn't want to do this. Its an ugly hack, but I suspect it will be + * necessary. I certainly can't reproduce in nsock EVERYTHING you might want + * to do with a socket. So I'm offering you this function to obtain the socket + * descriptor which is (usually) wrapped in a nsock_iod). You can do + * "reasonable" things with it, like setting socket receive buffers. But don't + * create havok by closing the descriptor! If the descriptor you get back is + * -1, the iod does not currently possess a valid descriptor */ +int nsock_iod_get_sd(nsock_iod iod) { + struct niod *nsi = (struct niod *)iod; + + assert(nsi); + +#if HAVE_PCAP + if (nsi->pcap) + return ((mspcap *)nsi->pcap)->pcap_desc; + else +#endif + return nsi->sd; +} + +unsigned long nsock_iod_get_read_count(nsock_iod iod){ + assert(iod); + return ((struct niod *)iod)->read_count; +} + +unsigned long nsock_iod_get_write_count(nsock_iod iod){ + assert(iod); + return ((struct niod *)iod)->write_count; +} + +int nsock_iod_set_hostname(nsock_iod iod, const char *hostname) { + struct niod *nsi = (struct niod *)iod; + + if (nsi->hostname != NULL) + free(nsi->hostname); + + nsi->hostname = strdup(hostname); + if (nsi->hostname == NULL) + return -1; + + return 0; +} + diff --git a/include/DomainExec/nsock/src/nsock_log.c b/include/DomainExec/nsock/src/nsock_log.c new file mode 100644 index 00000000..d01b10ca --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_log.c @@ -0,0 +1,120 @@ +/*************************************************************************** + * nsock_log.c -- nsock logging infrastructure. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + + +#define _GNU_SOURCE +#include + +#include +#include +#include +#include + +#include "nsock_internal.h" +#include "nsock_log.h" + +static void nsock_stderr_logger(const struct nsock_log_rec *rec); + +extern struct timeval nsock_tod; + +nsock_loglevel_t NsockLogLevel = NSOCK_LOG_ERROR; +nsock_logger_t NsockLogger = nsock_stderr_logger; + + +void nsock_set_log_function(nsock_logger_t logger) { + if (logger != NULL) + NsockLogger = logger; + else + NsockLogger = nsock_stderr_logger; + + nsock_log_debug("Registered external logging function: %p", NsockLogger); +} + +nsock_loglevel_t nsock_get_loglevel(void) { + return NsockLogLevel; +} + +void nsock_set_loglevel(nsock_loglevel_t loglevel) { + NsockLogLevel = loglevel; + nsock_log_debug("Set log level to %s", nsock_loglevel2str(loglevel)); +} + +void nsock_stderr_logger(const struct nsock_log_rec *rec) { + fprintf(stderr, "libnsock %s(): %s\n", rec->func, rec->msg); +} + +void __nsock_log_internal(nsock_loglevel_t loglevel, const char *file, int line, + const char *func, const char *format, ...) { + struct nsock_log_rec rec; + va_list args; + int rc; + + va_start(args, format); + + rec.level = loglevel; + rec.time = nsock_tod; + rec.file = file; + rec.line = line; + rec.func = func; + + rc = vasprintf(&rec.msg, format, args); + if (rc >= 0) { + NsockLogger(&rec); + free(rec.msg); + } + va_end(args); +} + diff --git a/include/DomainExec/nsock/src/nsock_log.h b/include/DomainExec/nsock/src/nsock_log.h new file mode 100644 index 00000000..919a2327 --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_log.h @@ -0,0 +1,119 @@ +/*************************************************************************** + * nsock_log.c -- nsock logging infrastructure. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + + +#ifndef NSOCK_LOG_H +#define NSOCK_LOG_H + +#include "nsock.h" + +extern nsock_loglevel_t NsockLogLevel; +extern nsock_logger_t NsockLogger; + + +#define NSOCK_LOG_WRAP(lvl, ...) \ + do { \ + if (NsockLogger && (lvl) >= NsockLogLevel) { \ + __nsock_log_internal((lvl), __FILE__, __LINE__, __func__, __VA_ARGS__); \ + } \ + } while (0) + + +static inline const char *nsock_loglevel2str(nsock_loglevel_t level) +{ + switch (level) { + case NSOCK_LOG_DBG_ALL: + return "FULL DEBUG"; + case NSOCK_LOG_DBG: + return "DEBUG"; + case NSOCK_LOG_INFO: + return "INFO"; + case NSOCK_LOG_ERROR: + return "ERROR"; + default: + return "???"; + } +} + +/* -- Internal logging macros -- */ +/** + * Most detailed debug messages, like allocating or moving objects. + */ +#define nsock_log_debug_all(...) NSOCK_LOG_WRAP(NSOCK_LOG_DBG_ALL, __VA_ARGS__) + +/** + * Detailed debug messages, describing internal operations. + */ +#define nsock_log_debug(...) NSOCK_LOG_WRAP(NSOCK_LOG_DBG, __VA_ARGS__) + +/** + * High level debug messages, describing top level operations and external + * requests. + */ +#define nsock_log_info(...) NSOCK_LOG_WRAP(NSOCK_LOG_INFO, __VA_ARGS__) + +/** + * Error messages. + */ +#define nsock_log_error(...) NSOCK_LOG_WRAP(NSOCK_LOG_ERROR, __VA_ARGS__) + + +void __nsock_log_internal(nsock_loglevel_t loglevel, const char *file, int line, + const char *func, const char *format, ...) + __attribute__((format (printf, 5, 6))); + +#endif /* NSOCK_LOG_H */ + diff --git a/include/DomainExec/nsock/src/nsock_pcap.c b/include/DomainExec/nsock/src/nsock_pcap.c new file mode 100644 index 00000000..64650314 --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_pcap.c @@ -0,0 +1,494 @@ +/*************************************************************************** + * nsock_pcap.c -- This contains pcap operations functions from * + * the nsock parallel socket event library * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nsock.h" +#include "nsock_internal.h" +#include "nsock_log.h" + +#include +#if HAVE_SYS_IOCTL_H +#include +#endif +#if HAVE_NET_BPF_H +#ifdef _AIX +/* Prevent bpf.h from redefining the DLT_ values to their IFT_ values. (See + * similar comment in libpcap/pcap-bpf.c.) */ +#undef _AIX +#include +#define _AIX +#else +#include +#endif +#endif + +#include "nsock_pcap.h" + +extern struct timeval nsock_tod; + +#if HAVE_PCAP + +#define PCAP_OPEN_MAX_RETRIES 3 + +#define PCAP_FAILURE_EXPL_MESSAGE \ + "There are several possible reasons for this, " \ + "depending on your operating system:\n" \ + "LINUX: If you are getting Socket type not supported, " \ + "try modprobe af_packet or recompile your kernel with PACKET enabled.\n" \ + "*BSD: If you are getting device not configured, you need to recompile " \ + "your kernel with Berkeley Packet Filter support." \ + "If you are getting No such file or directory, try creating the device " \ + "(eg cd /dev; MAKEDEV ; or use mknod).\n" \ + "*WINDOWS: Nmap only supports ethernet interfaces on Windows for most " \ + "operations because Microsoft disabled raw sockets as of Windows XP SP2. " \ + "Depending on the reason for this error, it is possible that the " \ + "--unprivileged command-line argument will help.\n" \ + "SOLARIS: If you are trying to scan localhost and getting "\ + "'/dev/lo0: No such file or directory', complain to Sun. "\ + "I don't think Solaris can support advanced localhost scans. "\ + "You can probably use \"-PN -sT localhost\" though.\n\n" + + +static int nsock_pcap_set_filter(struct npool *nsp, pcap_t *pt, const char *device, + const char *bpf) { + struct bpf_program fcode; + int rc; + + rc = pcap_compile(pt, &fcode, (char *)bpf, 1, PCAP_NETMASK_UNKNOWN); + if (rc) { + nsock_log_error("Error compiling pcap filter: %s", pcap_geterr(pt)); + return rc; + } + + rc = pcap_setfilter(pt, &fcode); + if (rc) { + nsock_log_error("Failed to set the pcap filter: %s", pcap_geterr(pt)); + return rc; + } + + pcap_freecode(&fcode); + return 0; +} + +static int nsock_pcap_get_l3_offset(pcap_t *pt, int *dl) { + int datalink; + unsigned int offset = 0; + + /* New packet capture device, need to recompute offset */ + if ((datalink = pcap_datalink(pt)) < 0) + fatal("Cannot obtain datalink information: %s", pcap_geterr(pt)); + + /* XXX NOTE: + * if a new offset ever exceeds the current max (24), + * adjust MAX_LINK_HEADERSZ in libnetutil/netutil.h + */ + switch (datalink) { + case DLT_EN10MB: offset = 14; break; + case DLT_IEEE802: offset = 22; break; + #ifdef __amigaos__ + case DLT_MIAMI: offset = 16; break; + #endif + #ifdef DLT_LOOP + case DLT_LOOP: + #endif + case DLT_NULL: offset = 4; break; + + case DLT_SLIP: + #ifdef DLT_SLIP_BSDOS + case DLT_SLIP_BSDOS: + #endif + #if (FREEBSD || OPENBSD || NETBSD || BSDI || MACOSX) + offset = 16;break; + #else + offset = 24;break; /* Anyone use this??? */ + #endif + + case DLT_PPP: + #ifdef DLT_PPP_BSDOS + case DLT_PPP_BSDOS: + #endif + #ifdef DLT_PPP_SERIAL + case DLT_PPP_SERIAL: + #endif + #ifdef DLT_PPP_ETHER + case DLT_PPP_ETHER: + #endif + #if (FREEBSD || OPENBSD || NETBSD || BSDI || MACOSX) + offset = 4;break; + #else + #ifdef SOLARIS + offset = 8;break; + #else + offset = 24;break; /* Anyone use this? */ + #endif /* ifdef solaris */ + #endif /* if freebsd || openbsd || netbsd || bsdi */ + #ifdef DLT_RAW + case DLT_RAW: offset = 0; break; + #endif /* DLT_RAW */ + case DLT_FDDI: offset = 21; break; + #ifdef DLT_ENC + case DLT_ENC: offset = 12; break; + #endif /* DLT_ENC */ + #ifdef DLT_LINUX_SLL + case DLT_LINUX_SLL: offset = 16; break; + #endif + #ifdef DLT_IPNET + case DLT_IPNET: offset = 24; break; + #endif /* DLT_IPNET */ + + default: /* Sorry, link type is unknown. */ + fatal("Unknown datalink type %d.\n", datalink); + } + if (dl) + *dl = datalink; + return (offset); +} + +static int nsock_pcap_try_open(struct npool *nsp, mspcap *mp, const char *dev, + int snaplen, int promisc, int timeout_ms, + char *errbuf) { + mp->pt = pcap_open_live(dev, snaplen, promisc, timeout_ms, errbuf); + if (!mp->pt) { + nsock_log_error("pcap_open_live(%s, %d, %d, %d) failed with error: %s", + dev, snaplen, promisc, timeout_ms, errbuf); + return -1; + } + return 0; +} + +/* Convert new nsiod to pcap descriptor. Other parameters have + * the same meaning as for pcap_open_live in pcap(3). + * device : pcap-style device name + * snaplen : size of packet to be copied to handler + * promisc : whether to open device in promiscuous mode + * bpf_fmt : berkeley filter + * return value: NULL if everything was okay, or error string + * if error occurred. */ +int nsock_pcap_open(nsock_pool nsp, nsock_iod nsiod, const char *pcap_device, + int snaplen, int promisc, const char *bpf_fmt, ...) { + struct niod *nsi = (struct niod *)nsiod; + struct npool *ms = (struct npool *)nsp; + mspcap *mp = (mspcap *)nsi->pcap; + char errbuf[PCAP_ERRBUF_SIZE]; + char bpf[4096]; + va_list ap; + int failed, datalink; + int rc; + +#ifdef PCAP_CAN_DO_SELECT +#if PCAP_BSD_SELECT_HACK + /* MacOsX reports error if to_ms is too big (like INT_MAX) with error + * FAILED. Reported error: BIOCSRTIMEOUT: Invalid argument + * INT_MAX/6 (=357913941) seems to be working... */ + int to_ms = 357913941; +#else + int to_ms = 200; +#endif /* PCAP_BSD_SELECT_HACK */ + +#else + int to_ms = 1; +#endif + + gettimeofday(&nsock_tod, NULL); + + if (mp) { + nsock_log_error("This nsi already has pcap device opened"); + return -1; + } + + mp = (mspcap *)safe_zalloc(sizeof(mspcap)); + nsi->pcap = (void *)mp; + + va_start(ap, bpf_fmt); + rc = Vsnprintf(bpf, sizeof(bpf), bpf_fmt, ap); + va_end(ap); + + if (rc >= (int)sizeof(bpf)) { + nsock_log_error("Too-large bpf filter argument"); + return -1; + } + + nsock_log_info("PCAP requested on device '%s' with berkeley filter '%s' " + "(promisc=%i snaplen=%i to_ms=%i) (IOD #%li)", + pcap_device,bpf, promisc, snaplen, to_ms, nsi->id); + + failed = 0; + do { + rc = nsock_pcap_try_open(ms, mp, pcap_device, snaplen, promisc, to_ms, errbuf); + if (rc) { + failed++; + nsock_log_error("Will wait %d seconds then retry.", 4 * failed); + sleep(4 * failed); + } + } while (rc && failed < PCAP_OPEN_MAX_RETRIES); + + if (rc) { + nsock_log_error("pcap_open_live(%s, %d, %d, %d) failed %d times.", + pcap_device, snaplen, promisc, to_ms, failed); + nsock_log_error(PCAP_FAILURE_EXPL_MESSAGE); + nsock_log_error("Can't open pcap! Are you root?"); + return -1; + } + + rc = nsock_pcap_set_filter(ms, mp->pt, pcap_device, bpf); + if (rc) + return rc; + +#ifdef WIN32 + /* We want any responses back ASAP */ + pcap_setmintocopy(mp->pt, 1); +#endif + + mp->l3_offset = nsock_pcap_get_l3_offset(mp->pt, &datalink); + mp->snaplen = snaplen; + mp->datalink = datalink; + mp->pcap_device = strdup(pcap_device); +#ifdef PCAP_CAN_DO_SELECT + mp->pcap_desc = pcap_get_selectable_fd(mp->pt); +#else + mp->pcap_desc = -1; +#endif + mp->readsd_count = 0; + + /* Without setting this ioctl, some systems (BSDs, though it depends on the + * release) will buffer packets in non-blocking mode and only return them in a + * bunch when the buffer is full. Setting the ioctl makes each one be + * delivered immediately. This is how Linux works by default. See the comments + * surrounding the setting of BIOCIMMEDIATE in libpcap/pcap-bpf.c. */ +#ifdef BIOCIMMEDIATE + if (mp->pcap_desc != -1) { + int immediate = 1; + + if (ioctl(mp->pcap_desc, BIOCIMMEDIATE, &immediate) < 0) + fatal("Cannot set BIOCIMMEDIATE on pcap descriptor"); + } +#endif + + /* Set device non-blocking */ + rc = pcap_setnonblock(mp->pt, 1, errbuf); + if (rc) { + + /* I can't do select() on pcap! + * blocking + no_select is fatal */ +#ifndef PCAP_BSD_SELECT_HACK + if (mp->pcap_desc < 0) +#endif + { + nsock_log_error("Failed to set pcap descriptor on device %s " + "to nonblocking mode: %s", pcap_device, errbuf); + return -1; + } + /* in other case, we can accept blocking pcap */ + nsock_log_info("Failed to set pcap descriptor on device %s " + "to nonblocking state: %s", pcap_device, errbuf); + } + + if (NsockLogLevel <= NSOCK_LOG_INFO) { + #if PCAP_BSD_SELECT_HACK + int bsd_select_hack = 1; + #else + int bsd_select_hack = 0; + #endif + + #if PCAP_RECV_TIMEVAL_VALID + int recv_timeval_valid = 1; + #else + int recv_timeval_valid = 0; + #endif + + nsock_log_info("PCAP created successfully on device '%s' " + "(pcap_desc=%i bsd_hack=%i to_valid=%i l3_offset=%i) (IOD #%li)", + pcap_device, mp->pcap_desc, bsd_select_hack, + recv_timeval_valid, mp->l3_offset, nsi->id); + } + return 0; +} + +/* Requests exactly one packet to be captured. */ +nsock_event_id nsock_pcap_read_packet(nsock_pool nsp, nsock_iod nsiod, + nsock_ev_handler handler, + int timeout_msecs, void *userdata) { + struct niod *nsi = (struct niod *)nsiod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + + nse = event_new(ms, NSE_TYPE_PCAP_READ, nsi, timeout_msecs, handler, userdata); + assert(nse); + + nsock_log_info("Pcap read request from IOD #%li EID %li", nsi->id, nse->id); + + nsock_pool_add_event(ms, nse); + + return nse->id; +} + +/* Remember that pcap descriptor is in nonblocking state. */ +int do_actual_pcap_read(struct nevent *nse) { + mspcap *mp = (mspcap *)nse->iod->pcap; + nsock_pcap npp; + nsock_pcap *n; + struct pcap_pkthdr *pkt_header; + const unsigned char *pkt_data = NULL; + int rc; + + memset(&npp, 0, sizeof(nsock_pcap)); + + nsock_log_debug_all("PCAP %s TEST (IOD #%li) (EID #%li)", + __func__, nse->iod->id, nse->id); + + assert(fs_length(&(nse->iobuf)) == 0); + + rc = pcap_next_ex(mp->pt, &pkt_header, &pkt_data); + switch (rc) { + case 1: /* read good packet */ +#ifdef PCAP_RECV_TIMEVAL_VALID + npp.ts = pkt_header->ts; +#else + /* On these platforms time received from pcap is invalid. + * It's better to set current time */ + memcpy(&npp.ts, nsock_gettimeofday(), sizeof(struct timeval)); +#endif + npp.len = pkt_header->len; + npp.caplen = pkt_header->caplen; + npp.packet = pkt_data; + + fs_cat(&(nse->iobuf), (char *)&npp, sizeof(npp)); + fs_cat(&(nse->iobuf), (char *)pkt_data, npp.caplen); + n = (nsock_pcap *)fs_str(&(nse->iobuf)); + n->packet = (unsigned char *)fs_str(&(nse->iobuf)) + sizeof(npp); + + nsock_log_debug_all("PCAP %s READ (IOD #%li) (EID #%li) size=%i", + __func__, nse->iod->id, nse->id, pkt_header->caplen); + rc = 1; + break; + + case 0: /* timeout */ + rc = 0; + break; + + case -1: /* error */ + fatal("pcap_next_ex() fatal error while reading from pcap: %s\n", + pcap_geterr(mp->pt)); + break; + + case -2: /* no more packets in savefile (if reading from one) */ + default: + fatal("Unexpected return code from pcap_next_ex! (%d)\n", rc); + } + + return rc; +} + +void nse_readpcap(nsock_event nsev, const unsigned char **l2_data, size_t *l2_len, + const unsigned char **l3_data, size_t *l3_len, + size_t *packet_len, struct timeval *ts) { + struct nevent *nse = (struct nevent *)nsev; + struct niod *iod = nse->iod; + mspcap *mp = (mspcap *)iod->pcap; + nsock_pcap *n; + size_t l2l; + size_t l3l; + + n = (nsock_pcap *)fs_str(&(nse->iobuf)); + if (fs_length(&(nse->iobuf)) < sizeof(nsock_pcap)) { + if (l2_data) + *l2_data = NULL; + if (l2_len) + *l2_len = 0; + if (l3_data) + *l3_data = NULL; + if (l3_len) + *l3_len = 0; + if (packet_len) + *packet_len = 0; + return; + } + + l2l = MIN(mp->l3_offset, n->caplen); + l3l = MAX(0, n->caplen-mp->l3_offset); + + if (l2_data) + *l2_data = n->packet; + if (l2_len) + *l2_len = l2l; + if (l3_data) + *l3_data = (l3l > 0) ? n->packet+l2l : NULL; + if (l3_len) + *l3_len = l3l; + if (packet_len) + *packet_len = n->len; + if (ts) + *ts = n->ts; + return; +} + +int nsock_iod_linktype(nsock_iod iod) { + struct niod *nsi = (struct niod *)iod; + mspcap *mp = (mspcap *)nsi->pcap; + + assert(mp); + return (mp->datalink); +} + +int nsock_iod_is_pcap(nsock_iod iod) { + struct niod *nsi = (struct niod *)iod; + mspcap *mp = (mspcap *)nsi->pcap; + + return (mp != NULL); +} + +#endif /* HAVE_PCAP */ + diff --git a/include/DomainExec/nsock/src/nsock_pcap.h b/include/DomainExec/nsock/src/nsock_pcap.h new file mode 100644 index 00000000..93539322 --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_pcap.h @@ -0,0 +1,163 @@ +/*************************************************************************** + * nsock_pcap.h -- Header for pcap operations functions from * + * the nsock parallel socket event library * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NSOCK_PCAP_H +#define NSOCK_PCAP_H + +#include "nsock_internal.h" +#ifdef HAVE_PCAP + +#include "pcap.h" + +#include +#include + +#ifdef WIN32 +/* WinPCAP doesn't have this, but Npcap does. + * Using 0 is safe for both, but change this if we decide to drop WinPcap */ +#undef PCAP_NETMASK_UNKNOWN +#define PCAP_NETMASK_UNKNOWN 0 +#endif + +/* + * There are three possible ways to read packets from pcap descriptor: + * - select() on descriptor: + * this one is of course the best, but there are systems that + * don't support this like WIN32. This works perfectly for Linux. + * + * - select() + some hacks: + * this one is hack for older bsd systems, + * Descriptor *must* be set in nonblocking mode. + * + * - never do select(): + * this one is for WIN32 and other systems that return descriptor -1 + * from pcap_get_selectable_fd(). + * In this case descriptor *must* be set in nonblocking mode. + * If that fails than we can't do any sniffing from that box. + * + * In any case we try to set descriptor to non-blocking mode. + */ + +/* Returns whether the system supports pcap_get_selectable_fd() properly */ +#if !defined(WIN32) && !defined(SOLARIS_BPF_PCAP_CAPTURE) +#define PCAP_CAN_DO_SELECT 1 +#endif + +/* In some systems (like Windows), the pcap descriptor is not selectable. + * Therefore, we cannot just select() on it and expect it to wake us up and + * deliver a packet, but we need to poll it continuously. This define sets the + * frequency, in milliseconds, at which the pcap handle is polled to determine + * if there are any captured packets. Note that this is only used when + * PCAP_CAN_DO_SELECT is not defined and therefore it has no effect on systems + * like Linux. + */ +#define PCAP_POLL_INTERVAL 2 + +/* Note that on most versions of most BSDs (including Mac OS X) select() and + * poll() do not work correctly on BPF devices; pcap_get_selectable_fd() will + * return a file descriptor on most of those versions (the exceptions being + * FreeBSD 4.3 and 4.4), a simple select() or poll() will not return even after + * a timeout specified in pcap_open_live() expires. To work around this, an + * application that uses select() or poll() to wait for packets to arrive must + * put the pcap_t in non-blocking mode, and must arrange that the select() or + * poll() have a timeout less than or equal to the timeout specified in + * pcap_open_live(), and must try to read packets after that timeout expires, + * regardless of whether select() or poll() indicated that the file descriptor + * for the pcap_t is ready to be read or not. (That workaround will not work in + * FreeBSD 4.3 and later; however, in FreeBSD 4.6 and later, select() and poll() + * work correctly on BPF devices, so the workaround isn't necessary, although it + * does no harm.) + */ +#if defined(MACOSX) || defined(FREEBSD) || defined(OPENBSD) +/* Well, now select() is not receiving any pcap events on MACOSX, but maybe it + * will someday :) in both cases. It never hurts to enable this feature. It just + * has performance penalty. */ +#define PCAP_BSD_SELECT_HACK 1 +#endif + +/* Returns whether the packet receive time value obtained from libpcap + * (and thus by readip_pcap()) should be considered valid. When + * invalid (Windows and Amiga), readip_pcap returns the time you called it. */ +#if !defined(WIN32) && !defined(__amigaos__) +#define PCAP_RECV_TIMEVAL_VALID 1 +#endif + + +typedef struct{ + pcap_t *pt; + int pcap_desc; + /* Like the corresponding member in iod, when this reaches 0 we stop + * watching the socket for readability. */ + int readsd_count; + int datalink; + int l3_offset; + int snaplen; + char *pcap_device; +} mspcap; + +typedef struct{ + struct timeval ts; + int caplen; + int len; + const unsigned char *packet; /* caplen bytes */ +} nsock_pcap; + +int do_actual_pcap_read(struct nevent *nse); + +#endif /* HAVE_PCAP */ +#endif /* NSOCK_PCAP_H */ + diff --git a/include/DomainExec/nsock/src/nsock_pool.c b/include/DomainExec/nsock/src/nsock_pool.c new file mode 100644 index 00000000..3e7aa36f --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_pool.c @@ -0,0 +1,310 @@ +/*************************************************************************** + * nsock_pool.c -- This contains the functions that deal with creating, * + * destroying, and otherwise manipulating nsock_pools (and their internal * + * struct npool representation). An nsock_pool aggregates and manages events * + * and i/o descriptors * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nsock_internal.h" +#include "nsock_log.h" +#include "gh_list.h" +#include "netutils.h" + +#include +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#include + + +extern struct timeval nsock_tod; + +/* To use this library, the first thing they must do is create a pool + * so we do the initialization during the first pool creation */ +static int nsocklib_initialized = 0; + + +/* defined in nsock_engines.h */ +struct io_engine *get_io_engine(void); + +/* ---- INTERNAL FUNCTIONS PROTOTYPES ---- */ +static void nsock_library_initialize(void); +/* --------------------------------------- */ + + +/* This next function returns the errno style error code -- which is only + * valid if the status NSOCK_LOOP_ERROR was returned by nsock_loop() */ +int nsock_pool_get_error(nsock_pool nsp) { + struct npool *mt = (struct npool *)nsp; + return mt->errnum; +} + +/* Sometimes it is useful to store a pointer to information inside + * the NSP so you can retrieve it during a callback. */ +void nsock_pool_set_udata(nsock_pool nsp, void *data) { + struct npool *mt = (struct npool *)nsp; + mt->userdata = data; +} + +/* And the define above wouldn't make much sense if we didn't have a way + * to retrieve that data ... */ +void *nsock_pool_get_udata(nsock_pool nsp) { + struct npool *mt = (struct npool *)nsp; + return mt->userdata; +} + +/* Turns on or off broadcast support on new sockets. Default is off (0, false) + * set in nsock_pool_new(). Any non-zero (true) value sets SO_BROADCAST on all new + * sockets (value of optval will be used directly in the setsockopt() call */ +void nsock_pool_set_broadcast(nsock_pool nsp, int optval) { + struct npool *mt = (struct npool *)nsp; + mt->broadcast = optval; +} + +/* Sets the name of the interface for new sockets to bind to. */ +void nsock_pool_set_device(nsock_pool nsp, const char *device) { + struct npool *mt = (struct npool *)nsp; + mt->device = device; +} + +static int expirable_cmp(gh_hnode_t *n1, gh_hnode_t *n2) { + struct nevent *nse1; + struct nevent *nse2; + + nse1 = container_of(n1, struct nevent, expire); + nse2 = container_of(n2, struct nevent, expire); + + return (TIMEVAL_BEFORE(nse1->timeout, nse2->timeout)) ? 1 : 0; +} + +/* And here is how you create an nsock_pool. This allocates, initializes, and + * returns an nsock_pool event aggregator. In the case of error, NULL will be + * returned. If you do not wish to immediately associate any userdata, pass in + * NULL. */ +nsock_pool nsock_pool_new(void *userdata) { + struct npool *nsp; + + /* initialize the library in not already done */ + if (!nsocklib_initialized) { + nsock_library_initialize(); + nsocklib_initialized = 1; + } + + nsp = (struct npool *)safe_malloc(sizeof(*nsp)); + memset(nsp, 0, sizeof(*nsp)); + + gettimeofday(&nsock_tod, NULL); + + nsp->userdata = userdata; + + nsp->engine = get_io_engine(); + nsock_engine_init(nsp); + + /* initialize IO events lists */ + gh_list_init(&nsp->connect_events); + gh_list_init(&nsp->read_events); + gh_list_init(&nsp->write_events); +#if HAVE_PCAP + gh_list_init(&nsp->pcap_read_events); +#endif + + /* initialize timer heap */ + gh_heap_init(&nsp->expirables, expirable_cmp); + + /* initialize the list of IODs */ + gh_list_init(&nsp->active_iods); + + /* initialize caches */ + gh_list_init(&nsp->free_iods); + gh_list_init(&nsp->free_events); + + nsp->next_event_serial = 1; + + nsp->device = NULL; + +#if HAVE_OPENSSL + nsp->sslctx = NULL; +#endif + + nsp->px_chain = NULL; + + return (nsock_pool)nsp; +} + +/* If nsock_pool_new returned success, you must free the nsp when you are done with it + * to conserve memory (and in some cases, sockets). After this call, nsp may no + * longer be used. Any pending events are sent an NSE_STATUS_KILL callback and + * all outstanding iods are deleted. */ +void nsock_pool_delete(nsock_pool ms_pool) { + struct npool *nsp = (struct npool *)ms_pool; + struct nevent *nse; + struct niod *nsi; + int i; + gh_lnode_t *current, *next; + gh_list_t *event_lists[] = { + &nsp->connect_events, + &nsp->read_events, + &nsp->write_events, +#if HAVE_PCAP + &nsp->pcap_read_events, +#endif + NULL + }; + + assert(nsp); + + /* First I go through all the events sending NSE_STATUS_KILL */ + for (i = 0; event_lists[i] != NULL; i++) { + while (gh_list_count(event_lists[i]) > 0) { + gh_lnode_t *lnode = gh_list_pop(event_lists[i]); + + assert(lnode); + +#if HAVE_PCAP + if (event_lists[i] == &nsp->pcap_read_events) + nse = lnode_nevent2(lnode); + else +#endif + nse = lnode_nevent(lnode); + + assert(nse); + + nse->status = NSE_STATUS_KILL; + nsock_trace_handler_callback(nsp, nse); + nse->handler(nsp, nse, nse->userdata); + + if (nse->iod) { + nse->iod->events_pending--; + assert(nse->iod->events_pending >= 0); + } + event_delete(nsp, nse); + } + gh_list_free(event_lists[i]); + } + + /* Kill timers too, they're not in event lists */ + while (gh_heap_count(&nsp->expirables) > 0) { + gh_hnode_t *hnode; + + hnode = gh_heap_pop(&nsp->expirables); + nse = container_of(hnode, struct nevent, expire); + + if (nse->type == NSE_TYPE_TIMER) { + nse->status = NSE_STATUS_KILL; + nsock_trace_handler_callback(nsp, nse); + nse->handler(nsp, nse, nse->userdata); + event_delete(nsp, nse); + gh_list_append(&nsp->free_events, &nse->nodeq_io); + } + } + + gh_heap_free(&nsp->expirables); + + /* foreach struct niod */ + for (current = gh_list_first_elem(&nsp->active_iods); + current != NULL; + current = next) { + next = gh_lnode_next(current); + nsi = container_of(current, struct niod, nodeq); + + nsock_iod_delete(nsi, NSOCK_PENDING_ERROR); + + gh_list_remove(&nsp->active_iods, current); + gh_list_prepend(&nsp->free_iods, &nsi->nodeq); + } + + /* Now we free all the memory in the free iod list */ + while ((current = gh_list_pop(&nsp->free_iods))) { + nsi = container_of(current, struct niod, nodeq); + free(nsi); + } + + while ((current = gh_list_pop(&nsp->free_events))) { + nse = lnode_nevent(current); + free(nse); + } + + gh_list_free(&nsp->active_iods); + gh_list_free(&nsp->free_iods); + gh_list_free(&nsp->free_events); + + nsock_engine_destroy(nsp); + +#if HAVE_OPENSSL + if (nsp->sslctx != NULL) + SSL_CTX_free(nsp->sslctx); +#endif + + free(nsp); +} + +void nsock_library_initialize(void) { + int res; + + /* We want to make darn sure the evil SIGPIPE is ignored */ +#ifndef WIN32 + signal(SIGPIPE, SIG_IGN); +#endif + + /* And we're gonna need sockets -- LOTS of sockets ... */ + res = maximize_fdlimit(); +#ifndef WIN32 + assert(res > 7); +#endif +} + diff --git a/include/DomainExec/nsock/src/nsock_proxy.c b/include/DomainExec/nsock/src/nsock_proxy.c new file mode 100644 index 00000000..e7bfec30 --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_proxy.c @@ -0,0 +1,460 @@ +/*************************************************************************** + * nsock_proxy.c -- This contains the functions relating to proxies. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nsock.h" +#include "nsock_internal.h" +#include "nsock_log.h" +#include + +#define IN_RANGE(x, min, max) ((x) >= (min) && (x) <= (max)) + + +struct proxy_parser { + int done; + struct proxy_node *value; + char *str; + char *tokens; +}; + +static struct proxy_parser *proxy_parser_new(const char *proxychainstr); +static void proxy_parser_next(struct proxy_parser *parser); +static void proxy_parser_delete(struct proxy_parser *parser); + + +/* --- Implemented proxy backends --- */ +extern const struct proxy_spec ProxySpecHttp; +extern const struct proxy_spec ProxySpecSocks4; + + +static const struct proxy_spec *ProxyBackends[] = { + &ProxySpecHttp, + &ProxySpecSocks4, + NULL +}; + + +/* A proxy chain is a comma-separated list of proxy specification strings: + * proto://[user:pass@]host[:port] */ +int nsock_proxychain_new(const char *proxystr, nsock_proxychain *chain, nsock_pool nspool) { + struct npool *nsp = (struct npool *)nspool; + struct proxy_chain *pxc, **pchain = (struct proxy_chain **)chain; + + *pchain = NULL; + + pxc = (struct proxy_chain *)safe_malloc(sizeof(struct proxy_chain)); + gh_list_init(&pxc->nodes); + + if (proxystr) { + struct proxy_parser *parser; + + parser = proxy_parser_new(proxystr); + while (!parser->done) { + gh_list_append(&pxc->nodes, &parser->value->nodeq); + proxy_parser_next(parser); + } + proxy_parser_delete(parser); + } + + if (nsp) { + if (nsock_pool_set_proxychain(nspool, pxc) < 0) { + nsock_proxychain_delete(pxc); + return -1; + } + } + + *pchain = pxc; + return 1; +} + +void nsock_proxychain_delete(nsock_proxychain chain) { + struct proxy_chain *pchain = (struct proxy_chain *)chain; + gh_lnode_t *lnode; + + if (!pchain) + return; + + while ((lnode = gh_list_pop(&pchain->nodes)) != NULL) { + struct proxy_node *node; + + node = container_of(lnode, struct proxy_node, nodeq); + node->spec->ops->node_delete(node); + } + + gh_list_free(&pchain->nodes); + free(pchain); +} + +int nsock_pool_set_proxychain(nsock_pool nspool, nsock_proxychain chain) { + struct npool *nsp = (struct npool *)nspool; + assert(nsp != NULL); + + if (nsp && nsp->px_chain) { + nsock_log_error("Invalid call. Existing proxychain on this nsock_pool"); + return -1; + } + + nsp->px_chain = (struct proxy_chain *)chain; + return 1; +} + +struct proxy_chain_context *proxy_chain_context_new(nsock_pool nspool) { + struct npool *nsp = (struct npool *)nspool; + struct proxy_chain_context *ctx; + + ctx = (struct proxy_chain_context *)safe_malloc(sizeof(struct proxy_chain_context)); + ctx->px_chain = nsp->px_chain; + ctx->px_state = PROXY_STATE_INITIAL; + ctx->px_current = container_of(gh_list_first_elem(&nsp->px_chain->nodes), + struct proxy_node, + nodeq); + return ctx; +} + +void proxy_chain_context_delete(struct proxy_chain_context *ctx) { + free(ctx); +} + +static void uri_free(struct uri *uri) { + free(uri->scheme); + free(uri->user); + free(uri->pass); + free(uri->host); + free(uri->path); +} + +static int lowercase(char *s) { + char *p; + + for (p = s; *p != '\0'; p++) + *p = tolower((int) (unsigned char) *p); + + return p - s; +} + +static int hex_digit_value(char digit) { + static const char DIGITS[] = "0123456789abcdef"; + const char *p; + + if ((unsigned char)digit == '\0') + return -1; + + p = strchr(DIGITS, tolower((int)(unsigned char)digit)); + if (p == NULL) + return -1; + + return p - DIGITS; +} + +static int percent_decode(char *s) { + char *p, *q; + + /* Skip to the first '%'. If there are no percent escapes, this lets us + * return without doing any copying. */ + q = s; + while (*q != '\0' && *q != '%') + q++; + + p = q; + while (*q != '\0') { + if (*q == '%') { + int c, d; + + q++; + c = hex_digit_value(*q); + if (c == -1) + return -1; + q++; + d = hex_digit_value(*q); + if (d == -1) + return -1; + + *p++ = c * 16 + d; + q++; + } else { + *p++ = *q++; + } + } + *p = '\0'; + + return p - s; +} + +static int uri_parse_authority(const char *authority, struct uri *uri) { + const char *portsep; + const char *host_start, *host_end; + char *tail; + + /* We do not support "user:pass@" userinfo. The proxy has no use for it. */ + if (strchr(authority, '@') != NULL) + return -1; + + /* Find the beginning and end of the host. */ + host_start = authority; + + if (*host_start == '[') { + /* IPv6 address in brackets. */ + host_start++; + host_end = strchr(host_start, ']'); + + if (host_end == NULL) + return -1; + + portsep = host_end + 1; + + if (!(*portsep == ':' || *portsep == '\0')) + return -1; + + } else { + portsep = strrchr(authority, ':'); + + if (portsep == NULL) + portsep = strchr(authority, '\0'); + host_end = portsep; + } + + /* Get the port number. */ + if (*portsep == ':' && *(portsep + 1) != '\0') { + long n; + + errno = 0; + n = parse_long(portsep + 1, &tail); + if (errno || *tail || (tail == (portsep + 1)) || !IN_RANGE(n, 1, 65535)) + return -1; + uri->port = n; + } else { + uri->port = -1; + } + + /* Get the host. */ + uri->host = mkstr(host_start, host_end); + if (percent_decode(uri->host) < 0) { + free(uri->host); + uri->host = NULL; + return -1; + } + + return 1; +} + +static int parse_uri(const char *proxystr, struct uri *uri) { + const char *p, *q; + + /* Scheme, section 3.1. */ + p = proxystr; + if (!isalpha(*p)) + goto fail; + + q = p; + while (isalpha(*q) || isdigit(*q) || *q == '+' || *q == '-' || *q == '.') + q++; + + if (*q != ':') + goto fail; + + uri->scheme = mkstr(p, q); + + /* "An implementation should accept uppercase letters as equivalent to + * lowercase in scheme names (e.g., allow "HTTP" as well as "http") for the + * sake of robustness..." */ + lowercase(uri->scheme); + + /* Authority, section 3.2. */ + p = q + 1; + if (*p == '/' && *(p + 1) == '/') { + char *authority = NULL; + + p += 2; + q = p; + while (!(*q == '/' || *q == '?' || *q == '#' || *q == '\0')) + q++; + ; + authority = mkstr(p, q); + if (uri_parse_authority(authority, uri) < 0) { + free(authority); + goto fail; + } + free(authority); + + p = q; + } + + /* Path, section 3.3. We include the query and fragment in the path. The + * path is also not percent-decoded because we just pass it on to the origin + * server. */ + + q = strchr(p, '\0'); + uri->path = mkstr(p, q); + + return 1; + +fail: + uri_free(uri); + return -1; +} + +static struct proxy_node *proxy_node_new(char *proxystr) { + int i; + + for (i = 0; ProxyBackends[i] != NULL; i++) { + const struct proxy_spec *pspec; + + pspec = ProxyBackends[i]; + if (strncasecmp(proxystr, pspec->prefix, strlen(pspec->prefix)) == 0) { + struct proxy_node *proxy = NULL; + struct uri uri; + + memset(&uri, 0x00, sizeof(struct uri)); + + if (parse_uri(proxystr, &uri) < 0) + break; + + if (pspec->ops->node_new(&proxy, &uri) < 0) + fatal("Cannot initialize proxy node %s", proxystr); + + uri_free(&uri); + + return proxy; + } + } + fatal("Invalid protocol in proxy specification string: %s", proxystr); + return NULL; +} + +struct proxy_parser *proxy_parser_new(const char *proxychainstr) { + struct proxy_parser *parser; + + parser = (struct proxy_parser *)safe_malloc(sizeof(struct proxy_parser)); + parser->done = 0; + parser->value = NULL; + + parser->str = strdup(proxychainstr); + + parser->tokens = strtok(parser->str, ","); + if (parser->tokens) + parser->value = proxy_node_new(parser->tokens); + else + parser->done = 1; + + return parser; +} + +void proxy_parser_next(struct proxy_parser *parser) { + + parser->tokens = strtok(NULL, ","); + if (parser->tokens) + parser->value = proxy_node_new(parser->tokens); + else + parser->done = 1; +} + +void proxy_parser_delete(struct proxy_parser *parser) { + if (parser) { + free(parser->str); + free(parser); + } +} + +void forward_event(nsock_pool nspool, nsock_event nsevent, void *udata) { + struct npool *nsp = (struct npool *)nspool; + struct nevent *nse = (struct nevent *)nsevent; + enum nse_type cached_type; + enum nse_status cached_status; + + cached_type = nse->type; + cached_status = nse->status; + + nse->type = nse->iod->px_ctx->target_ev_type; + + if (nse->status != NSE_STATUS_SUCCESS) + nse->status = NSE_STATUS_PROXYERROR; + + nsock_log_info("Forwarding event upstream: TCP connect %s (IOD #%li) EID %li", + nse_status2str(nse->status), nse->iod->id, nse->id); + + nse->iod->px_ctx->target_handler(nsp, nse, udata); + + nse->type = cached_type; + nse->status = cached_status; +} + +void nsock_proxy_ev_dispatch(nsock_pool nspool, nsock_event nsevent, void *udata) { + struct nevent *nse = (struct nevent *)nsevent; + + if (nse->status == NSE_STATUS_SUCCESS) { + struct proxy_node *current; + + current = nse->iod->px_ctx->px_current; + assert(current); + current->spec->ops->handler(nspool, nsevent, udata); + } else { + forward_event(nspool, nsevent, udata); + } +} + +int proxy_resolve(const char *host, struct sockaddr *addr, size_t *addrlen) { + struct addrinfo *res; + int rc; + + rc = getaddrinfo(host, NULL, NULL, &res); + if (rc) + return -abs(rc); + + *addr = *res->ai_addr; + *addrlen = res->ai_addrlen; + freeaddrinfo(res); + return 1; +} + diff --git a/include/DomainExec/nsock/src/nsock_proxy.h b/include/DomainExec/nsock/src/nsock_proxy.h new file mode 100644 index 00000000..09516c29 --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_proxy.h @@ -0,0 +1,180 @@ +/*************************************************************************** + * nsock_proxy.h -- PRIVATE interface definitions for proxy handling. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NSOCK_PROXY_H +#define NSOCK_PROXY_H + +#include "gh_list.h" + +#if HAVE_NETDB_H +#include +#endif + +#include +#include + + +/* ------------------- CONSTANTS ------------------- */ +enum nsock_proxy_type { + PROXY_TYPE_HTTP = 0, + PROXY_TYPE_SOCKS4, + PROXY_TYPE_COUNT, +}; + +enum nsock_proxy_state { + /* Common initial state for all proxy types. */ + PROXY_STATE_INITIAL, + + /* HTTP proxy states. */ + PROXY_STATE_HTTP_TCP_CONNECTED, + PROXY_STATE_HTTP_TUNNEL_ESTABLISHED, + + /* SOCKS 4 proxy states. */ + PROXY_STATE_SOCKS4_TCP_CONNECTED, + PROXY_STATE_SOCKS4_TUNNEL_ESTABLISHED, +}; + + +/* ------------------- STRUCTURES ------------------- */ + +struct uri { + char *scheme; + char *user; + char *pass; + char *host; + char *path; + int port; +}; + +/* Static information about a proxy node in the chain. This is generated by + * parsing the proxy specification string given by user. Those structures are + * then read-only and stored in the nsock_pool. */ +struct proxy_node { + const struct proxy_spec *spec; + + struct sockaddr_storage ss; + size_t sslen; + unsigned short port; + char *nodestr; /* used for log messages */ + gh_lnode_t nodeq; +}; + +/* Ordered list of proxy nodes, as specified in the proxy specification string. */ +struct proxy_chain { + gh_list_t nodes; +}; + +/* IOD-specific context. For each IOD we establish a tunnel through the chain of + * proxies. This structure stores all the related information. */ +struct proxy_chain_context { + const struct proxy_chain *px_chain; + + /* Nodes iterator in px_chain->nodes */ + struct proxy_node *px_current; + + /* Current node connection state. */ + enum nsock_proxy_state px_state; + + /* Those fields are used to store information about the final target + * to reach. */ + enum nse_type target_ev_type; + struct sockaddr_storage target_ss; + size_t target_sslen; + unsigned short target_port; + nsock_ev_handler target_handler; +}; + +struct proxy_op { + int (*node_new)(struct proxy_node **node, const struct uri *uri); + void (*node_delete)(struct proxy_node *node); + void (*handler)(nsock_pool nspool, nsock_event nsevent, void *udata); +}; + +struct proxy_spec { + const char *prefix; + enum nsock_proxy_type type; + const struct proxy_op *ops; +}; + + +/* ------------------- UTIL FUNCTIONS ------------------- */ +int proxy_resolve(const char *host, struct sockaddr *addr, size_t *addrlen); + +static inline struct proxy_node *proxy_ctx_node_next(struct proxy_chain_context *ctx) { + gh_lnode_t *next; + + assert(ctx); + assert(ctx->px_current); + + next = gh_lnode_next(&ctx->px_current->nodeq); + if (!next) + return NULL; + + return container_of(next, struct proxy_node, nodeq); +} + + +/* ------------------- PROTOTYPES ------------------- */ + +struct proxy_chain_context *proxy_chain_context_new(nsock_pool nspool); +void proxy_chain_context_delete(struct proxy_chain_context *ctx); + +void nsock_proxy_ev_dispatch(nsock_pool nspool, nsock_event nsevent, void *udata); +void forward_event(nsock_pool nspool, nsock_event nse, void *udata); + + +#endif /* NSOCK_PROXY_H */ + diff --git a/include/DomainExec/nsock/src/nsock_read.c b/include/DomainExec/nsock/src/nsock_read.c new file mode 100644 index 00000000..9b720a16 --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_read.c @@ -0,0 +1,134 @@ +/*************************************************************************** + * nsock_read.c -- This contains the functions for requesting various read * + * events from the nsock parallel socket event library * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nsock_internal.h" +#include "nsock_log.h" +#include "netutils.h" + + +/* Read up to nlines lines (terminated with \n, which of course includes \r\n), + * or until EOF, or until the timeout, whichever comes first. Note that + * NSE_STATUS_SUCCESS will be returned in the case of EOF or timeout if at least + * 1 char has been read. Also note that you may get more than 'nlines' back -- + * we just stop once "at least" 'nlines' is read */ +nsock_event_id nsock_readlines(nsock_pool nsp, nsock_iod ms_iod, + nsock_ev_handler handler, int timeout_msecs, + void *userdata, int nlines) { + struct niod *nsi = (struct niod *)ms_iod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + + nse = event_new(ms, NSE_TYPE_READ, nsi, timeout_msecs, handler, userdata); + assert(nse); + + nsock_log_info("Read request for %d lines from IOD #%li [%s] EID %li", + nlines, nsi->id, get_peeraddr_string(nsi), nse->id); + + nse->readinfo.read_type = NSOCK_READLINES; + nse->readinfo.num = nlines; + + nsock_pool_add_event(ms, nse); + + return nse->id; +} + +/* Same as above, except it tries to read at least 'nbytes' instead of 'nlines'. */ +nsock_event_id nsock_readbytes(nsock_pool nsp, nsock_iod ms_iod, + nsock_ev_handler handler, int timeout_msecs, + void *userdata, int nbytes) { + + struct niod *nsi = (struct niod *)ms_iod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + + nse = event_new(ms, NSE_TYPE_READ, nsi, timeout_msecs, handler, userdata); + assert(nse); + + nsock_log_info("Read request for %d bytes from IOD #%li [%s] EID %li", + nbytes, nsi->id, get_peeraddr_string(nsi), nse->id); + + nse->readinfo.read_type = NSOCK_READBYTES; + nse->readinfo.num = nbytes; + + nsock_pool_add_event(ms, nse); + + return nse->id; +} + + +/* The simplest read function -- returns NSE_STATUS_SUCCESS when it + * reads anything, otherwise it returns timeout, eof, or error as appropriate */ +nsock_event_id nsock_read(nsock_pool nsp, nsock_iod ms_iod, + nsock_ev_handler handler, int timeout_msecs, + void *userdata) { + struct niod *nsi = (struct niod *)ms_iod; + struct npool *ms = (struct npool *)nsp; + struct nevent *nse; + + nse = event_new(ms, NSE_TYPE_READ, nsi, timeout_msecs, handler, userdata); + assert(nse); + + nsock_log_info("Read request from IOD #%li [%s] (timeout: %dms) EID %li", + nsi->id, get_peeraddr_string(nsi), timeout_msecs, nse->id); + + nse->readinfo.read_type = NSOCK_READ; + + nsock_pool_add_event(ms, nse); + + return nse->id; +} + diff --git a/include/DomainExec/nsock/src/nsock_ssl.c b/include/DomainExec/nsock/src/nsock_ssl.c new file mode 100644 index 00000000..7683afff --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_ssl.c @@ -0,0 +1,234 @@ +/*************************************************************************** + * nsock_ssl.c -- This contains functions that relate somewhat exclusively * + * to SSL (over TCP) support in nsock. Where SSL support is incidental, * + * it is often in other files where code can be more easily shared between * + * the SSL and NonSSL paths. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + + +#include "nsock.h" +#include "nsock_internal.h" +#include "nsock_ssl.h" +#include "netutils.h" + +#if HAVE_OPENSSL + +/* Disallow anonymous ciphers (Diffie-Hellman key agreement), low bit-strength + * ciphers, export-crippled ciphers, and MD5. Prefer ciphers in decreasing order + * of key size. The cipher list is taken from the book Network Security with + * OpenSSL. To see exactly what ciphers are enabled, use the command + * openssl ciphers -v '...' + * where ... is the string below. */ +#define CIPHERS_SECURE "ALL:!aNULL:!eNULL:!LOW:!EXP:!MD5:@STRENGTH" + +/* This list of ciphers is for speed and compatibility, not security. Any cipher + * is accepted, and the list is sorted by speed based on Brian Hatch's + * (bri@ifokr.org) tests on an Pentium 686 against the ciphers listed. */ +#define CIPHERS_FAST "RC4-SHA:RC4-MD5:NULL-SHA:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-RC4-MD5:NULL-MD5:EDH-RSA-DES-CBC-SHA:EXP-RC2-CBC-MD5:EDH-RSA-DES-CBC3-SHA:EXP-ADH-RC4-MD5:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EXP-ADH-DES-CBC-SHA:ADH-AES256-SHA:ADH-DES-CBC-SHA:ADH-RC4-MD5:AES256-SHA:DES-CBC-SHA:DES-CBC3-SHA:ADH-DES-CBC3-SHA:AES128-SHA:ADH-AES128-SHA:eNULL:ALL" + +extern struct timeval nsock_tod; + +static SSL_CTX *ssl_init_helper(const SSL_METHOD *method) { + SSL_CTX *ctx; + +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER + SSL_load_error_strings(); + SSL_library_init(); +#endif + + ctx = SSL_CTX_new(method); + if (!ctx) { + fatal("OpenSSL failed to create a new SSL_CTX: %s", + ERR_error_string(ERR_get_error(), NULL)); + } + + /* Our SSL* will always have the SSL_SESSION* inside it, so we neither need to + * use nor waste memory for the session cache. (Use '1' because '0' means + * 'infinite'.) */ + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF|SSL_SESS_CACHE_NO_AUTO_CLEAR); + SSL_CTX_sess_set_cache_size(ctx, 1); + SSL_CTX_set_timeout(ctx, 3600); /* pretty unnecessary */ + + return ctx; +} + +/* Create an SSL_CTX and do initialization that is common to all init modes. */ +static SSL_CTX *ssl_init_common() { + return ssl_init_helper(SSLv23_client_method()); +} + +/* Initializes an Nsock pool to create SSL connections. This sets an internal + * SSL_CTX, which is like a template that sets options for all connections that + * are made from it. The connections made from this context will use only secure + * ciphers but no server certificate verification is done. Returns the SSL_CTX + * so you can set your own options. */ +static nsock_ssl_ctx nsock_pool_ssl_init_helper(struct npool *ms, int flags) { + char rndbuf[128]; + + /* Get_random_bytes may or may not provide high-quality randomness. Add it to + * the entropy pool without increasing the entropy estimate (third argument of + * RAND_add is 0). We rely on OpenSSL's entropy gathering, called implicitly + * by RAND_status, to give us what we need, or else bail out if it fails. */ + get_random_bytes(rndbuf, sizeof(rndbuf)); + RAND_add(rndbuf, sizeof(rndbuf), 0); + + if (!(flags & NSOCK_SSL_MAX_SPEED)) { + if (!RAND_status()) + fatal("%s: Failed to seed OpenSSL PRNG" + " (RAND_status returned false).", __func__); + } + + /* SSL_OP_ALL sets bug-compatibility for pretty much everything. + * SSL_OP_NO_SSLv2 disables the less-secure SSLv2 while allowing us to use the + * SSLv2-compatible SSLv23_client_method. */ + SSL_CTX_set_verify(ms->sslctx, SSL_VERIFY_NONE, NULL); + SSL_CTX_clear_options(ms->sslctx, SSL_OP_NO_SSLv2); + SSL_CTX_set_options(ms->sslctx, flags & NSOCK_SSL_MAX_SPEED ? + SSL_OP_ALL : SSL_OP_ALL|SSL_OP_NO_SSLv2); + + if (!SSL_CTX_set_cipher_list(ms->sslctx, flags & NSOCK_SSL_MAX_SPEED ? + CIPHERS_FAST : CIPHERS_SECURE)) + fatal("Unable to set OpenSSL cipher list: %s", + ERR_error_string(ERR_get_error(), NULL)); + + return ms->sslctx; +} + +nsock_ssl_ctx nsock_pool_ssl_init(nsock_pool ms_pool, int flags) { + struct npool *ms = (struct npool *)ms_pool; + + if (ms->sslctx == NULL) + ms->sslctx = ssl_init_common(); + return nsock_pool_ssl_init_helper(ms, flags); +} + +#ifdef HAVE_DTLS_CLIENT_METHOD + +/* Create an SSL_CTX and do initialisation, creating a DTLS client */ +static SSL_CTX *dtls_init_common() { + return ssl_init_helper(DTLS_client_method()); +} + +/* Initializes an Nsock pool to create DTLS connections. Very much similar to + * nsock_pool_ssl_init, just with DTLS. */ +nsock_ssl_ctx nsock_pool_dtls_init(nsock_pool ms_pool, int flags) { + SSL_CTX *dtls_ctx = NULL; + struct npool *ms = (struct npool *)ms_pool; + + if (ms->sslctx == NULL) + ms->sslctx = dtls_init_common(); + dtls_ctx = (SSL_CTX *) nsock_pool_ssl_init_helper(ms, flags); + + /* Don't add padding or the ClientHello will fragment and not connect properly. */ + SSL_CTX_clear_options(dtls_ctx, SSL_OP_TLSEXT_PADDING); + + if (!SSL_CTX_set_cipher_list(dtls_ctx, "DEFAULT")) + fatal("Unable to set OpenSSL cipher list: %s", + ERR_error_string(ERR_get_error(), NULL)); + + return dtls_ctx; +} + +#else /* OpenSSL Version does not support DTLS */ + +nsock_ssl_ctx nsock_pool_dtls_init(nsock_pool ms_pool, int flags) { + fatal("%s called with no OpenSSL DTLS support", __func__); +} + +#endif + +/* Check server certificate verification, after a connection is established. We + * check first that a certificate was even offered, then call + * SSL_get_verify_result to get the overall status of verification. (Just + * calling SSL_get_verify_result is not enough because that function returns + * X509_V_OK when 0 certificates are presented.) If the verification mode of the + * SSL object is SSL_VERIFY_NONE, or if OpenSSL is disabled, this function + * always returns true. */ +int nsi_ssl_post_connect_verify(const nsock_iod nsockiod) { + struct niod *iod = (struct niod *)nsockiod; + + assert(iod->ssl != NULL); + if (SSL_get_verify_mode(iod->ssl) != SSL_VERIFY_NONE) { + X509 *cert; + + cert = SSL_get_peer_certificate(iod->ssl); + if (cert == NULL) + /* No certificate presented. */ + return 0; + + X509_free(cert); + + if (SSL_get_verify_result(iod->ssl) != X509_V_OK) + /* Something wrong with verification. */ + return 0; + } + return 1; +} + +#else /* NOT HAVE_OPENSSL */ + +nsock_ssl_ctx nsock_pool_ssl_init(nsock_pool ms_pool, int flags) { + fatal("%s called with no OpenSSL support", __func__); +} + +nsock_ssl_ctx nsock_pool_dtls_init(nsock_pool ms_pool, int flags) { + fatal("%s called with no OpenSSL support", __func__); +} + +int nsi_ssl_post_connect_verify(const nsock_iod nsockiod) { + return 1; +} + +#endif diff --git a/include/DomainExec/nsock/src/nsock_ssl.h b/include/DomainExec/nsock/src/nsock_ssl.h new file mode 100644 index 00000000..1de4e1b3 --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_ssl.h @@ -0,0 +1,83 @@ +/*************************************************************************** + * nsock_ssl.c -- This contains functions that relate somewhat exclusively * + * to SSL (over TCP) support in nsock. Where SSL support is incidental, * + * it is often in other files where code can be more easily shared between * + * the SSL and NonSSL paths. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NSOCK_SSL_H +#define NSOCK_SSL_H + +#ifdef HAVE_CONFIG_H +#include "nsock_config.h" +#endif +#include "nsock_internal.h" + +#if HAVE_OPENSSL +#include +#include +#include + +struct sslinfo { + /* SSL_ERROR_NONE, SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_READ, or + * SSL_ERROR_WANT_WRITE */ + int ssl_desire; +}; + +int nsi_ssl_post_connect_verify(const nsock_iod nsockiod); + +#endif /* HAVE_OPENSSL */ +#endif /* NSOCK_SSL_H */ + diff --git a/include/DomainExec/nsock/src/nsock_timers.c b/include/DomainExec/nsock/src/nsock_timers.c new file mode 100644 index 00000000..9ae2210a --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_timers.c @@ -0,0 +1,80 @@ +/*************************************************************************** + * nsock_timers.c -- This contains the functions for requesting timers * + * from the nsock parallel socket event library * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nsock_internal.h" +#include "nsock_log.h" + +extern struct timeval nsock_tod; + +/* Send back an NSE_TYPE_TIMER after the number of milliseconds specified. Of + * course it can also return due to error, cancellation, etc. */ +nsock_event_id nsock_timer_create(nsock_pool ms_pool, nsock_ev_handler handler, + int timeout_msecs, void *userdata) { + struct npool *nsp = (struct npool *)ms_pool; + struct nevent *nse; + + nse = event_new(nsp, NSE_TYPE_TIMER, NULL, timeout_msecs, handler, userdata); + assert(nse); + + nsock_log_info("Timer created - %dms from now. EID %li", timeout_msecs, + nse->id); + + nsock_pool_add_event(nsp, nse); + + return nse->id; +} + diff --git a/include/DomainExec/nsock/src/nsock_write.c b/include/DomainExec/nsock/src/nsock_write.c new file mode 100644 index 00000000..2d5eeb09 --- /dev/null +++ b/include/DomainExec/nsock/src/nsock_write.c @@ -0,0 +1,236 @@ +/*************************************************************************** + * nsock_write.c -- This contains the functions relating to writing to * + * sockets using the nsock parallel socket event library * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include "nsock.h" +#include "nsock_internal.h" +#include "nsock_log.h" +#include "netutils.h" + +#include +#include +#include + +nsock_event_id nsock_sendto(nsock_pool ms_pool, nsock_iod ms_iod, nsock_ev_handler handler, int timeout_msecs, + void *userdata, struct sockaddr *saddr, size_t sslen, unsigned short port, const char *data, int datalen) { + struct npool *nsp = (struct npool *)ms_pool; + struct niod *nsi = (struct niod *)ms_iod; + struct nevent *nse; + char displaystr[256]; + struct sockaddr_in *sin = (struct sockaddr_in *)saddr; +#if HAVE_IPV6 + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr; +#endif + + nse = event_new(nsp, NSE_TYPE_WRITE, nsi, timeout_msecs, handler, userdata); + assert(nse); + + if (saddr->sa_family == AF_INET) { + sin->sin_port = htons(port); +#if HAVE_SYS_UN_H + } else if (saddr->sa_family == AF_INET6) { +#else + } else { +#endif + assert(saddr->sa_family == AF_INET6); +#if HAVE_IPV6 + sin6->sin6_port = htons(port); +#else + fatal("IPv6 address passed to %s call, but nsock was not compiled w/IPv6 support", __func__); +#endif + } + + assert(sslen <= sizeof(nse->writeinfo.dest)); + memcpy(&nse->writeinfo.dest, saddr, sslen); + nse->writeinfo.destlen = sslen; + + assert(sslen <= sizeof(nse->iod->peer)); + memcpy(&nse->iod->peer, saddr, sslen); + nse->iod->peerlen = sslen; + + if (datalen < 0) + datalen = (int) strlen(data); + + if (NsockLogLevel == NSOCK_LOG_DBG_ALL && datalen < 80) { + memcpy(displaystr, ": ", 2); + memcpy(displaystr + 2, data, datalen); + displaystr[2 + datalen] = '\0'; + replacenonprintable(displaystr + 2, datalen, '.'); + } else { + displaystr[0] = '\0'; + } + nsock_log_info("Sendto request for %d bytes to IOD #%li EID %li [%s]%s", + datalen, nsi->id, nse->id, get_peeraddr_string(nse->iod), + displaystr); + + fs_cat(&nse->iobuf, data, datalen); + + nsock_pool_add_event(nsp, nse); + + return nse->id; +} + +/* Write some data to the socket. If the write is not COMPLETED within + * timeout_msecs , NSE_STATUS_TIMEOUT will be returned. If you are supplying + * NUL-terminated data, you can optionally pass -1 for datalen and nsock_write + * will figure out the length itself */ +nsock_event_id nsock_write(nsock_pool ms_pool, nsock_iod ms_iod, + nsock_ev_handler handler, int timeout_msecs, void *userdata, const char *data, int datalen) { + struct npool *nsp = (struct npool *)ms_pool; + struct niod *nsi = (struct niod *)ms_iod; + struct nevent *nse; + char displaystr[256]; + + nse = event_new(nsp, NSE_TYPE_WRITE, nsi, timeout_msecs, handler, userdata); + assert(nse); + + nse->writeinfo.dest.ss_family = AF_UNSPEC; + + if (datalen < 0) + datalen = (int)strlen(data); + + if (NsockLogLevel == NSOCK_LOG_DBG_ALL && datalen < 80) { + memcpy(displaystr, ": ", 2); + memcpy(displaystr + 2, data, datalen); + displaystr[2 + datalen] = '\0'; + replacenonprintable(displaystr + 2, datalen, '.'); + } else { + displaystr[0] = '\0'; + } + + nsock_log_info("Write request for %d bytes to IOD #%li EID %li [%s]%s", + datalen, nsi->id, nse->id, get_peeraddr_string(nsi), + displaystr); + + fs_cat(&nse->iobuf, data, datalen); + + nsock_pool_add_event(nsp, nse); + + return nse->id; +} + +/* Same as nsock_write except you can use a printf-style format and you can only use this for ASCII strings */ +nsock_event_id nsock_printf(nsock_pool ms_pool, nsock_iod ms_iod, + nsock_ev_handler handler, int timeout_msecs, void *userdata, char *format, ...) { + struct npool *nsp = (struct npool *)ms_pool; + struct niod *nsi = (struct niod *)ms_iod; + struct nevent *nse; + char buf[4096]; + char *buf2 = NULL; + int res, res2; + int strlength = 0; + char displaystr[256]; + + va_list ap; + va_start(ap,format); + + nse = event_new(nsp, NSE_TYPE_WRITE, nsi, timeout_msecs, handler, userdata); + assert(nse); + + res = Vsnprintf(buf, sizeof(buf), format, ap); + va_end(ap); + + if (res != -1) { + if (res > sizeof(buf)) { + buf2 = (char * )safe_malloc(res + 16); + res2 = Vsnprintf(buf2, sizeof(buf), format, ap); + if (res2 == -1 || res2 > res) { + free(buf2); + buf2 = NULL; + } else + strlength = res2; + } else { + buf2 = buf; + strlength = res; + } + } + + if (!buf2) { + nse->event_done = 1; + nse->status = NSE_STATUS_ERROR; + nse->errnum = EMSGSIZE; + } else { + if (strlength == 0) { + nse->event_done = 1; + nse->status = NSE_STATUS_SUCCESS; + } else { + fs_cat(&nse->iobuf, buf2, strlength); + } + } + + if (NsockLogLevel == NSOCK_LOG_DBG_ALL && + nse->status != NSE_STATUS_ERROR && + strlength < 80) { + memcpy(displaystr, ": ", 2); + memcpy(displaystr + 2, buf2, strlength); + displaystr[2 + strlength] = '\0'; + replacenonprintable(displaystr + 2, strlength, '.'); + } else { + displaystr[0] = '\0'; + } + + nsock_log_info("Write request for %d bytes to IOD #%li EID %li [%s]%s", + strlength, nsi->id, nse->id, get_peeraddr_string(nsi), + displaystr); + + if (buf2 != buf) + free(buf2); + + nsock_pool_add_event(nsp, nse); + + return nse->id; +} + diff --git a/include/DomainExec/nsock/src/proxy_http.c b/include/DomainExec/nsock/src/proxy_http.c new file mode 100644 index 00000000..e0e7a5ec --- /dev/null +++ b/include/DomainExec/nsock/src/proxy_http.c @@ -0,0 +1,214 @@ +/*************************************************************************** + * proxy_http.c -- HTTP Connect proxying. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id $ */ + +#define _GNU_SOURCE +#include + +#include "nsock.h" +#include "nsock_internal.h" +#include "nsock_log.h" +#include + +#define DEFAULT_PROXY_PORT_HTTP 8080 + + +extern struct timeval nsock_tod; +extern const struct proxy_spec ProxySpecHttp; + + +static int proxy_http_node_new(struct proxy_node **node, const struct uri *uri) { + int rc; + struct proxy_node *proxy; + + proxy = (struct proxy_node *)safe_zalloc(sizeof(struct proxy_node)); + proxy->spec = &ProxySpecHttp; + + rc = proxy_resolve(uri->host, (struct sockaddr *)&proxy->ss, &proxy->sslen); + if (rc < 0) { + free(proxy); + *node = NULL; + return -1; + } + + if (uri->port == -1) + proxy->port = DEFAULT_PROXY_PORT_HTTP; + else + proxy->port = (unsigned short)uri->port; + + rc = asprintf(&proxy->nodestr, "http://%s:%d", uri->host, proxy->port); + if (rc < 0) { + /* asprintf() failed for some reason but this is not a disaster (yet). + * Set nodestr to NULL and try to keep on going. */ + proxy->nodestr = NULL; + } + + *node = proxy; + + return 1; +} + +static void proxy_http_node_delete(struct proxy_node *node) { + if (!node) + return; + + free(node->nodestr); + + free(node); +} + +static int handle_state_initial(struct npool *nsp, struct nevent *nse, void *udata) { + struct proxy_chain_context *px_ctx = nse->iod->px_ctx; + struct sockaddr_storage *ss; + size_t sslen; + unsigned short port; + struct proxy_node *next; + int timeout; + + px_ctx->px_state = PROXY_STATE_HTTP_TCP_CONNECTED; + + next = proxy_ctx_node_next(px_ctx); + if (next) { + ss = &next->ss; + sslen = next->sslen; + port = next->port; + } else { + ss = &px_ctx->target_ss; + sslen = px_ctx->target_sslen; + port = px_ctx->target_port; + } + + timeout = TIMEVAL_MSEC_SUBTRACT(nse->timeout, nsock_tod); + + nsock_printf(nsp, (nsock_iod)nse->iod, nsock_proxy_ev_dispatch, + timeout, udata, "CONNECT %s:%d HTTP/1.1\r\n\r\n", + inet_ntop_ez(ss, sslen), (int)port); + + nsock_readlines(nsp, (nsock_iod)nse->iod, nsock_proxy_ev_dispatch, + timeout, udata, 1); + + return 0; +} + +static int handle_state_tcp_connected(struct npool *nsp, struct nevent *nse, void *udata) { + struct proxy_chain_context *px_ctx = nse->iod->px_ctx; + char *res; + int reslen; + + res = nse_readbuf(nse, &reslen); + + /* TODO string check!! */ + if (!((reslen >= 15) && strstr(res, "200 OK"))) { + struct proxy_node *node = px_ctx->px_current; + + nsock_log_debug("Connection refused from proxy %s", node->nodestr); + return -EINVAL; + } + + px_ctx->px_state = PROXY_STATE_HTTP_TUNNEL_ESTABLISHED; + + if (proxy_ctx_node_next(px_ctx) == NULL) { + forward_event(nsp, nse, udata); + } else { + px_ctx->px_current = proxy_ctx_node_next(px_ctx); + px_ctx->px_state = PROXY_STATE_INITIAL; + nsock_proxy_ev_dispatch(nsp, nse, udata); + } + return 0; +} + +static void proxy_http_handler(nsock_pool nspool, nsock_event nsevent, void *udata) { + int rc = 0; + struct npool *nsp = (struct npool *)nspool; + struct nevent *nse = (struct nevent *)nsevent; + + switch (nse->iod->px_ctx->px_state) { + case PROXY_STATE_INITIAL: + rc = handle_state_initial(nsp, nse, udata); + break; + + case PROXY_STATE_HTTP_TCP_CONNECTED: + if (nse->type == NSE_TYPE_READ) + rc = handle_state_tcp_connected(nsp, nse, udata); + break; + + case PROXY_STATE_HTTP_TUNNEL_ESTABLISHED: + forward_event(nsp, nse, udata); + break; + + default: + fatal("Invalid proxy state!"); + } + + if (rc) { + nse->status = NSE_STATUS_PROXYERROR; + forward_event(nsp, nse, udata); + } +} + + +/* ---- PROXY DEFINITION ---- */ +static const struct proxy_op ProxyOpsHttp = { + proxy_http_node_new, + proxy_http_node_delete, + proxy_http_handler, +}; + +const struct proxy_spec ProxySpecHttp = { + "http://", + PROXY_TYPE_HTTP, + &ProxyOpsHttp, +}; + diff --git a/include/DomainExec/nsock/src/proxy_socks4.c b/include/DomainExec/nsock/src/proxy_socks4.c new file mode 100644 index 00000000..851aa752 --- /dev/null +++ b/include/DomainExec/nsock/src/proxy_socks4.c @@ -0,0 +1,245 @@ +/*************************************************************************** + * proxy_socks4.c -- SOCKS4 proxying. * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * * + * The nsock parallel socket event library is (C) 1999-2017 Insecure.Com * + * LLC This library is free software; you may redistribute and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; Version 2. This guarantees * + * your right to use, modify, and redistribute this software under certain * + * conditions. If this license is unacceptable to you, Insecure.Com LLC * + * may be willing to sell alternative licenses (contact * + * sales@insecure.com ). * + * * + * As a special exception to the GPL terms, Insecure.Com LLC grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. You must obey the GNU GPL in all * + * respects for all of the code used other than OpenSSL. If you modify * + * this file, you may extend this exception to your version of the file, * + * but you are not obligated to do so. * + * * + * If you received these files with a written license agreement stating * + * terms other than the (GPL) terms above, then that alternative license * + * agreement takes precedence over this comment. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify otherwise) * + * that you are offering the Nmap Project (Insecure.Com LLC) the * + * unlimited, non-exclusive right to reuse, modify, and relicense the * + * code. Nmap will always be available Open Source, but this is important * + * because the inability to relicense code has caused devastating problems * + * for other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * General Public License v2.0 for more details * + * (http://www.gnu.org/licenses/gpl-2.0.html). * + * * + ***************************************************************************/ + +/* $Id $ */ + +#define _GNU_SOURCE +#include + +#include "nsock.h" +#include "nsock_internal.h" +#include "nsock_log.h" + +#include + +#define DEFAULT_PROXY_PORT_SOCKS4 1080 + + +extern struct timeval nsock_tod; +extern const struct proxy_spec ProxySpecSocks4; + + +struct socks4_data { + uint8_t version; + uint8_t type; + uint16_t port; + uint32_t address; + uint8_t null; +} __attribute__((packed)); + + +static int proxy_socks4_node_new(struct proxy_node **node, const struct uri *uri) { + int rc; + struct proxy_node *proxy; + + proxy = (struct proxy_node *)safe_zalloc(sizeof(struct proxy_node)); + proxy->spec = &ProxySpecSocks4; + + rc = proxy_resolve(uri->host, (struct sockaddr *)&proxy->ss, &proxy->sslen); + if (rc < 0) + goto err_out; + + if (proxy->ss.ss_family != AF_INET) { + rc = -1; + goto err_out; + } + + if (uri->port == -1) + proxy->port = DEFAULT_PROXY_PORT_SOCKS4; + else + proxy->port = (unsigned short)uri->port; + + rc = asprintf(&proxy->nodestr, "socks4://%s:%d", uri->host, proxy->port); + if (rc < 0) { + /* asprintf() failed for some reason but this is not a disaster (yet). + * Set nodestr to NULL and try to keep on going. */ + proxy->nodestr = NULL; + } + + rc = 1; + +err_out: + if (rc < 0) { + free(proxy); + proxy = NULL; + } + *node = proxy; + return rc; +} + +static void proxy_socks4_node_delete(struct proxy_node *node) { + if (!node) + return; + + free(node->nodestr); + + free(node); +} + +static inline void socks4_data_init(struct socks4_data *socks4, + struct sockaddr_storage *ss, size_t sslen, + unsigned short port) { + struct sockaddr_in *sin = (struct sockaddr_in *)ss; + + memset(socks4, 0x00, sizeof(struct socks4_data)); + socks4->version = 4; + socks4->type = 1; + socks4->port = htons(port); + assert(ss->ss_family == AF_INET); + socks4->address = sin->sin_addr.s_addr; +} + +static int handle_state_initial(struct npool *nsp, struct nevent *nse, void *udata) { + struct proxy_chain_context *px_ctx = nse->iod->px_ctx; + struct sockaddr_storage *ss; + size_t sslen; + unsigned short port; + struct proxy_node *next; + struct socks4_data socks4; + int timeout; + + px_ctx->px_state = PROXY_STATE_SOCKS4_TCP_CONNECTED; + + next = proxy_ctx_node_next(px_ctx); + if (next) { + ss = &next->ss; + sslen = next->sslen; + port = next->port; + } else { + ss = &px_ctx->target_ss; + sslen = px_ctx->target_sslen; + port = px_ctx->target_port; + } + + socks4_data_init(&socks4, ss, sslen, port); + + timeout = TIMEVAL_MSEC_SUBTRACT(nse->timeout, nsock_tod); + + nsock_write(nsp, (nsock_iod)nse->iod, nsock_proxy_ev_dispatch, timeout, udata, + (char *)&socks4, sizeof(socks4)); + + nsock_readbytes(nsp, (nsock_iod)nse->iod, nsock_proxy_ev_dispatch, timeout, + udata, 8); + return 0; +} + +static int handle_state_tcp_connected(struct npool *nsp, struct nevent *nse, void *udata) { + struct proxy_chain_context *px_ctx = nse->iod->px_ctx; + char *res; + int reslen; + + res = nse_readbuf(nse, &reslen); + + if (!(reslen == 8 && res[1] == 90)) { + struct proxy_node *node = px_ctx->px_current; + + nsock_log_debug("Ignoring invalid socks4 reply from proxy %s", + node->nodestr); + return -EINVAL; + } + + px_ctx->px_state = PROXY_STATE_SOCKS4_TUNNEL_ESTABLISHED; + + if (proxy_ctx_node_next(px_ctx) == NULL) { + forward_event(nsp, nse, udata); + } else { + px_ctx->px_current = proxy_ctx_node_next(px_ctx); + px_ctx->px_state = PROXY_STATE_INITIAL; + nsock_proxy_ev_dispatch(nsp, nse, udata); + } + return 0; +} + +static void proxy_socks4_handler(nsock_pool nspool, nsock_event nsevent, void *udata) { + int rc = 0; + struct npool *nsp = (struct npool *)nspool; + struct nevent *nse = (struct nevent *)nsevent; + + switch (nse->iod->px_ctx->px_state) { + case PROXY_STATE_INITIAL: + rc = handle_state_initial(nsp, nse, udata); + break; + + case PROXY_STATE_SOCKS4_TCP_CONNECTED: + if (nse->type == NSE_TYPE_READ) + rc = handle_state_tcp_connected(nsp, nse, udata); + break; + + case PROXY_STATE_SOCKS4_TUNNEL_ESTABLISHED: + forward_event(nsp, nse, udata); + break; + + default: + fatal("Invalid proxy state!"); + } + + if (rc) { + nse->status = NSE_STATUS_PROXYERROR; + forward_event(nsp, nse, udata); + } +} + +/* ---- PROXY DEFINITION ---- */ +static const struct proxy_op ProxyOpsSocks4 = { + proxy_socks4_node_new, + proxy_socks4_node_delete, + proxy_socks4_handler, +}; + +const struct proxy_spec ProxySpecSocks4 = { + "socks4://", + PROXY_TYPE_SOCKS4, + &ProxyOpsSocks4, +}; + diff --git a/include/DomainExec/nsock/tests/Makefile.in b/include/DomainExec/nsock/tests/Makefile.in new file mode 100644 index 00000000..1b5d9ca6 --- /dev/null +++ b/include/DomainExec/nsock/tests/Makefile.in @@ -0,0 +1,42 @@ +# +# nsock regression test suite +# Same license as nmap -- see https://nmap.org/book/man-legal.html +## + +NBASEDIR=@NBASEDIR@ +NSOCKLIB=../src/libnsock.a +NBASELIB=$(NBASEDIR)/libnbase.a + +CC = @CC@ +CPPFLAGS = @CPPFLAGS@ -I../include +CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBS = @OPENSSL_LIBS@ @LIBPCAP_LIBS@ @LIBS@ + +SRC = tests_main.c \ + basic.c \ + timer.c \ + logs.c \ + connect.c \ + ghlists.c \ + ghheaps.c \ + cancel.c + +OBJ = $(SRC:.c=.o) + +EXE = tests_main + +all: $(SRC) $(EXE) + +$(EXE): $(OBJ) + $(CC) $(LDFLAGS) $(OBJ) -o $@ $(NSOCKLIB) $(NBASELIB) $(LIBS) + +.c.o: + $(CC) -c $(CPPFLAGS) $(CFLAGS) $< -o $@ + +clean: + $(RM) $(OBJ) $(EXE) + +rebuild: clean $(EXE) + +.PHONY: clean rebuild diff --git a/include/DomainExec/nsock/tests/README b/include/DomainExec/nsock/tests/README new file mode 100644 index 00000000..a95cc1c1 --- /dev/null +++ b/include/DomainExec/nsock/tests/README @@ -0,0 +1,5 @@ +Minimal regression test suite for nsock. + +Usage: + $ make + $ sh ./run_tests.sh diff --git a/include/DomainExec/nsock/tests/basic.c b/include/DomainExec/nsock/tests/basic.c new file mode 100644 index 00000000..9d8a12c9 --- /dev/null +++ b/include/DomainExec/nsock/tests/basic.c @@ -0,0 +1,52 @@ +/* + * Nsock regression test suite + * Same license as nmap -- see https://nmap.org/book/man-legal.html + */ + +#include "test-common.h" + + +struct basic_test_data { + nsock_pool nsp; +}; + +static int basic_setup(void **tdata) { + struct basic_test_data *btd; + + btd = calloc(1, sizeof(struct basic_test_data)); + if (btd == NULL) + return -ENOMEM; + + btd->nsp = nsock_pool_new(NULL); + + *tdata = btd; + return 0; +} + +static int basic_teardown(void *tdata) { + struct basic_test_data *btd = (struct basic_test_data *)tdata; + + if (tdata) { + nsock_pool_delete(btd->nsp); + free(tdata); + } + return 0; +} + +static int basic_udata(void *tdata) { + struct basic_test_data *btd = (struct basic_test_data *)tdata; + + AssertEqual(nsock_pool_get_udata(btd->nsp), NULL); + nsock_pool_set_udata(btd->nsp, btd); + AssertEqual(nsock_pool_get_udata(btd->nsp), btd); + return 0; +} + + + +const struct test_case TestPoolUserData = { + .t_name = "nsock pool user data", + .t_setup = basic_setup, + .t_run = basic_udata, + .t_teardown = basic_teardown +}; diff --git a/include/DomainExec/nsock/tests/cancel.c b/include/DomainExec/nsock/tests/cancel.c new file mode 100644 index 00000000..49f98bf6 --- /dev/null +++ b/include/DomainExec/nsock/tests/cancel.c @@ -0,0 +1,134 @@ +/* + * Nsock regression test suite + * Same license as nmap -- see https://nmap.org/book/man-legal.html + */ + +#include "test-common.h" + + +struct basic_test_data { + nsock_pool nsp; +}; + + +static void cancel_handler(nsock_pool nsp, nsock_event nse, void *udata) { + int *ev_done = (int *)udata; + + if (nse_status(nse) == NSE_STATUS_CANCELLED) + *ev_done = 1; +} + +static int cancel_setup(void **tdata) { + struct basic_test_data *btd; + + btd = calloc(1, sizeof(struct basic_test_data)); + if (btd == NULL) + return -ENOMEM; + + btd->nsp = nsock_pool_new(NULL); + + *tdata = btd; + return 0; +} + +static int cancel_teardown(void *tdata) { + struct basic_test_data *btd = (struct basic_test_data *)tdata; + + if (tdata) { + nsock_pool_delete(btd->nsp); + free(tdata); + } + return 0; +} + +static int cancel_tcp_run(void *tdata) { + struct basic_test_data *btd = (struct basic_test_data *)tdata; + struct sockaddr_in peer; + nsock_iod iod; + nsock_event_id id; + int done = 0; + + iod = nsock_iod_new(btd->nsp, NULL); + AssertNonNull(iod); + + memset(&peer, 0, sizeof(peer)); + peer.sin_family = AF_INET; + inet_aton("127.0.0.1", &peer.sin_addr); + + id = nsock_connect_tcp(btd->nsp, iod, cancel_handler, 4000, (void *)&done, + (struct sockaddr *)&peer, sizeof(peer), PORT_TCP); + nsock_event_cancel(btd->nsp, id, 1); + + nsock_iod_delete(iod, NSOCK_PENDING_SILENT); + + return (done == 1) ? 0 : -ENOEXEC; +} + +static int cancel_udp_run(void *tdata) { + struct basic_test_data *btd = (struct basic_test_data *)tdata; + struct sockaddr_in peer; + nsock_iod iod; + nsock_event_id id; + int done = 0; + + iod = nsock_iod_new(btd->nsp, NULL); + AssertNonNull(iod); + + memset(&peer, 0, sizeof(peer)); + peer.sin_family = AF_INET; + inet_aton("127.0.0.1", &peer.sin_addr); + + id = nsock_connect_udp(btd->nsp, iod, cancel_handler, (void *)&done, + (struct sockaddr *)&peer, sizeof(peer), PORT_UDP); + nsock_event_cancel(btd->nsp, id, 1); + + nsock_iod_delete(iod, NSOCK_PENDING_SILENT); + + return (done == 1) ? 0 : -ENOEXEC; +} + +static int cancel_ssl_run(void *tdata) { + struct basic_test_data *btd = (struct basic_test_data *)tdata; + struct sockaddr_in peer; + nsock_iod iod; + nsock_event_id id; + int done = 0; + + iod = nsock_iod_new(btd->nsp, NULL); + AssertNonNull(iod); + + memset(&peer, 0, sizeof(peer)); + peer.sin_family = AF_INET; + inet_aton("127.0.0.1", &peer.sin_addr); + + id = nsock_connect_ssl(btd->nsp, iod, cancel_handler, 4000, (void *)&done, + (struct sockaddr *)&peer, sizeof(peer), IPPROTO_TCP, + PORT_TCPSSL, NULL); + nsock_event_cancel(btd->nsp, id, 1); + + nsock_iod_delete(iod, NSOCK_PENDING_SILENT); + + return (done == 1) ? 0 : -ENOEXEC; +} + + +const struct test_case TestCancelTCP = { + .t_name = "schedule and cancel TCP connect", + .t_setup = cancel_setup, + .t_run = cancel_tcp_run, + .t_teardown = cancel_teardown +}; + +const struct test_case TestCancelUDP = { + .t_name = "schedule and cancel UDP pseudo-connect", + .t_setup = cancel_setup, + .t_run = cancel_udp_run, + .t_teardown = cancel_teardown +}; + +const struct test_case TestCancelSSL = { + .t_name = "schedule and cancel SSL connect", + .t_setup = cancel_setup, + .t_run = cancel_ssl_run, + .t_teardown = cancel_teardown +}; diff --git a/include/DomainExec/nsock/tests/connect.c b/include/DomainExec/nsock/tests/connect.c new file mode 100644 index 00000000..736b082b --- /dev/null +++ b/include/DomainExec/nsock/tests/connect.c @@ -0,0 +1,113 @@ +/* + * Nsock regression test suite + * Same license as nmap -- see https://nmap.org/book/man-legal.html + */ + +#include "test-common.h" + + +struct connect_test_data { + nsock_pool nsp; + nsock_iod nsi; + int connect_result; +}; + + +static void connect_handler(nsock_pool nsp, nsock_event nse, void *udata) { + struct connect_test_data *ctd; + + ctd = (struct connect_test_data *)nsock_pool_get_udata(nsp); + + switch(nse_status(nse)) { + case NSE_STATUS_SUCCESS: + ctd->connect_result = 0; + break; + + case NSE_STATUS_ERROR: + ctd->connect_result = -(nse_errorcode(nse)); + break; + + case NSE_STATUS_TIMEOUT: + ctd->connect_result = -ETIMEDOUT; + break; + + default: + ctd->connect_result = -EINVAL; + break; + } +} + +static int connect_setup(void **tdata) { + struct connect_test_data *ctd; + + ctd = calloc(1, sizeof(struct connect_test_data)); + if (ctd == NULL) + return -ENOMEM; + + ctd->nsp = nsock_pool_new(ctd); + AssertNonNull(ctd->nsp); + + ctd->nsi = nsock_iod_new(ctd->nsp, NULL); + AssertNonNull(ctd->nsi); + + *tdata = ctd; + return 0; +} + +static int connect_teardown(void *tdata) { + struct connect_test_data *ctd = (struct connect_test_data *)tdata; + + if (tdata) { + nsock_iod_delete(ctd->nsi, NSOCK_PENDING_SILENT); /* nsock_pool_delete would also handle it */ + nsock_pool_delete(ctd->nsp); + free(tdata); + } + return 0; +} + +static int connect_tcp(void *tdata) { + struct connect_test_data *ctd = (struct connect_test_data *)tdata; + struct sockaddr_in peer; + + memset(&peer, 0, sizeof(peer)); + peer.sin_family = AF_INET; + inet_aton("127.0.0.1", &peer.sin_addr); + + nsock_connect_tcp(ctd->nsp, ctd->nsi, connect_handler, 4000, NULL, + (struct sockaddr *)&peer, sizeof(peer), PORT_TCP); + + nsock_loop(ctd->nsp, 4000); + return ctd->connect_result; +} + +static int connect_tcp_failure(void *tdata) { + struct connect_test_data *ctd = (struct connect_test_data *)tdata; + struct sockaddr_in peer; + + memset(&peer, 0, sizeof(peer)); + peer.sin_family = AF_INET; + inet_aton("127.0.0.1", &peer.sin_addr); + + /* pass in addrlen == 0 to force connect(2) to fail */ + nsock_connect_tcp(ctd->nsp, ctd->nsi, connect_handler, 4000, NULL, + (struct sockaddr *)&peer, 0, PORT_TCP); + + nsock_loop(ctd->nsp, 4000); + AssertEqual(ctd->connect_result, -EINVAL); + return 0; +} + + +const struct test_case TestConnectTCP = { + .t_name = "simple tcp connection", + .t_setup = connect_setup, + .t_run = connect_tcp, + .t_teardown = connect_teardown +}; + +const struct test_case TestConnectFailure = { + .t_name = "tcp connection failure case", + .t_setup = connect_setup, + .t_run = connect_tcp_failure, + .t_teardown = connect_teardown +}; diff --git a/include/DomainExec/nsock/tests/ghheaps.c b/include/DomainExec/nsock/tests/ghheaps.c new file mode 100644 index 00000000..11f3327a --- /dev/null +++ b/include/DomainExec/nsock/tests/ghheaps.c @@ -0,0 +1,150 @@ +/* + * Nsock regression test suite + * Same license as nmap -- see https://nmap.org/book/man-legal.html + */ + +#include "test-common.h" +#include "../src/gh_heap.h" +#include +#include + + +#define HEAP_COUNT 1 + +struct testitem { + int val; + gh_hnode_t node; +}; + +static int hnode_int_cmp(gh_hnode_t *n1, gh_hnode_t *n2) { + struct testitem *a; + struct testitem *b; + + a = container_of(n1, struct testitem, node); + b = container_of(n2, struct testitem, node); + + return (a->val < b->val); +} + +static gh_hnode_t *mknode(int val) { + struct testitem *item; + + item = calloc(1, sizeof(struct testitem)); + assert(item != NULL); + item->val = val; + gh_hnode_invalidate(&item->node); + return &item->node; +} + +static int node2int(gh_hnode_t *hnode) { + struct testitem *item; + + item = container_of(hnode, struct testitem, node); + return item->val; +} + +static int ghheap_ordering(void *tdata) { + gh_heap_t heap; + int i, n, k; + + gh_heap_init(&heap, hnode_int_cmp); + + for (i = 25000; i < 50000; i++) + gh_heap_push(&heap, mknode(i)); + + for (i = 24999; i >= 0; i--) + gh_heap_push(&heap, mknode(i)); + + for (i = 25000; i < 50000; i++) + gh_heap_push(&heap, mknode(i)); + + n = -1; + do { + gh_hnode_t *current; + + current = gh_heap_pop(&heap); + k = node2int(current); + + if (k < n) + return -EINVAL; + + n = k; + free(container_of(current, struct testitem, node)); + } while (gh_heap_count(&heap) > 0); + + gh_heap_free(&heap); + return 0; +} + +static int ghheap_stress(void *tdata) { + gh_heap_t heaps[HEAP_COUNT]; + int i, num; + + for (i = 0; i < HEAP_COUNT; i++) + gh_heap_init(&heaps[i], hnode_int_cmp); + + for (num = 25000; num < 50000; num++) { + for (i = 0; i < HEAP_COUNT; i++) { + gh_heap_push(&heaps[i], mknode(num)); + } + } + + for (num = 24999; num >= 0; num--) { + for (i = 0; i < HEAP_COUNT; i++) { + gh_heap_push(&heaps[i], mknode(num)); + } + } + + for (num = 0; num < 50000; num++) { + for (i = 0; i < HEAP_COUNT; i++) { + int r_min, r_pop; + gh_hnode_t *hnode; + + r_min = node2int(gh_heap_min(&heaps[i])); + hnode = gh_heap_pop(&heaps[i]); + r_pop = node2int(hnode); + + if (r_min != r_pop) { + fprintf(stderr, "Bogus min/pop return values (%d != %d)\n", r_min, r_pop); + return -EINVAL; + } + + if (r_min != num) { + fprintf(stderr, "Bogus return value %d when expected %d\n", r_min, num); + return -EINVAL; + } + + free(container_of(hnode, struct testitem, node)); + } + } + + for (i = 0; i < HEAP_COUNT; i++) { + void *ret; + + ret = gh_heap_pop(&heaps[i]); + if (ret != NULL) { + fprintf(stderr, "Ret is bogus for heap %d\n", i); + return -EINVAL; + } + } + + for (i = 0; i < HEAP_COUNT; i++) + gh_heap_free(&heaps[i]); + + return 0; +} + + +const struct test_case TestGHHeaps = { + .t_name = "test nsock internal ghheaps", + .t_setup = NULL, + .t_run = ghheap_stress, + .t_teardown = NULL +}; + +const struct test_case TestHeapOrdering = { + .t_name = "test heaps conditions", + .t_setup = NULL, + .t_run = ghheap_ordering, + .t_teardown = NULL +}; diff --git a/include/DomainExec/nsock/tests/ghlists.c b/include/DomainExec/nsock/tests/ghlists.c new file mode 100644 index 00000000..923db5df --- /dev/null +++ b/include/DomainExec/nsock/tests/ghlists.c @@ -0,0 +1,187 @@ +/* + * Nsock regression test suite + * Same license as nmap -- see https://nmap.org/book/man-legal.html + */ + +#include "test-common.h" +#include "../src/gh_list.h" +/* For container_of */ +#include "../src/gh_heap.h" +#include +#include + + +#define LIST_COUNT 16 +#define ELT_COUNT 2000 + + +struct testlist { + unsigned int val; + gh_lnode_t lnode; +}; + +static unsigned int nodeval(gh_lnode_t *lnode) { + struct testlist *tl; + + tl = container_of(lnode, struct testlist, lnode); + return tl->val; +} + +static gh_lnode_t *mknode(unsigned int val) { + struct testlist *tl; + + tl = calloc(1, sizeof(struct testlist)); + tl->val = val; + return &tl->lnode; +} + +static void delnode(gh_lnode_t *lnode) { + if (lnode) + free(container_of(lnode, struct testlist, lnode)); +} + +static int ghlist_stress(void *tdata) { + gh_list_t lists[LIST_COUNT]; + gh_lnode_t *current, *next; + int num = 0; + int ret; + int i; + + for (i = 0; i < LIST_COUNT; i++) + gh_list_init(&lists[i]); + + for (num = ELT_COUNT/2; num < ELT_COUNT; num++) { + for (i = 0; i < LIST_COUNT; i++) { + gh_list_append(&lists[i], mknode(num)); + } + } + + for (num = (ELT_COUNT/2 - 1); num >= 0; num--) { + for (i = 0; i < LIST_COUNT; i++) { + gh_list_prepend(&lists[i], mknode(num)); + } + } + + for (num = 0; num < ELT_COUNT; num++) { + for (i = 0; i < LIST_COUNT; i++) { + current = gh_list_pop(&lists[i]); + ret = nodeval(current); + if (ret != num) { + fprintf(stderr, "prepend_test: Bogus return value %d when expected %d\n", + ret, num); + return -EINVAL; + } + delnode(current); + } + } + for (i = 0; i < LIST_COUNT; i++) { + current = gh_list_pop(&lists[i]); + if (current) { + fprintf(stderr, "Ret is bogus for list %d", i); + return -EINVAL; + } + } + + for (num = (ELT_COUNT/2 - 1); num >= 0; num--) { + for (i = 0; i < LIST_COUNT; i++) { + gh_list_prepend(&lists[i], mknode(num)); + } + } + + for (num = ELT_COUNT/2; num < ELT_COUNT; num++) { + for (i = 0; i < LIST_COUNT; i++) { + gh_list_append(&lists[i], mknode(num)); + } + } + + for (num = 0; num < ELT_COUNT; num++) { + for (i=0; i < LIST_COUNT; i++) { + current = gh_list_pop(&lists[i]); + ret = nodeval(current); + if (ret != num) { + fprintf(stderr, "prepend_test: Bogus return value %d when expected %d\n", + ret, num); + return -EINVAL; + } + delnode(current); + } + } + + for (num = ELT_COUNT/2; num < ELT_COUNT; num++) { + for (i = 0; i < LIST_COUNT; i++) + gh_list_append(&lists[i], mknode(num)); + } + + for (num = ELT_COUNT/2 - 1; num >= 0; num--) { + for (i = 0; i < LIST_COUNT; i++) + gh_list_prepend(&lists[i], mknode(num)); + } + + for (num = 0; num < ELT_COUNT; num++) { + for (i = 0; i < LIST_COUNT; i++) { + current = gh_list_pop(&lists[i]); + ret = nodeval(current); + if (ret != num) { + fprintf(stderr, "prepend_test: Bogus return value %d when expected %d\n", + ret, num); + return -EINVAL; + } + delnode(current); + } + } + + for (num = ELT_COUNT/2 - 1; num >= 0; num--) { + for (i = 0; i < LIST_COUNT; i++) + gh_list_prepend(&lists[i], mknode(num)); + } + + for (num = ELT_COUNT/2; num < ELT_COUNT; num++) { + for (i=0; i < LIST_COUNT; i++) + gh_list_append(&lists[i], mknode(num)); + } + + for (i = 0; i < LIST_COUNT; i++) { + num = 0; + + for (current = gh_list_first_elem(&lists[i]); current; current = next) { + int k; + + next = gh_lnode_next(current); + k = nodeval(current); + if (k != num) { + fprintf(stderr, "Got %d when I expected %d\n", k, num); + return -EINVAL; + } + gh_list_remove(&lists[i], current); + delnode(current); + num++; + } + if (num != ELT_COUNT) { + fprintf(stderr, "Number is %d, even though %d was expected", num, ELT_COUNT); + return -EINVAL; + } + + if (gh_list_count(&lists[i]) != 0) { + fprintf(stderr, "List should be empty, but instead it has %d members!\n", + gh_list_count(&lists[i])); + return -EINVAL; + } + } + + for (i = 0; i < LIST_COUNT; i++) { + while ((current = gh_list_pop(&lists[i])) != NULL) + delnode(current); + + gh_list_free(&lists[i]); + } + + return 0; +} + +const struct test_case TestGHLists = { + .t_name = "test nsock internal ghlists", + .t_setup = NULL, + .t_run = ghlist_stress, + .t_teardown = NULL +}; + diff --git a/include/DomainExec/nsock/tests/logs.c b/include/DomainExec/nsock/tests/logs.c new file mode 100644 index 00000000..b8808e4e --- /dev/null +++ b/include/DomainExec/nsock/tests/logs.c @@ -0,0 +1,175 @@ +/* + * Nsock regression test suite + * Same license as nmap -- see https://nmap.org/book/man-legal.html + */ + +#include "test-common.h" + + +struct log_test_data { + nsock_pool nsp; + nsock_loglevel_t current_level; + unsigned int got_dbgfull: 1; + unsigned int got_dbg: 1; + unsigned int got_info: 1; + unsigned int got_error: 1; + unsigned int total; + int errcode; +}; + +static struct log_test_data *GlobalLTD; + +static void log_handler(const struct nsock_log_rec *rec) { + GlobalLTD->total++; + switch(rec->level) { + case NSOCK_LOG_DBG_ALL: + GlobalLTD->got_dbgfull = 1; + break; + + case NSOCK_LOG_DBG: + GlobalLTD->got_dbg = 1; + break; + + case NSOCK_LOG_INFO: + GlobalLTD->got_info = 1; + break; + + case NSOCK_LOG_ERROR: + GlobalLTD->got_error = 1; + break; + + default: + fprintf(stderr, "UNEXPECTED LOG LEVEL (%d)!\n", (int)rec->level); + GlobalLTD->errcode = -EINVAL; + } +} + +static void nop_handler(nsock_pool nsp, nsock_event nse, void *udata) { +} + +static int check_loglevel(struct log_test_data *ltd, nsock_loglevel_t level) { + int rc = 0; + nsock_event_id id; + + nsock_set_loglevel(level); + + ltd->current_level = level; + + ltd->got_dbgfull = 0; + ltd->got_dbg = 0; + ltd->got_info = 0; + ltd->got_error = 0; + + ltd->total = 0; + ltd->errcode = 0; + + id = nsock_timer_create(ltd->nsp, nop_handler, 200, NULL); + nsock_event_cancel(ltd->nsp, id, 0); + + if (ltd->errcode) + return ltd->errcode; + + if (ltd->total < 1) + return -EINVAL; + + return rc; +} + +static int check_errlevel(struct log_test_data *ltd, nsock_loglevel_t level) { + nsock_event_id id; + + nsock_set_loglevel(level); + + ltd->current_level = level; + + ltd->got_dbgfull = 0; + ltd->got_dbg = 0; + ltd->got_info = 0; + ltd->got_error = 0; + + ltd->total = 0; + ltd->errcode = 0; + + id = nsock_timer_create(ltd->nsp, nop_handler, 200, NULL); + nsock_event_cancel(ltd->nsp, id, 0); + + if (ltd->errcode) + return ltd->errcode; + + if (ltd->total > 0) + return -EINVAL; + + return 0; +} + +static int log_setup(void **tdata) { + struct log_test_data *ltd; + + ltd = calloc(1, sizeof(struct log_test_data)); + if (ltd == NULL) + return -ENOMEM; + + ltd->nsp = nsock_pool_new(ltd); + AssertNonNull(ltd->nsp); + + *tdata = GlobalLTD = ltd; + return 0; +} + +static int log_teardown(void *tdata) { + struct log_test_data *ltd = (struct log_test_data *)tdata; + + if (tdata) { + nsock_pool_delete(ltd->nsp); + free(tdata); + } + GlobalLTD = NULL; + return 0; +} + +static int log_check_std_levels(void *tdata) { + struct log_test_data *ltd = (struct log_test_data *)tdata; + nsock_loglevel_t lvl; + int rc = 0; + + nsock_set_log_function(log_handler); + + for (lvl = NSOCK_LOG_DBG_ALL; lvl < NSOCK_LOG_ERROR; lvl++) { + rc = check_loglevel(ltd, lvl); + if (rc) + return rc; + } + + return 0; +} + +static int log_check_err_levels(void *tdata) { + struct log_test_data *ltd = (struct log_test_data *)tdata; + nsock_loglevel_t lvl; + int rc = 0; + + nsock_set_log_function(log_handler); + + for (lvl = NSOCK_LOG_ERROR; lvl <= NSOCK_LOG_NONE; lvl++) { + rc = check_errlevel(ltd, NSOCK_LOG_ERROR); + if (rc) + return rc; + } + + return 0; +} + + +const struct test_case TestLogLevels = { + .t_name = "set standard log levels", + .t_setup = log_setup, + .t_run = log_check_std_levels, + .t_teardown = log_teardown +}; + +const struct test_case TestErrLevels = { + .t_name = "check error log levels", + .t_setup = log_setup, + .t_run = log_check_err_levels, + .t_teardown = log_teardown +}; diff --git a/include/DomainExec/nsock/tests/run_tests.sh b/include/DomainExec/nsock/tests/run_tests.sh new file mode 100644 index 00000000..c0392f81 --- /dev/null +++ b/include/DomainExec/nsock/tests/run_tests.sh @@ -0,0 +1,86 @@ +#!/bin/sh + +# nsock regression test suite +# Same license as nmap -- see https://nmap.org/book/man-legal.html + +# hackish, I should consider using a configuration file. +PORT_UDP=$(grep "PORT_UDP " test-common.h | awk '{print $3}') +PORT_TCP=$(grep "PORT_TCP " test-common.h | awk '{print $3}') +PORT_TCPSSL=$(grep "PORT_TCPSSL " test-common.h | awk '{print $3}') + +EXEC_MAIN=./tests_main + +NCAT=${NCAT:-ncat} +if [ ! -x "$NCAT" -a -z "$(which $NCAT)" ]; then + echo "Can't find your ncat: $NCAT" + echo "Trying ../../ncat/ncat" + NCAT="../../ncat/ncat" + if [ ! -x "$NCAT" ]; then + echo "You haven't built Ncat." + echo "Skipping nsock tests." + exit 0 + fi +fi + + +if [ -n "$1" ] +then + case "$1" in + "gdb") + TRACER="gdb --args" + ;; + + "trace") + TRACER="strace" + ;; + + "leak") + TRACER="valgrind --leak-check=yes" + ;; + + "-h") + echo "Usage: `basename $0` [gdb|trace|leak]" + exit 0 + ;; + + *) + echo "Unknown mode $1" + exit 1 + ;; + esac +fi + + +setup_echo_udp() { + $NCAT -l --udp --sh-exec cat 127.0.0.1 $PORT_UDP & + pid_udp=$! + echo "started UDP listener on port $PORT_UDP (pid $pid_udp)" +} + +setup_echo_tcp() { + $NCAT -l --keep-open --sh-exec cat 127.0.0.1 $PORT_TCP & + pid_tcp=$! + echo "started TCP listener on port $PORT_TCP (pid $pid_tcp)" +} + +setup_echo_tcpssl() { + $NCAT -l --ssl --keep-open --sh-exec cat 127.0.0.1 $PORT_TCPSSL & + pid_tcpssl=$! + echo "started TCP SSL listener on port $PORT_TCPSSL (pid $pid_tcpssl)" +} + +cleanup_all() { + kill -s KILL $@ 2>&1 >> /dev/null +} + +main() { + setup_echo_udp $PORT_UDP + setup_echo_tcp $PORT_TCP + $EXEC_MAIN --ssl && setup_echo_tcpssl $PORT_TCPSSL + + $TRACER $EXEC_MAIN + + cleanup_all $pid_udp $pid_tcp $pid_tcpssl +} + +main diff --git a/include/DomainExec/nsock/tests/test-common.h b/include/DomainExec/nsock/tests/test-common.h new file mode 100644 index 00000000..d7464600 --- /dev/null +++ b/include/DomainExec/nsock/tests/test-common.h @@ -0,0 +1,89 @@ +/* + * Nsock regression test suite + * Same license as nmap -- see https://nmap.org/book/man-legal.html + */ + + +#ifndef __TEST_COMMON_H +#define __TEST_COMMON_H + +#include +#include +#include +#include +#include +#include +#include + + +#define PORT_UDP 55234 +#define PORT_TCP 55235 +#define PORT_TCPSSL 55236 + + +#define __ASSERT_BASE(stmt) do { \ + if (!(stmt)) { \ + fprintf(stderr, "(%s:%d) Assertion failed: " #stmt "\n", \ + __FILE__, __LINE__); \ + return -EINVAL; \ + } \ + } while (0) + + +#define AssertNonNull(a) __ASSERT_BASE((a) != NULL); +#define AssertEqual(a, b) __ASSERT_BASE((a) == (b)); +#define AssertStrEqual(a, b) __ASSERT_BASE(strcmp((a), (b)) == 0); + + +struct test_case { + const char *t_name; + int (*t_setup)(void **tdata); + int (*t_run)(void *tdata); + int (*t_teardown)(void *tdata); +}; + + +static inline const char *get_test_name(const struct test_case *test) { + return test->t_name; +} + +static inline int test_setup(const struct test_case *test, void **tdata) { + int rc; + + assert(test); + + if (test->t_setup) + rc = test->t_setup(tdata); + else + rc = 0; + + return rc; +} + +static inline int test_run(const struct test_case *test, void *tdata) { + int rc; + + assert(test); + + if (test->t_run) + rc = test->t_run(tdata); + else + rc = 0; + + return rc; +} + +static inline int test_teardown(const struct test_case *test, void *tdata) { + int rc; + + assert(test); + + if (test->t_teardown) + rc = test->t_teardown(tdata); + else + rc = 0; + + return rc; +} + +#endif /* ^__TEST_COMMON_H */ diff --git a/include/DomainExec/nsock/tests/tests_main.c b/include/DomainExec/nsock/tests/tests_main.c new file mode 100644 index 00000000..46526a5f --- /dev/null +++ b/include/DomainExec/nsock/tests/tests_main.c @@ -0,0 +1,130 @@ +/* + * Nsock regression test suite + * Same license as nmap -- see https://nmap.org/book/man-legal.html + */ + + +#include "test-common.h" +#include "string.h" + + +#ifndef WIN32 + #define RESET "\033[0m" + #define BOLDRED "\033[1m\033[31m" + #define BOLDGREEN "\033[1m\033[32m" + #define TEST_FAILED "[" BOLDRED "FAILED" RESET "]" + #define TEST_OK "[" BOLDGREEN "OK" RESET "]" +#else + /* WIN32 terminal has no ANSI driver */ + #define TEST_FAILED "[FAILED]" + #define TEST_OK "[OK]" +#endif + + + +/* socket_strerror() comes from nbase + * Declared here to work around a silly inclusion issue until I can fix it. */ +char *socket_strerror(int errnum); + +extern const struct test_case TestPoolUserData; +extern const struct test_case TestTimer; +extern const struct test_case TestLogLevels; +extern const struct test_case TestErrLevels; +extern const struct test_case TestConnectTCP; +extern const struct test_case TestConnectFailure; +extern const struct test_case TestGHLists; +extern const struct test_case TestGHHeaps; +extern const struct test_case TestHeapOrdering; +extern const struct test_case TestCancelTCP; +extern const struct test_case TestCancelUDP; +#ifdef HAVE_OPENSSL +extern const struct test_case TestCancelSSL; +#endif + + +static const struct test_case *TestCases[] = { + /* ---- basic.c */ + &TestPoolUserData, + /* ---- timer.c */ + &TestTimer, + /* ---- logs.c */ + &TestLogLevels, + &TestErrLevels, + /* ---- connect.c */ + &TestConnectTCP, + &TestConnectFailure, + /* ---- ghlists.c */ + &TestGHLists, + /* ---- ghheaps.c */ + &TestGHHeaps, + &TestHeapOrdering, + /* ---- cancel.c */ + &TestCancelTCP, + &TestCancelUDP, +#ifdef HAVE_OPENSSL + &TestCancelSSL, +#endif + NULL +}; + + +static int test_case_run(const struct test_case *test) { + int rc; + void *tdata = NULL; + + rc = test_setup(test, &tdata); + if (rc) + return rc; + + rc = test_run(test, tdata); + if (rc) + return rc; + + return test_teardown(test, tdata); +} + +#ifdef WIN32 +static int win_init(void) { + WSADATA data; + int rc; + + rc = WSAStartup(MAKEWORD(2, 2), &data); + if (rc) + fatal("Failed to start winsock: %s\n", socket_strerror(rc)); + + return 0; +} +#endif + +int main(int ac, char **av) { + int rc, i; + + /* simple "do we have ssl" check for run_tests.sh */ + if (ac == 2 && !strncmp(av[1], "--ssl", 5)) { +#ifdef HAVE_SSL + return 0; +#else + return 1; +#endif + } + +#ifdef WIN32 + win_init(); +#endif + + for (i = 0; TestCases[i] != NULL; i++) { + const struct test_case *current = TestCases[i]; + const char *name = get_test_name(current); + + printf("%-48s", name); + fflush(stdout); + rc = test_case_run(current); + if (rc) { + printf(TEST_FAILED " (%s)\n", socket_strerror(-rc)); + break; + } + printf(TEST_OK "\n"); + } + return rc; +} + diff --git a/include/DomainExec/nsock/tests/timer.c b/include/DomainExec/nsock/tests/timer.c new file mode 100644 index 00000000..27250ce7 --- /dev/null +++ b/include/DomainExec/nsock/tests/timer.c @@ -0,0 +1,129 @@ +/* + * Nsock regression test suite + * Same license as nmap -- see https://nmap.org/book/man-legal.html + */ + +#include "test-common.h" +#include + +#define TIMERS_BUFFLEN 1024 + + +struct timer_test_data { + nsock_pool nsp; + nsock_event_id timer_list[TIMERS_BUFFLEN]; + size_t timer_count; + int stop; /* set to non-zero to stop the test */ +}; + + +static void timer_handler(nsock_pool nsp, nsock_event nse, void *tdata); + + +static void add_timer(struct timer_test_data *ttd, int timeout) { + nsock_event_id id; + + id = nsock_timer_create(ttd->nsp, timer_handler, timeout, ttd); + ttd->timer_list[ttd->timer_count++] = id; +} + +static void timer_handler(nsock_pool nsp, nsock_event nse, void *tdata) { + struct timer_test_data *ttd = (struct timer_test_data *)tdata; + int rnd, rnd2; + + if (nse_status(nse) != NSE_STATUS_SUCCESS) { + ttd->stop = -nsock_pool_get_error(nsp); + return; + } + + if (ttd->timer_count > TIMERS_BUFFLEN - 3) + return; + + rnd = rand() % ttd->timer_count; + rnd2 = rand() % 3; + + switch (rnd2) { + case 0: + /* Do nothing */ + /* Actually I think I'll create two timers :) */ + add_timer(ttd, rand() % 3000); + add_timer(ttd, rand() % 3000); + break; + + case 1: + /* Try to kill another id (which may or may not be active */ + nsock_event_cancel(nsp, ttd->timer_list[rnd], rand() % 2); + break; + + case 2: + /* Create a new timer */ + add_timer(ttd, rand() % 3000); + break; + + default: + assert(0); + } +} + +static int timer_setup(void **tdata) { + struct timer_test_data *ttd; + + srand(time(NULL)); + + ttd = calloc(1, sizeof(struct timer_test_data)); + if (ttd == NULL) + return -ENOMEM; + + ttd->nsp = nsock_pool_new(NULL); + AssertNonNull(ttd->nsp); + + *tdata = ttd; + return 0; +} + +static int timer_teardown(void *tdata) { + struct timer_test_data *ttd = (struct timer_test_data *)tdata; + + if (tdata) { + nsock_pool_delete(ttd->nsp); + free(tdata); + } + return 0; +} + +static int timer_totalmess(void *tdata) { + struct timer_test_data *ttd = (struct timer_test_data *)tdata; + enum nsock_loopstatus loopret; + int num_loops = 0; + + add_timer(ttd, 1800); + add_timer(ttd, 800); + add_timer(ttd, 1300); + add_timer(ttd, 0); + add_timer(ttd, 100); + + /* Now lets get this party started right! */ + while (num_loops++ < 5 && !ttd->stop) { + loopret = nsock_loop(ttd->nsp, 1500); + switch (loopret) { + case NSOCK_LOOP_TIMEOUT: + /* nothing to do */ + break; + + case NSOCK_LOOP_NOEVENTS: + return 0; + + default: + return -(nsock_pool_get_error(ttd->nsp)); + } + } + return ttd->stop; +} + +const struct test_case TestTimer = { + .t_name = "test timer operations", + .t_setup = timer_setup, + .t_run = timer_totalmess, + .t_teardown = timer_teardown +}; + diff --git a/include/DomainExec/opensshlib/Makefile.in b/include/DomainExec/opensshlib/Makefile.in new file mode 100644 index 00000000..dc12bc8f --- /dev/null +++ b/include/DomainExec/opensshlib/Makefile.in @@ -0,0 +1,98 @@ +# $Id: Makefile.in,v 1.298 2008/11/05 05:20:46 djm Exp $ + +# uncomment if you run a non bourne compatable shell. Ie. csh +#SHELL = @SH@ + +AUTORECONF=autoreconf + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +bindir=@bindir@ +sbindir=@sbindir@ +libexecdir=@libexecdir@ +datadir=@datadir@ +datarootdir=@datarootdir@ +mandir=@mandir@ +mansubdir=@mansubdir@ +sysconfdir=@sysconfdir@ +piddir=@piddir@ +srcdir=@srcdir@ +top_srcdir=@top_srcdir@ + +DESTDIR= +VPATH=@srcdir@ +STRIP_OPT=@STRIP_OPT@ + +CC=@CC@ +LD=@LD@ +CFLAGS=@CFLAGS@ +CPPFLAGS=-I$(srcdir) @CPPFLAGS@ @DEFS@ +#LIBS=@LIBS@ +AR=@AR@ +AWK=@AWK@ +RANLIB=@RANLIB@ +INSTALL=@INSTALL@ +PERL=@PERL@ +SED=@SED@ +ENT=@ENT@ +XAUTH_PATH=@XAUTH_PATH@ +LDFLAGS= @LDFLAGS@ -L. $(STATIC) +EXEEXT=@EXEEXT@ + + +TARGETS=$(LIBCOMPAT) libopenssh.a + +LIBSSH_OBJS=strlcpy.o strlcat.o bsd-snprintf.o bsd-asprintf.o sha2.o\ + bufaux.o bufbn.o buffer.o freezero.o \ + cipher.o cipher-aes.o reallocarray.o \ + cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ + compat.o crc32.o fatal.o \ + log.o match.o md-sha256.o moduli.o packet.o \ + rsa.o xmalloc.o key.o kex.o mac.o hmac.o misc.o \ + rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ + kexgex.o kexdhc.o kexgexc.o umac.o umac128.o sshconnect2.o \ + sshbuf.o ssherr.o addrmatch.o sshbuf-getput-basic.o \ + vis.o bsd-misc.o digest-libc.o digest-openssl.o \ + explicit_bzero.o strtonum.o kexecdh.o kexecdhc.o arc4random.o \ + cipher-chachapoly.o chacha.o poly1305.o \ + timingsafe_bcmp.o sshbuf-getput-crypto.o kexc25519c.o kexc25519.o \ + sshkey.o sshbuf-misc.o bcrypt_pbkdf.o ssh-ed25519.o \ + blowfish.o hash.o uuencode.o blocks.o ssh-ecdsa.o base64.o \ + ed25519.o sc25519.o ge25519.o fe25519.o verify.o opacket.o \ + smult_curve25519_ref.o # recallocarray.o \ + +# recallocarray is not needed + + +all: $(TARGETS) + +$(LIBSSH_OBJS): Makefile.in config.h + +.c.o: + $(CC) $(CFLAGS) $(CPPFLAGS) -c $< + + +libopenssh.a: $(LIBSSH_OBJS) + $(AR) cr $@ $(LIBSSH_OBJS) + $(RANLIB) $@ + + +# fake rule to stop make trying to compile moduli.o into a binary "moduli.o" +moduli: + echo + + +# special case target for umac128 +umac128.o: umac.c + $(CC) $(CFLAGS) $(CPPFLAGS) -o umac128.o -c $(srcdir)/umac.c \ + -DUMAC_OUTPUT_LEN=16 -Dumac_new=umac128_new \ + -Dumac_update=umac128_update -Dumac_final=umac128_final \ + -Dumac_delete=umac128_delete + +clean: + rm -f *.o *.a $(TARGETS) config.cache config.log + rm -f *.out core + +veryclean: distclean + rm -f configure config.h.in *.0 + diff --git a/include/DomainExec/opensshlib/aclocal.m4 b/include/DomainExec/opensshlib/aclocal.m4 new file mode 100644 index 00000000..1640683e --- /dev/null +++ b/include/DomainExec/opensshlib/aclocal.m4 @@ -0,0 +1,179 @@ +dnl $Id: aclocal.m4,v 1.13 2014/01/22 10:30:12 djm Exp $ +dnl +dnl OpenSSH-specific autoconf macros +dnl + +dnl OSSH_CHECK_CFLAG_COMPILE(check_flag[, define_flag]) +dnl Check that $CC accepts a flag 'check_flag'. If it is supported append +dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append +dnl 'check_flag'. +AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ + AC_MSG_CHECKING([if $CC supports compile flag $1]) + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR $1" + _define_flag="$2" + test "x$_define_flag" = "x" && _define_flag="$1" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + ]])], + [ +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" +else + AC_MSG_RESULT([yes]) + CFLAGS="$saved_CFLAGS $_define_flag" +fi], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" ] + ) +}]) + +dnl OSSH_CHECK_CFLAG_LINK(check_flag[, define_flag]) +dnl Check that $CC accepts a flag 'check_flag'. If it is supported append +dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append +dnl 'check_flag'. +AC_DEFUN([OSSH_CHECK_CFLAG_LINK], [{ + AC_MSG_CHECKING([if $CC supports compile flag $1 and linking succeeds]) + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR $1" + _define_flag="$2" + test "x$_define_flag" = "x" && _define_flag="$1" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + ]])], + [ +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" +else + AC_MSG_RESULT([yes]) + CFLAGS="$saved_CFLAGS $_define_flag" +fi], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" ] + ) +}]) + +dnl OSSH_CHECK_LDFLAG_LINK(check_flag[, define_flag]) +dnl Check that $LD accepts a flag 'check_flag'. If it is supported append +dnl 'define_flag' to $LDFLAGS. If 'define_flag' is not specified, then append +dnl 'check_flag'. +AC_DEFUN([OSSH_CHECK_LDFLAG_LINK], [{ + AC_MSG_CHECKING([if $LD supports link flag $1]) + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR $1" + _define_flag="$2" + test "x$_define_flag" = "x" && _define_flag="$1" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + ]])], + [ AC_MSG_RESULT([yes]) + LDFLAGS="$saved_LDFLAGS $_define_flag"], + [ AC_MSG_RESULT([no]) + LDFLAGS="$saved_LDFLAGS" ] + ) +}]) + +dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol) +dnl Does AC_EGREP_HEADER on 'header' for the string 'field' +dnl If found, set 'symbol' to be defined. Cache the result. +dnl TODO: This is not foolproof, better to compile and read from there +AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [ +# look for field '$1' in header '$2' + dnl This strips characters illegal to m4 from the header filename + ossh_safe=`echo "$2" | sed 'y%./+-%__p_%'` + dnl + ossh_varname="ossh_cv_$ossh_safe""_has_"$1 + AC_MSG_CHECKING(for $1 field in $2) + AC_CACHE_VAL($ossh_varname, [ + AC_EGREP_HEADER($1, $2, [ dnl + eval "$ossh_varname=yes" dnl + ], [ dnl + eval "$ossh_varname=no" dnl + ]) dnl + ]) + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + AC_MSG_RESULT($ossh_result) + if test "x$ossh_result" = "xyes"; then + AC_DEFINE($3, 1, [Define if you have $1 in $2]) + fi + else + AC_MSG_RESULT(no) + fi +]) + +dnl Check for socklen_t: historically on BSD it is an int, and in +dnl POSIX 1g it is a type of its own, but some platforms use different +dnl types for the argument to getsockopt, getpeername, etc. So we +dnl have to test to find something that will work. +AC_DEFUN([TYPE_SOCKLEN_T], +[ + AC_CHECK_TYPE([socklen_t], ,[ + AC_MSG_CHECKING([for socklen_t equivalent]) + AC_CACHE_VAL([curl_cv_socklen_t_equiv], + [ + # Systems have either "struct sockaddr *" or + # "void *" as the second argument to getpeername + curl_cv_socklen_t_equiv= + for arg2 in "struct sockaddr" void; do + for t in int size_t unsigned long "unsigned long"; do + AC_TRY_COMPILE([ + #include + #include + + int getpeername (int, $arg2 *, $t *); + ],[ + $t len; + getpeername(0,0,&len); + ],[ + curl_cv_socklen_t_equiv="$t" + break + ]) + done + done + + if test "x$curl_cv_socklen_t_equiv" = x; then + AC_MSG_ERROR([Cannot find a type to use in place of socklen_t]) + fi + ]) + AC_MSG_RESULT($curl_cv_socklen_t_equiv) + AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv, + [type to use in place of socklen_t if not defined])], + [#include +#include ]) +]) + diff --git a/include/DomainExec/opensshlib/addrmatch.c b/include/DomainExec/opensshlib/addrmatch.c new file mode 100644 index 00000000..c3981bc0 --- /dev/null +++ b/include/DomainExec/opensshlib/addrmatch.c @@ -0,0 +1,505 @@ +/* $OpenBSD: addrmatch.c,v 1.10 2015/07/08 19:04:21 markus Exp $ */ + +/* + * Copyright (c) 2004-2008 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#ifndef WIN32 +#include +#include +#include + +#include +#endif +#include +#include +#include +#include + +#include "match.h" +#include "log.h" + +#if 0 + +struct xaddr { + sa_family_t af; + union { + struct in_addr v4; + struct in6_addr v6; + u_int8_t addr8[16]; + u_int32_t addr32[4]; + } xa; /* 128-bit address */ + u_int32_t scope_id; /* iface scope id for v6 */ +#define v4 xa.v4 +#define v6 xa.v6 +#define addr8 xa.addr8 +#define addr32 xa.addr32 +}; + +static int +addr_unicast_masklen(int af) +{ + switch (af) { + case AF_INET: + return 32; + case AF_INET6: + return 128; + default: + return -1; + } +} + +static inline int +masklen_valid(int af, u_int masklen) +{ + switch (af) { + case AF_INET: + return masklen <= 32 ? 0 : -1; + case AF_INET6: + return masklen <= 128 ? 0 : -1; + default: + return -1; + } +} + +/* + * Convert struct sockaddr to struct xaddr + * Returns 0 on success, -1 on failure. + */ +static int +addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa) +{ + struct sockaddr_in *in4 = (struct sockaddr_in *)sa; + struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa; + + memset(xa, '\0', sizeof(*xa)); + + switch (sa->sa_family) { + case AF_INET: + if (slen < (socklen_t)sizeof(*in4)) + return -1; + xa->af = AF_INET; + memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4)); + break; + case AF_INET6: + if (slen < (socklen_t)sizeof(*in6)) + return -1; + xa->af = AF_INET6; + memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6)); +#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID + xa->scope_id = in6->sin6_scope_id; +#endif + break; + default: + return -1; + } + + return 0; +} + +/* + * Calculate a netmask of length 'l' for address family 'af' and + * store it in 'n'. + * Returns 0 on success, -1 on failure. + */ +static int +addr_netmask(int af, u_int l, struct xaddr *n) +{ + int i; + + if (masklen_valid(af, l) != 0 || n == NULL) + return -1; + + memset(n, '\0', sizeof(*n)); + switch (af) { + case AF_INET: + n->af = AF_INET; + if (l == 0) + return 0; + n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff); + return 0; + case AF_INET6: + n->af = AF_INET6; + for (i = 0; i < 4 && l >= 32; i++, l -= 32) + n->addr32[i] = 0xffffffffU; + if (i < 4 && l != 0) + n->addr32[i] = htonl((0xffffffff << (32 - l)) & + 0xffffffff); + return 0; + default: + return -1; + } +} + +/* + * Perform logical AND of addresses 'a' and 'b', storing result in 'dst'. + * Returns 0 on success, -1 on failure. + */ +static int +addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b) +{ + int i; + + if (dst == NULL || a == NULL || b == NULL || a->af != b->af) + return -1; + + memcpy(dst, a, sizeof(*dst)); + switch (a->af) { + case AF_INET: + dst->v4.s_addr &= b->v4.s_addr; + return 0; + case AF_INET6: + dst->scope_id = a->scope_id; + for (i = 0; i < 4; i++) + dst->addr32[i] &= b->addr32[i]; + return 0; + default: + return -1; + } +} + +/* + * Compare addresses 'a' and 'b' + * Return 0 if addresses are identical, -1 if (a < b) or 1 if (a > b) + */ +static int +addr_cmp(const struct xaddr *a, const struct xaddr *b) +{ + int i; + + if (a->af != b->af) + return a->af == AF_INET6 ? 1 : -1; + + switch (a->af) { + case AF_INET: + if (a->v4.s_addr == b->v4.s_addr) + return 0; + return ntohl(a->v4.s_addr) > ntohl(b->v4.s_addr) ? 1 : -1; + case AF_INET6: + for (i = 0; i < 16; i++) + if (a->addr8[i] - b->addr8[i] != 0) + return a->addr8[i] > b->addr8[i] ? 1 : -1; + if (a->scope_id == b->scope_id) + return 0; + return a->scope_id > b->scope_id ? 1 : -1; + default: + return -1; + } +} + +/* + * Parse string address 'p' into 'n' + * Returns 0 on success, -1 on failure. + */ +static int +addr_pton(const char *p, struct xaddr *n) +{ + struct addrinfo hints, *ai; + + memset(&hints, '\0', sizeof(hints)); + hints.ai_flags = AI_NUMERICHOST; + + if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0) + return -1; + + if (ai == NULL || ai->ai_addr == NULL) + return -1; + + if (n != NULL && + addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1) { + freeaddrinfo(ai); + return -1; + } + + freeaddrinfo(ai); + return 0; +} + +/* + * Perform bitwise negation of address + * Returns 0 on success, -1 on failure. + */ +static int +addr_invert(struct xaddr *n) +{ + int i; + + if (n == NULL) + return (-1); + + switch (n->af) { + case AF_INET: + n->v4.s_addr = ~n->v4.s_addr; + return (0); + case AF_INET6: + for (i = 0; i < 4; i++) + n->addr32[i] = ~n->addr32[i]; + return (0); + default: + return (-1); + } +} + +/* + * Calculate a netmask of length 'l' for address family 'af' and + * store it in 'n'. + * Returns 0 on success, -1 on failure. + */ +static int +addr_hostmask(int af, u_int l, struct xaddr *n) +{ + if (addr_netmask(af, l, n) == -1 || addr_invert(n) == -1) + return (-1); + return (0); +} + +/* + * Test whether address 'a' is all zeros (i.e. 0.0.0.0 or ::) + * Returns 0 on if address is all-zeros, -1 if not all zeros or on failure. + */ +static int +addr_is_all0s(const struct xaddr *a) +{ + int i; + + switch (a->af) { + case AF_INET: + return (a->v4.s_addr == 0 ? 0 : -1); + case AF_INET6:; + for (i = 0; i < 4; i++) + if (a->addr32[i] != 0) + return (-1); + return (0); + default: + return (-1); + } +} + +/* + * Test whether host portion of address 'a', as determined by 'masklen' + * is all zeros. + * Returns 0 on if host portion of address is all-zeros, + * -1 if not all zeros or on failure. + */ +static int +addr_host_is_all0s(const struct xaddr *a, u_int masklen) +{ + struct xaddr tmp_addr, tmp_mask, tmp_result; + + memcpy(&tmp_addr, a, sizeof(tmp_addr)); + if (addr_hostmask(a->af, masklen, &tmp_mask) == -1) + return (-1); + if (addr_and(&tmp_result, &tmp_addr, &tmp_mask) == -1) + return (-1); + return (addr_is_all0s(&tmp_result)); +} + +/* + * Parse a CIDR address (x.x.x.x/y or xxxx:yyyy::/z). + * Return -1 on parse error, -2 on inconsistency or 0 on success. + */ +static int +addr_pton_cidr(const char *p, struct xaddr *n, u_int *l) +{ + struct xaddr tmp; + long unsigned int masklen = 999; + char addrbuf[64], *mp, *cp; + + /* Don't modify argument */ + if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf)) + return -1; + + if ((mp = strchr(addrbuf, '/')) != NULL) { + *mp = '\0'; + mp++; + masklen = strtoul(mp, &cp, 10); + if (*mp == '\0' || *cp != '\0' || masklen > 128) + return -1; + } + + if (addr_pton(addrbuf, &tmp) == -1) + return -1; + + if (mp == NULL) + masklen = addr_unicast_masklen(tmp.af); + if (masklen_valid(tmp.af, masklen) == -1) + return -2; + if (addr_host_is_all0s(&tmp, masklen) != 0) + return -2; + + if (n != NULL) + memcpy(n, &tmp, sizeof(*n)); + if (l != NULL) + *l = masklen; + + return 0; +} + +static int +addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen) +{ + struct xaddr tmp_mask, tmp_result; + + if (host->af != net->af) + return -1; + + if (addr_netmask(host->af, masklen, &tmp_mask) == -1) + return -1; + if (addr_and(&tmp_result, host, &tmp_mask) == -1) + return -1; + return addr_cmp(&tmp_result, net); +} + +/* + * Match "addr" against list pattern list "_list", which may contain a + * mix of CIDR addresses and old-school wildcards. + * + * If addr is NULL, then no matching is performed, but _list is parsed + * and checked for well-formedness. + * + * Returns 1 on match found (never returned when addr == NULL). + * Returns 0 on if no match found, or no errors found when addr == NULL. + * Returns -1 on negated match found (never returned when addr == NULL). + * Returns -2 on invalid list entry. + */ +int +addr_match_list(const char *addr, const char *_list) +{ + char *list, *cp, *o; + struct xaddr try_addr, match_addr; + u_int masklen, neg; + int ret = 0, r; + + if (addr != NULL && addr_pton(addr, &try_addr) != 0) { + debug2("%s: couldn't parse address %.100s", __func__, addr); + return 0; + } + if ((o = list = strdup(_list)) == NULL) + return -1; + while ((cp = strsep(&list, ",")) != NULL) { + neg = *cp == '!'; + if (neg) + cp++; + if (*cp == '\0') { + ret = -2; + break; + } + /* Prefer CIDR address matching */ + r = addr_pton_cidr(cp, &match_addr, &masklen); + if (r == -2) { + ssh_error("Inconsistent mask length for " + "network \"%.100s\"", cp); + ret = -2; + break; + } else if (r == 0) { + if (addr != NULL && addr_netmatch(&try_addr, + &match_addr, masklen) == 0) { + foundit: + if (neg) { + ret = -1; + break; + } + ret = 1; + } + continue; + } else { + /* If CIDR parse failed, try wildcard string match */ + if (addr != NULL && match_pattern(addr, cp) == 1) + goto foundit; + } + } + free(o); + + return ret; +} + +/* + * Match "addr" against list CIDR list "_list". Lexical wildcards and + * negation are not supported. If "addr" == NULL, will verify structure + * of "_list". + * + * Returns 1 on match found (never returned when addr == NULL). + * Returns 0 on if no match found, or no errors found when addr == NULL. + * Returns -1 on error + */ +int +addr_match_cidr_list(const char *addr, const char *_list) +{ + char *list, *cp, *o; + struct xaddr try_addr, match_addr; + u_int masklen; + int ret = 0, r; + + if (addr != NULL && addr_pton(addr, &try_addr) != 0) { + debug2("%s: couldn't parse address %.100s", __func__, addr); + return 0; + } + if ((o = list = strdup(_list)) == NULL) + return -1; + while ((cp = strsep(&list, ",")) != NULL) { + if (*cp == '\0') { + ssh_error("%s: empty entry in list \"%.100s\"", + __func__, o); + ret = -1; + break; + } + + /* + * NB. This function is called in pre-auth with untrusted data, + * so be extra paranoid about junk reaching getaddrino (via + * addr_pton_cidr). + */ + + /* Stop junk from reaching getaddrinfo. +3 is for masklen */ + if (strlen(cp) > INET6_ADDRSTRLEN + 3) { + ssh_error("%s: list entry \"%.100s\" too long", + __func__, cp); + ret = -1; + break; + } +#define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/" + if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) { + ssh_error("%s: list entry \"%.100s\" contains invalid " + "characters", __func__, cp); + ret = -1; + } + + /* Prefer CIDR address matching */ + r = addr_pton_cidr(cp, &match_addr, &masklen); + if (r == -1) { + ssh_error("Invalid network entry \"%.100s\"", cp); + ret = -1; + break; + } else if (r == -2) { + ssh_error("Inconsistent mask length for " + "network \"%.100s\"", cp); + ret = -1; + break; + } else if (r == 0 && addr != NULL) { + if (addr_netmatch(&try_addr, &match_addr, + masklen) == 0) + ret = 1; + continue; + } + } + free(o); + + return ret; +} + +#endif \ No newline at end of file diff --git a/include/DomainExec/opensshlib/arc4random.c b/include/DomainExec/opensshlib/arc4random.c new file mode 100644 index 00000000..9482c185 --- /dev/null +++ b/include/DomainExec/opensshlib/arc4random.c @@ -0,0 +1,330 @@ +/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */ + +/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * ChaCha based random number generator for OpenBSD. + */ + +#include "includes.h" + +#include + +#include +#include +#include +#ifndef WIN32 +#include +#endif + +#ifndef HAVE_ARC4RANDOM + +#ifdef WITH_OPENSSL +#include +#include +#endif + +#include "log.h" + +#define KEYSTREAM_ONLY +#include "chacha_private.h" + +#ifdef __GNUC__ +#define inline __inline +#else /* !__GNUC__ */ +#define inline +#endif /* !__GNUC__ */ + +/* OpenSSH isn't multithreaded */ +#define _ARC4_LOCK() +#define _ARC4_UNLOCK() + +#define KEYSZ 32 +#define IVSZ 8 +#define BLOCKSZ 64 +#define RSBUFSZ (16*BLOCKSZ) +static int rs_initialized; +static pid_t rs_stir_pid; +static chacha_ctx rs; /* chacha context for random keystream */ +static u_char rs_buf[RSBUFSZ]; /* keystream blocks */ +static size_t rs_have; /* valid bytes at end of rs_buf */ +static size_t rs_count; /* bytes till reseed */ + +static inline void _rs_rekey(u_char *dat, size_t datlen); + +static inline void +_rs_init(u_char *buf, size_t n) +{ + if (n < KEYSZ + IVSZ) + return; + chacha_keysetup(&rs, buf, KEYSZ * 8, 0); + chacha_ivsetup(&rs, buf + KEYSZ); +} + +#ifndef WITH_OPENSSL +#define SSH_RANDOM_DEV "/dev/urandom" +/* XXX use getrandom() if supported on Linux */ +static void +getrnd(u_char *s, size_t len) +{ + int fd; + ssize_t r; + size_t o = 0; + + if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) + fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno)); + while (o < len) { + r = read(fd, s + o, len - o); + if (r < 0) { + if (errno == EAGAIN || errno == EINTR || + errno == EWOULDBLOCK) + continue; + fatal("read %s: %s", SSH_RANDOM_DEV, strerror(errno)); + } + o += r; + } + close(fd); +} +#endif + +static void +_rs_stir(void) +{ + u_char rnd[KEYSZ + IVSZ]; + +#ifdef WITH_OPENSSL + if (RAND_bytes(rnd, sizeof(rnd)) <= 0) + fatal("Couldn't obtain random bytes (error %ld)", + ERR_get_error()); +#else + getrnd(rnd, sizeof(rnd)); +#endif + + if (!rs_initialized) { + rs_initialized = 1; + _rs_init(rnd, sizeof(rnd)); + } else + _rs_rekey(rnd, sizeof(rnd)); + explicit_bzero(rnd, sizeof(rnd)); + + /* invalidate rs_buf */ + rs_have = 0; + memset(rs_buf, 0, RSBUFSZ); + + rs_count = 1600000; +} + +static inline void +_rs_stir_if_needed(size_t len) +{ + pid_t pid = getpid(); + + if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) { + rs_stir_pid = pid; + _rs_stir(); + } else + rs_count -= len; +} + +static inline void +_rs_rekey(u_char *dat, size_t datlen) +{ +#ifndef KEYSTREAM_ONLY + memset(rs_buf, 0,RSBUFSZ); +#endif + /* fill rs_buf with the keystream */ + chacha_encrypt_bytes(&rs, rs_buf, rs_buf, RSBUFSZ); + /* mix in optional user provided data */ + if (dat) { + size_t i, m; + + m = MIN(datlen, KEYSZ + IVSZ); + for (i = 0; i < m; i++) + rs_buf[i] ^= dat[i]; + } + /* immediately reinit for backtracking resistance */ + _rs_init(rs_buf, KEYSZ + IVSZ); + memset(rs_buf, 0, KEYSZ + IVSZ); + rs_have = RSBUFSZ - KEYSZ - IVSZ; +} + +static inline void +_rs_random_buf(void *_buf, size_t n) +{ + u_char *buf = (u_char *)_buf; + size_t m; + + _rs_stir_if_needed(n); + while (n > 0) { + if (rs_have > 0) { + m = MIN(n, rs_have); + memcpy(buf, rs_buf + RSBUFSZ - rs_have, m); + memset(rs_buf + RSBUFSZ - rs_have, 0, m); + buf += m; + n -= m; + rs_have -= m; + } + if (rs_have == 0) + _rs_rekey(NULL, 0); + } +} + +static inline void +_rs_random_u32(u_int32_t *val) +{ + _rs_stir_if_needed(sizeof(*val)); + if (rs_have < sizeof(*val)) + _rs_rekey(NULL, 0); + memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val)); + memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val)); + rs_have -= sizeof(*val); + return; +} + +void +arc4random_stir(void) +{ + _ARC4_LOCK(); + _rs_stir(); + _ARC4_UNLOCK(); +} + +void +arc4random_addrandom(u_char *dat, int datlen) +{ + int m; + + _ARC4_LOCK(); + if (!rs_initialized) + _rs_stir(); + while (datlen > 0) { + m = MIN(datlen, KEYSZ + IVSZ); + _rs_rekey(dat, m); + dat += m; + datlen -= m; + } + _ARC4_UNLOCK(); +} + +u_int32_t +arc4random(void) +{ + u_int32_t val; + + _ARC4_LOCK(); + _rs_random_u32(&val); + _ARC4_UNLOCK(); + return val; +} + +/* + * If we are providing arc4random, then we can provide a more efficient + * arc4random_buf(). + */ +# ifndef HAVE_ARC4RANDOM_BUF +void +arc4random_buf(void *buf, size_t n) +{ + _ARC4_LOCK(); + _rs_random_buf(buf, n); + _ARC4_UNLOCK(); +} +# endif /* !HAVE_ARC4RANDOM_BUF */ +#endif /* !HAVE_ARC4RANDOM */ + +/* arc4random_buf() that uses platform arc4random() */ +#if !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) +void +arc4random_buf(void *_buf, size_t n) +{ + size_t i; + u_int32_t r = 0; + char *buf = (char *)_buf; + + for (i = 0; i < n; i++) { + if (i % 4 == 0) + r = arc4random(); + buf[i] = r & 0xff; + r >>= 8; + } + explicit_bzero(&r, sizeof(r)); +} +#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */ + +#ifndef HAVE_ARC4RANDOM_UNIFORM +/* + * Calculate a uniformly distributed random number less than upper_bound + * avoiding "modulo bias". + * + * Uniformity is achieved by generating new random numbers until the one + * returned is outside the range [0, 2**32 % upper_bound). This + * guarantees the selected random number will be inside + * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) + * after reduction modulo upper_bound. + */ +u_int32_t +arc4random_uniform(u_int32_t upper_bound) +{ + u_int32_t r, min; + + if (upper_bound < 2) + return 0; + + /* 2**32 % x == (2**32 - x) % x */ + min = -upper_bound % upper_bound; + + /* + * This could theoretically loop forever but each retry has + * p > 0.5 (worst case, usually far better) of selecting a + * number inside the range we need, so it should rarely need + * to re-roll. + */ + for (;;) { + r = arc4random(); + if (r >= min) + break; + } + + return r % upper_bound; +} +#endif /* !HAVE_ARC4RANDOM_UNIFORM */ + +#if 0 +/*-------- Test code for i386 --------*/ +#include +#include +int +main(int argc, char **argv) +{ + const int iter = 1000000; + int i; + pctrval v; + + v = rdtsc(); + for (i = 0; i < iter; i++) + arc4random(); + v = rdtsc() - v; + v /= iter; + + printf("%qd cycles\n", v); + exit(0); +} +#endif diff --git a/include/DomainExec/opensshlib/audit.h b/include/DomainExec/opensshlib/audit.h new file mode 100644 index 00000000..695f7235 --- /dev/null +++ b/include/DomainExec/opensshlib/audit.h @@ -0,0 +1,54 @@ +/* $Id: audit.h,v 1.3 2006/08/05 14:05:10 dtucker Exp $ */ + +/* + * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _SSH_AUDIT_H +# define _SSH_AUDIT_H +enum ssh_audit_event_type { + SSH_LOGIN_EXCEED_MAXTRIES, + SSH_LOGIN_ROOT_DENIED, + SSH_AUTH_SUCCESS, + SSH_AUTH_FAIL_NONE, + SSH_AUTH_FAIL_PASSWD, + SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ + SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ + SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ + SSH_AUTH_FAIL_GSSAPI, + SSH_INVALID_USER, + SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */ + SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */ + SSH_CONNECTION_ABANDON, /* closed without completing auth */ + SSH_AUDIT_UNKNOWN +}; +typedef enum ssh_audit_event_type ssh_audit_event_t; + +void audit_connection_from(const char *, int); +void audit_event(ssh_audit_event_t); +void audit_session_open(const char *); +void audit_session_close(const char *); +void audit_run_command(const char *); +ssh_audit_event_t audit_classify_auth(const char *); + +#endif /* _SSH_AUDIT_H */ diff --git a/include/DomainExec/opensshlib/auth.h b/include/DomainExec/opensshlib/auth.h new file mode 100644 index 00000000..54856559 --- /dev/null +++ b/include/DomainExec/opensshlib/auth.h @@ -0,0 +1,198 @@ +/* $OpenBSD: auth.h,v 1.62 2008/11/04 08:22:12 djm Exp $ */ + +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef AUTH_H +#define AUTH_H + +#include + +#include + +#ifdef HAVE_LOGIN_CAP +#include +#endif +#ifdef BSD_AUTH +#include +#endif +#ifdef KRB5 +#include +#endif + +typedef struct Authctxt Authctxt; +typedef struct Authmethod Authmethod; +typedef struct KbdintDevice KbdintDevice; + +struct Authctxt { + sig_atomic_t success; + int authenticated; /* authenticated and alarms cancelled */ + int postponed; /* authentication needs another step */ + int valid; /* user exists and is allowed to login */ + int attempt; + int failures; + int force_pwchange; + char *user; /* username sent by the client */ + char *service; + struct passwd *pw; /* set if 'valid' */ + char *style; + void *kbdintctxt; + void *jpake_ctx; +#ifdef BSD_AUTH + auth_session_t *as; +#endif +#ifdef KRB5 + krb5_context krb5_ctx; + krb5_ccache krb5_fwd_ccache; + krb5_principal krb5_user; + char *krb5_ticket_file; + char *krb5_ccname; +#endif + Buffer *loginmsg; + void *methoddata; +}; +/* + * Every authentication method has to handle authentication requests for + * non-existing users, or for users that are not allowed to login. In this + * case 'valid' is set to 0, but 'user' points to the username requested by + * the client. + */ + +struct Authmethod { + char *name; + int (*userauth)(Authctxt *authctxt); + int *enabled; +}; + +/* + * Keyboard interactive device: + * init_ctx returns: non NULL upon success + * query returns: 0 - success, otherwise failure + * respond returns: 0 - success, 1 - need further interaction, + * otherwise - failure + */ +struct KbdintDevice +{ + const char *name; + void* (*init_ctx)(Authctxt*); + int (*query)(void *ctx, char **name, char **infotxt, + u_int *numprompts, char ***prompts, u_int **echo_on); + int (*respond)(void *ctx, u_int numresp, char **responses); + void (*free_ctx)(void *ctx); +}; + +int auth_rhosts(struct passwd *, const char *); +int +auth_rhosts2(struct passwd *, const char *, const char *, const char *); + +int auth_rhosts_rsa(Authctxt *, char *, Key *); +int auth_password(Authctxt *, const char *); +int auth_rsa(Authctxt *, BIGNUM *); +int auth_rsa_challenge_dialog(Key *); +BIGNUM *auth_rsa_generate_challenge(Key *); +int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]); +int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); + +int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); +int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); +int user_key_allowed(struct passwd *, Key *); + +#ifdef KRB5 +int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *); +int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt); +int auth_krb5_password(Authctxt *authctxt, const char *password); +void krb5_cleanup_proc(Authctxt *authctxt); +#endif /* KRB5 */ + +#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) +#include +int auth_shadow_acctexpired(struct spwd *); +int auth_shadow_pwexpired(Authctxt *); +#endif + +#include "audit.h" + +void do_authentication(Authctxt *); +void do_authentication2(Authctxt *); + +void auth_log(Authctxt *, int, char *, char *); +void userauth_finish(Authctxt *, int, char *); +void userauth_send_banner(const char *); +int auth_root_allowed(char *); + +char *auth2_read_banner(void); + +void privsep_challenge_enable(void); + +int auth2_challenge(Authctxt *, char *); +void auth2_challenge_stop(Authctxt *); +int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); +int bsdauth_respond(void *, u_int, char **); +int skey_query(void *, char **, char **, u_int *, char ***, u_int **); +int skey_respond(void *, u_int, char **); + +void auth2_jpake_get_pwdata(Authctxt *, BIGNUM **, char **, char **); +void auth2_jpake_stop(Authctxt *); + +int allowed_user(struct passwd *); +struct passwd * getpwnamallow(const char *user); + +char *get_challenge(Authctxt *); +int verify_response(Authctxt *, const char *); +void abandon_challenge_response(Authctxt *); + +char *authorized_keys_file(struct passwd *); +char *authorized_keys_file2(struct passwd *); + +FILE *auth_openkeyfile(const char *, struct passwd *, int); + +HostStatus +check_key_in_hostfiles(struct passwd *, Key *, const char *, + const char *, const char *); + +/* hostkey handling */ +Key *get_hostkey_by_index(int); +Key *get_hostkey_by_type(int); +int get_hostkey_index(Key *); +int ssh1_session_key(BIGNUM *); + +/* debug messages during authentication */ +void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); +void auth_debug_send(void); +void auth_debug_reset(void); + +struct passwd *fakepw(void); + +int sys_auth_passwd(Authctxt *, const char *); + +#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" + +#define SKEY_PROMPT "\nS/Key Password: " + +#if defined(KRB5) && !defined(HEIMDAL) +#include +krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *); +#endif +#endif diff --git a/include/DomainExec/opensshlib/authfd.h b/include/DomainExec/opensshlib/authfd.h new file mode 100644 index 00000000..bea20c26 --- /dev/null +++ b/include/DomainExec/opensshlib/authfd.h @@ -0,0 +1,90 @@ +/* $OpenBSD: authfd.h,v 1.38 2015/01/14 20:05:27 djm Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * Functions to interface with the SSH_AUTHENTICATION_FD socket. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#ifndef AUTHFD_H +#define AUTHFD_H + +/* List of identities returned by ssh_fetch_identitylist() */ +struct ssh_identitylist { + size_t nkeys; + struct sshkey **keys; + char **comments; +}; + +int ssh_get_authentication_socket(int *fdp); +void ssh_close_authentication_socket(int sock); + +int ssh_lock_agent(int sock, int lock, const char *password); +int ssh_fetch_identitylist(int sock, int version, + struct ssh_identitylist **idlp); +void ssh_free_identitylist(struct ssh_identitylist *idl); +int ssh_add_identity_constrained(int sock, struct sshkey *key, + const char *comment, u_int life, u_int confirm); +int ssh_remove_identity(int sock, struct sshkey *key); +int ssh_update_card(int sock, int add, const char *reader_id, + const char *pin, u_int life, u_int confirm); +int ssh_remove_all_identities(int sock, int version); + +int ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, + u_char session_id[16], u_char response[16]); +int ssh_agent_sign(int sock, struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat); + +/* Messages for the authentication agent connection. */ +#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 +#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2 +#define SSH_AGENTC_RSA_CHALLENGE 3 +#define SSH_AGENT_RSA_RESPONSE 4 +#define SSH_AGENT_FAILURE 5 +#define SSH_AGENT_SUCCESS 6 +#define SSH_AGENTC_ADD_RSA_IDENTITY 7 +#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8 +#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 + +/* private OpenSSH extensions for SSH2 */ +#define SSH2_AGENTC_REQUEST_IDENTITIES 11 +#define SSH2_AGENT_IDENTITIES_ANSWER 12 +#define SSH2_AGENTC_SIGN_REQUEST 13 +#define SSH2_AGENT_SIGN_RESPONSE 14 +#define SSH2_AGENTC_ADD_IDENTITY 17 +#define SSH2_AGENTC_REMOVE_IDENTITY 18 +#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 + +/* smartcard */ +#define SSH_AGENTC_ADD_SMARTCARD_KEY 20 +#define SSH_AGENTC_REMOVE_SMARTCARD_KEY 21 + +/* lock/unlock the agent */ +#define SSH_AGENTC_LOCK 22 +#define SSH_AGENTC_UNLOCK 23 + +/* add key with constraints */ +#define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24 +#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 +#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26 + +#define SSH_AGENT_CONSTRAIN_LIFETIME 1 +#define SSH_AGENT_CONSTRAIN_CONFIRM 2 + +/* extended failure messages */ +#define SSH2_AGENT_FAILURE 30 + +/* additional error code for ssh.com's ssh-agent2 */ +#define SSH_COM_AGENT2_FAILURE 102 + +#define SSH_AGENT_OLD_SIGNATURE 0x01 + +#endif /* AUTHFD_H */ diff --git a/include/DomainExec/opensshlib/authfile.h b/include/DomainExec/opensshlib/authfile.h new file mode 100644 index 00000000..624d269f --- /dev/null +++ b/include/DomainExec/opensshlib/authfile.h @@ -0,0 +1,52 @@ +/* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */ + +/* + * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef AUTHFILE_H +#define AUTHFILE_H + +struct sshbuf; +struct sshkey; + +/* XXX document these */ +/* XXX some of these could probably be merged/retired */ + +int sshkey_save_private(struct sshkey *, const char *, + const char *, const char *, int, const char *, int); +int sshkey_load_file(int, struct sshbuf *); +int sshkey_load_cert(const char *, struct sshkey **); +int sshkey_load_public(const char *, struct sshkey **, char **); +int sshkey_load_private(const char *, const char *, struct sshkey **, char **); +int sshkey_load_private_cert(int, const char *, const char *, + struct sshkey **, int *); +int sshkey_load_private_type(int, const char *, const char *, + struct sshkey **, char **, int *); +int sshkey_load_private_type_fd(int fd, int type, const char *passphrase, + struct sshkey **keyp, char **commentp); +int sshkey_perm_ok(int, const char *); +int sshkey_in_file(struct sshkey *, const char *, int, int); +int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file); + +#endif diff --git a/include/DomainExec/opensshlib/base64.c b/include/DomainExec/opensshlib/base64.c new file mode 100644 index 00000000..50785e60 --- /dev/null +++ b/include/DomainExec/opensshlib/base64.c @@ -0,0 +1,317 @@ +/* $OpenBSD: base64.c,v 1.5 2006/10/21 09:55:03 otto Exp $ */ + +/* + * Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ + +/* OPENBSD ORIGINAL: lib/libc/net/base64.c */ + +#include "includes.h" + +#if (!defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)) || (!defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON)) + +#include +#ifndef WIN32 +#include +#include +#include +#include +#endif + +#include +#include + +#include +#include + +#include "base64.h" + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char Pad64 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) + The following encoding technique is taken from RFC 1521 by Borenstein + and Freed. It is reproduced here in a slightly edited form for + convenience. + + A 65-character subset of US-ASCII is used, enabling 6 bits to be + represented per printable character. (The extra 65th character, "=", + is used to signify a special processing function.) + + The encoding process represents 24-bit groups of input bits as output + strings of 4 encoded characters. Proceeding from left to right, a + 24-bit input group is formed by concatenating 3 8-bit input groups. + These 24 bits are then treated as 4 concatenated 6-bit groups, each + of which is translated into a single digit in the base64 alphabet. + + Each 6-bit group is used as an index into an array of 64 printable + characters. The character referenced by the index is placed in the + output string. + + Table 1: The Base64 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 17 R 34 i 51 z + 1 B 18 S 35 j 52 0 + 2 C 19 T 36 k 53 1 + 3 D 20 U 37 l 54 2 + 4 E 21 V 38 m 55 3 + 5 F 22 W 39 n 56 4 + 6 G 23 X 40 o 57 5 + 7 H 24 Y 41 p 58 6 + 8 I 25 Z 42 q 59 7 + 9 J 26 a 43 r 60 8 + 10 K 27 b 44 s 61 9 + 11 L 28 c 45 t 62 + + 12 M 29 d 46 u 63 / + 13 N 30 e 47 v + 14 O 31 f 48 w (pad) = + 15 P 32 g 49 x + 16 Q 33 h 50 y + + Special processing is performed if fewer than 24 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a quantity. When fewer than 24 input + bits are available in an input group, zero bits are added (on the + right) to form an integral number of 6-bit groups. Padding at the + end of the data is performed using the '=' character. + + Since all base64 input is an integral number of octets, only the + ------------------------------------------------- + following cases can arise: + + (1) the final quantum of encoding input is an integral + multiple of 24 bits; here, the final unit of encoded + output will be an integral multiple of 4 characters + with no "=" padding, + (2) the final quantum of encoding input is exactly 8 bits; + here, the final unit of encoded output will be two + characters followed by two "=" padding characters, or + (3) the final quantum of encoding input is exactly 16 bits; + here, the final unit of encoded output will be three + characters followed by one "=" padding character. + */ + +#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) +int +b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) +{ + size_t datalength = 0; + u_char input[3]; + u_char output[4]; + u_int i; + + while (2 < srclength) { + input[0] = *src++; + input[1] = *src++; + input[2] = *src++; + srclength -= 3; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + output[3] = input[2] & 0x3f; + + if (datalength + 4 > targsize) + return (-1); + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + target[datalength++] = Base64[output[2]]; + target[datalength++] = Base64[output[3]]; + } + + /* Now we worry about padding. */ + if (0 != srclength) { + /* Get what's left. */ + input[0] = input[1] = input[2] = '\0'; + for (i = 0; i < srclength; i++) + input[i] = *src++; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + + if (datalength + 4 > targsize) + return (-1); + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + if (srclength == 1) + target[datalength++] = Pad64; + else + target[datalength++] = Base64[output[2]]; + target[datalength++] = Pad64; + } + if (datalength >= targsize) + return (-1); + target[datalength] = '\0'; /* Returned value doesn't count \0. */ + return (datalength); +} +#endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */ + +#if !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON) + +/* skips all whitespace anywhere. + converts characters, four at a time, starting at (or after) + src from base - 64 numbers into three 8 bit bytes in the target area. + it returns the number of data bytes stored at the target, or -1 on error. + */ + +int +b64_pton(char const *src, u_char *target, size_t targsize) +{ + u_int tarindex, state; + int ch; + char *pos; + + state = 0; + tarindex = 0; + + while ((ch = *src++) != '\0') { + if (isspace(ch)) /* Skip whitespace anywhere. */ + continue; + + if (ch == Pad64) + break; + + pos = strchr(Base64, ch); + if (pos == 0) /* A non-base64 character. */ + return (-1); + + switch (state) { + case 0: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] = (pos - Base64) << 2; + } + state = 1; + break; + case 1: + if (target) { + if (tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 4; + target[tarindex+1] = ((pos - Base64) & 0x0f) + << 4 ; + } + tarindex++; + state = 2; + break; + case 2: + if (target) { + if (tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 2; + target[tarindex+1] = ((pos - Base64) & 0x03) + << 6; + } + tarindex++; + state = 3; + break; + case 3: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] |= (pos - Base64); + } + tarindex++; + state = 0; + break; + } + } + + /* + * We are done decoding Base-64 chars. Let's see if we ended + * on a byte boundary, and/or with erroneous trailing characters. + */ + + if (ch == Pad64) { /* We got a pad char. */ + ch = *src++; /* Skip it, get next. */ + switch (state) { + case 0: /* Invalid = in first position */ + case 1: /* Invalid = in second position */ + return (-1); + + case 2: /* Valid, means one byte of info */ + /* Skip any number of spaces. */ + for (; ch != '\0'; ch = *src++) + if (!isspace(ch)) + break; + /* Make sure there is another trailing = sign. */ + if (ch != Pad64) + return (-1); + ch = *src++; /* Skip the = */ + /* Fall through to "single trailing =" case. */ + /* FALLTHROUGH */ + + case 3: /* Valid, means two bytes of info */ + /* + * We know this char is an =. Is there anything but + * whitespace after it? + */ + for (; ch != '\0'; ch = *src++) + if (!isspace(ch)) + return (-1); + + /* + * Now make sure for cases 2 and 3 that the "extra" + * bits that slopped past the last full byte were + * zeros. If we don't check them, they become a + * subliminal channel. + */ + if (target && target[tarindex] != 0) + return (-1); + } + } else { + /* + * We ended by seeing the end of the string. Make sure we + * have no partial bytes lying around. + */ + if (state != 0) + return (-1); + } + + return (tarindex); +} + +#endif /* !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON) */ +#endif diff --git a/include/DomainExec/opensshlib/base64.h b/include/DomainExec/opensshlib/base64.h new file mode 100644 index 00000000..732c6b3f --- /dev/null +++ b/include/DomainExec/opensshlib/base64.h @@ -0,0 +1,65 @@ +/* $Id: base64.h,v 1.6 2003/08/29 16:59:52 mouring Exp $ */ + +/* + * Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ + +#ifndef _BSD_BASE64_H +#define _BSD_BASE64_H + +#include "includes.h" + +#ifndef HAVE___B64_NTOP +# ifndef HAVE_B64_NTOP +int b64_ntop(u_char const *src, size_t srclength, char *target, + size_t targsize); +# endif /* !HAVE_B64_NTOP */ +# define __b64_ntop(a,b,c,d) b64_ntop(a,b,c,d) +#endif /* HAVE___B64_NTOP */ + +#ifndef HAVE___B64_PTON +# ifndef HAVE_B64_PTON +int b64_pton(char const *src, u_char *target, size_t targsize); +# endif /* !HAVE_B64_PTON */ +# define __b64_pton(a,b,c) b64_pton(a,b,c) +#endif /* HAVE___B64_PTON */ + +#endif /* _BSD_BASE64_H */ diff --git a/include/DomainExec/opensshlib/bcrypt_pbkdf.c b/include/DomainExec/opensshlib/bcrypt_pbkdf.c new file mode 100644 index 00000000..7fc32dde --- /dev/null +++ b/include/DomainExec/opensshlib/bcrypt_pbkdf.c @@ -0,0 +1,181 @@ +/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */ +/* + * Copyright (c) 2013 Ted Unangst + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifndef HAVE_BCRYPT_PBKDF + +#include +#ifndef WIN32 +#include +#endif + +#ifdef HAVE_STDLIB_H +# include +#endif +#include + +#ifdef HAVE_BLF_H +# include +#endif + +#include "crypto_api.h" +#ifdef SHA512_DIGEST_LENGTH +# undef SHA512_DIGEST_LENGTH +#endif +#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES + +#define MINIMUM(a,b) (((a) < (b)) ? (a) : (b)) + +/* + * pkcs #5 pbkdf2 implementation using the "bcrypt" hash + * + * The bcrypt hash function is derived from the bcrypt password hashing + * function with the following modifications: + * 1. The input password and salt are preprocessed with SHA512. + * 2. The output length is expanded to 256 bits. + * 3. Subsequently the magic string to be encrypted is lengthened and modifed + * to "OxychromaticBlowfishSwatDynamite" + * 4. The hash function is defined to perform 64 rounds of initial state + * expansion. (More rounds are performed by iterating the hash.) + * + * Note that this implementation pulls the SHA512 operations into the caller + * as a performance optimization. + * + * One modification from official pbkdf2. Instead of outputting key material + * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to + * generate (e.g.) 512 bits of key material for use as two 256 bit keys, an + * attacker can merely run once through the outer loop, but the user + * always runs it twice. Shuffling output bytes requires computing the + * entirety of the key material to assemble any subkey. This is something a + * wise caller could do; we just do it for you. + */ + +#define BCRYPT_WORDS 8 +#define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4) + +static void +bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out) +{ + blf_ctx state; + u_int8_t ciphertext[BCRYPT_HASHSIZE] = + "OxychromaticBlowfishSwatDynamite"; + uint32_t cdata[BCRYPT_WORDS]; + int i; + uint16_t j; + size_t shalen = SHA512_DIGEST_LENGTH; + + /* key expansion */ + Blowfish_initstate(&state); + Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen); + for (i = 0; i < 64; i++) { + Blowfish_expand0state(&state, sha2salt, shalen); + Blowfish_expand0state(&state, sha2pass, shalen); + } + + /* encryption */ + j = 0; + for (i = 0; i < BCRYPT_WORDS; i++) + cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), + &j); + for (i = 0; i < 64; i++) + blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t)); + + /* copy out */ + for (i = 0; i < BCRYPT_WORDS; i++) { + out[4 * i + 3] = (cdata[i] >> 24) & 0xff; + out[4 * i + 2] = (cdata[i] >> 16) & 0xff; + out[4 * i + 1] = (cdata[i] >> 8) & 0xff; + out[4 * i + 0] = cdata[i] & 0xff; + } + + /* zap */ + explicit_bzero(ciphertext, sizeof(ciphertext)); + explicit_bzero(cdata, sizeof(cdata)); + explicit_bzero(&state, sizeof(state)); +} + +int +bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen, + u_int8_t *key, size_t keylen, unsigned int rounds) +{ + u_int8_t sha2pass[SHA512_DIGEST_LENGTH]; + u_int8_t sha2salt[SHA512_DIGEST_LENGTH]; + u_int8_t out[BCRYPT_HASHSIZE]; + u_int8_t tmpout[BCRYPT_HASHSIZE]; + u_int8_t *countsalt; + size_t i, j, amt, stride; + uint32_t count; + size_t origkeylen = keylen; + + /* nothing crazy */ + if (rounds < 1) + return -1; + if (passlen == 0 || saltlen == 0 || keylen == 0 || + keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20) + return -1; + if ((countsalt = calloc(1, saltlen + 4)) == NULL) + return -1; + stride = (keylen + sizeof(out) - 1) / sizeof(out); + amt = (keylen + stride - 1) / stride; + + memcpy(countsalt, salt, saltlen); + + /* collapse password */ + crypto_hash_sha512(sha2pass, pass, passlen); + + /* generate key, sizeof(out) at a time */ + for (count = 1; keylen > 0; count++) { + countsalt[saltlen + 0] = (count >> 24) & 0xff; + countsalt[saltlen + 1] = (count >> 16) & 0xff; + countsalt[saltlen + 2] = (count >> 8) & 0xff; + countsalt[saltlen + 3] = count & 0xff; + + /* first round, salt is salt */ + crypto_hash_sha512(sha2salt, countsalt, saltlen + 4); + + bcrypt_hash(sha2pass, sha2salt, tmpout); + memcpy(out, tmpout, sizeof(out)); + + for (i = 1; i < rounds; i++) { + /* subsequent rounds, salt is previous output */ + crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout)); + bcrypt_hash(sha2pass, sha2salt, tmpout); + for (j = 0; j < sizeof(out); j++) + out[j] ^= tmpout[j]; + } + + /* + * pbkdf2 deviation: output the key material non-linearly. + */ + amt = MINIMUM(amt, keylen); + for (i = 0; i < amt; i++) { + size_t dest = i * stride + (count - 1); + if (dest >= origkeylen) + break; + key[dest] = out[i]; + } + keylen -= i; + } + + /* zap */ + explicit_bzero(out, sizeof(out)); + free(countsalt); + + return 0; +} +#endif /* HAVE_BCRYPT_PBKDF */ diff --git a/include/DomainExec/opensshlib/blf.h b/include/DomainExec/opensshlib/blf.h new file mode 100644 index 00000000..f1ac5a5c --- /dev/null +++ b/include/DomainExec/opensshlib/blf.h @@ -0,0 +1,88 @@ +/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */ +/* + * Blowfish - a fast block cipher designed by Bruce Schneier + * + * Copyright 1997 Niels Provos + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Niels Provos. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _BLF_H_ +#define _BLF_H_ + +#include "includes.h" + +#if !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) + +/* Schneier specifies a maximum key length of 56 bytes. + * This ensures that every key bit affects every cipher + * bit. However, the subkeys can hold up to 72 bytes. + * Warning: For normal blowfish encryption only 56 bytes + * of the key affect all cipherbits. + */ + +#define BLF_N 16 /* Number of Subkeys */ +#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */ +#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */ + +/* Blowfish context */ +typedef struct BlowfishContext { + u_int32_t S[4][256]; /* S-Boxes */ + u_int32_t P[BLF_N + 2]; /* Subkeys */ +} blf_ctx; + +/* Raw access to customized Blowfish + * blf_key is just: + * Blowfish_initstate( state ) + * Blowfish_expand0state( state, key, keylen ) + */ + +void Blowfish_encipher(blf_ctx *, u_int32_t *, u_int32_t *); +void Blowfish_decipher(blf_ctx *, u_int32_t *, u_int32_t *); +void Blowfish_initstate(blf_ctx *); +void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t); +void Blowfish_expandstate +(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t); + +/* Standard Blowfish */ + +void blf_key(blf_ctx *, const u_int8_t *, u_int16_t); +void blf_enc(blf_ctx *, u_int32_t *, u_int16_t); +void blf_dec(blf_ctx *, u_int32_t *, u_int16_t); + +void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t); +void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t); + +void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); +void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); + +/* Converts u_int8_t to u_int32_t */ +u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , u_int16_t *); + +#endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */ +#endif /* _BLF_H */ + diff --git a/include/DomainExec/opensshlib/blocks.c b/include/DomainExec/opensshlib/blocks.c new file mode 100644 index 00000000..ad93fe50 --- /dev/null +++ b/include/DomainExec/opensshlib/blocks.c @@ -0,0 +1,248 @@ +/* $OpenBSD: blocks.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Author: Daniel J. Bernstein + * Copied from nacl-20110221/crypto_hashblocks/sha512/ref/blocks.c + */ + +#include "includes.h" + +#include "crypto_api.h" + +typedef unsigned long long uint64; + +static uint64 load_bigendian(const unsigned char *x) +{ + return + (uint64) (x[7]) \ + | (((uint64) (x[6])) << 8) \ + | (((uint64) (x[5])) << 16) \ + | (((uint64) (x[4])) << 24) \ + | (((uint64) (x[3])) << 32) \ + | (((uint64) (x[2])) << 40) \ + | (((uint64) (x[1])) << 48) \ + | (((uint64) (x[0])) << 56) + ; +} + +static void store_bigendian(unsigned char *x,uint64 u) +{ + x[7] = u; u >>= 8; + x[6] = u; u >>= 8; + x[5] = u; u >>= 8; + x[4] = u; u >>= 8; + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) +#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) +#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7)) +#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6)) + +#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(w,k) \ + T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \ + T2 = Sigma0(a) + Maj(a,b,c); \ + h = g; \ + g = f; \ + f = e; \ + e = d + T1; \ + d = c; \ + c = b; \ + b = a; \ + a = T1 + T2; + +int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint64 state[8]; + uint64 a; + uint64 b; + uint64 c; + uint64 d; + uint64 e; + uint64 f; + uint64 g; + uint64 h; + uint64 T1; + uint64 T2; + + a = load_bigendian(statebytes + 0); state[0] = a; + b = load_bigendian(statebytes + 8); state[1] = b; + c = load_bigendian(statebytes + 16); state[2] = c; + d = load_bigendian(statebytes + 24); state[3] = d; + e = load_bigendian(statebytes + 32); state[4] = e; + f = load_bigendian(statebytes + 40); state[5] = f; + g = load_bigendian(statebytes + 48); state[6] = g; + h = load_bigendian(statebytes + 56); state[7] = h; + + while (inlen >= 128) { + uint64 w0 = load_bigendian(in + 0); + uint64 w1 = load_bigendian(in + 8); + uint64 w2 = load_bigendian(in + 16); + uint64 w3 = load_bigendian(in + 24); + uint64 w4 = load_bigendian(in + 32); + uint64 w5 = load_bigendian(in + 40); + uint64 w6 = load_bigendian(in + 48); + uint64 w7 = load_bigendian(in + 56); + uint64 w8 = load_bigendian(in + 64); + uint64 w9 = load_bigendian(in + 72); + uint64 w10 = load_bigendian(in + 80); + uint64 w11 = load_bigendian(in + 88); + uint64 w12 = load_bigendian(in + 96); + uint64 w13 = load_bigendian(in + 104); + uint64 w14 = load_bigendian(in + 112); + uint64 w15 = load_bigendian(in + 120); + + F(w0 ,0x428a2f98d728ae22ULL) + F(w1 ,0x7137449123ef65cdULL) + F(w2 ,0xb5c0fbcfec4d3b2fULL) + F(w3 ,0xe9b5dba58189dbbcULL) + F(w4 ,0x3956c25bf348b538ULL) + F(w5 ,0x59f111f1b605d019ULL) + F(w6 ,0x923f82a4af194f9bULL) + F(w7 ,0xab1c5ed5da6d8118ULL) + F(w8 ,0xd807aa98a3030242ULL) + F(w9 ,0x12835b0145706fbeULL) + F(w10,0x243185be4ee4b28cULL) + F(w11,0x550c7dc3d5ffb4e2ULL) + F(w12,0x72be5d74f27b896fULL) + F(w13,0x80deb1fe3b1696b1ULL) + F(w14,0x9bdc06a725c71235ULL) + F(w15,0xc19bf174cf692694ULL) + + EXPAND + + F(w0 ,0xe49b69c19ef14ad2ULL) + F(w1 ,0xefbe4786384f25e3ULL) + F(w2 ,0x0fc19dc68b8cd5b5ULL) + F(w3 ,0x240ca1cc77ac9c65ULL) + F(w4 ,0x2de92c6f592b0275ULL) + F(w5 ,0x4a7484aa6ea6e483ULL) + F(w6 ,0x5cb0a9dcbd41fbd4ULL) + F(w7 ,0x76f988da831153b5ULL) + F(w8 ,0x983e5152ee66dfabULL) + F(w9 ,0xa831c66d2db43210ULL) + F(w10,0xb00327c898fb213fULL) + F(w11,0xbf597fc7beef0ee4ULL) + F(w12,0xc6e00bf33da88fc2ULL) + F(w13,0xd5a79147930aa725ULL) + F(w14,0x06ca6351e003826fULL) + F(w15,0x142929670a0e6e70ULL) + + EXPAND + + F(w0 ,0x27b70a8546d22ffcULL) + F(w1 ,0x2e1b21385c26c926ULL) + F(w2 ,0x4d2c6dfc5ac42aedULL) + F(w3 ,0x53380d139d95b3dfULL) + F(w4 ,0x650a73548baf63deULL) + F(w5 ,0x766a0abb3c77b2a8ULL) + F(w6 ,0x81c2c92e47edaee6ULL) + F(w7 ,0x92722c851482353bULL) + F(w8 ,0xa2bfe8a14cf10364ULL) + F(w9 ,0xa81a664bbc423001ULL) + F(w10,0xc24b8b70d0f89791ULL) + F(w11,0xc76c51a30654be30ULL) + F(w12,0xd192e819d6ef5218ULL) + F(w13,0xd69906245565a910ULL) + F(w14,0xf40e35855771202aULL) + F(w15,0x106aa07032bbd1b8ULL) + + EXPAND + + F(w0 ,0x19a4c116b8d2d0c8ULL) + F(w1 ,0x1e376c085141ab53ULL) + F(w2 ,0x2748774cdf8eeb99ULL) + F(w3 ,0x34b0bcb5e19b48a8ULL) + F(w4 ,0x391c0cb3c5c95a63ULL) + F(w5 ,0x4ed8aa4ae3418acbULL) + F(w6 ,0x5b9cca4f7763e373ULL) + F(w7 ,0x682e6ff3d6b2b8a3ULL) + F(w8 ,0x748f82ee5defb2fcULL) + F(w9 ,0x78a5636f43172f60ULL) + F(w10,0x84c87814a1f0ab72ULL) + F(w11,0x8cc702081a6439ecULL) + F(w12,0x90befffa23631e28ULL) + F(w13,0xa4506cebde82bde9ULL) + F(w14,0xbef9a3f7b2c67915ULL) + F(w15,0xc67178f2e372532bULL) + + EXPAND + + F(w0 ,0xca273eceea26619cULL) + F(w1 ,0xd186b8c721c0c207ULL) + F(w2 ,0xeada7dd6cde0eb1eULL) + F(w3 ,0xf57d4f7fee6ed178ULL) + F(w4 ,0x06f067aa72176fbaULL) + F(w5 ,0x0a637dc5a2c898a6ULL) + F(w6 ,0x113f9804bef90daeULL) + F(w7 ,0x1b710b35131c471bULL) + F(w8 ,0x28db77f523047d84ULL) + F(w9 ,0x32caab7b40c72493ULL) + F(w10,0x3c9ebe0a15c9bebcULL) + F(w11,0x431d67c49c100d4cULL) + F(w12,0x4cc5d4becb3e42b6ULL) + F(w13,0x597f299cfc657e2aULL) + F(w14,0x5fcb6fab3ad6faecULL) + F(w15,0x6c44198c4a475817ULL) + + a += state[0]; + b += state[1]; + c += state[2]; + d += state[3]; + e += state[4]; + f += state[5]; + g += state[6]; + h += state[7]; + + state[0] = a; + state[1] = b; + state[2] = c; + state[3] = d; + state[4] = e; + state[5] = f; + state[6] = g; + state[7] = h; + + in += 128; + inlen -= 128; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 8,state[1]); + store_bigendian(statebytes + 16,state[2]); + store_bigendian(statebytes + 24,state[3]); + store_bigendian(statebytes + 32,state[4]); + store_bigendian(statebytes + 40,state[5]); + store_bigendian(statebytes + 48,state[6]); + store_bigendian(statebytes + 56,state[7]); + + return inlen; +} diff --git a/include/DomainExec/opensshlib/blowfish.c b/include/DomainExec/opensshlib/blowfish.c new file mode 100644 index 00000000..e10f7e7d --- /dev/null +++ b/include/DomainExec/opensshlib/blowfish.c @@ -0,0 +1,696 @@ +/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */ +/* + * Blowfish block cipher for OpenBSD + * Copyright 1997 Niels Provos + * All rights reserved. + * + * Implementation advice by David Mazieres . + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Niels Provos. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code is derived from section 14.3 and the given source + * in section V of Applied Cryptography, second edition. + * Blowfish is an unpatented fast block cipher designed by + * Bruce Schneier. + */ + +#include "includes.h" + +#if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ + !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) + +#if 0 +#include /* used for debugging */ +#include +#endif + +#include +#ifdef HAVE_BLF_H +#include +#endif + +#undef inline +#ifdef __GNUC__ +#define inline __inline +#else /* !__GNUC__ */ +#define inline +#endif /* !__GNUC__ */ + +/* Function for Feistel Networks */ + +#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \ + + (s)[0x100 + (((x)>>16)&0xFF)]) \ + ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \ + + (s)[0x300 + ( (x) &0xFF)]) + +#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n]) + +void +Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) +{ + u_int32_t Xl; + u_int32_t Xr; + u_int32_t *s = c->S[0]; + u_int32_t *p = c->P; + + Xl = *xl; + Xr = *xr; + + Xl ^= p[0]; + BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2); + BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4); + BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6); + BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8); + BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10); + BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12); + BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14); + BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16); + + *xl = Xr ^ p[17]; + *xr = Xl; +} + +void +Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) +{ + u_int32_t Xl; + u_int32_t Xr; + u_int32_t *s = c->S[0]; + u_int32_t *p = c->P; + + Xl = *xl; + Xr = *xr; + + Xl ^= p[17]; + BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15); + BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13); + BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11); + BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9); + BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7); + BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5); + BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3); + BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1); + + *xl = Xr ^ p[0]; + *xr = Xl; +} + +void +Blowfish_initstate(blf_ctx *c) +{ + /* P-box and S-box tables initialized with digits of Pi */ + + static const blf_ctx initstate = + { { + { + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, + 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, + 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, + 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, + 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, + 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, + 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, + 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, + 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, + 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, + 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, + 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, + 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, + 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, + 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, + 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, + 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, + 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, + 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, + 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, + 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, + 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a}, + { + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, + 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, + 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, + 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, + 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, + 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, + 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, + 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, + 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, + 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, + 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, + 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, + 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, + 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, + 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, + 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, + 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, + 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, + 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, + 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, + 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, + 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7}, + { + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, + 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, + 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, + 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, + 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, + 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, + 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, + 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, + 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, + 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, + 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, + 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, + 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, + 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, + 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, + 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, + 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, + 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, + 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, + 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, + 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, + 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0}, + { + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, + 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, + 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, + 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, + 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, + 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, + 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, + 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, + 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, + 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, + 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, + 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, + 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, + 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, + 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, + 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, + 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, + 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, + 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, + 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, + 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, + 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6} + }, + { + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, + 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, + 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, + 0x9216d5d9, 0x8979fb1b + } }; + + *c = initstate; +} + +u_int32_t +Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, + u_int16_t *current) +{ + u_int8_t i; + u_int16_t j; + u_int32_t temp; + + temp = 0x00000000; + j = *current; + + for (i = 0; i < 4; i++, j++) { + if (j >= databytes) + j = 0; + temp = (temp << 8) | data[j]; + } + + *current = j; + return temp; +} + +void +Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) +{ + u_int16_t i; + u_int16_t j; + u_int16_t k; + u_int32_t temp; + u_int32_t datal; + u_int32_t datar; + + j = 0; + for (i = 0; i < BLF_N + 2; i++) { + /* Extract 4 int8 to 1 int32 from keystream */ + temp = Blowfish_stream2word(key, keybytes, &j); + c->P[i] = c->P[i] ^ temp; + } + + j = 0; + datal = 0x00000000; + datar = 0x00000000; + for (i = 0; i < BLF_N + 2; i += 2) { + Blowfish_encipher(c, &datal, &datar); + + c->P[i] = datal; + c->P[i + 1] = datar; + } + + for (i = 0; i < 4; i++) { + for (k = 0; k < 256; k += 2) { + Blowfish_encipher(c, &datal, &datar); + + c->S[i][k] = datal; + c->S[i][k + 1] = datar; + } + } +} + + +void +Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, + const u_int8_t *key, u_int16_t keybytes) +{ + u_int16_t i; + u_int16_t j; + u_int16_t k; + u_int32_t temp; + u_int32_t datal; + u_int32_t datar; + + j = 0; + for (i = 0; i < BLF_N + 2; i++) { + /* Extract 4 int8 to 1 int32 from keystream */ + temp = Blowfish_stream2word(key, keybytes, &j); + c->P[i] = c->P[i] ^ temp; + } + + j = 0; + datal = 0x00000000; + datar = 0x00000000; + for (i = 0; i < BLF_N + 2; i += 2) { + datal ^= Blowfish_stream2word(data, databytes, &j); + datar ^= Blowfish_stream2word(data, databytes, &j); + Blowfish_encipher(c, &datal, &datar); + + c->P[i] = datal; + c->P[i + 1] = datar; + } + + for (i = 0; i < 4; i++) { + for (k = 0; k < 256; k += 2) { + datal ^= Blowfish_stream2word(data, databytes, &j); + datar ^= Blowfish_stream2word(data, databytes, &j); + Blowfish_encipher(c, &datal, &datar); + + c->S[i][k] = datal; + c->S[i][k + 1] = datar; + } + } + +} + +void +blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) +{ + /* Initialize S-boxes and subkeys with Pi */ + Blowfish_initstate(c); + + /* Transform S-boxes and subkeys with key */ + Blowfish_expand0state(c, k, len); +} + +void +blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) +{ + u_int32_t *d; + u_int16_t i; + + d = data; + for (i = 0; i < blocks; i++) { + Blowfish_encipher(c, d, d + 1); + d += 2; + } +} + +void +blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) +{ + u_int32_t *d; + u_int16_t i; + + d = data; + for (i = 0; i < blocks; i++) { + Blowfish_decipher(c, d, d + 1); + d += 2; + } +} + +void +blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int32_t i; + + for (i = 0; i < len; i += 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_encipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + data += 8; + } +} + +void +blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int32_t i; + + for (i = 0; i < len; i += 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + data += 8; + } +} + +void +blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int32_t i, j; + + for (i = 0; i < len; i += 8) { + for (j = 0; j < 8; j++) + data[j] ^= iv[j]; + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_encipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + iv = data; + data += 8; + } +} + +void +blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int8_t *iv; + u_int32_t i, j; + + iv = data + len - 16; + data = data + len - 8; + for (i = len - 8; i >= 8; i -= 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + for (j = 0; j < 8; j++) + data[j] ^= iv[j]; + iv -= 8; + data -= 8; + } + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + for (j = 0; j < 8; j++) + data[j] ^= iva[j]; +} + +#if 0 +void +report(u_int32_t data[], u_int16_t len) +{ + u_int16_t i; + for (i = 0; i < len; i += 2) + printf("Block %0hd: %08lx %08lx.\n", + i / 2, data[i], data[i + 1]); +} +void +main(void) +{ + + blf_ctx c; + char key[] = "AAAAA"; + char key2[] = "abcdefghijklmnopqrstuvwxyz"; + + u_int32_t data[10]; + u_int32_t data2[] = + {0x424c4f57l, 0x46495348l}; + + u_int16_t i; + + /* First test */ + for (i = 0; i < 10; i++) + data[i] = i; + + blf_key(&c, (u_int8_t *) key, 5); + blf_enc(&c, data, 5); + blf_dec(&c, data, 1); + blf_dec(&c, data + 2, 4); + printf("Should read as 0 - 9.\n"); + report(data, 10); + + /* Second test */ + blf_key(&c, (u_int8_t *) key2, strlen(key2)); + blf_enc(&c, data2, 1); + printf("\nShould read as: 0x324ed0fe 0xf413a203.\n"); + report(data2, 2); + blf_dec(&c, data2, 1); + report(data2, 2); +} +#endif + +#endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ + !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */ + diff --git a/include/DomainExec/opensshlib/bsd-asprintf.c b/include/DomainExec/opensshlib/bsd-asprintf.c new file mode 100644 index 00000000..1bb33ffd --- /dev/null +++ b/include/DomainExec/opensshlib/bsd-asprintf.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2004 Darren Tucker. + * + * Based originally on asprintf.c from OpenBSD: + * Copyright (c) 1997 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifdef WIN32 +#include // for vsnprintf definition +#endif + +#ifndef HAVE_VASPRINTF + +#include +#include +#include + +#ifndef VA_COPY +# ifdef HAVE_VA_COPY +# define VA_COPY(dest, src) va_copy(dest, src) +# else +# ifdef HAVE___VA_COPY +# define VA_COPY(dest, src) __va_copy(dest, src) +# else +# define VA_COPY(dest, src) (dest) = (src) +# endif +# endif +#endif + +#define INIT_SZ 128 + +int +vasprintf(char **str, const char *fmt, va_list ap) +{ + int ret = -1; + va_list ap2; + char *string, *newstr; + size_t len; + + VA_COPY(ap2, ap); + if ((string = malloc(INIT_SZ)) == NULL) + goto fail; + + ret = vsnprintf(string, INIT_SZ, fmt, ap2); + if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */ + *str = string; + } else if (ret == INT_MAX || ret < 0) { /* Bad length */ + free(string); + goto fail; + } else { /* bigger than initial, realloc allowing for nul */ + len = (size_t)ret + 1; + if ((newstr = realloc(string, len)) == NULL) { + free(string); + goto fail; + } else { + va_end(ap2); + VA_COPY(ap2, ap); + ret = vsnprintf(newstr, len, fmt, ap2); + if (ret >= 0 && (size_t)ret < len) { + *str = newstr; + } else { /* failed with realloc'ed string, give up */ + free(newstr); + goto fail; + } + } + } + va_end(ap2); + return (ret); + +fail: + *str = NULL; + errno = ENOMEM; + va_end(ap2); + return (-1); +} +#endif + +#ifndef HAVE_ASPRINTF +int asprintf(char **str, const char *fmt, ...) +{ + va_list ap; + int ret; + + *str = NULL; + va_start(ap, fmt); + ret = vasprintf(str, fmt, ap); + va_end(ap); + + return ret; +} +#endif diff --git a/include/DomainExec/opensshlib/bsd-cray.h b/include/DomainExec/opensshlib/bsd-cray.h new file mode 100644 index 00000000..774eceb5 --- /dev/null +++ b/include/DomainExec/opensshlib/bsd-cray.h @@ -0,0 +1,61 @@ +/* $Id: bsd-cray.h,v 1.12 2005/02/02 06:10:11 dtucker Exp $ */ + +/* + * Copyright (c) 2002, Cray Inc. (Wendy Palm ) + * Significant portions provided by + * Wayne Schroeder, SDSC + * William Jones, UTexas + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Created: Apr 22 16.34:00 2002 wp + * + * This file contains functions required for proper execution + * on UNICOS systems. + * + */ + +#ifndef _BSD_CRAY_H +#define _BSD_CRAY_H + +#ifdef _UNICOS + +void cray_init_job(struct passwd *); +void cray_job_termination_handler(int); +void cray_login_failure(char *, int ); +int cray_access_denied(char *); +extern char cray_tmpdir[]; + +#define CUSTOM_FAILED_LOGIN 1 + +#ifndef IA_SSHD +# define IA_SSHD IA_LOGIN +#endif +#ifndef MAXHOSTNAMELEN +# define MAXHOSTNAMELEN 64 +#endif +#ifndef _CRAYT3E +# define TIOCGPGRP (tIOC|20) +#endif + +#endif /* UNICOS */ + +#endif /* _BSD_CRAY_H */ diff --git a/include/DomainExec/opensshlib/bsd-cygwin_util.h b/include/DomainExec/opensshlib/bsd-cygwin_util.h new file mode 100644 index 00000000..79cb2a19 --- /dev/null +++ b/include/DomainExec/opensshlib/bsd-cygwin_util.h @@ -0,0 +1,67 @@ +/* $Id: bsd-cygwin_util.h,v 1.18 2014/05/27 04:34:43 djm Exp $ */ + +/* + * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Created: Sat Sep 02 12:17:00 2000 cv + * + * This file contains functions for forcing opened file descriptors to + * binary mode on Windows systems. + */ + +#ifndef _BSD_CYGWIN_UTIL_H +#define _BSD_CYGWIN_UTIL_H + +#ifdef HAVE_CYGWIN + +#undef ERROR + +/* Avoid including windows headers. */ +typedef void *HANDLE; +#define INVALID_HANDLE_VALUE ((HANDLE) -1) +#define DNLEN 16 +#define UNLEN 256 + +/* Cygwin functions for which declarations are only available when including + windows headers, so we have to define them here explicitely. */ +extern HANDLE cygwin_logon_user (const struct passwd *, const char *); +extern void cygwin_set_impersonation_token (const HANDLE); + +#include +#include + +#define CYGWIN_SSH_PRIVSEP_USER (cygwin_ssh_privsep_user()) +const char *cygwin_ssh_privsep_user(); + +int binary_open(const char *, int , ...); +int check_ntsec(const char *); +char **fetch_windows_environment(void); +void free_windows_environment(char **); + +#ifndef NO_BINARY_OPEN +#define open binary_open +#endif + +#endif /* HAVE_CYGWIN */ + +#endif /* _BSD_CYGWIN_UTIL_H */ diff --git a/include/DomainExec/opensshlib/bsd-misc.c b/include/DomainExec/opensshlib/bsd-misc.c new file mode 100644 index 00000000..d4bdefd9 --- /dev/null +++ b/include/DomainExec/opensshlib/bsd-misc.c @@ -0,0 +1,288 @@ + +/* + * Copyright (c) 1999-2004 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#ifdef HAVE_SYS_SELECT_H +# include +#endif +#ifdef HAVE_SYS_TIME_H +# include +#endif + +#include +#include +#include +#include +#ifndef WIN32 +#include +#endif + +#ifndef HAVE___PROGNAME +char *__progname; +#endif + +/* + * NB. duplicate __progname in case it is an alias for argv[0] + * Otherwise it may get clobbered by setproctitle() + */ +char *ssh_get_progname(char *argv0) +{ + char *p, *q; +#ifdef HAVE___PROGNAME + extern char *__progname; + + p = __progname; +#else + if (argv0 == NULL) + return ("unknown"); /* XXX */ + p = strrchr(argv0, '/'); + if (p == NULL) + p = argv0; + else + p++; +#endif + if ((q = strdup(p)) == NULL) { + perror("strdup"); + exit(1); + } + return q; +} + +#ifndef HAVE_SETLOGIN +int setlogin(const char *name) +{ + return (0); +} +#endif /* !HAVE_SETLOGIN */ + +#ifndef HAVE_INNETGR +int innetgr(const char *netgroup, const char *host, + const char *user, const char *domain) +{ + return (0); +} +#endif /* HAVE_INNETGR */ + +#if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) +int seteuid(uid_t euid) +{ + return (setreuid(-1, euid)); +} +#endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */ + +#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) +int setegid(uid_t egid) +{ + return(setresgid(-1, egid, -1)); +} +#endif /* !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) */ + +#if !defined(HAVE_STRERROR) && defined(HAVE_SYS_ERRLIST) && defined(HAVE_SYS_NERR) +const char *strssh_error(int e) +{ + extern int sys_nerr; + extern char *sys_errlist[]; + + if ((e >= 0) && (e < sys_nerr)) + return (sys_errlist[e]); + + return ("unlisted ssh_error"); +} +#endif + +#ifndef WIN32 +#ifndef HAVE_UTIMES +int utimes(char *filename, struct timeval *tvp) +{ + struct utimbuf ub; + + ub.actime = tvp[0].tv_sec; + ub.modtime = tvp[1].tv_sec; + + return (utime(filename, &ub)); +} +#endif +#endif + +#ifndef WIN32 +#ifndef HAVE_TRUNCATE +int truncate(const char *path, off_t length) +{ + int fd, ret, saverrno; + + fd = open(path, O_WRONLY); + if (fd < 0) + return (-1); + + ret = ftruncate(fd, length); + saverrno = errno; + close(fd); + if (ret == -1) + errno = saverrno; + + return(ret); +} +#endif /* HAVE_TRUNCATE */ +#endif + +#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) +int nanosleep(const struct timespec *req, struct timespec *rem) +{ + int rc, saverrno; + extern int errno; + struct timeval tstart, tstop, tremain, time2wait; + + TIMESPEC_TO_TIMEVAL(&time2wait, req) + (void) gettimeofday(&tstart, NULL); + rc = select(0, NULL, NULL, NULL, &time2wait); + if (rc == -1) { + saverrno = errno; + (void) gettimeofday (&tstop, NULL); + errno = saverrno; + tremain.tv_sec = time2wait.tv_sec - + (tstop.tv_sec - tstart.tv_sec); + tremain.tv_usec = time2wait.tv_usec - + (tstop.tv_usec - tstart.tv_usec); + tremain.tv_sec += tremain.tv_usec / 1000000L; + tremain.tv_usec %= 1000000L; + } else { + tremain.tv_sec = 0; + tremain.tv_usec = 0; + } + if (rem != NULL) + TIMEVAL_TO_TIMESPEC(&tremain, rem) + + return(rc); +} +#endif + +#if !defined(HAVE_USLEEP) +int usleep(unsigned int useconds) +{ + struct timespec ts; + + ts.tv_sec = useconds / 1000000; + ts.tv_nsec = (useconds % 1000000) * 1000; + return nanosleep(&ts, NULL); +} +#endif + +#ifndef WIN32 +#ifndef HAVE_TCGETPGRP +pid_t +tcgetpgrp(int fd) +{ + int ctty_pgrp; + + if (ioctl(fd, TIOCGPGRP, &ctty_pgrp) == -1) + return(-1); + else + return(ctty_pgrp); +} +#endif /* HAVE_TCGETPGRP */ +#endif // WIN32 + +#ifndef HAVE_TCSENDBREAK +int +tcsendbreak(int fd, int duration) +{ +# if defined(TIOCSBRK) && defined(TIOCCBRK) + struct timeval sleepytime; + + sleepytime.tv_sec = 0; + sleepytime.tv_usec = 400000; + if (ioctl(fd, TIOCSBRK, 0) == -1) + return (-1); + (void)select(0, 0, 0, 0, &sleepytime); + if (ioctl(fd, TIOCCBRK, 0) == -1) + return (-1); + return (0); +# else + return -1; +# endif +} +#endif /* HAVE_TCSENDBREAK */ + +#ifndef WIN32 +mysig_t +mysignal(int sig, mysig_t act) +{ +#ifdef HAVE_SIGACTION + struct sigaction sa, osa; + + if (sigaction(sig, NULL, &osa) == -1) + return (mysig_t) -1; + if (osa.sa_handler != act) { + memset(&sa, 0, sizeof(sa)); + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; +#ifdef SA_INTERRUPT + if (sig == SIGALRM) + sa.sa_flags |= SA_INTERRUPT; +#endif + sa.sa_handler = act; + if (sigaction(sig, &sa, NULL) == -1) + return (mysig_t) -1; + } + return (osa.sa_handler); +#else + #undef signal + return (signal(sig, act)); +#endif +} +#endif + +#ifndef HAVE_STRDUP +char * +strdup(const char *str) +{ + size_t len; + char *cp; + + len = strlen(str) + 1; + cp = malloc(len); + if (cp != NULL) + return(memcpy(cp, str, len)); + return NULL; +} +#endif + +#ifndef HAVE_ISBLANK +int +isblank(int c) +{ + return (c == ' ' || c == '\t'); +} +#endif + +#ifndef HAVE_GETPGID +pid_t +getpgid(pid_t pid) +{ +#if defined(HAVE_GETPGRP) && !defined(GETPGRP_VOID) + return getpgrp(pid); +#elif defined(HAVE_GETPGRP) + if (pid == 0) + return getpgrp(); +#endif + + errno = ESRCH; + return -1; +} +#endif diff --git a/include/DomainExec/opensshlib/bsd-misc.h b/include/DomainExec/opensshlib/bsd-misc.h new file mode 100644 index 00000000..55b4e21b --- /dev/null +++ b/include/DomainExec/opensshlib/bsd-misc.h @@ -0,0 +1,129 @@ +/* $Id: bsd-misc.h,v 1.25 2013/08/04 11:48:41 dtucker Exp $ */ + +/* + * Copyright (c) 1999-2004 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _BSD_MISC_H +#define _BSD_MISC_H + +#ifndef WIN32 + +#include "includes.h" + +char *ssh_get_progname(char *); + +#ifndef HAVE_SETSID +#define setsid() setpgrp(0, getpid()) +#endif /* !HAVE_SETSID */ + +#ifndef HAVE_SETENV +int setenv(const char *, const char *, int); +#endif /* !HAVE_SETENV */ + +#ifndef HAVE_SETLOGIN +int setlogin(const char *); +#endif /* !HAVE_SETLOGIN */ + +#ifndef HAVE_INNETGR +int innetgr(const char *, const char *, const char *, const char *); +#endif /* HAVE_INNETGR */ + +#if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) +int seteuid(uid_t); +#endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */ + +#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) +int setegid(uid_t); +#endif /* !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) */ + +#if !defined(HAVE_STRERROR) && defined(HAVE_SYS_ERRLIST) && defined(HAVE_SYS_NERR) +const char *strerror(int); +#endif + +#if !defined(HAVE_SETLINEBUF) +#define setlinebuf(a) (setvbuf((a), NULL, _IOLBF, 0)) +#endif + +#ifndef HAVE_UTIMES +#ifndef HAVE_STRUCT_TIMEVAL +struct timeval { + long tv_sec; + long tv_usec; +} +#endif /* HAVE_STRUCT_TIMEVAL */ + +int utimes(char *, struct timeval *); +#endif /* HAVE_UTIMES */ + +#ifndef HAVE_TRUNCATE +int truncate (const char *, off_t); +#endif /* HAVE_TRUNCATE */ + +#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) +#ifndef HAVE_STRUCT_TIMESPEC +struct timespec { + time_t tv_sec; + long tv_nsec; +}; +#endif +int nanosleep(const struct timespec *, struct timespec *); +#endif + +#ifndef HAVE_USLEEP +int usleep(unsigned int useconds); +#endif + +#ifndef HAVE_TCGETPGRP +pid_t tcgetpgrp(int); +#endif + +#ifndef HAVE_TCSENDBREAK +int tcsendbreak(int, int); +#endif + +#ifndef HAVE_UNSETENV +int unsetenv(const char *); +#endif + +/* wrapper for signal interface */ +typedef void (*mysig_t)(int); +mysig_t mysignal(int sig, mysig_t act); + +#define signal(a,b) mysignal(a,b) + +#ifndef HAVE_ISBLANK +int isblank(int); +#endif + +#ifndef HAVE_GETPGID +pid_t getpgid(pid_t); +#endif + +#ifndef HAVE_ENDGRENT +# define endgrent() do { } while(0) +#endif + +#ifndef HAVE_KRB5_GET_ERROR_MESSAGE +# define krb5_get_error_message krb5_get_err_text +#endif + +#ifndef HAVE_KRB5_FREE_ERROR_MESSAGE +# define krb5_free_error_message(a,b) do { } while(0) +#endif + +#endif // WIN32 + +#endif /* _BSD_MISC_H */ diff --git a/include/DomainExec/opensshlib/bsd-nextstep.h b/include/DomainExec/opensshlib/bsd-nextstep.h new file mode 100644 index 00000000..ca5b4b54 --- /dev/null +++ b/include/DomainExec/opensshlib/bsd-nextstep.h @@ -0,0 +1,59 @@ +/* $Id: bsd-nextstep.h,v 1.9 2003/08/29 16:59:52 mouring Exp $ */ + +/* + * Copyright (c) 2000,2001 Ben Lindstrom. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _NEXT_POSIX_H +#define _NEXT_POSIX_H + +#ifdef HAVE_NEXT +#include + +/* NGROUPS_MAX is behind -lposix. Use the BSD version which is NGROUPS */ +#undef NGROUPS_MAX +#define NGROUPS_MAX NGROUPS + +/* NeXT's readdir() is BSD (struct direct) not POSIX (struct dirent) */ +#define dirent direct + +/* Swap out NeXT's BSD wait() for a more POSIX complient one */ +pid_t posix_wait(int *); +#define wait(a) posix_wait(a) + +/* #ifdef wrapped functions that need defining for clean compiling */ +pid_t getppid(void); +void vhangup(void); +int innetgr(const char *, const char *, const char *, const char *); + +/* TERMCAP */ +int tcgetattr(int, struct termios *); +int tcsetattr(int, int, const struct termios *); +int tcsetpgrp(int, pid_t); +speed_t cfgetospeed(const struct termios *); +speed_t cfgetispeed(const struct termios *); +int cfsetospeed(struct termios *, int); +int cfsetispeed(struct termios *, int); +#endif /* HAVE_NEXT */ +#endif /* _NEXT_POSIX_H */ diff --git a/include/DomainExec/opensshlib/bsd-poll.h b/include/DomainExec/opensshlib/bsd-poll.h new file mode 100644 index 00000000..dcbb9ca4 --- /dev/null +++ b/include/DomainExec/opensshlib/bsd-poll.h @@ -0,0 +1,61 @@ +/* $OpenBSD: poll.h,v 1.11 2003/12/10 23:10:08 millert Exp $ */ + +/* + * Copyright (c) 1996 Theo de Raadt + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* OPENBSD ORIGINAL: sys/sys/poll.h */ + +#if !defined(HAVE_POLL) && !defined(HAVE_POLL_H) +#ifndef _COMPAT_POLL_H_ +#define _COMPAT_POLL_H_ + +typedef struct pollfd { + int fd; + short events; + short revents; +} pollfd_t; + +typedef unsigned int nfds_t; + +#define POLLIN 0x0001 +#define POLLOUT 0x0004 +#define POLLERR 0x0008 +#if 0 +/* the following are currently not implemented */ +#define POLLPRI 0x0002 +#define POLLHUP 0x0010 +#define POLLNVAL 0x0020 +#define POLLRDNORM 0x0040 +#define POLLNORM POLLRDNORM +#define POLLWRNORM POLLOUT +#define POLLRDBAND 0x0080 +#define POLLWRBAND 0x0100 +#endif + +#define INFTIM (-1) /* not standard */ + +int poll(struct pollfd *, nfds_t, int); +#endif /* !_COMPAT_POLL_H_ */ +#endif /* !HAVE_POLL_H */ diff --git a/include/DomainExec/opensshlib/bsd-setres_id.h b/include/DomainExec/opensshlib/bsd-setres_id.h new file mode 100644 index 00000000..4b887f1f --- /dev/null +++ b/include/DomainExec/opensshlib/bsd-setres_id.h @@ -0,0 +1,28 @@ +/* $Id: bsd-setres_id.h,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */ + +/* + * Copyright (c) 2012 Darren Tucker (dtucker at zip com au). + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef WIN32 + +#ifndef HAVE_SETRESGID +int setresgid(gid_t, gid_t, gid_t); +#endif +#ifndef HAVE_SETRESUID +int setresuid(uid_t, uid_t, uid_t); +#endif + +#endif diff --git a/include/DomainExec/opensshlib/bsd-snprintf.c b/include/DomainExec/opensshlib/bsd-snprintf.c new file mode 100644 index 00000000..23a63598 --- /dev/null +++ b/include/DomainExec/opensshlib/bsd-snprintf.c @@ -0,0 +1,892 @@ +/* + * Copyright Patrick Powell 1995 + * This code is based on code written by Patrick Powell (papowell@astart.com) + * It may be used for any purpose as long as this notice remains intact + * on all source code distributions + */ + +/************************************************************** + * Original: + * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 + * A bombproof version of doprnt (dopr) included. + * Sigh. This sort of thing is always nasty do deal with. Note that + * the version here does not include floating point... + * + * snprintf() is used instead of sprintf() as it does limit checks + * for string length. This covers a nasty loophole. + * + * The other functions are there to prevent NULL pointers from + * causing nast effects. + * + * More Recently: + * Brandon Long 9/15/96 for mutt 0.43 + * This was ugly. It is still ugly. I opted out of floating point + * numbers, but the formatter understands just about everything + * from the normal C string format, at least as far as I can tell from + * the Solaris 2.5 printf(3S) man page. + * + * Brandon Long 10/22/97 for mutt 0.87.1 + * Ok, added some minimal floating point support, which means this + * probably requires libm on most operating systems. Don't yet + * support the exponent (e,E) and sigfig (g,G). Also, fmtint() + * was pretty badly broken, it just wasn't being exercised in ways + * which showed it, so that's been fixed. Also, formated the code + * to mutt conventions, and removed dead code left over from the + * original. Also, there is now a builtin-test, just compile with: + * gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm + * and run snprintf for results. + * + * Thomas Roessler 01/27/98 for mutt 0.89i + * The PGP code was using unsigned hexadecimal formats. + * Unfortunately, unsigned formats simply didn't work. + * + * Michael Elkins 03/05/98 for mutt 0.90.8 + * The original code assumed that both snprintf() and vsnprintf() were + * missing. Some systems only have snprintf() but not vsnprintf(), so + * the code is now broken down under HAVE_SNPRINTF and HAVE_VSNPRINTF. + * + * Andrew Tridgell (tridge@samba.org) Oct 1998 + * fixed handling of %.0f + * added test for HAVE_LONG_DOUBLE + * + * tridge@samba.org, idra@samba.org, April 2001 + * got rid of fcvt code (twas buggy and made testing harder) + * added C99 semantics + * + * date: 2002/12/19 19:56:31; author: herb; state: Exp; lines: +2 -0 + * actually print args for %g and %e + * + * date: 2002/06/03 13:37:52; author: jmcd; state: Exp; lines: +8 -0 + * Since includes.h isn't included here, VA_COPY has to be defined here. I don't + * see any include file that is guaranteed to be here, so I'm defining it + * locally. Fixes AIX and Solaris builds. + * + * date: 2002/06/03 03:07:24; author: tridge; state: Exp; lines: +5 -13 + * put the ifdef for HAVE_VA_COPY in one place rather than in lots of + * functions + * + * date: 2002/05/17 14:51:22; author: jmcd; state: Exp; lines: +21 -4 + * Fix usage of va_list passed as an arg. Use __va_copy before using it + * when it exists. + * + * date: 2002/04/16 22:38:04; author: idra; state: Exp; lines: +20 -14 + * Fix incorrect zpadlen handling in fmtfp. + * Thanks to Ollie Oldham for spotting it. + * few mods to make it easier to compile the tests. + * addedd the "Ollie" test to the floating point ones. + * + * Martin Pool (mbp@samba.org) April 2003 + * Remove NO_CONFIG_H so that the test case can be built within a source + * tree with less trouble. + * Remove unnecessary SAFE_FREE() definition. + * + * Martin Pool (mbp@samba.org) May 2003 + * Put in a prototype for dummy_snprintf() to quiet compiler warnings. + * + * Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even + * if the C library has some snprintf functions already. + * + * Damien Miller (djm@mindrot.org) Jan 2007 + * Fix integer overflows in return value. + * Make formatting quite a bit faster by inlining dopr_outch() + * + **************************************************************/ + +#include "includes.h" + +#if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ +# undef HAVE_SNPRINTF +# undef HAVE_VSNPRINTF +#endif + +#ifndef VA_COPY +# ifdef HAVE_VA_COPY +# define VA_COPY(dest, src) va_copy(dest, src) +# else +# ifdef HAVE___VA_COPY +# define VA_COPY(dest, src) __va_copy(dest, src) +# else +# define VA_COPY(dest, src) (dest) = (src) +# endif +# endif +#endif + +#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) + +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_LONG_DOUBLE +# define LDOUBLE long double +#else +# define LDOUBLE double +#endif + +#ifdef HAVE_LONG_LONG +# define LLONG long long +#else +# define LLONG long +#endif + +/* + * dopr(): poor man's version of doprintf + */ + +/* format read states */ +#define DP_S_DEFAULT 0 +#define DP_S_FLAGS 1 +#define DP_S_MIN 2 +#define DP_S_DOT 3 +#define DP_S_MAX 4 +#define DP_S_MOD 5 +#define DP_S_CONV 6 +#define DP_S_DONE 7 + +/* format flags - Bits */ +#define DP_F_MINUS (1 << 0) +#define DP_F_PLUS (1 << 1) +#define DP_F_SPACE (1 << 2) +#define DP_F_NUM (1 << 3) +#define DP_F_ZERO (1 << 4) +#define DP_F_UP (1 << 5) +#define DP_F_UNSIGNED (1 << 6) + +/* Conversion Flags */ +#define DP_C_SHORT 1 +#define DP_C_LONG 2 +#define DP_C_LDOUBLE 3 +#define DP_C_LLONG 4 +#define DP_C_SIZE 5 +#define DP_C_INTMAX 6 + +#define char_to_int(p) ((p)- '0') +#ifndef MAX +# define MAX(p,q) (((p) >= (q)) ? (p) : (q)) +#endif + +#define DOPR_OUTCH(buf, pos, buflen, thechar) \ + do { \ + if (pos + 1 >= INT_MAX) { \ + errno = ERANGE; \ + return -1; \ + } \ + if (pos < buflen) \ + buf[pos] = thechar; \ + (pos)++; \ + } while (0) + +static int dopr(char *buffer, size_t maxlen, const char *format, + va_list args_in); +static int fmtstr(char *buffer, size_t *currlen, size_t maxlen, + char *value, int flags, int min, int max); +static int fmtint(char *buffer, size_t *currlen, size_t maxlen, + intmax_t value, int base, int min, int max, int flags); +static int fmtfp(char *buffer, size_t *currlen, size_t maxlen, + LDOUBLE fvalue, int min, int max, int flags); + +static int +dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) +{ + char ch; + intmax_t value; + LDOUBLE fvalue; + char *strvalue; + int min; + int max; + int state; + int flags; + int cflags; + size_t currlen; + va_list args; + + VA_COPY(args, args_in); + + state = DP_S_DEFAULT; + currlen = flags = cflags = min = 0; + max = -1; + ch = *format++; + + while (state != DP_S_DONE) { + if (ch == '\0') + state = DP_S_DONE; + + switch(state) { + case DP_S_DEFAULT: + if (ch == '%') + state = DP_S_FLAGS; + else + DOPR_OUTCH(buffer, currlen, maxlen, ch); + ch = *format++; + break; + case DP_S_FLAGS: + switch (ch) { + case '-': + flags |= DP_F_MINUS; + ch = *format++; + break; + case '+': + flags |= DP_F_PLUS; + ch = *format++; + break; + case ' ': + flags |= DP_F_SPACE; + ch = *format++; + break; + case '#': + flags |= DP_F_NUM; + ch = *format++; + break; + case '0': + flags |= DP_F_ZERO; + ch = *format++; + break; + default: + state = DP_S_MIN; + break; + } + break; + case DP_S_MIN: + if (isdigit((unsigned char)ch)) { + min = 10*min + char_to_int (ch); + ch = *format++; + } else if (ch == '*') { + min = va_arg (args, int); + ch = *format++; + state = DP_S_DOT; + } else { + state = DP_S_DOT; + } + break; + case DP_S_DOT: + if (ch == '.') { + state = DP_S_MAX; + ch = *format++; + } else { + state = DP_S_MOD; + } + break; + case DP_S_MAX: + if (isdigit((unsigned char)ch)) { + if (max < 0) + max = 0; + max = 10*max + char_to_int (ch); + ch = *format++; + } else if (ch == '*') { + max = va_arg (args, int); + ch = *format++; + state = DP_S_MOD; + } else { + state = DP_S_MOD; + } + break; + case DP_S_MOD: + switch (ch) { + case 'h': + cflags = DP_C_SHORT; + ch = *format++; + break; + case 'j': + cflags = DP_C_INTMAX; + ch = *format++; + break; + case 'l': + cflags = DP_C_LONG; + ch = *format++; + if (ch == 'l') { /* It's a long long */ + cflags = DP_C_LLONG; + ch = *format++; + } + break; + case 'L': + cflags = DP_C_LDOUBLE; + ch = *format++; + break; + case 'z': + cflags = DP_C_SIZE; + ch = *format++; + break; + default: + break; + } + state = DP_S_CONV; + break; + case DP_S_CONV: + switch (ch) { + case 'd': + case 'i': + if (cflags == DP_C_SHORT) + value = va_arg (args, int); + else if (cflags == DP_C_LONG) + value = va_arg (args, long int); + else if (cflags == DP_C_LLONG) + value = va_arg (args, LLONG); + else if (cflags == DP_C_SIZE) + value = va_arg (args, ssize_t); + else if (cflags == DP_C_INTMAX) + value = va_arg (args, intmax_t); + else + value = va_arg (args, int); + if (fmtint(buffer, &currlen, maxlen, + value, 10, min, max, flags) == -1) + return -1; + break; + case 'o': + flags |= DP_F_UNSIGNED; + if (cflags == DP_C_SHORT) + value = va_arg (args, unsigned int); + else if (cflags == DP_C_LONG) + value = (long)va_arg (args, unsigned long int); + else if (cflags == DP_C_LLONG) + value = (long)va_arg (args, unsigned LLONG); + else if (cflags == DP_C_SIZE) + value = va_arg (args, size_t); +#ifdef notyet + else if (cflags == DP_C_INTMAX) + value = va_arg (args, uintmax_t); +#endif + else + value = (long)va_arg (args, unsigned int); + if (fmtint(buffer, &currlen, maxlen, value, + 8, min, max, flags) == -1) + return -1; + break; + case 'u': + flags |= DP_F_UNSIGNED; + if (cflags == DP_C_SHORT) + value = va_arg (args, unsigned int); + else if (cflags == DP_C_LONG) + value = (long)va_arg (args, unsigned long int); + else if (cflags == DP_C_LLONG) + value = (LLONG)va_arg (args, unsigned LLONG); + else if (cflags == DP_C_SIZE) + value = va_arg (args, size_t); +#ifdef notyet + else if (cflags == DP_C_INTMAX) + value = va_arg (args, uintmax_t); +#endif + else + value = (long)va_arg (args, unsigned int); + if (fmtint(buffer, &currlen, maxlen, value, + 10, min, max, flags) == -1) + return -1; + break; + case 'X': + flags |= DP_F_UP; + case 'x': + flags |= DP_F_UNSIGNED; + if (cflags == DP_C_SHORT) + value = va_arg (args, unsigned int); + else if (cflags == DP_C_LONG) + value = (long)va_arg (args, unsigned long int); + else if (cflags == DP_C_LLONG) + value = (LLONG)va_arg (args, unsigned LLONG); + else if (cflags == DP_C_SIZE) + value = va_arg (args, size_t); +#ifdef notyet + else if (cflags == DP_C_INTMAX) + value = va_arg (args, uintmax_t); +#endif + else + value = (long)va_arg (args, unsigned int); + if (fmtint(buffer, &currlen, maxlen, value, + 16, min, max, flags) == -1) + return -1; + break; + case 'f': + if (cflags == DP_C_LDOUBLE) + fvalue = va_arg (args, LDOUBLE); + else + fvalue = va_arg (args, double); + if (fmtfp(buffer, &currlen, maxlen, fvalue, + min, max, flags) == -1) + return -1; + break; + case 'E': + flags |= DP_F_UP; + case 'e': + if (cflags == DP_C_LDOUBLE) + fvalue = va_arg (args, LDOUBLE); + else + fvalue = va_arg (args, double); + if (fmtfp(buffer, &currlen, maxlen, fvalue, + min, max, flags) == -1) + return -1; + break; + case 'G': + flags |= DP_F_UP; + case 'g': + if (cflags == DP_C_LDOUBLE) + fvalue = va_arg (args, LDOUBLE); + else + fvalue = va_arg (args, double); + if (fmtfp(buffer, &currlen, maxlen, fvalue, + min, max, flags) == -1) + return -1; + break; + case 'c': + DOPR_OUTCH(buffer, currlen, maxlen, + va_arg (args, int)); + break; + case 's': + strvalue = va_arg (args, char *); + if (!strvalue) strvalue = "(NULL)"; + if (max == -1) { + max = strlen(strvalue); + } + if (min > 0 && max >= 0 && min > max) max = min; + if (fmtstr(buffer, &currlen, maxlen, + strvalue, flags, min, max) == -1) + return -1; + break; + case 'p': + strvalue = va_arg (args, void *); + if (fmtint(buffer, &currlen, maxlen, + (long) strvalue, 16, min, max, flags) == -1) + return -1; + break; +#if we_dont_want_this_in_openssh + case 'n': + if (cflags == DP_C_SHORT) { + short int *num; + num = va_arg (args, short int *); + *num = currlen; + } else if (cflags == DP_C_LONG) { + long int *num; + num = va_arg (args, long int *); + *num = (long int)currlen; + } else if (cflags == DP_C_LLONG) { + LLONG *num; + num = va_arg (args, LLONG *); + *num = (LLONG)currlen; + } else if (cflags == DP_C_SIZE) { + ssize_t *num; + num = va_arg (args, ssize_t *); + *num = (ssize_t)currlen; + } else if (cflags == DP_C_INTMAX) { + intmax_t *num; + num = va_arg (args, intmax_t *); + *num = (intmax_t)currlen; + } else { + int *num; + num = va_arg (args, int *); + *num = currlen; + } + break; +#endif + case '%': + DOPR_OUTCH(buffer, currlen, maxlen, ch); + break; + case 'w': + /* not supported yet, treat as next char */ + ch = *format++; + break; + default: + /* Unknown, skip */ + break; + } + ch = *format++; + state = DP_S_DEFAULT; + flags = cflags = min = 0; + max = -1; + break; + case DP_S_DONE: + break; + default: + /* hmm? */ + break; /* some picky compilers need this */ + } + } + if (maxlen != 0) { + if (currlen < maxlen - 1) + buffer[currlen] = '\0'; + else if (maxlen > 0) + buffer[maxlen - 1] = '\0'; + } + + return currlen < INT_MAX ? (int)currlen : -1; +} + +static int +fmtstr(char *buffer, size_t *currlen, size_t maxlen, + char *value, int flags, int min, int max) +{ + int padlen, strln; /* amount to pad */ + int cnt = 0; + +#ifdef DEBUG_SNPRINTF + printf("fmtstr min=%d max=%d s=[%s]\n", min, max, value); +#endif + if (value == 0) { + value = ""; + } + + for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */ + padlen = min - strln; + if (padlen < 0) + padlen = 0; + if (flags & DP_F_MINUS) + padlen = -padlen; /* Left Justify */ + + while ((padlen > 0) && (cnt < max)) { + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); + --padlen; + ++cnt; + } + while (*value && (cnt < max)) { + DOPR_OUTCH(buffer, *currlen, maxlen, *value); + value++; + ++cnt; + } + while ((padlen < 0) && (cnt < max)) { + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); + ++padlen; + ++cnt; + } + return 0; +} + +/* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ + +static int +fmtint(char *buffer, size_t *currlen, size_t maxlen, + intmax_t value, int base, int min, int max, int flags) +{ + int signvalue = 0; + unsigned LLONG uvalue; + char convert[20]; + int place = 0; + int spadlen = 0; /* amount to space pad */ + int zpadlen = 0; /* amount to zero pad */ + int caps = 0; + + if (max < 0) + max = 0; + + uvalue = value; + + if(!(flags & DP_F_UNSIGNED)) { + if( value < 0 ) { + signvalue = '-'; + uvalue = -value; + } else { + if (flags & DP_F_PLUS) /* Do a sign (+/i) */ + signvalue = '+'; + else if (flags & DP_F_SPACE) + signvalue = ' '; + } + } + + if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ + + do { + convert[place++] = + (caps? "0123456789ABCDEF":"0123456789abcdef") + [uvalue % (unsigned)base ]; + uvalue = (uvalue / (unsigned)base ); + } while(uvalue && (place < 20)); + if (place == 20) place--; + convert[place] = 0; + + zpadlen = max - place; + spadlen = min - MAX (max, place) - (signvalue ? 1 : 0); + if (zpadlen < 0) zpadlen = 0; + if (spadlen < 0) spadlen = 0; + if (flags & DP_F_ZERO) { + zpadlen = MAX(zpadlen, spadlen); + spadlen = 0; + } + if (flags & DP_F_MINUS) + spadlen = -spadlen; /* Left Justifty */ + +#ifdef DEBUG_SNPRINTF + printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n", + zpadlen, spadlen, min, max, place); +#endif + + /* Spaces */ + while (spadlen > 0) { + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); + --spadlen; + } + + /* Sign */ + if (signvalue) + DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); + + /* Zeros */ + if (zpadlen > 0) { + while (zpadlen > 0) { + DOPR_OUTCH(buffer, *currlen, maxlen, '0'); + --zpadlen; + } + } + + /* Digits */ + while (place > 0) { + --place; + DOPR_OUTCH(buffer, *currlen, maxlen, convert[place]); + } + + /* Left Justified spaces */ + while (spadlen < 0) { + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); + ++spadlen; + } + return 0; +} + +static LDOUBLE abs_val(LDOUBLE value) +{ + LDOUBLE result = value; + + if (value < 0) + result = -value; + + return result; +} + +static LDOUBLE POW10(int val) +{ + LDOUBLE result = 1; + + while (val) { + result *= 10; + val--; + } + + return result; +} + +static LLONG ROUND(LDOUBLE value) +{ + LLONG intpart; + + intpart = (LLONG)value; + value = value - intpart; + if (value >= 0.5) intpart++; + + return intpart; +} + +/* a replacement for modf that doesn't need the math library. Should + be portable, but slow */ +static double my_modf(double x0, double *iptr) +{ + int i; + long l; + double x = x0; + double f = 1.0; + + for (i=0;i<100;i++) { + l = (long)x; + if (l <= (x+1) && l >= (x-1)) break; + x *= 0.1; + f *= 10.0; + } + + if (i == 100) { + /* + * yikes! the number is beyond what we can handle. + * What do we do? + */ + (*iptr) = 0; + return 0; + } + + if (i != 0) { + double i2; + double ret; + + ret = my_modf(x0-l*f, &i2); + (*iptr) = l*f + i2; + return ret; + } + + (*iptr) = l; + return x - (*iptr); +} + + +static int +fmtfp (char *buffer, size_t *currlen, size_t maxlen, + LDOUBLE fvalue, int min, int max, int flags) +{ + int signvalue = 0; + double ufvalue; + char iconvert[311]; + char fconvert[311]; + int iplace = 0; + int fplace = 0; + int padlen = 0; /* amount to pad */ + int zpadlen = 0; + int caps = 0; + int idx; + double intpart; + double fracpart; + double temp; + + /* + * AIX manpage says the default is 0, but Solaris says the default + * is 6, and sprintf on AIX defaults to 6 + */ + if (max < 0) + max = 6; + + ufvalue = abs_val (fvalue); + + if (fvalue < 0) { + signvalue = '-'; + } else { + if (flags & DP_F_PLUS) { /* Do a sign (+/i) */ + signvalue = '+'; + } else { + if (flags & DP_F_SPACE) + signvalue = ' '; + } + } + +#if 0 + if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ +#endif + +#if 0 + if (max == 0) ufvalue += 0.5; /* if max = 0 we must round */ +#endif + + /* + * Sorry, we only support 16 digits past the decimal because of our + * conversion method + */ + if (max > 16) + max = 16; + + /* We "cheat" by converting the fractional part to integer by + * multiplying by a factor of 10 + */ + + temp = ufvalue; + my_modf(temp, &intpart); + + fracpart = ROUND((POW10(max)) * (ufvalue - intpart)); + + if (fracpart >= POW10(max)) { + intpart++; + fracpart -= POW10(max); + } + + /* Convert integer part */ + do { + temp = intpart*0.1; + my_modf(temp, &intpart); + idx = (int) ((temp -intpart +0.05)* 10.0); + /* idx = (int) (((double)(temp*0.1) -intpart +0.05) *10.0); */ + /* printf ("%llf, %f, %x\n", temp, intpart, idx); */ + iconvert[iplace++] = + (caps? "0123456789ABCDEF":"0123456789abcdef")[idx]; + } while (intpart && (iplace < 311)); + if (iplace == 311) iplace--; + iconvert[iplace] = 0; + + /* Convert fractional part */ + if (fracpart) + { + do { + temp = fracpart*0.1; + my_modf(temp, &fracpart); + idx = (int) ((temp -fracpart +0.05)* 10.0); + /* idx = (int) ((((temp/10) -fracpart) +0.05) *10); */ + /* printf ("%lf, %lf, %ld\n", temp, fracpart, idx ); */ + fconvert[fplace++] = + (caps? "0123456789ABCDEF":"0123456789abcdef")[idx]; + } while(fracpart && (fplace < 311)); + if (fplace == 311) fplace--; + } + fconvert[fplace] = 0; + + /* -1 for decimal point, another -1 if we are printing a sign */ + padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); + zpadlen = max - fplace; + if (zpadlen < 0) zpadlen = 0; + if (padlen < 0) + padlen = 0; + if (flags & DP_F_MINUS) + padlen = -padlen; /* Left Justifty */ + + if ((flags & DP_F_ZERO) && (padlen > 0)) { + if (signvalue) { + DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); + --padlen; + signvalue = 0; + } + while (padlen > 0) { + DOPR_OUTCH(buffer, *currlen, maxlen, '0'); + --padlen; + } + } + while (padlen > 0) { + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); + --padlen; + } + if (signvalue) + DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); + + while (iplace > 0) { + --iplace; + DOPR_OUTCH(buffer, *currlen, maxlen, iconvert[iplace]); + } + +#ifdef DEBUG_SNPRINTF + printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen); +#endif + + /* + * Decimal point. This should probably use locale to find the correct + * char to print out. + */ + if (max > 0) { + DOPR_OUTCH(buffer, *currlen, maxlen, '.'); + + while (zpadlen > 0) { + DOPR_OUTCH(buffer, *currlen, maxlen, '0'); + --zpadlen; + } + + while (fplace > 0) { + --fplace; + DOPR_OUTCH(buffer, *currlen, maxlen, fconvert[fplace]); + } + } + + while (padlen < 0) { + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); + ++padlen; + } + return 0; +} +#endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */ + +#if !defined(HAVE_VSNPRINTF) +int +vsnprintf (char *str, size_t count, const char *fmt, va_list args) +{ + return dopr(str, count, fmt, args); +} +#endif + +#if !defined(HAVE_SNPRINTF) +int +snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...) +{ + size_t ret; + va_list ap; + + va_start(ap, fmt); + ret = vsnprintf(str, count, fmt, ap); + va_end(ap); + return ret; +} +#endif diff --git a/include/DomainExec/opensshlib/bsd-statvfs.h b/include/DomainExec/opensshlib/bsd-statvfs.h new file mode 100644 index 00000000..dfd60997 --- /dev/null +++ b/include/DomainExec/opensshlib/bsd-statvfs.h @@ -0,0 +1,71 @@ +/* $Id: bsd-statvfs.h,v 1.3 2014/01/17 07:48:22 dtucker Exp $ */ + +/* + * Copyright (c) 2008,2014 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#if !defined(HAVE_STATVFS) || !defined(HAVE_FSTATVFS) + +#include + +#ifdef HAVE_SYS_MOUNT_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif + +#ifndef HAVE_FSBLKCNT_T +typedef unsigned long fsblkcnt_t; +#endif +#ifndef HAVE_FSFILCNT_T +typedef unsigned long fsfilcnt_t; +#endif + +#ifndef ST_RDONLY +#define ST_RDONLY 1 +#endif +#ifndef ST_NOSUID +#define ST_NOSUID 2 +#endif + + /* as defined in IEEE Std 1003.1, 2004 Edition */ +struct statvfs { + unsigned long f_bsize; /* File system block size. */ + unsigned long f_frsize; /* Fundamental file system block size. */ + fsblkcnt_t f_blocks; /* Total number of blocks on file system in */ + /* units of f_frsize. */ + fsblkcnt_t f_bfree; /* Total number of free blocks. */ + fsblkcnt_t f_bavail; /* Number of free blocks available to */ + /* non-privileged process. */ + fsfilcnt_t f_files; /* Total number of file serial numbers. */ + fsfilcnt_t f_ffree; /* Total number of free file serial numbers. */ + fsfilcnt_t f_favail; /* Number of file serial numbers available to */ + /* non-privileged process. */ + unsigned long f_fsid; /* File system ID. */ + unsigned long f_flag; /* BBit mask of f_flag values. */ + unsigned long f_namemax;/* Maximum filename length. */ +}; +#endif + +#ifndef HAVE_STATVFS +int statvfs(const char *, struct statvfs *); +#endif + +#ifndef HAVE_FSTATVFS +int fstatvfs(int, struct statvfs *); +#endif diff --git a/include/DomainExec/opensshlib/bsd-waitpid.h b/include/DomainExec/opensshlib/bsd-waitpid.h new file mode 100644 index 00000000..2d853db6 --- /dev/null +++ b/include/DomainExec/opensshlib/bsd-waitpid.h @@ -0,0 +1,51 @@ +/* $Id: bsd-waitpid.h,v 1.5 2003/08/29 16:59:52 mouring Exp $ */ + +/* + * Copyright (c) 2000 Ben Lindstrom. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _BSD_WAITPID_H +#define _BSD_WAITPID_H + +#ifndef HAVE_WAITPID +/* Clean out any potental issues */ +#undef WIFEXITED +#undef WIFSTOPPED +#undef WIFSIGNALED + +/* Define required functions to mimic a POSIX look and feel */ +#define _W_INT(w) (*(int*)&(w)) /* convert union wait to int */ +#define WIFEXITED(w) (!((_W_INT(w)) & 0377)) +#define WIFSTOPPED(w) ((_W_INT(w)) & 0100) +#define WIFSIGNALED(w) (!WIFEXITED(w) && !WIFSTOPPED(w)) +#define WEXITSTATUS(w) (int)(WIFEXITED(w) ? ((_W_INT(w) >> 8) & 0377) : -1) +#define WTERMSIG(w) (int)(WIFSIGNALED(w) ? (_W_INT(w) & 0177) : -1) +#define WCOREFLAG 0x80 +#define WCOREDUMP(w) ((_W_INT(w)) & WCOREFLAG) + +/* Prototype */ +pid_t waitpid(int, int *, int); + +#endif /* !HAVE_WAITPID */ +#endif /* _BSD_WAITPID_H */ diff --git a/include/DomainExec/opensshlib/bufaux.c b/include/DomainExec/opensshlib/bufaux.c new file mode 100644 index 00000000..562e082a --- /dev/null +++ b/include/DomainExec/opensshlib/bufaux.c @@ -0,0 +1,259 @@ +/* $OpenBSD: bufaux.c,v 1.60 2014/04/30 05:29:56 djm Exp $ */ +/* + * Copyright (c) 2012 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ + +#include "includes.h" + +#include + +#include "buffer.h" +#include "log.h" +#include "ssherr.h" + +int +buffer_get_short_ret(u_short *v, Buffer *buffer) +{ + int ret; + + if ((ret = sshbuf_get_u16(buffer, v)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +u_short +buffer_get_short(Buffer *buffer) +{ + u_short ret; + + if (buffer_get_short_ret(&ret, buffer) == -1) + fatal("%s: buffer error", __func__); + + return (ret); +} + +int +buffer_get_int_ret(u_int *v, Buffer *buffer) +{ + int ret; + + if ((ret = sshbuf_get_u32(buffer, v)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +u_int +buffer_get_int(Buffer *buffer) +{ + u_int ret; + + if (buffer_get_int_ret(&ret, buffer) == -1) + fatal("%s: buffer error", __func__); + + return (ret); +} + +int +buffer_get_int64_ret(u_int64_t *v, Buffer *buffer) +{ + int ret; + + if ((ret = sshbuf_get_u64(buffer, v)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +u_int64_t +buffer_get_int64(Buffer *buffer) +{ + u_int64_t ret; + + if (buffer_get_int64_ret(&ret, buffer) == -1) + fatal("%s: buffer error", __func__); + + return (ret); +} + +void +buffer_put_short(Buffer *buffer, u_short value) +{ + int ret; + + if ((ret = sshbuf_put_u16(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_put_int(Buffer *buffer, u_int value) +{ + int ret; + + if ((ret = sshbuf_put_u32(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_put_int64(Buffer *buffer, u_int64_t value) +{ + int ret; + + if ((ret = sshbuf_put_u64(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void * +buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) +{ + size_t len; + int ret; + u_char *value; + + if ((ret = sshbuf_get_string(buffer, &value, &len)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return NULL; + } + if (length_ptr != NULL) + *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ + return value; +} + +void * +buffer_get_string(Buffer *buffer, u_int *length_ptr) +{ + void *ret; + + if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL) + fatal("%s: buffer error", __func__); + return (ret); +} + +char * +buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr) +{ + size_t len; + int ret; + char *value; + + if ((ret = sshbuf_get_cstring(buffer, &value, &len)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return NULL; + } + if (length_ptr != NULL) + *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ + return value; +} + +char * +buffer_get_cstring(Buffer *buffer, u_int *length_ptr) +{ + char *ret; + + if ((ret = buffer_get_cstring_ret(buffer, length_ptr)) == NULL) + fatal("%s: buffer error", __func__); + return ret; +} + +const void * +buffer_get_string_ptr_ret(Buffer *buffer, u_int *length_ptr) +{ + size_t len; + int ret; + const u_char *value; + + if ((ret = sshbuf_get_string_direct(buffer, &value, &len)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return NULL; + } + if (length_ptr != NULL) + *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ + return value; +} + +const void * +buffer_get_string_ptr(Buffer *buffer, u_int *length_ptr) +{ + const void *ret; + + if ((ret = buffer_get_string_ptr_ret(buffer, length_ptr)) == NULL) + fatal("%s: buffer error", __func__); + return (ret); +} + +void +buffer_put_string(Buffer *buffer, const void *buf, u_int len) +{ + int ret; + + if ((ret = sshbuf_put_string(buffer, buf, len)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_put_cstring(Buffer *buffer, const char *s) +{ + int ret; + + if ((ret = sshbuf_put_cstring(buffer, s)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +int +buffer_get_char_ret(char *v, Buffer *buffer) +{ + int ret; + + if ((ret = sshbuf_get_u8(buffer, (u_char *)v)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +int +buffer_get_char(Buffer *buffer) +{ + char ch; + + if (buffer_get_char_ret(&ch, buffer) == -1) + fatal("%s: buffer error", __func__); + return (u_char) ch; +} + +void +buffer_put_char(Buffer *buffer, int value) +{ + int ret; + + if ((ret = sshbuf_put_u8(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l) +{ + int ret; + + if ((ret = sshbuf_put_bignum2_bytes(buffer, s, l)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + diff --git a/include/DomainExec/opensshlib/bufbn.c b/include/DomainExec/opensshlib/bufbn.c new file mode 100644 index 00000000..612d590a --- /dev/null +++ b/include/DomainExec/opensshlib/bufbn.c @@ -0,0 +1,109 @@ +/* $OpenBSD: bufbn.c,v 1.12 2014/04/30 05:29:56 djm Exp $ */ + +/* + * Copyright (c) 2012 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ + +#include "includes.h" + +#ifdef WITH_OPENSSL + +#include + +#include "buffer.h" +#include "log.h" +#include "ssherr.h" + +#ifdef WITH_SSH1 +int +buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) +{ + int ret; + + if ((ret = sshbuf_put_bignum1(buffer, value)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_put_bignum(Buffer *buffer, const BIGNUM *value) +{ + if (buffer_put_bignum_ret(buffer, value) == -1) + fatal("%s: buffer error", __func__); +} + +int +buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) +{ + int ret; + + if ((ret = sshbuf_get_bignum1(buffer, value)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_get_bignum(Buffer *buffer, BIGNUM *value) +{ + if (buffer_get_bignum_ret(buffer, value) == -1) + fatal("%s: buffer error", __func__); +} +#endif /* WITH_SSH1 */ + +int +buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) +{ + int ret; + + if ((ret = sshbuf_put_bignum2(buffer, value)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) +{ + if (buffer_put_bignum2_ret(buffer, value) == -1) + fatal("%s: buffer error", __func__); +} + +int +buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) +{ + int ret; + + if ((ret = sshbuf_get_bignum2(buffer, value)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_get_bignum2(Buffer *buffer, BIGNUM *value) +{ + if (buffer_get_bignum2_ret(buffer, value) == -1) + fatal("%s: buffer error", __func__); +} + +#endif /* WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/buffer.c b/include/DomainExec/opensshlib/buffer.c new file mode 100644 index 00000000..c351dfb7 --- /dev/null +++ b/include/DomainExec/opensshlib/buffer.c @@ -0,0 +1,118 @@ +/* $OpenBSD: buffer.c,v 1.36 2014/04/30 05:29:56 djm Exp $ */ + +/* + * Copyright (c) 2012 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ + +#include "includes.h" + +#include + +#include "buffer.h" +#include "log.h" +#include "ssherr.h" + +void +buffer_append(Buffer *buffer, const void *data, u_int len) +{ + int ret; + + if ((ret = sshbuf_put(buffer, data, len)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void * +buffer_append_space(Buffer *buffer, u_int len) +{ + int ret; + u_char *p; + + if ((ret = sshbuf_reserve(buffer, len, &p)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); + return p; +} + +int +buffer_check_alloc(Buffer *buffer, u_int len) +{ + int ret = sshbuf_check_reserve(buffer, len); + + if (ret == 0) + return 1; + if (ret == SSH_ERR_NO_BUFFER_SPACE) + return 0; + fatal("%s: %s", __func__, ssh_err(ret)); +} + +int +buffer_get_ret(Buffer *buffer, void *buf, u_int len) +{ + int ret; + + if ((ret = sshbuf_get(buffer, buf, len)) != 0) { + ssh_error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; +} + +void +buffer_get(Buffer *buffer, void *buf, u_int len) +{ + if (buffer_get_ret(buffer, buf, len) == -1) + fatal("%s: buffer error", __func__); +} + +int +buffer_consume_ret(Buffer *buffer, u_int bytes) +{ + int ret = sshbuf_consume(buffer, bytes); + + if (ret == 0) + return 0; + if (ret == SSH_ERR_MESSAGE_INCOMPLETE) + return -1; + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_consume(Buffer *buffer, u_int bytes) +{ + if (buffer_consume_ret(buffer, bytes) == -1) + fatal("%s: buffer error", __func__); +} + +int +buffer_consume_end_ret(Buffer *buffer, u_int bytes) +{ + int ret = sshbuf_consume_end(buffer, bytes); + + if (ret == 0) + return 0; + if (ret == SSH_ERR_MESSAGE_INCOMPLETE) + return -1; + fatal("%s: %s", __func__, ssh_err(ret)); +} + +void +buffer_consume_end(Buffer *buffer, u_int bytes) +{ + if (buffer_consume_end_ret(buffer, bytes) == -1) + fatal("%s: buffer error", __func__); +} + + diff --git a/include/DomainExec/opensshlib/buffer.h b/include/DomainExec/opensshlib/buffer.h new file mode 100644 index 00000000..2ebe016a --- /dev/null +++ b/include/DomainExec/opensshlib/buffer.h @@ -0,0 +1,111 @@ +/* $OpenBSD: buffer.h,v 1.25 2014/04/30 05:29:56 djm Exp $ */ + +/* + * Copyright (c) 2012 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ + +#ifndef BUFFER_H +#define BUFFER_H + +#ifdef WIN32 +#include "winfixssh.h" +#endif + +#include "sshbuf.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct sshbuf Buffer; + +#define buffer_init(b) sshbuf_init(b) +#define buffer_clear(b) sshbuf_reset(b) +#define buffer_free(b) sshbuf_free(b) +#define buffer_dump(b) sshbuf_dump(b, stderr) + +/* XXX cast is safe: sshbuf never stores more than len 2^31 */ +#define buffer_len(b) ((u_int) sshbuf_len(b)) +#define buffer_ptr(b) sshbuf_mutable_ptr(b) + +void buffer_append(Buffer *, const void *, u_int); +void *buffer_append_space(Buffer *, u_int); +int buffer_check_alloc(Buffer *, u_int); +void buffer_get(Buffer *, void *, u_int); + +void buffer_consume(Buffer *, u_int); +void buffer_consume_end(Buffer *, u_int); + + +int buffer_get_ret(Buffer *, void *, u_int); +int buffer_consume_ret(Buffer *, u_int); +int buffer_consume_end_ret(Buffer *, u_int); + +#include +#include +void buffer_put_bignum(Buffer *, const BIGNUM *); +void buffer_put_bignum2(Buffer *, const BIGNUM *); +void buffer_get_bignum(Buffer *, BIGNUM *); +void buffer_get_bignum2(Buffer *, BIGNUM *); +void buffer_put_bignum2_from_string(Buffer *, const u_char *, u_int); + +u_short buffer_get_short(Buffer *); +void buffer_put_short(Buffer *, u_short); + +u_int buffer_get_int(Buffer *); +void buffer_put_int(Buffer *, u_int); + +u_int64_t buffer_get_int64(Buffer *); +void buffer_put_int64(Buffer *, u_int64_t); + +int buffer_get_char(Buffer *); +void buffer_put_char(Buffer *, int); + +void *buffer_get_string(Buffer *, u_int *); +const void *buffer_get_string_ptr(Buffer *, u_int *); +void buffer_put_string(Buffer *, const void *, u_int); +char *buffer_get_cstring(Buffer *, u_int *); +void buffer_put_cstring(Buffer *, const char *); + +#define buffer_skip_string(b) (void)buffer_get_string_ptr(b, NULL); + +int buffer_put_bignum_ret(Buffer *, const BIGNUM *); +int buffer_get_bignum_ret(Buffer *, BIGNUM *); +int buffer_put_bignum2_ret(Buffer *, const BIGNUM *); +int buffer_get_bignum2_ret(Buffer *, BIGNUM *); +int buffer_get_short_ret(u_short *, Buffer *); +int buffer_get_int_ret(u_int *, Buffer *); +int buffer_get_int64_ret(u_int64_t *, Buffer *); +void *buffer_get_string_ret(Buffer *, u_int *); +char *buffer_get_cstring_ret(Buffer *, u_int *); +const void *buffer_get_string_ptr_ret(Buffer *, u_int *); +int buffer_get_char_ret(char *, Buffer *); + +#ifdef OPENSSL_HAS_ECC +#include +int buffer_put_ecpoint_ret(Buffer *, const EC_GROUP *, const EC_POINT *); +void buffer_put_ecpoint(Buffer *, const EC_GROUP *, const EC_POINT *); +int buffer_get_ecpoint_ret(Buffer *, const EC_GROUP *, EC_POINT *); +void buffer_get_ecpoint(Buffer *, const EC_GROUP *, EC_POINT *); +#endif + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + +#endif /* BUFFER_H */ + diff --git a/include/DomainExec/opensshlib/buildpkg.sh.in b/include/DomainExec/opensshlib/buildpkg.sh.in new file mode 100644 index 00000000..22c66fbd --- /dev/null +++ b/include/DomainExec/opensshlib/buildpkg.sh.in @@ -0,0 +1,684 @@ +#!/bin/sh +# +# Fake Root Solaris/SVR4/SVR5 Build System - Prototype +# +# The following code has been provide under Public Domain License. I really +# don't care what you use it for. Just as long as you don't complain to me +# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) +# +umask 022 +# +# Options for building the package +# You can create a openssh-config.local with your customized options +# +REMOVE_FAKE_ROOT_WHEN_DONE=yes +# +# uncommenting TEST_DIR and using +# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty +# and +# PKGNAME=tOpenSSH should allow testing a package without interfering +# with a real OpenSSH package on a system. This is not needed on systems +# that support the -R option to pkgadd. +#TEST_DIR=/var/tmp # leave commented out for production build +PKGNAME=OpenSSH +# revisions within the same version (REV=a) +#REV= +SYSVINIT_NAME=opensshd +AWK=${AWK:="nawk"} +MAKE=${MAKE:="make"} +SSHDUID=67 # Default privsep uid +SSHDGID=67 # Default privsep gid +# uncomment these next three as needed +#PERMIT_ROOT_LOGIN=no +#X11_FORWARDING=yes +#USR_LOCAL_IS_SYMLINK=yes +# System V init run levels +SYSVINITSTART=S98 +SYSVINITSTOPT=K30 +# We will source these if they exist +POST_MAKE_INSTALL_FIXES=./pkg-post-make-install-fixes.sh +POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh +# We'll be one level deeper looking for these +PKG_PREINSTALL_LOCAL=../pkg-preinstall.local +PKG_POSTINSTALL_LOCAL=../pkg-postinstall.local +PKG_PREREMOVE_LOCAL=../pkg-preremove.local +PKG_POSTREMOVE_LOCAL=../pkg-postremove.local +PKG_REQUEST_LOCAL=../pkg-request.local +# end of sourced files +# +OPENSSHD=opensshd.init +OPENSSH_MANIFEST=openssh.xml +OPENSSH_FMRI=svc:/site/${SYSVINIT_NAME}:default +SMF_METHOD_DIR=/lib/svc/method/site +SMF_MANIFEST_DIR=/var/svc/manifest/site + +PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@ +PATH_USERADD_PROG=@PATH_USERADD_PROG@ +PATH_PASSWD_PROG=@PATH_PASSWD_PROG@ +# +# list of system directories we do NOT want to change owner/group/perms +# when installing our package +SYSTEM_DIR="/etc \ +/etc/init.d \ +/etc/rcS.d \ +/etc/rc0.d \ +/etc/rc1.d \ +/etc/rc2.d \ +/etc/opt \ +/lib \ +/lib/svc \ +/lib/svc/method \ +/lib/svc/method/site \ +/opt \ +/opt/bin \ +/usr \ +/usr/bin \ +/usr/lib \ +/usr/sbin \ +/usr/share \ +/usr/share/man \ +/usr/share/man/man1 \ +/usr/share/man/man8 \ +/usr/local \ +/usr/local/bin \ +/usr/local/etc \ +/usr/local/libexec \ +/usr/local/man \ +/usr/local/man/man1 \ +/usr/local/man/man8 \ +/usr/local/sbin \ +/usr/local/share \ +/var \ +/var/opt \ +/var/run \ +/var/svc \ +/var/svc/manifest \ +/var/svc/manifest/site \ +/var/tmp \ +/tmp" + +# We may need to build as root so we make sure PATH is set up +# only set the path if it's not set already +[ -d /opt/bin ] && { + echo $PATH | grep ":/opt/bin" > /dev/null 2>&1 + [ $? -ne 0 ] && PATH=$PATH:/opt/bin +} +[ -d /usr/local/bin ] && { + echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 + [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin +} +[ -d /usr/ccs/bin ] && { + echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1 + [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin +} +export PATH +# + +[ -f Makefile ] || { + echo "Please run this script from your build directory" + exit 1 +} + +# we will look for openssh-config.local to override the above options +[ -s ./openssh-config.local ] && . ./openssh-config.local + +START=`pwd` +FAKE_ROOT=$START/pkg + +## Fill in some details, like prefix and sysconfdir +for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir srcdir +do + eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` +done + +## Are we using Solaris' SMF? +DO_SMF=0 +if egrep "^#define USE_SOLARIS_PROCESS_CONTRACTS" config.h > /dev/null 2>&1 +then + DO_SMF=1 +fi + +## Collect value of privsep user +for confvar in SSH_PRIVSEP_USER +do + eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` +done + +## Set privsep defaults if not defined +if [ -z "$SSH_PRIVSEP_USER" ] +then + SSH_PRIVSEP_USER=sshd +fi + +## Extract common info requires for the 'info' part of the package. +VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` + +ARCH=`uname -m` +DEF_MSG="\n" +OS_VER=`uname -v` +SCRIPT_SHELL=/sbin/sh +UNAME_R=`uname -r` +UNAME_S=`uname -s` +case ${UNAME_S} in + SunOS) UNAME_S=Solaris + OS_VER=${UNAME_R} + ARCH=`uname -p` + RCS_D=yes + DEF_MSG="(default: n)" + ;; + SCO_SV) case ${UNAME_R} in + 3.2) UNAME_S=OpenServer5 + OS_VER=`uname -X | grep Release | sed -e 's/^Rel.*3.2v//'` + ;; + 5) UNAME_S=OpenServer6 + ;; + esac + SCRIPT_SHELL=/bin/sh + RC1_D=no + DEF_MSG="(default: n)" + ;; +esac + +case `basename $0` in + buildpkg.sh) +## Start by faking root install +echo "Faking root install..." +[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT +mkdir $FAKE_ROOT +${MAKE} install-nokeys DESTDIR=$FAKE_ROOT +if [ $? -gt 0 ] +then + echo "Fake root install failed, stopping." + exit 1 +fi + +## Setup our run level stuff while we are at it. +if [ $DO_SMF -eq 1 ] +then + # For Solaris' SMF, /lib/svc/method/site is the preferred place + # for start/stop scripts that aren't supplied with the OS, and + # similarly /var/svc/manifest/site for manifests. + mkdir -p $FAKE_ROOT${TEST_DIR}${SMF_METHOD_DIR} + mkdir -p $FAKE_ROOT${TEST_DIR}${SMF_MANIFEST_DIR} + + cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}${SMF_METHOD_DIR}/${SYSVINIT_NAME} + chmod 744 $FAKE_ROOT${TEST_DIR}${SMF_METHOD_DIR}/${SYSVINIT_NAME} + + cat ${OPENSSH_MANIFEST} | \ + sed -e "s|__SYSVINIT_NAME__|${SYSVINIT_NAME}|" \ + -e "s|__SMF_METHOD_DIR__|${SMF_METHOD_DIR}|" \ + > $FAKE_ROOT${TEST_DIR}${SMF_MANIFEST_DIR}/${SYSVINIT_NAME}.xml + chmod 644 $FAKE_ROOT${TEST_DIR}${SMF_MANIFEST_DIR}/${SYSVINIT_NAME}.xml +else + mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d + + cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} + chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} +fi + +[ "${PERMIT_ROOT_LOGIN}" = no ] && \ + perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ + $FAKE_ROOT${sysconfdir}/sshd_config +[ "${X11_FORWARDING}" = yes ] && \ + perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ + $FAKE_ROOT${sysconfdir}/sshd_config +# fix PrintMotd +perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \ + $FAKE_ROOT${sysconfdir}/sshd_config + +# We don't want to overwrite config files on multiple installs +mv $FAKE_ROOT${sysconfdir}/ssh_config $FAKE_ROOT${sysconfdir}/ssh_config.default +mv $FAKE_ROOT${sysconfdir}/sshd_config $FAKE_ROOT${sysconfdir}/sshd_config.default +[ -f $FAKE_ROOT${sysconfdir}/ssh_prng_cmds ] && \ +mv $FAKE_ROOT${sysconfdir}/ssh_prng_cmds $FAKE_ROOT${sysconfdir}/ssh_prng_cmds.default + +# local tweeks here +[ -s "${POST_MAKE_INSTALL_FIXES}" ] && . ${POST_MAKE_INSTALL_FIXES} + +cd $FAKE_ROOT + +## Ok, this is outright wrong, but it will work. I'm tired of pkgmk +## whining. +for i in *; do + PROTO_ARGS="$PROTO_ARGS $i=/$i"; +done + +## Build info file +echo "Building pkginfo file..." +cat > pkginfo << _EOF +PKG=$PKGNAME +NAME="OpenSSH Portable for ${UNAME_S}" +DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh." +VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html" +ARCH=$ARCH +VERSION=$VERSION$REV +CATEGORY="Security,application" +BASEDIR=/ +CLASSES="none" +PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`" +_EOF + +## Build empty depend file that may get updated by $POST_PROTOTYPE_EDITS +echo "Building depend file..." +touch depend + +## Build space file +echo "Building space file..." +if [ $DO_SMF -eq 1 ] +then + # XXX Is this necessary? If not, remove space line from mk-proto.awk. + touch space +else + cat > space << _EOF +# extra space required by start/stop links added by installf +# in postinstall +$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1 +$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1 +_EOF + [ "$RC1_D" = no ] || \ + echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space + [ "$RCS_D" = yes ] && \ + echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space +fi + +## Build preinstall file +echo "Building preinstall file..." +cat > preinstall << _EOF +#! ${SCRIPT_SHELL} +# +_EOF + +# local preinstall changes here +[ -s "${PKG_PREINSTALL_LOCAL}" ] && . ${PKG_PREINSTALL_LOCAL} + +cat >> preinstall << _EOF +# +if [ "\${PRE_INS_STOP}" = "yes" ] +then + if [ $DO_SMF -eq 1 ] + then + svcadm disable $OPENSSH_FMRI + else + ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop + fi +fi + +exit 0 +_EOF + +## Build postinstall file +echo "Building postinstall file..." +cat > postinstall << _EOF +#! ${SCRIPT_SHELL} +# +[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\ + cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\ + \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config +[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ + cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ + \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config +[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { + [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ + cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ + \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds +} + +# make rc?.d dirs only if we are doing a test install +[ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && { + [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d + mkdir -p ${TEST_DIR}/etc/rc0.d + [ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d + mkdir -p ${TEST_DIR}/etc/rc2.d +} + +if [ $DO_SMF -eq 1 ] +then + # Delete the existing service, if it exists, then import the + # new one. + if svcs $OPENSSH_FMRI > /dev/null 2>&1 + then + svccfg delete -f $OPENSSH_FMRI + fi + # NOTE, The manifest disables sshd by default. + svccfg import ${TEST_DIR}${SMF_MANIFEST_DIR}/${SYSVINIT_NAME}.xml +else + if [ "\${USE_SYM_LINKS}" = yes ] + then + [ "$RCS_D" = yes ] && \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + [ "$RC1_D" = no ] || \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + else + [ "$RCS_D" = yes ] && \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + [ "$RC1_D" = no ] || \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + fi +fi + +# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) +[ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 0755 root sys + +_EOF + +# local postinstall changes here +[ -s "${PKG_POSTINSTALL_LOCAL}" ] && . ${PKG_POSTINSTALL_LOCAL} + +cat >> postinstall << _EOF +installf -f ${PKGNAME} + +# Use chroot to handle PKG_INSTALL_ROOT +if [ ! -z "\${PKG_INSTALL_ROOT}" ] +then + chroot="chroot \${PKG_INSTALL_ROOT}" +fi +# If this is a test build, we will skip the groupadd/useradd/passwd commands +if [ ! -z "${TEST_DIR}" ] +then + chroot=echo +fi + + echo "PrivilegeSeparation user always required." + if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + then + echo "PrivSep user $SSH_PRIVSEP_USER already exists." + SSH_PRIVSEP_GROUP=\`grep "^$SSH_PRIVSEP_USER:" \${PKG_INSTALL_ROOT}/etc/passwd | awk -F: '{print \$4}'\` + SSH_PRIVSEP_GROUP=\`grep ":\$SSH_PRIVSEP_GROUP:" \${PKG_INSTALL_ROOT}/etc/group | awk -F: '{print \$1}'\` + else + DO_PASSWD=yes + fi + [ -z "\$SSH_PRIVSEP_GROUP" ] && SSH_PRIVSEP_GROUP=$SSH_PRIVSEP_USER + + # group required? + if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'\$SSH_PRIVSEP_GROUP'\$' >/dev/null + then + echo "PrivSep group \$SSH_PRIVSEP_GROUP already exists." + else + DO_GROUP=yes + fi + + # create group if required + [ "\$DO_GROUP" = yes ] && { + # Use gid of 67 if possible + if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null + then + : + else + sshdgid="-g $SSHDGID" + fi + echo "Creating PrivSep group \$SSH_PRIVSEP_GROUP." + \$chroot ${PATH_GROUPADD_PROG} \$sshdgid \$SSH_PRIVSEP_GROUP + } + + # Create user if required + [ "\$DO_PASSWD" = yes ] && { + # Use uid of 67 if possible + if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDUID'\$' >/dev/null + then + : + else + sshduid="-u $SSHDUID" + fi + echo "Creating PrivSep user $SSH_PRIVSEP_USER." + \$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER + \$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER + } + +if [ "\${POST_INS_START}" = "yes" ] +then + if [ $DO_SMF -eq 1 ] + then + svcadm enable $OPENSSH_FMRI + else + ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start + fi +fi +exit 0 +_EOF + +## Build preremove file +echo "Building preremove file..." +cat > preremove << _EOF +#! ${SCRIPT_SHELL} +# +if [ $DO_SMF -eq 1 ] +then + svcadm disable $OPENSSH_FMRI +else + ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop +fi +_EOF + +# local preremove changes here +[ -s "${PKG_PREREMOVE_LOCAL}" ] && . ${PKG_PREREMOVE_LOCAL} + +cat >> preremove << _EOF +exit 0 +_EOF + +## Build postremove file +echo "Building postremove file..." +cat > postremove << _EOF +#! ${SCRIPT_SHELL} +# +if [ $DO_SMF -eq 1 ] +then + if svcs $OPENSSH_FMRI > /dev/null 2>&1 + then + svccfg delete -f $OPENSSH_FMRI + fi +fi +_EOF + +# local postremove changes here +[ -s "${PKG_POSTREMOVE_LOCAL}" ] && . ${PKG_POSTREMOVE_LOCAL} + +cat >> postremove << _EOF +exit 0 +_EOF + +## Build request file +echo "Building request file..." +cat > request << _EOF +trap 'exit 3' 15 + +_EOF + +[ -x /usr/bin/ckyorn ] || cat >> request << _EOF + +ckyorn() { +# for some strange reason OpenServer5 has no ckyorn +# We build a striped down version here + +DEFAULT=n +PROMPT="Yes or No [yes,no,?,quit]" +HELP_PROMPT=" Enter y or yes if your answer is yes; n or no if your answer is no." +USAGE="usage: ckyorn [options] +where options may include: + -d default + -h help + -p prompt +" + +if [ \$# != 0 ] +then + while getopts d:p:h: c + do + case \$c in + h) HELP_PROMPT="\$OPTARG" ;; + d) DEFAULT=\$OPTARG ;; + p) PROMPT=\$OPTARG ;; + \\?) echo "\$USAGE" 1>&2 + exit 1 ;; + esac + done + shift \`expr \$OPTIND - 1\` +fi + +while true +do + echo "\${PROMPT}\\c " 1>&2 + read key + [ -z "\$key" ] && key=\$DEFAULT + case \$key in + [n,N]|[n,N][o,O]|[y,Y]|[y,Y][e,E][s,S]) echo "\${key}\\c" + exit 0 ;; + \\?) echo \$HELP_PROMPT 1>&2 ;; + q|quit) echo "q\\c" 1>&2 + exit 3 ;; + esac +done + +} + +_EOF + +if [ $DO_SMF -eq 1 ] +then + # This could get hairy, as the running sshd may not be under SMF. + # We'll assume an earlier version of OpenSSH started via SMF. + cat >> request << _EOF +PRE_INS_STOP=no +POST_INS_START=no +# determine if should restart the daemon +if [ -s ${piddir}/sshd.pid ] && \ + /usr/bin/svcs -H $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1 +then + ans=\`ckyorn -d n \ +-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? + case \$ans in + [y,Y]*) PRE_INS_STOP=yes + POST_INS_START=yes + ;; + esac + +else + +# determine if we should start sshd + ans=\`ckyorn -d n \ +-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? + case \$ans in + [y,Y]*) POST_INS_START=yes ;; + esac +fi + +# make parameters available to installation service, +# and so to any other packaging scripts +cat >\$1 <> request << _EOF +USE_SYM_LINKS=no +PRE_INS_STOP=no +POST_INS_START=no +# Use symbolic links? +ans=\`ckyorn -d n \ +-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$? +case \$ans in + [y,Y]*) USE_SYM_LINKS=yes ;; +esac + +# determine if should restart the daemon +if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ] +then + ans=\`ckyorn -d n \ +-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? + case \$ans in + [y,Y]*) PRE_INS_STOP=yes + POST_INS_START=yes + ;; + esac + +else + +# determine if we should start sshd + ans=\`ckyorn -d n \ +-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? + case \$ans in + [y,Y]*) POST_INS_START=yes ;; + esac +fi + +# make parameters available to installation service, +# and so to any other packaging scripts +cat >\$1 <> request << _EOF +exit 0 + +_EOF + +## Next Build our prototype +echo "Building prototype file..." +cat >mk-proto.awk << _EOF + BEGIN { print "i pkginfo"; print "i depend"; \\ + print "i preinstall"; print "i postinstall"; \\ + print "i preremove"; print "i postremove"; \\ + print "i request"; print "i space"; \\ + split("$SYSTEM_DIR",sys_files); } + { + for (dir in sys_files) { if ( \$3 != sys_files[dir] ) + { if ( \$1 == "s" ) + { \$5=""; \$6=""; } + else + { \$5="root"; \$6="sys"; } + } + else + { \$4="?"; \$5="?"; \$6="?"; break;} + } } + { print; } +_EOF + +find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ + pkgproto $PROTO_ARGS | ${AWK} -f mk-proto.awk > prototype + +# /usr/local is a symlink on some systems +[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && { + grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new + mv prototype.new prototype +} + +## Step back a directory and now build the package. +cd .. +# local prototype tweeks here +[ -s "${POST_PROTOTYPE_EDITS}" ] && . ${POST_PROTOTYPE_EDITS} + +echo "Building package.." +pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o +echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg + ;; + + justpkg.sh) +rm -fr ${FAKE_ROOT}/${PKGNAME} +grep -v "^PSTAMP=" $FAKE_ROOT/pkginfo > $$tmp +mv $$tmp $FAKE_ROOT/pkginfo +cat >> $FAKE_ROOT/pkginfo << _EOF +PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`" +_EOF +pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o +echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg + ;; + +esac + +[ "${REMOVE_FAKE_ROOT_WHEN_DONE}" = yes ] && rm -rf $FAKE_ROOT +exit 0 + diff --git a/include/DomainExec/opensshlib/canohost.h b/include/DomainExec/opensshlib/canohost.h new file mode 100644 index 00000000..4c8636f4 --- /dev/null +++ b/include/DomainExec/opensshlib/canohost.h @@ -0,0 +1,29 @@ +/* $OpenBSD: canohost.h,v 1.11 2009/05/27 06:31:25 andreas Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +const char *get_canonical_hostname(int); +const char *get_remote_ipaddr(void); +const char *get_remote_name_or_ip(u_int, int); + +char *get_peer_ipaddr(int); +int get_peer_port(int); +char *get_local_ipaddr(int); +char *get_local_name(int); + +int get_remote_port(void); +int get_local_port(void); +int get_sock_port(int, int); +void clear_cached_addr(void); + +void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); diff --git a/include/DomainExec/opensshlib/chacha.c b/include/DomainExec/opensshlib/chacha.c new file mode 100644 index 00000000..a84c25ea --- /dev/null +++ b/include/DomainExec/opensshlib/chacha.c @@ -0,0 +1,219 @@ +/* +chacha-merged.c version 20080118 +D. J. Bernstein +Public domain. +*/ + +#include "includes.h" + +#include "chacha.h" + +/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */ + +typedef unsigned char u8; +typedef unsigned int u32; + +typedef struct chacha_ctx chacha_ctx; + +#define U8C(v) (v##U) +#define U32C(v) (v##U) + +#define U8V(v) ((u8)(v) & U8C(0xFF)) +#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) + +#define ROTL32(v, n) \ + (U32V((v) << (n)) | ((v) >> (32 - (n)))) + +#define U8TO32_LITTLE(p) \ + (((u32)((p)[0]) ) | \ + ((u32)((p)[1]) << 8) | \ + ((u32)((p)[2]) << 16) | \ + ((u32)((p)[3]) << 24)) + +#define U32TO8_LITTLE(p, v) \ + do { \ + (p)[0] = U8V((v) ); \ + (p)[1] = U8V((v) >> 8); \ + (p)[2] = U8V((v) >> 16); \ + (p)[3] = U8V((v) >> 24); \ + } while (0) + +#define ROTATE(v,c) (ROTL32(v,c)) +#define XOR(v,w) ((v) ^ (w)) +#define PLUS(v,w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v),1)) + +#define QUARTERROUND(a,b,c,d) \ + a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ + a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); + +static const char sigma[16] = "expand 32-byte k"; +static const char tau[16] = "expand 16-byte k"; + +void +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) +{ + const char *constants; + + x->input[4] = U8TO32_LITTLE(k + 0); + x->input[5] = U8TO32_LITTLE(k + 4); + x->input[6] = U8TO32_LITTLE(k + 8); + x->input[7] = U8TO32_LITTLE(k + 12); + if (kbits == 256) { /* recommended */ + k += 16; + constants = sigma; + } else { /* kbits == 128 */ + constants = tau; + } + x->input[8] = U8TO32_LITTLE(k + 0); + x->input[9] = U8TO32_LITTLE(k + 4); + x->input[10] = U8TO32_LITTLE(k + 8); + x->input[11] = U8TO32_LITTLE(k + 12); + x->input[0] = U8TO32_LITTLE(constants + 0); + x->input[1] = U8TO32_LITTLE(constants + 4); + x->input[2] = U8TO32_LITTLE(constants + 8); + x->input[3] = U8TO32_LITTLE(constants + 12); +} + +void +chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter) +{ + x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0); + x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4); + x->input[14] = U8TO32_LITTLE(iv + 0); + x->input[15] = U8TO32_LITTLE(iv + 4); +} + +void +chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) +{ + u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + u8 *ctarget = NULL; + u8 tmp[64]; + u_int i; + + if (!bytes) return; + + j0 = x->input[0]; + j1 = x->input[1]; + j2 = x->input[2]; + j3 = x->input[3]; + j4 = x->input[4]; + j5 = x->input[5]; + j6 = x->input[6]; + j7 = x->input[7]; + j8 = x->input[8]; + j9 = x->input[9]; + j10 = x->input[10]; + j11 = x->input[11]; + j12 = x->input[12]; + j13 = x->input[13]; + j14 = x->input[14]; + j15 = x->input[15]; + + for (;;) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) tmp[i] = m[i]; + m = tmp; + ctarget = c; + c = tmp; + } + x0 = j0; + x1 = j1; + x2 = j2; + x3 = j3; + x4 = j4; + x5 = j5; + x6 = j6; + x7 = j7; + x8 = j8; + x9 = j9; + x10 = j10; + x11 = j11; + x12 = j12; + x13 = j13; + x14 = j14; + x15 = j15; + for (i = 20;i > 0;i -= 2) { + QUARTERROUND( x0, x4, x8,x12) + QUARTERROUND( x1, x5, x9,x13) + QUARTERROUND( x2, x6,x10,x14) + QUARTERROUND( x3, x7,x11,x15) + QUARTERROUND( x0, x5,x10,x15) + QUARTERROUND( x1, x6,x11,x12) + QUARTERROUND( x2, x7, x8,x13) + QUARTERROUND( x3, x4, x9,x14) + } + x0 = PLUS(x0,j0); + x1 = PLUS(x1,j1); + x2 = PLUS(x2,j2); + x3 = PLUS(x3,j3); + x4 = PLUS(x4,j4); + x5 = PLUS(x5,j5); + x6 = PLUS(x6,j6); + x7 = PLUS(x7,j7); + x8 = PLUS(x8,j8); + x9 = PLUS(x9,j9); + x10 = PLUS(x10,j10); + x11 = PLUS(x11,j11); + x12 = PLUS(x12,j12); + x13 = PLUS(x13,j13); + x14 = PLUS(x14,j14); + x15 = PLUS(x15,j15); + + x0 = XOR(x0,U8TO32_LITTLE(m + 0)); + x1 = XOR(x1,U8TO32_LITTLE(m + 4)); + x2 = XOR(x2,U8TO32_LITTLE(m + 8)); + x3 = XOR(x3,U8TO32_LITTLE(m + 12)); + x4 = XOR(x4,U8TO32_LITTLE(m + 16)); + x5 = XOR(x5,U8TO32_LITTLE(m + 20)); + x6 = XOR(x6,U8TO32_LITTLE(m + 24)); + x7 = XOR(x7,U8TO32_LITTLE(m + 28)); + x8 = XOR(x8,U8TO32_LITTLE(m + 32)); + x9 = XOR(x9,U8TO32_LITTLE(m + 36)); + x10 = XOR(x10,U8TO32_LITTLE(m + 40)); + x11 = XOR(x11,U8TO32_LITTLE(m + 44)); + x12 = XOR(x12,U8TO32_LITTLE(m + 48)); + x13 = XOR(x13,U8TO32_LITTLE(m + 52)); + x14 = XOR(x14,U8TO32_LITTLE(m + 56)); + x15 = XOR(x15,U8TO32_LITTLE(m + 60)); + + j12 = PLUSONE(j12); + if (!j12) { + j13 = PLUSONE(j13); + /* stopping at 2^70 bytes per nonce is user's responsibility */ + } + + U32TO8_LITTLE(c + 0,x0); + U32TO8_LITTLE(c + 4,x1); + U32TO8_LITTLE(c + 8,x2); + U32TO8_LITTLE(c + 12,x3); + U32TO8_LITTLE(c + 16,x4); + U32TO8_LITTLE(c + 20,x5); + U32TO8_LITTLE(c + 24,x6); + U32TO8_LITTLE(c + 28,x7); + U32TO8_LITTLE(c + 32,x8); + U32TO8_LITTLE(c + 36,x9); + U32TO8_LITTLE(c + 40,x10); + U32TO8_LITTLE(c + 44,x11); + U32TO8_LITTLE(c + 48,x12); + U32TO8_LITTLE(c + 52,x13); + U32TO8_LITTLE(c + 56,x14); + U32TO8_LITTLE(c + 60,x15); + + if (bytes <= 64) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) ctarget[i] = c[i]; + } + x->input[12] = j12; + x->input[13] = j13; + return; + } + bytes -= 64; + c += 64; + m += 64; + } +} diff --git a/include/DomainExec/opensshlib/chacha.h b/include/DomainExec/opensshlib/chacha.h new file mode 100644 index 00000000..40eaf2d9 --- /dev/null +++ b/include/DomainExec/opensshlib/chacha.h @@ -0,0 +1,35 @@ +/* $OpenBSD: chacha.h,v 1.3 2014/05/02 03:27:54 djm Exp $ */ + +/* +chacha-merged.c version 20080118 +D. J. Bernstein +Public domain. +*/ + +#ifndef CHACHA_H +#define CHACHA_H + +#include + +struct chacha_ctx { + u_int input[16]; +}; + +#define CHACHA_MINKEYLEN 16 +#define CHACHA_NONCELEN 8 +#define CHACHA_CTRLEN 8 +#define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) +#define CHACHA_BLOCKLEN 64 + +void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits) + __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); +void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, const u_char *ctr) + __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN))) + __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN))); +void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m, + u_char *c, u_int bytes) + __attribute__((__bounded__(__buffer__, 2, 4))) + __attribute__((__bounded__(__buffer__, 3, 4))); + +#endif /* CHACHA_H */ + diff --git a/include/DomainExec/opensshlib/chacha_private.h b/include/DomainExec/opensshlib/chacha_private.h new file mode 100644 index 00000000..7c3680fa --- /dev/null +++ b/include/DomainExec/opensshlib/chacha_private.h @@ -0,0 +1,222 @@ +/* +chacha-merged.c version 20080118 +D. J. Bernstein +Public domain. +*/ + +/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ + +typedef unsigned char u8; +typedef unsigned int u32; + +typedef struct +{ + u32 input[16]; /* could be compressed */ +} chacha_ctx; + +#define U8C(v) (v##U) +#define U32C(v) (v##U) + +#define U8V(v) ((u8)(v) & U8C(0xFF)) +#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) + +#define ROTL32(v, n) \ + (U32V((v) << (n)) | ((v) >> (32 - (n)))) + +#define U8TO32_LITTLE(p) \ + (((u32)((p)[0]) ) | \ + ((u32)((p)[1]) << 8) | \ + ((u32)((p)[2]) << 16) | \ + ((u32)((p)[3]) << 24)) + +#define U32TO8_LITTLE(p, v) \ + do { \ + (p)[0] = U8V((v) ); \ + (p)[1] = U8V((v) >> 8); \ + (p)[2] = U8V((v) >> 16); \ + (p)[3] = U8V((v) >> 24); \ + } while (0) + +#define ROTATE(v,c) (ROTL32(v,c)) +#define XOR(v,w) ((v) ^ (w)) +#define PLUS(v,w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v),1)) + +#define QUARTERROUND(a,b,c,d) \ + a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ + a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); + +static const char sigma[16] = "expand 32-byte k"; +static const char tau[16] = "expand 16-byte k"; + +static void +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +{ + const char *constants; + + x->input[4] = U8TO32_LITTLE(k + 0); + x->input[5] = U8TO32_LITTLE(k + 4); + x->input[6] = U8TO32_LITTLE(k + 8); + x->input[7] = U8TO32_LITTLE(k + 12); + if (kbits == 256) { /* recommended */ + k += 16; + constants = sigma; + } else { /* kbits == 128 */ + constants = tau; + } + x->input[8] = U8TO32_LITTLE(k + 0); + x->input[9] = U8TO32_LITTLE(k + 4); + x->input[10] = U8TO32_LITTLE(k + 8); + x->input[11] = U8TO32_LITTLE(k + 12); + x->input[0] = U8TO32_LITTLE(constants + 0); + x->input[1] = U8TO32_LITTLE(constants + 4); + x->input[2] = U8TO32_LITTLE(constants + 8); + x->input[3] = U8TO32_LITTLE(constants + 12); +} + +static void +chacha_ivsetup(chacha_ctx *x,const u8 *iv) +{ + x->input[12] = 0; + x->input[13] = 0; + x->input[14] = U8TO32_LITTLE(iv + 0); + x->input[15] = U8TO32_LITTLE(iv + 4); +} + +static void +chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) +{ + u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + u8 *ctarget = NULL; + u8 tmp[64]; + u_int i; + + if (!bytes) return; + + j0 = x->input[0]; + j1 = x->input[1]; + j2 = x->input[2]; + j3 = x->input[3]; + j4 = x->input[4]; + j5 = x->input[5]; + j6 = x->input[6]; + j7 = x->input[7]; + j8 = x->input[8]; + j9 = x->input[9]; + j10 = x->input[10]; + j11 = x->input[11]; + j12 = x->input[12]; + j13 = x->input[13]; + j14 = x->input[14]; + j15 = x->input[15]; + + for (;;) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) tmp[i] = m[i]; + m = tmp; + ctarget = c; + c = tmp; + } + x0 = j0; + x1 = j1; + x2 = j2; + x3 = j3; + x4 = j4; + x5 = j5; + x6 = j6; + x7 = j7; + x8 = j8; + x9 = j9; + x10 = j10; + x11 = j11; + x12 = j12; + x13 = j13; + x14 = j14; + x15 = j15; + for (i = 20;i > 0;i -= 2) { + QUARTERROUND( x0, x4, x8,x12) + QUARTERROUND( x1, x5, x9,x13) + QUARTERROUND( x2, x6,x10,x14) + QUARTERROUND( x3, x7,x11,x15) + QUARTERROUND( x0, x5,x10,x15) + QUARTERROUND( x1, x6,x11,x12) + QUARTERROUND( x2, x7, x8,x13) + QUARTERROUND( x3, x4, x9,x14) + } + x0 = PLUS(x0,j0); + x1 = PLUS(x1,j1); + x2 = PLUS(x2,j2); + x3 = PLUS(x3,j3); + x4 = PLUS(x4,j4); + x5 = PLUS(x5,j5); + x6 = PLUS(x6,j6); + x7 = PLUS(x7,j7); + x8 = PLUS(x8,j8); + x9 = PLUS(x9,j9); + x10 = PLUS(x10,j10); + x11 = PLUS(x11,j11); + x12 = PLUS(x12,j12); + x13 = PLUS(x13,j13); + x14 = PLUS(x14,j14); + x15 = PLUS(x15,j15); + +#ifndef KEYSTREAM_ONLY + x0 = XOR(x0,U8TO32_LITTLE(m + 0)); + x1 = XOR(x1,U8TO32_LITTLE(m + 4)); + x2 = XOR(x2,U8TO32_LITTLE(m + 8)); + x3 = XOR(x3,U8TO32_LITTLE(m + 12)); + x4 = XOR(x4,U8TO32_LITTLE(m + 16)); + x5 = XOR(x5,U8TO32_LITTLE(m + 20)); + x6 = XOR(x6,U8TO32_LITTLE(m + 24)); + x7 = XOR(x7,U8TO32_LITTLE(m + 28)); + x8 = XOR(x8,U8TO32_LITTLE(m + 32)); + x9 = XOR(x9,U8TO32_LITTLE(m + 36)); + x10 = XOR(x10,U8TO32_LITTLE(m + 40)); + x11 = XOR(x11,U8TO32_LITTLE(m + 44)); + x12 = XOR(x12,U8TO32_LITTLE(m + 48)); + x13 = XOR(x13,U8TO32_LITTLE(m + 52)); + x14 = XOR(x14,U8TO32_LITTLE(m + 56)); + x15 = XOR(x15,U8TO32_LITTLE(m + 60)); +#endif + + j12 = PLUSONE(j12); + if (!j12) { + j13 = PLUSONE(j13); + /* stopping at 2^70 bytes per nonce is user's responsibility */ + } + + U32TO8_LITTLE(c + 0,x0); + U32TO8_LITTLE(c + 4,x1); + U32TO8_LITTLE(c + 8,x2); + U32TO8_LITTLE(c + 12,x3); + U32TO8_LITTLE(c + 16,x4); + U32TO8_LITTLE(c + 20,x5); + U32TO8_LITTLE(c + 24,x6); + U32TO8_LITTLE(c + 28,x7); + U32TO8_LITTLE(c + 32,x8); + U32TO8_LITTLE(c + 36,x9); + U32TO8_LITTLE(c + 40,x10); + U32TO8_LITTLE(c + 44,x11); + U32TO8_LITTLE(c + 48,x12); + U32TO8_LITTLE(c + 52,x13); + U32TO8_LITTLE(c + 56,x14); + U32TO8_LITTLE(c + 60,x15); + + if (bytes <= 64) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) ctarget[i] = c[i]; + } + x->input[12] = j12; + x->input[13] = j13; + return; + } + bytes -= 64; + c += 64; +#ifndef KEYSTREAM_ONLY + m += 64; +#endif + } +} diff --git a/include/DomainExec/opensshlib/channels.h b/include/DomainExec/opensshlib/channels.h new file mode 100644 index 00000000..9d76c9d2 --- /dev/null +++ b/include/DomainExec/opensshlib/channels.h @@ -0,0 +1,315 @@ +/* $OpenBSD: channels.h,v 1.118 2015/07/01 02:26:31 djm Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ +/* + * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef CHANNEL_H +#define CHANNEL_H + +/* Definitions for channel types. */ +#define SSH_CHANNEL_X11_LISTENER 1 /* Listening for inet X11 conn. */ +#define SSH_CHANNEL_PORT_LISTENER 2 /* Listening on a port. */ +#define SSH_CHANNEL_OPENING 3 /* waiting for confirmation */ +#define SSH_CHANNEL_OPEN 4 /* normal open two-way channel */ +#define SSH_CHANNEL_CLOSED 5 /* waiting for close confirmation */ +#define SSH_CHANNEL_AUTH_SOCKET 6 /* authentication socket */ +#define SSH_CHANNEL_X11_OPEN 7 /* reading first X11 packet */ +#define SSH_CHANNEL_INPUT_DRAINING 8 /* sending remaining data to conn */ +#define SSH_CHANNEL_OUTPUT_DRAINING 9 /* sending remaining data to app */ +#define SSH_CHANNEL_LARVAL 10 /* larval session */ +#define SSH_CHANNEL_RPORT_LISTENER 11 /* Listening to a R-style port */ +#define SSH_CHANNEL_CONNECTING 12 +#define SSH_CHANNEL_DYNAMIC 13 +#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ +#define SSH_CHANNEL_MUX_LISTENER 15 /* Listener for mux conn. */ +#define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ +#define SSH_CHANNEL_ABANDONED 17 /* Abandoned session, eg mux */ +#define SSH_CHANNEL_UNIX_LISTENER 18 /* Listening on a domain socket. */ +#define SSH_CHANNEL_RUNIX_LISTENER 19 /* Listening to a R-style domain socket. */ +#define SSH_CHANNEL_MAX_TYPE 20 + +#define CHANNEL_CANCEL_PORT_STATIC -1 + +struct Channel; +typedef struct Channel Channel; + +typedef void channel_open_fn(int, int, void *); +typedef void channel_callback_fn(int, void *); +typedef int channel_infilter_fn(struct Channel *, char *, int); +typedef void channel_filter_cleanup_fn(int, void *); +typedef u_char *channel_outfilter_fn(struct Channel *, u_char **, u_int *); + +/* Channel success/failure callbacks */ +typedef void channel_confirm_cb(int, struct Channel *, void *); +typedef void channel_confirm_abandon_cb(struct Channel *, void *); +struct channel_confirm { + TAILQ_ENTRY(channel_confirm) entry; + channel_confirm_cb *cb; + channel_confirm_abandon_cb *abandon_cb; + void *ctx; +}; +TAILQ_HEAD(channel_confirms, channel_confirm); + +/* Context for non-blocking connects */ +struct channel_connect { + char *host; + int port; + struct addrinfo *ai, *aitop; +}; + +/* Callbacks for mux channels back into client-specific code */ +typedef int mux_callback_fn(struct Channel *); + +struct Channel { + int type; /* channel type/state */ + int self; /* my own channel identifier */ + int remote_id; /* channel identifier for remote peer */ + u_int istate; /* input from channel (state of receive half) */ + u_int ostate; /* output to channel (state of transmit half) */ + int flags; /* close sent/rcvd */ + int rfd; /* read fd */ + int wfd; /* write fd */ + int efd; /* extended fd */ + int sock; /* sock fd */ + int ctl_chan; /* control channel (multiplexed connections) */ + int isatty; /* rfd is a tty */ +#ifdef _AIX + int wfd_isatty; /* wfd is a tty */ +#endif + int client_tty; /* (client) TTY has been requested */ + int force_drain; /* force close on iEOF */ + time_t notbefore; /* Pause IO until deadline (time_t) */ + int delayed; /* post-select handlers for newly created + * channels are delayed until the first call + * to a matching pre-select handler. + * this way post-select handlers are not + * accidentally called if a FD gets reused */ + Buffer input; /* data read from socket, to be sent over + * encrypted connection */ + Buffer output; /* data received over encrypted connection for + * send on socket */ + Buffer extended; + char *path; + /* path for unix domain sockets, or host name for forwards */ + int listening_port; /* port being listened for forwards */ + char *listening_addr; /* addr being listened for forwards */ + int host_port; /* remote port to connect for forwards */ + char *remote_name; /* remote hostname */ + + u_int remote_window; + u_int remote_maxpacket; + u_int local_window; + u_int local_window_max; + u_int local_consumed; + u_int local_maxpacket; + int extended_usage; + int single_connection; + + char *ctype; /* type */ + + /* callback */ + channel_open_fn *open_confirm; + void *open_confirm_ctx; + channel_callback_fn *detach_user; + int detach_close; + struct channel_confirms status_confirms; + + /* filter */ + channel_infilter_fn *input_filter; + channel_outfilter_fn *output_filter; + void *filter_ctx; + channel_filter_cleanup_fn *filter_cleanup; + + /* keep boundaries */ + int datagram; + + /* non-blocking connect */ + struct channel_connect connect_ctx; + + /* multiplexing protocol hook, called for each packet received */ + mux_callback_fn *mux_rcb; + void *mux_ctx; + int mux_pause; +}; + +#define CHAN_EXTENDED_IGNORE 0 +#define CHAN_EXTENDED_READ 1 +#define CHAN_EXTENDED_WRITE 2 + +/* default window/packet sizes for tcp/x11-fwd-channel */ +#define CHAN_SES_PACKET_DEFAULT (32*1024) +#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT) +#define CHAN_TCP_PACKET_DEFAULT (32*1024) +#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT) +#define CHAN_X11_PACKET_DEFAULT (16*1024) +#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) + +/* possible input states */ +#define CHAN_INPUT_OPEN 0 +#define CHAN_INPUT_WAIT_DRAIN 1 +#define CHAN_INPUT_WAIT_OCLOSE 2 +#define CHAN_INPUT_CLOSED 3 + +/* possible output states */ +#define CHAN_OUTPUT_OPEN 0 +#define CHAN_OUTPUT_WAIT_DRAIN 1 +#define CHAN_OUTPUT_WAIT_IEOF 2 +#define CHAN_OUTPUT_CLOSED 3 + +#define CHAN_CLOSE_SENT 0x01 +#define CHAN_CLOSE_RCVD 0x02 +#define CHAN_EOF_SENT 0x04 +#define CHAN_EOF_RCVD 0x08 +#define CHAN_LOCAL 0x10 + +#define CHAN_RBUF 16*1024 + +/* check whether 'efd' is still in use */ +#define CHANNEL_EFD_INPUT_ACTIVE(c) \ + (compat20 && c->extended_usage == CHAN_EXTENDED_READ && \ + (c->efd != -1 || \ + buffer_len(&c->extended) > 0)) +#define CHANNEL_EFD_OUTPUT_ACTIVE(c) \ + (compat20 && c->extended_usage == CHAN_EXTENDED_WRITE && \ + c->efd != -1 && (!(c->flags & (CHAN_EOF_RCVD|CHAN_CLOSE_RCVD)) || \ + buffer_len(&c->extended) > 0)) + +/* channel management */ + +Channel *channel_by_id(int); +Channel *channel_lookup(int); +Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int); +void channel_set_fds(int, int, int, int, int, int, int, u_int); +void channel_free(Channel *); +void channel_free_all(void); +void channel_stop_listening(void); + +void channel_send_open(int); +void channel_request_start(int, char *, int); +void channel_register_cleanup(int, channel_callback_fn *, int); +void channel_register_open_confirm(int, channel_open_fn *, void *); +void channel_register_filter(int, channel_infilter_fn *, + channel_outfilter_fn *, channel_filter_cleanup_fn *, void *); +void channel_register_status_confirm(int, channel_confirm_cb *, + channel_confirm_abandon_cb *, void *); +void channel_cancel_cleanup(int); +int channel_close_fd(int *); +void channel_send_window_changes(void); + +/* protocol handler */ + +int channel_input_close(int, u_int32_t, void *); +int channel_input_close_confirmation(int, u_int32_t, void *); +int channel_input_data(int, u_int32_t, void *); +int channel_input_extended_data(int, u_int32_t, void *); +int channel_input_ieof(int, u_int32_t, void *); +int channel_input_oclose(int, u_int32_t, void *); +int channel_input_open_confirmation(int, u_int32_t, void *); +int channel_input_open_failure(int, u_int32_t, void *); +int channel_input_port_open(int, u_int32_t, void *); +int channel_input_window_adjust(int, u_int32_t, void *); +int channel_input_status_confirm(int, u_int32_t, void *); + +/* file descriptor handling (read/write) */ + +void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, + time_t*, int); +void channel_after_select(fd_set *, fd_set *); +void channel_output_poll(void); + +int channel_not_very_much_buffered_data(void); +void channel_close_all(void); +int channel_still_open(void); +char *channel_open_message(void); +int channel_find_open(void); + +/* tcp forwarding */ +struct Forward; +struct ForwardOptions; +void channel_set_af(int af); +void channel_permit_all_opens(void); +void channel_add_permitted_opens(char *, int); +int channel_add_adm_permitted_opens(char *, int); +void channel_disable_adm_local_opens(void); +void channel_update_permitted_opens(int, int); +void channel_clear_permitted_opens(void); +void channel_clear_adm_permitted_opens(void); +void channel_print_adm_permitted_opens(void); +int channel_input_port_forward_request(int, struct ForwardOptions *); +Channel *channel_connect_to_port(const char *, u_short, char *, char *); +Channel *channel_connect_to_path(const char *, char *, char *); +Channel *channel_connect_stdio_fwd(const char*, u_short, int, int); +Channel *channel_connect_by_listen_address(const char *, u_short, + char *, char *); +Channel *channel_connect_by_listen_path(const char *, char *, char *); +int channel_request_remote_forwarding(struct Forward *); +int channel_setup_local_fwd_listener(struct Forward *, struct ForwardOptions *); +int channel_request_rforward_cancel(struct Forward *); +int channel_setup_remote_fwd_listener(struct Forward *, int *, struct ForwardOptions *); +int channel_cancel_rport_listener(struct Forward *); +int channel_cancel_lport_listener(struct Forward *, int, struct ForwardOptions *); +int permitopen_port(const char *); + +/* x11 forwarding */ + +void channel_set_x11_refuse_time(u_int); +int x11_connect_display(void); +int x11_create_display_inet(int, int, int, u_int *, int **); +int x11_input_open(int, u_int32_t, void *); +void x11_request_forwarding_with_spoofing(int, const char *, const char *, + const char *, int); +int deny_input_open(int, u_int32_t, void *); + +/* agent forwarding */ + +void auth_request_forwarding(void); + +/* channel close */ + +int chan_is_dead(Channel *, int); +void chan_mark_dead(Channel *); + +/* channel events */ + +void chan_rcvd_oclose(Channel *); +void chan_rcvd_eow(Channel *); /* SSH2-only */ +void chan_read_failed(Channel *); +void chan_ibuf_empty(Channel *); + +void chan_rcvd_ieof(Channel *); +void chan_write_failed(Channel *); +void chan_obuf_empty(Channel *); + +#endif diff --git a/include/DomainExec/opensshlib/charclass.h b/include/DomainExec/opensshlib/charclass.h new file mode 100644 index 00000000..91f51744 --- /dev/null +++ b/include/DomainExec/opensshlib/charclass.h @@ -0,0 +1,31 @@ +/* + * Public domain, 2008, Todd C. Miller + * + * $OpenBSD: charclass.h,v 1.1 2008/10/01 23:04:13 millert Exp $ + */ + +/* OPENBSD ORIGINAL: lib/libc/gen/charclass.h */ + +/* + * POSIX character class support for fnmatch() and glob(). + */ +static struct cclass { + const char *name; + int (*isctype)(int); +} cclasses[] = { + { "alnum", isalnum }, + { "alpha", isalpha }, + { "blank", isblank }, + { "cntrl", iscntrl }, + { "digit", isdigit }, + { "graph", isgraph }, + { "lower", islower }, + { "print", isprint }, + { "punct", ispunct }, + { "space", isspace }, + { "upper", isupper }, + { "xdigit", isxdigit }, + { NULL, NULL } +}; + +#define NCCLASSES (sizeof(cclasses) / sizeof(cclasses[0]) - 1) diff --git a/include/DomainExec/opensshlib/cipher-3des1.c b/include/DomainExec/opensshlib/cipher-3des1.c new file mode 100644 index 00000000..790faa23 --- /dev/null +++ b/include/DomainExec/opensshlib/cipher-3des1.c @@ -0,0 +1,157 @@ +/* $OpenBSD: cipher-3des1.c,v 1.12 2015/01/14 10:24:42 markus Exp $ */ +/* + * Copyright (c) 2003 Markus Friedl. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include +#include +#include + +#include "ssherr.h" + +/* + * This is used by SSH1: + * + * What kind of triple DES are these 2 routines? + * + * Why is there a redundant initialization vector? + * + * If only iv3 was used, then, this would till effect have been + * outer-cbc. However, there is also a private iv1 == iv2 which + * perhaps makes differential analysis easier. On the other hand, the + * private iv1 probably makes the CRC-32 attack ineffective. This is a + * result of that there is no longer any known iv1 to use when + * choosing the X block. + */ +struct ssh1_3des_ctx +{ + EVP_CIPHER_CTX *k1, *k2, *k3; +}; + +const EVP_CIPHER * evp_ssh1_3des(void); +int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); + +static int +ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, + int enc) +{ + struct ssh1_3des_ctx *c; + u_char *k1, *k2, *k3; + + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { + if ((c = calloc(1, sizeof(*c))) == NULL) + return 0; + EVP_CIPHER_CTX_set_app_data(ctx, c); + } + if (key == NULL) + return 1; + if (enc == -1) + enc = EVP_CIPHER_CTX_encrypting(ctx); + k1 = k2 = k3 = (u_char *) key; + k2 += 8; + if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) { + if (enc) + k3 += 16; + else + k1 += 16; + } + c->k1 = EVP_CIPHER_CTX_new(); + c->k2 = EVP_CIPHER_CTX_new(); + c->k3 = EVP_CIPHER_CTX_new(); + if (EVP_CipherInit(c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || + EVP_CipherInit(c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || + EVP_CipherInit(c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { + EVP_CIPHER_CTX_free(c->k1); + EVP_CIPHER_CTX_free(c->k2); + EVP_CIPHER_CTX_free(c->k3); + explicit_bzero(c, sizeof(*c)); + free(c); + EVP_CIPHER_CTX_set_app_data(ctx, NULL); + return 0; + } + return 1; +} + +static int +ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len) +{ + struct ssh1_3des_ctx *c; + + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) + return 0; + if (EVP_Cipher(c->k1, dest, (u_char *)src, len) == 0 || + EVP_Cipher(c->k2, dest, dest, len) == 0 || + EVP_Cipher(c->k3, dest, dest, len) == 0) + return 0; + return 1; +} + +static int +ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) +{ + struct ssh1_3des_ctx *c; + + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { + EVP_CIPHER_CTX_free(c->k1); + EVP_CIPHER_CTX_free(c->k2); + EVP_CIPHER_CTX_free(c->k3); + explicit_bzero(c, sizeof(*c)); + free(c); + EVP_CIPHER_CTX_set_app_data(ctx, NULL); + } + return 1; +} + +int +ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len) +{ + struct ssh1_3des_ctx *c; + + if (len != 24) + return SSH_ERR_INVALID_ARGUMENT; + if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) + return SSH_ERR_INTERNAL_ERROR; + if (doset) { + // FIXME(hb) Is there a saner way to do this? + memcpy(EVP_CIPHER_CTX_iv_noconst(c->k1), iv, 8); + memcpy(EVP_CIPHER_CTX_iv_noconst(c->k2), iv + 8, 8); + memcpy(EVP_CIPHER_CTX_iv_noconst(c->k3), iv + 16, 8); + } else { + memcpy(iv, EVP_CIPHER_CTX_iv(c->k1), 8); + memcpy(iv + 8, EVP_CIPHER_CTX_iv(c->k2), 8); + memcpy(iv + 16, EVP_CIPHER_CTX_iv(c->k3), 8); + } + return 0; +} + +static EVP_CIPHER *ssh1_3des; + +const EVP_CIPHER * +evp_ssh1_3des(void) +{ + ssh1_3des = EVP_CIPHER_meth_new(NID_undef, 8, 16); + + EVP_CIPHER_meth_set_iv_length(ssh1_3des, 0); + EVP_CIPHER_meth_set_init(ssh1_3des, ssh1_3des_init); + EVP_CIPHER_meth_set_cleanup(ssh1_3des, ssh1_3des_cleanup); + EVP_CIPHER_meth_set_do_cipher(ssh1_3des, ssh1_3des_cbc); + EVP_CIPHER_meth_set_flags(ssh1_3des, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH); + return ssh1_3des; +} diff --git a/include/DomainExec/opensshlib/cipher-aes.c b/include/DomainExec/opensshlib/cipher-aes.c new file mode 100644 index 00000000..6e08b59c --- /dev/null +++ b/include/DomainExec/opensshlib/cipher-aes.c @@ -0,0 +1,161 @@ +/* + * Copyright (c) 2003 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +/* compatibility with old or broken OpenSSL versions */ +#include "openssl-compat.h" + +#ifdef USE_BUILTIN_RIJNDAEL +#include + +#include + +#include +#include + +#include "rijndael.h" +#include "xmalloc.h" +#include "log.h" + +#define RIJNDAEL_BLOCKSIZE 16 +struct ssh_rijndael_ctx +{ + rijndael_ctx r_ctx; + u_char r_iv[RIJNDAEL_BLOCKSIZE]; +}; + +static int +ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, + int enc) +{ + struct ssh_rijndael_ctx *c; + + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { + c = xmalloc(sizeof(*c)); + EVP_CIPHER_CTX_set_app_data(ctx, c); + } + if (key != NULL) { + if (enc == -1) + enc = ctx->encrypt; + rijndael_set_key(&c->r_ctx, (u_char *)key, + 8*EVP_CIPHER_CTX_key_length(ctx), enc); + } + if (iv != NULL) + memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE); + return (1); +} + +static int +ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, + LIBCRYPTO_EVP_INL_TYPE len) +{ + struct ssh_rijndael_ctx *c; + u_char buf[RIJNDAEL_BLOCKSIZE]; + u_char *cprev, *cnow, *plain, *ivp; + int i, j, blocks = len / RIJNDAEL_BLOCKSIZE; + + if (len == 0) + return (1); + if (len % RIJNDAEL_BLOCKSIZE) + fatal("ssh_rijndael_cbc: bad len %d", len); + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { + ssh_error("ssh_rijndael_cbc: no context"); + return (0); + } + if (ctx->encrypt) { + cnow = dest; + plain = (u_char *)src; + cprev = c->r_iv; + for (i = 0; i < blocks; i++, plain+=RIJNDAEL_BLOCKSIZE, + cnow+=RIJNDAEL_BLOCKSIZE) { + for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++) + buf[j] = plain[j] ^ cprev[j]; + rijndael_encrypt(&c->r_ctx, buf, cnow); + cprev = cnow; + } + memcpy(c->r_iv, cprev, RIJNDAEL_BLOCKSIZE); + } else { + cnow = (u_char *) (src+len-RIJNDAEL_BLOCKSIZE); + plain = dest+len-RIJNDAEL_BLOCKSIZE; + + memcpy(buf, cnow, RIJNDAEL_BLOCKSIZE); + for (i = blocks; i > 0; i--, cnow-=RIJNDAEL_BLOCKSIZE, + plain-=RIJNDAEL_BLOCKSIZE) { + rijndael_decrypt(&c->r_ctx, cnow, plain); + ivp = (i == 1) ? c->r_iv : cnow-RIJNDAEL_BLOCKSIZE; + for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++) + plain[j] ^= ivp[j]; + } + memcpy(c->r_iv, buf, RIJNDAEL_BLOCKSIZE); + } + return (1); +} + +static int +ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) +{ + struct ssh_rijndael_ctx *c; + + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { + memset(c, 0, sizeof(*c)); + free(c); + EVP_CIPHER_CTX_set_app_data(ctx, NULL); + } + return (1); +} + +void +ssh_rijndael_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len) +{ + struct ssh_rijndael_ctx *c; + + if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) + fatal("ssh_rijndael_iv: no context"); + if (doset) + memcpy(c->r_iv, iv, len); + else + memcpy(iv, c->r_iv, len); +} + +const EVP_CIPHER * +evp_rijndael(void) +{ + static EVP_CIPHER rijndal_cbc; + + memset(&rijndal_cbc, 0, sizeof(EVP_CIPHER)); + rijndal_cbc.nid = NID_undef; + rijndal_cbc.block_size = RIJNDAEL_BLOCKSIZE; + rijndal_cbc.iv_len = RIJNDAEL_BLOCKSIZE; + rijndal_cbc.key_len = 16; + rijndal_cbc.init = ssh_rijndael_init; + rijndal_cbc.cleanup = ssh_rijndael_cleanup; + rijndal_cbc.do_cipher = ssh_rijndael_cbc; +#ifndef SSH_OLD_EVP + rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; +#endif + return (&rijndal_cbc); +} +#endif /* USE_BUILTIN_RIJNDAEL */ diff --git a/include/DomainExec/opensshlib/cipher-aesctr.c b/include/DomainExec/opensshlib/cipher-aesctr.c new file mode 100644 index 00000000..eed95c3e --- /dev/null +++ b/include/DomainExec/opensshlib/cipher-aesctr.c @@ -0,0 +1,83 @@ +/* $OpenBSD: cipher-aesctr.c,v 1.2 2015/01/14 10:24:42 markus Exp $ */ +/* + * Copyright (c) 2003 Markus Friedl. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include + +#ifndef WITH_OPENSSL + +#include "cipher-aesctr.h" + +/* + * increment counter 'ctr', + * the counter is of size 'len' bytes and stored in network-byte-order. + * (LSB at ctr[len-1], MSB at ctr[0]) + */ +static inline void +aesctr_inc(u8 *ctr, u32 len) +{ + ssize_t i; + +#ifndef CONSTANT_TIME_INCREMENT + for (i = len - 1; i >= 0; i--) + if (++ctr[i]) /* continue on overflow */ + return; +#else + u8 x, add = 1; + + for (i = len - 1; i >= 0; i--) { + ctr[i] += add; + /* constant time for: x = ctr[i] ? 1 : 0 */ + x = ctr[i]; + x = (x | (x >> 4)) & 0xf; + x = (x | (x >> 2)) & 0x3; + x = (x | (x >> 1)) & 0x1; + add *= (x^1); + } +#endif +} + +void +aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +{ + x->rounds = rijndaelKeySetupEnc(x->ek, k, kbits); +} + +void +aesctr_ivsetup(aesctr_ctx *x,const u8 *iv) +{ + memcpy(x->ctr, iv, AES_BLOCK_SIZE); +} + +void +aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes) +{ + u32 n = 0; + u8 buf[AES_BLOCK_SIZE]; + + while ((bytes--) > 0) { + if (n == 0) { + rijndaelEncrypt(x->ek, x->rounds, x->ctr, buf); + aesctr_inc(x->ctr, AES_BLOCK_SIZE); + } + *(c++) = *(m++) ^ buf[n]; + n = (n + 1) % AES_BLOCK_SIZE; + } +} +#endif /* !WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/cipher-aesctr.h b/include/DomainExec/opensshlib/cipher-aesctr.h new file mode 100644 index 00000000..85d55bba --- /dev/null +++ b/include/DomainExec/opensshlib/cipher-aesctr.h @@ -0,0 +1,35 @@ +/* $OpenBSD: cipher-aesctr.h,v 1.1 2014/04/29 15:39:33 markus Exp $ */ +/* + * Copyright (c) 2014 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef OPENSSH_AESCTR_H +#define OPENSSH_AESCTR_H + +#include "rijndael.h" + +#define AES_BLOCK_SIZE 16 + +typedef struct aesctr_ctx { + int rounds; /* keylen-dependent #rounds */ + u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */ + u8 ctr[AES_BLOCK_SIZE]; /* counter */ +} aesctr_ctx; + +void aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits); +void aesctr_ivsetup(aesctr_ctx *x,const u8 *iv); +void aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes); + +#endif diff --git a/include/DomainExec/opensshlib/cipher-bf1.c b/include/DomainExec/opensshlib/cipher-bf1.c new file mode 100644 index 00000000..8e3aac38 --- /dev/null +++ b/include/DomainExec/opensshlib/cipher-bf1.c @@ -0,0 +1,102 @@ +/* $OpenBSD: cipher-bf1.c,v 1.7 2015/01/14 10:24:42 markus Exp $ */ +/* + * Copyright (c) 2003 Markus Friedl. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef WITH_OPENSSL + +#include + +#include +#include + +#include + +#include "openssl-compat.h" + +/* + * SSH1 uses a variation on Blowfish, all bytes must be swapped before + * and after encryption/decryption. Thus the swap_bytes stuff (yuk). + */ + +const EVP_CIPHER * evp_ssh1_bf(void); + +static void +swap_bytes(const u_char *src, u_char *dst, int n) +{ + u_char c[4]; + + /* Process 4 bytes every lap. */ + for (n = n / 4; n > 0; n--) { + c[3] = *src++; + c[2] = *src++; + c[1] = *src++; + c[0] = *src++; + + *dst++ = c[0]; + *dst++ = c[1]; + *dst++ = c[2]; + *dst++ = c[3]; + } +} + +#ifdef SSH_OLD_EVP +static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + if (iv != NULL) + memcpy (&(ctx->oiv[0]), iv, 8); + memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8); + if (key != NULL) + BF_set_key (&(ctx->c.bf_ks), EVP_CIPHER_CTX_key_length (ctx), + key); +} +#endif + +static int (*orig_do_cipher)(EVP_CIPHER_CTX *, u_char *, + const u_char *, LIBCRYPTO_EVP_INL_TYPE) = NULL; + +static int +bf_ssh1_do_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, + LIBCRYPTO_EVP_INL_TYPE len) +{ + int ret; + + swap_bytes(in, out, len); + ret = (*orig_do_cipher)(ctx, out, out, len); + swap_bytes(out, out, len); + return (ret); +} + +static EVP_CIPHER *ssh1_bf; + +const EVP_CIPHER * +evp_ssh1_bf(void) +{ + ssh1_bf = EVP_CIPHER_meth_dup(EVP_bf_cbc()); + orig_do_cipher = EVP_CIPHER_meth_get_do_cipher(ssh1_bf); + /* FIXME(hb): Do we need to set the associated NID? + (ssh1_bf.nid = NID_undef) + Do we need to set key length? (ssh1_bf.key_len = 32) + */ + EVP_CIPHER_meth_set_do_cipher(ssh1_bf, bf_ssh1_do_cipher); + return (ssh1_bf); +} +#endif /* WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/cipher-chachapoly.c b/include/DomainExec/opensshlib/cipher-chachapoly.c new file mode 100644 index 00000000..7f31ff4c --- /dev/null +++ b/include/DomainExec/opensshlib/cipher-chachapoly.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2013 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $OpenBSD: cipher-chachapoly.c,v 1.7 2015/01/14 10:24:42 markus Exp $ */ + +#include "includes.h" + +#include +#include /* needed for log.h */ +#include +#include /* needed for misc.h */ + +#include "log.h" +#include "sshbuf.h" +#include "ssherr.h" +#include "cipher-chachapoly.h" + +int chachapoly_init(struct chachapoly_ctx *ctx, + const u_char *key, u_int keylen) +{ + if (keylen != (32 + 32)) /* 2 x 256 bit keys */ + return SSH_ERR_INVALID_ARGUMENT; + chacha_keysetup(&ctx->main_ctx, key, 256); + chacha_keysetup(&ctx->header_ctx, key + 32, 256); + return 0; +} + +/* + * chachapoly_crypt() operates as following: + * En/decrypt with header key 'aadlen' bytes from 'src', storing result + * to 'dest'. The ciphertext here is treated as additional authenticated + * data for MAC calculation. + * En/decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. Use + * POLY1305_TAGLEN bytes at offset 'len'+'aadlen' as the authentication + * tag. This tag is written on encryption and verified on decryption. + */ +int +chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, + const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt) +{ + u_char seqbuf[8]; + const u_char one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 }; /* NB little-endian */ + u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; + int r = SSH_ERR_INTERNAL_ERROR; + + /* + * Run ChaCha20 once to generate the Poly1305 key. The IV is the + * packet sequence number. + */ + memset(poly_key, 0, sizeof(poly_key)); + POKE_U64(seqbuf, seqnr); + chacha_ivsetup(&ctx->main_ctx, seqbuf, NULL); + chacha_encrypt_bytes(&ctx->main_ctx, + poly_key, poly_key, sizeof(poly_key)); + + /* If decrypting, check tag before anything else */ + if (!do_encrypt) { + const u_char *tag = src + aadlen + len; + + poly1305_auth(expected_tag, src, aadlen + len, poly_key); + if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0) { + r = SSH_ERR_MAC_INVALID; + goto out; + } + } + + /* Crypt additional data */ + if (aadlen) { + chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL); + chacha_encrypt_bytes(&ctx->header_ctx, src, dest, aadlen); + } + + /* Set Chacha's block counter to 1 */ + chacha_ivsetup(&ctx->main_ctx, seqbuf, one); + chacha_encrypt_bytes(&ctx->main_ctx, src + aadlen, + dest + aadlen, len); + + /* If encrypting, calculate and append tag */ + if (do_encrypt) { + poly1305_auth(dest + aadlen + len, dest, aadlen + len, + poly_key); + } + r = 0; + out: + explicit_bzero(expected_tag, sizeof(expected_tag)); + explicit_bzero(seqbuf, sizeof(seqbuf)); + explicit_bzero(poly_key, sizeof(poly_key)); + return r; +} + +/* Decrypt and extract the encrypted packet length */ +int +chachapoly_get_length(struct chachapoly_ctx *ctx, + u_int *plenp, u_int seqnr, const u_char *cp, u_int len) +{ + u_char buf[4], seqbuf[8]; + + if (len < 4) + return SSH_ERR_MESSAGE_INCOMPLETE; + POKE_U64(seqbuf, seqnr); + chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL); + chacha_encrypt_bytes(&ctx->header_ctx, cp, buf, 4); + *plenp = PEEK_U32(buf); + return 0; +} diff --git a/include/DomainExec/opensshlib/cipher-chachapoly.h b/include/DomainExec/opensshlib/cipher-chachapoly.h new file mode 100644 index 00000000..b7072be7 --- /dev/null +++ b/include/DomainExec/opensshlib/cipher-chachapoly.h @@ -0,0 +1,41 @@ +/* $OpenBSD: cipher-chachapoly.h,v 1.4 2014/06/24 01:13:21 djm Exp $ */ + +/* + * Copyright (c) Damien Miller 2013 + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#ifndef CHACHA_POLY_AEAD_H +#define CHACHA_POLY_AEAD_H + +#include +#include "chacha.h" +#include "poly1305.h" + +#define CHACHA_KEYLEN 32 /* Only 256 bit keys used here */ + +struct chachapoly_ctx { + struct chacha_ctx main_ctx, header_ctx; +}; + +int chachapoly_init(struct chachapoly_ctx *cpctx, + const u_char *key, u_int keylen) + __attribute__((__bounded__(__buffer__, 2, 3))); +int chachapoly_crypt(struct chachapoly_ctx *cpctx, u_int seqnr, + u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen, + int do_encrypt); +int chachapoly_get_length(struct chachapoly_ctx *cpctx, + u_int *plenp, u_int seqnr, const u_char *cp, u_int len) + __attribute__((__bounded__(__buffer__, 4, 5))); + +#endif /* CHACHA_POLY_AEAD_H */ diff --git a/include/DomainExec/opensshlib/cipher-ctr.c b/include/DomainExec/opensshlib/cipher-ctr.c new file mode 100644 index 00000000..09ad1abe --- /dev/null +++ b/include/DomainExec/opensshlib/cipher-ctr.c @@ -0,0 +1,150 @@ +/* $OpenBSD: cipher-ctr.c,v 1.11 2010/10/01 23:05:32 djm Exp $ */ +/* + * Copyright (c) 2003 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#include "includes.h" + +#include "openssl-compat.h" + +#if defined(WITH_OPENSSL) && !defined(OPENSSL_HAVE_EVPCTR) +#include + +#include +#include + +#include + +#include "xmalloc.h" +#include "log.h" + +/* compatibility with old or broken OpenSSL versions */ +#ifndef WIN32 +#include "openbsd-compat.h" +#endif + +#ifndef USE_BUILTIN_RIJNDAEL +#include +#endif + +struct ssh_aes_ctr_ctx +{ + AES_KEY aes_ctx; + u_char aes_counter[AES_BLOCK_SIZE]; +}; + +/* + * increment counter 'ctr', + * the counter is of size 'len' bytes and stored in network-byte-order. + * (LSB at ctr[len-1], MSB at ctr[0]) + */ +static void +ssh_ctr_inc(u_char *ctr, size_t len) +{ + int i; + + for (i = len - 1; i >= 0; i--) + if (++ctr[i]) /* continue on overflow */ + return; +} + +static int +ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, + LIBCRYPTO_EVP_INL_TYPE len) +{ + struct ssh_aes_ctr_ctx *c; + size_t n = 0; + u_char buf[AES_BLOCK_SIZE]; + + if (len == 0) + return (1); + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) + return (0); + + while ((len--) > 0) { + if (n == 0) { + AES_encrypt(c->aes_counter, buf, &c->aes_ctx); + ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE); + } + *(dest++) = *(src++) ^ buf[n]; + n = (n + 1) % AES_BLOCK_SIZE; + } + return (1); +} + +static int +ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, + int enc) +{ + struct ssh_aes_ctr_ctx *c; + + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { + c = xmalloc(sizeof(*c)); + EVP_CIPHER_CTX_set_app_data(ctx, c); + } + if (key != NULL) + AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &c->aes_ctx); + if (iv != NULL) + memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); + return (1); +} + +static int +ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) +{ + struct ssh_aes_ctr_ctx *c; + + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { + memset(c, 0, sizeof(*c)); + free(c); + EVP_CIPHER_CTX_set_app_data(ctx, NULL); + } + return (1); +} + +void +ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, size_t len) +{ + struct ssh_aes_ctr_ctx *c; + + if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) + fatal("ssh_aes_ctr_iv: no context"); + if (doset) + memcpy(c->aes_counter, iv, len); + else + memcpy(iv, c->aes_counter, len); +} + +const EVP_CIPHER * +evp_aes_128_ctr(void) +{ + static EVP_CIPHER aes_ctr; + + memset(&aes_ctr, 0, sizeof(EVP_CIPHER)); + aes_ctr.nid = NID_undef; + aes_ctr.block_size = AES_BLOCK_SIZE; + aes_ctr.iv_len = AES_BLOCK_SIZE; + aes_ctr.key_len = 16; + aes_ctr.init = ssh_aes_ctr_init; + aes_ctr.cleanup = ssh_aes_ctr_cleanup; + aes_ctr.do_cipher = ssh_aes_ctr; +#ifndef SSH_OLD_EVP + aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; +#endif + return (&aes_ctr); +} + +#endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_HAVE_EVPCTR) */ diff --git a/include/DomainExec/opensshlib/cipher.c b/include/DomainExec/opensshlib/cipher.c new file mode 100644 index 00000000..1d8a3594 --- /dev/null +++ b/include/DomainExec/opensshlib/cipher.c @@ -0,0 +1,664 @@ +/* $OpenBSD: cipher.c,v 1.100 2015/01/14 10:29:45 djm Exp $ */ +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + * + * + * Copyright (c) 1999 Niels Provos. All rights reserved. + * Copyright (c) 1999, 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include + +#include +#include +#include + +#include "cipher.h" +#include "misc.h" +#include "sshbuf.h" +#include "ssherr.h" +#include "digest.h" + +#include "openssl-compat.h" + +#ifdef WITH_SSH1 +extern const EVP_CIPHER *evp_ssh1_bf(void); +extern const EVP_CIPHER *evp_ssh1_3des(void); +extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); +#endif + +struct sshcipher { + char *name; + int number; /* for ssh1 only */ + u_int block_size; + u_int key_len; + u_int iv_len; /* defaults to block_size */ + u_int auth_len; + u_int discard_len; + u_int flags; +#define CFLAG_CBC (1<<0) +#define CFLAG_CHACHAPOLY (1<<1) +#define CFLAG_AESCTR (1<<2) +#define CFLAG_NONE (1<<3) +#ifdef WITH_OPENSSL + const EVP_CIPHER *(*evptype)(void); +#else + void *ignored; +#endif +}; + +static const struct sshcipher ciphers[] = { +#ifdef WITH_SSH1 + { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, + { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, + { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, +#endif /* WITH_SSH1 */ +#ifdef WITH_OPENSSL + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, + { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, + { "blowfish-cbc", + SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, + { "cast128-cbc", + SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, + { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, + { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, + { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, + { "rijndael-cbc@lysator.liu.se", + SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr }, +# ifdef OPENSSL_HAVE_EVPGCM + { "aes128-gcm@openssh.com", + SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm }, + { "aes256-gcm@openssh.com", + SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, +# endif /* OPENSSL_HAVE_EVPGCM */ +#else /* WITH_OPENSSL */ + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, +#endif /* WITH_OPENSSL */ + { "chacha20-poly1305@openssh.com", + SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, + + { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL } +}; + +/*--*/ + +/* Returns a comma-separated list of supported ciphers. */ +char * +cipher_alg_list(char sep, int auth_only) +{ + char *tmp, *ret = NULL; + size_t nlen, rlen = 0; + const struct sshcipher *c; + + for (c = ciphers; c->name != NULL; c++) { + if (c->number != SSH_CIPHER_SSH2) + continue; + if (auth_only && c->auth_len == 0) + continue; + if (ret != NULL) + ret[rlen++] = sep; + nlen = strlen(c->name); + if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { + free(ret); + return NULL; + } + ret = tmp; + memcpy(ret + rlen, c->name, nlen + 1); + rlen += nlen; + } + return ret; +} + +u_int +cipher_blocksize(const struct sshcipher *c) +{ + return (c->block_size); +} + +u_int +cipher_keylen(const struct sshcipher *c) +{ + return (c->key_len); +} + +u_int +cipher_seclen(const struct sshcipher *c) +{ + if (strcmp("3des-cbc", c->name) == 0) + return 14; + return cipher_keylen(c); +} + +u_int +cipher_authlen(const struct sshcipher *c) +{ + return (c->auth_len); +} + +u_int +cipher_ivlen(const struct sshcipher *c) +{ + /* + * Default is cipher block size, except for chacha20+poly1305 that + * needs no IV. XXX make iv_len == -1 default? + */ + return (c->iv_len != 0 || (c->flags & CFLAG_CHACHAPOLY) != 0) ? + c->iv_len : c->block_size; +} + +u_int +cipher_get_number(const struct sshcipher *c) +{ + return (c->number); +} + +u_int +cipher_is_cbc(const struct sshcipher *c) +{ + return (c->flags & CFLAG_CBC) != 0; +} + +u_int +cipher_mask_ssh1(int client) +{ + u_int mask = 0; + mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ + mask |= 1 << SSH_CIPHER_BLOWFISH; + if (client) { + mask |= 1 << SSH_CIPHER_DES; + } + return mask; +} + +const struct sshcipher * +cipher_by_name(const char *name) +{ + const struct sshcipher *c; + for (c = ciphers; c->name != NULL; c++) + if (strcmp(c->name, name) == 0) + return c; + return NULL; +} + +const struct sshcipher * +cipher_by_number(int id) +{ + const struct sshcipher *c; + for (c = ciphers; c->name != NULL; c++) + if (c->number == id) + return c; + return NULL; +} + +#define CIPHER_SEP "," +int +ciphers_valid(const char *names) +{ + const struct sshcipher *c; + char *cipher_list, *cp; + char *p; + + if (names == NULL || strcmp(names, "") == 0) + return 0; + if ((cipher_list = cp = strdup(names)) == NULL) + return 0; + for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; + (p = strsep(&cp, CIPHER_SEP))) { + c = cipher_by_name(p); + if (c == NULL || c->number != SSH_CIPHER_SSH2) { + free(cipher_list); + return 0; + } + } + free(cipher_list); + return 1; +} + +/* + * Parses the name of the cipher. Returns the number of the corresponding + * cipher, or -1 on error. + */ + +int +cipher_number(const char *name) +{ + const struct sshcipher *c; + if (name == NULL) + return -1; + for (c = ciphers; c->name != NULL; c++) +#ifndef WIN32 + if (strcasecmp(c->name, name) == 0) +#else + if (stricmp(c->name, name) == 0) +#endif + return c->number; + return -1; +} + +char * +cipher_name(int id) +{ + const struct sshcipher *c = cipher_by_number(id); + return (c==NULL) ? "" : c->name; +} + +const char * +cipher_warning_message(const struct sshcipher_ctx *cc) +{ + if (cc == NULL || cc->cipher == NULL) + return NULL; + if (cc->cipher->number == SSH_CIPHER_DES) + return "use of DES is strongly discouraged due to " + "cryptographic weaknesses"; + return NULL; +} + +int +cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher, + const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, + int do_encrypt) +{ +#ifdef WITH_OPENSSL + int ret = SSH_ERR_INTERNAL_ERROR; + const EVP_CIPHER *type; + int klen; + u_char *junk, *discard; + + if (cipher->number == SSH_CIPHER_DES) { + if (keylen > 8) + keylen = 8; + } +#endif + cc->plaintext = (cipher->number == SSH_CIPHER_NONE); + cc->encrypt = do_encrypt; + + if (keylen < cipher->key_len || + (iv != NULL && ivlen < cipher_ivlen(cipher))) + return SSH_ERR_INVALID_ARGUMENT; + + cc->cipher = cipher; + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { + return chachapoly_init(&cc->cp_ctx, key, keylen); + } +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen); + aesctr_ivsetup(&cc->ac_ctx, iv); + return 0; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return 0; + return SSH_ERR_INVALID_ARGUMENT; +#else + type = (*cipher->evptype)(); + cc->evp = EVP_CIPHER_CTX_new(); + if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv, + (do_encrypt == CIPHER_ENCRYPT)) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto bad; + } + if (cipher_authlen(cipher) && + !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, + -1, (u_char *)iv)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto bad; + } + klen = EVP_CIPHER_CTX_key_length(cc->evp); + if (klen > 0 && keylen != (u_int)klen) { + if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto bad; + } + } + if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto bad; + } + + if (cipher->discard_len > 0) { + if ((junk = malloc(cipher->discard_len)) == NULL || + (discard = malloc(cipher->discard_len)) == NULL) { + if (junk != NULL) + free(junk); + ret = SSH_ERR_ALLOC_FAIL; + goto bad; + } + ret = EVP_Cipher(cc->evp, discard, junk, cipher->discard_len); + explicit_bzero(discard, cipher->discard_len); + free(junk); + free(discard); + if (ret != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + bad: + EVP_CIPHER_CTX_free(cc->evp); + return ret; + } + } +#endif + return 0; +} + +/* + * cipher_crypt() operates as following: + * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. + * Theses bytes are treated as additional authenticated data for + * authenticated encryption modes. + * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. + * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag. + * This tag is written on encryption and verified on decryption. + * Both 'aadlen' and 'authlen' can be set to 0. + */ +int +cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest, + const u_char *src, u_int len, u_int aadlen, u_int authlen) +{ + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { + return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, + len, aadlen, authlen, cc->encrypt); + } +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + if (aadlen) + memcpy(dest, src, aadlen); + aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen, + dest + aadlen, len); + return 0; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) { + memcpy(dest, src, aadlen + len); + return 0; + } + return SSH_ERR_INVALID_ARGUMENT; +#else + if (authlen) { + u_char lastiv[1]; + + if (authlen != cipher_authlen(cc->cipher)) + return SSH_ERR_INVALID_ARGUMENT; + /* increment IV */ + if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, + 1, lastiv)) + return SSH_ERR_LIBCRYPTO_ERROR; + /* set tag on decyption */ + if (!cc->encrypt && + !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG, + authlen, (u_char *)src + aadlen + len)) + return SSH_ERR_LIBCRYPTO_ERROR; + } + if (aadlen) { + if (authlen && + EVP_Cipher(cc->evp, NULL, (u_char *)src, aadlen) < 0) + return SSH_ERR_LIBCRYPTO_ERROR; + memcpy(dest, src, aadlen); + } + if (len % cc->cipher->block_size) + return SSH_ERR_INVALID_ARGUMENT; + if (EVP_Cipher(cc->evp, dest + aadlen, (u_char *)src + aadlen, + len) < 0) + return SSH_ERR_LIBCRYPTO_ERROR; + if (authlen) { + /* compute tag (on encrypt) or verify tag (on decrypt) */ + if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0) + return cc->encrypt ? + SSH_ERR_LIBCRYPTO_ERROR : SSH_ERR_MAC_INVALID; + if (cc->encrypt && + !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG, + authlen, dest + aadlen + len)) + return SSH_ERR_LIBCRYPTO_ERROR; + } + return 0; +#endif +} + +/* Extract the packet length, including any decryption necessary beforehand */ +int +cipher_get_length(struct sshcipher_ctx *cc, u_int *plenp, u_int seqnr, + const u_char *cp, u_int len) +{ + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) + return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr, + cp, len); + if (len < 4) + return SSH_ERR_MESSAGE_INCOMPLETE; + *plenp = get_u32(cp); + return 0; +} + +int +cipher_cleanup(struct sshcipher_ctx *cc) +{ + if (cc == NULL || cc->cipher == NULL) + return 0; + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) + explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); + else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) + explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); +#ifdef WITH_OPENSSL + EVP_CIPHER_CTX_free(cc->evp); +#endif + return 0; +} + +/* + * Selects the cipher, and keys if by computing the MD5 checksum of the + * passphrase and using the resulting 16 bytes as the key. + */ +int +cipher_set_key_string(struct sshcipher_ctx *cc, const struct sshcipher *cipher, + const char *passphrase, int do_encrypt) +{ + u_char digest[16]; + int r = SSH_ERR_INTERNAL_ERROR; + + if ((r = ssh_digest_memory(SSH_DIGEST_MD5, + passphrase, strlen(passphrase), + digest, sizeof(digest))) != 0) + goto out; + + r = cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); + out: + explicit_bzero(digest, sizeof(digest)); + return r; +} + +/* + * Exports an IV from the sshcipher_ctx required to export the key + * state back from the unprivileged child to the privileged parent + * process. + */ +int +cipher_get_keyiv_len(const struct sshcipher_ctx *cc) +{ + const struct sshcipher *c = cc->cipher; + int ivlen = 0; + + if (c->number == SSH_CIPHER_3DES) + ivlen = 24; + else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) + ivlen = 0; + else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) + ivlen = sizeof(cc->ac_ctx.ctr); +#ifdef WITH_OPENSSL + else + ivlen = EVP_CIPHER_CTX_iv_length(cc->evp); +#endif /* WITH_OPENSSL */ + return (ivlen); +} + +int +cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) +{ + const struct sshcipher *c = cc->cipher; +#ifdef WITH_OPENSSL + int evplen; +#endif + + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { + if (len != 0) + return SSH_ERR_INVALID_ARGUMENT; + return 0; + } + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + if (len != sizeof(cc->ac_ctx.ctr)) + return SSH_ERR_INVALID_ARGUMENT; + memcpy(iv, cc->ac_ctx.ctr, len); + return 0; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return 0; + + switch (c->number) { +#ifdef WITH_OPENSSL + case SSH_CIPHER_SSH2: + case SSH_CIPHER_DES: + case SSH_CIPHER_BLOWFISH: + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); + if (evplen == 0) + return 0; + else if (evplen < 0) + return SSH_ERR_LIBCRYPTO_ERROR; + if ((u_int)evplen != len) + return SSH_ERR_INVALID_ARGUMENT; +#ifndef OPENSSL_HAVE_EVPCTR + if (c->evptype == evp_aes_128_ctr) + ssh_aes_ctr_iv(cc->evp, 0, iv, len); + else +#endif + if (cipher_authlen(c)) { + if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, + len, iv)) + return SSH_ERR_LIBCRYPTO_ERROR; + } else + memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len); + break; +#endif +#ifdef WITH_SSH1 + case SSH_CIPHER_3DES: + return ssh1_3des_iv(cc->evp, 0, iv, 24); +#endif + default: + return SSH_ERR_INVALID_ARGUMENT; + } + return 0; +} + +int +cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) +{ + const struct sshcipher *c = cc->cipher; +#ifdef WITH_OPENSSL + int evplen = 0; +#endif + + if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) + return 0; + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return 0; + + switch (c->number) { +#ifdef WITH_OPENSSL + case SSH_CIPHER_SSH2: + case SSH_CIPHER_DES: + case SSH_CIPHER_BLOWFISH: + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); + if (evplen <= 0) + return SSH_ERR_LIBCRYPTO_ERROR; + if (cipher_authlen(c)) { + /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ + if (!EVP_CIPHER_CTX_ctrl(cc->evp, + EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) + return SSH_ERR_LIBCRYPTO_ERROR; + } else { + /* XXX There must be a saner way to do this + than using the "getter" function to determine + the target of a copy operation */ + memcpy(EVP_CIPHER_CTX_iv_noconst(cc->evp), iv, evplen); + } + break; +#endif +#ifdef WITH_SSH1 + case SSH_CIPHER_3DES: + return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24); +#endif + default: + return SSH_ERR_INVALID_ARGUMENT; + } + return 0; +} + +#ifdef WITH_OPENSSL +#define EVP_X_STATE(evp) EVP_CIPHER_CTX_get_cipher_data(evp) +#define EVP_X_STATE_LEN(evp) EVP_CIPHER_impl_ctx_size(EVP_CIPHER_CTX_cipher(evp)) +#endif + +int +cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) +{ +#ifdef WITH_OPENSSL + const struct sshcipher *c = cc->cipher; + int plen = 0; + + if (c->evptype == EVP_rc4) { + plen = EVP_X_STATE_LEN(cc->evp); + if (dat == NULL) + return (plen); + memcpy(dat, EVP_X_STATE(cc->evp), plen); + } + return (plen); +#else + return 0; +#endif +} + +void +cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat) +{ +#ifdef WITH_OPENSSL + const struct sshcipher *c = cc->cipher; + int plen; + + if (c->evptype == EVP_rc4) { + plen = EVP_X_STATE_LEN(cc->evp); + memcpy(EVP_X_STATE(cc->evp), dat, plen); + } +#endif +} diff --git a/include/DomainExec/opensshlib/cipher.h b/include/DomainExec/opensshlib/cipher.h new file mode 100644 index 00000000..5029bd7e --- /dev/null +++ b/include/DomainExec/opensshlib/cipher.h @@ -0,0 +1,105 @@ +/* $OpenBSD: cipher.h,v 1.48 2015/07/08 19:09:25 markus Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + * + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef CIPHER_H +#define CIPHER_H + +#include +#include +#include "cipher-chachapoly.h" +#include "cipher-aesctr.h" + +/* + * Cipher types for SSH-1. New types can be added, but old types should not + * be removed for compatibility. The maximum allowed value is 31. + */ +#define SSH_CIPHER_SSH2 -3 +#define SSH_CIPHER_INVALID -2 /* No valid cipher selected. */ +#define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */ +#define SSH_CIPHER_NONE 0 /* no encryption */ +#define SSH_CIPHER_IDEA 1 /* IDEA CFB */ +#define SSH_CIPHER_DES 2 /* DES CBC */ +#define SSH_CIPHER_3DES 3 /* 3DES CBC */ +#define SSH_CIPHER_BROKEN_TSS 4 /* TRI's Simple Stream encryption CBC */ +#define SSH_CIPHER_BROKEN_RC4 5 /* Alleged RC4 */ +#define SSH_CIPHER_BLOWFISH 6 +#define SSH_CIPHER_RESERVED 7 +#define SSH_CIPHER_MAX 31 + +#define CIPHER_ENCRYPT 1 +#define CIPHER_DECRYPT 0 + +struct sshcipher; +struct sshcipher_ctx { + int plaintext; + int encrypt; + EVP_CIPHER_CTX *evp; + struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ + struct aesctr_ctx ac_ctx; /* XXX union with evp? */ + const struct sshcipher *cipher; +}; + +u_int cipher_mask_ssh1(int); +const struct sshcipher *cipher_by_name(const char *); +const struct sshcipher *cipher_by_number(int); +int cipher_number(const char *); +char *cipher_name(int); +const char *cipher_warning_message(const struct sshcipher_ctx *); +int ciphers_valid(const char *); +char *cipher_alg_list(char, int); +int cipher_init(struct sshcipher_ctx *, const struct sshcipher *, + const u_char *, u_int, const u_char *, u_int, int); +int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *, + u_int, u_int, u_int); +int cipher_get_length(struct sshcipher_ctx *, u_int *, u_int, + const u_char *, u_int); +int cipher_cleanup(struct sshcipher_ctx *); +int cipher_set_key_string(struct sshcipher_ctx *, const struct sshcipher *, + const char *, int); +u_int cipher_blocksize(const struct sshcipher *); +u_int cipher_keylen(const struct sshcipher *); +u_int cipher_seclen(const struct sshcipher *); +u_int cipher_authlen(const struct sshcipher *); +u_int cipher_ivlen(const struct sshcipher *); +u_int cipher_is_cbc(const struct sshcipher *); + +u_int cipher_get_number(const struct sshcipher *); +int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int); +int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *); +int cipher_get_keyiv_len(const struct sshcipher_ctx *); +int cipher_get_keycontext(const struct sshcipher_ctx *, u_char *); +void cipher_set_keycontext(struct sshcipher_ctx *, const u_char *); +#endif /* CIPHER_H */ diff --git a/include/DomainExec/opensshlib/cleanup.c b/include/DomainExec/opensshlib/cleanup.c new file mode 100644 index 00000000..99a4b209 --- /dev/null +++ b/include/DomainExec/opensshlib/cleanup.c @@ -0,0 +1,35 @@ +/* $OpenBSD: cleanup.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ +/* + * Copyright (c) 2003 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include + +#ifndef WIN32 +#include +#endif + +#include + +#include "log.h" + +/* default implementation */ +void +cleanup_exit(int i) +{ + _exit(i); +} diff --git a/include/DomainExec/opensshlib/compat.c b/include/DomainExec/opensshlib/compat.c new file mode 100644 index 00000000..77d641bc --- /dev/null +++ b/include/DomainExec/opensshlib/compat.c @@ -0,0 +1,326 @@ +/* $OpenBSD: compat.c,v 1.97 2015/08/19 23:21:42 djm Exp $ */ +/* + * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include + +#include +#include +#include + +#include "xmalloc.h" +#include "buffer.h" +#include "packet.h" +#include "compat.h" +#include "log.h" +#include "match.h" + +int compat13 = 0; +int compat20 = 0; +//int datafellows = 0; + +void +enable_compat20(void) +{ + if (compat20) + return; + debug("Enabling compatibility mode for protocol 2.0"); + compat20 = 1; +} +void +enable_compat13(void) +{ + debug("Enabling compatibility mode for protocol 1.3"); + compat13 = 1; +} +/* datafellows bug compatibility */ +u_int +ncrackssh_compat_datafellows(ncrack_ssh_state *nstate) +{ + int i; + static struct { + char *pat; + int bugs; + } check[] = { + { "OpenSSH-2.0*," + "OpenSSH-2.1*," + "OpenSSH_2.1*," + "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| + SSH_OLD_DHGEX|SSH_BUG_NOREKEY| + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| + SSH_OLD_DHGEX|SSH_BUG_NOREKEY| + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| + SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_2.5.0p1*," + "OpenSSH_2.5.1p1*", + SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| + SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_2.5.0*," + "OpenSSH_2.5.1*," + "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY| + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_2.*," + "OpenSSH_3.0*," + "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, + { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, + { "OpenSSH_4*", 0 }, + { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, + { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH}, + { "OpenSSH_6.5*," + "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD}, + { "OpenSSH*", SSH_NEW_OPENSSH }, + { "*MindTerm*", 0 }, + { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + SSH_OLD_SESSIONID|SSH_BUG_DEBUG| + SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| + SSH_BUG_FIRSTKEX }, + { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + SSH_OLD_SESSIONID|SSH_BUG_DEBUG| + SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| + SSH_BUG_FIRSTKEX }, + { "2.0.13*," + "2.0.14*," + "2.0.15*," + "2.0.16*," + "2.0.17*," + "2.0.18*," + "2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + SSH_OLD_SESSIONID|SSH_BUG_DEBUG| + SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| + SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| + SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| + SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, + { "2.0.11*," + "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + SSH_OLD_SESSIONID|SSH_BUG_DEBUG| + SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| + SSH_BUG_PKAUTH|SSH_BUG_PKOK| + SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| + SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, + { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + SSH_OLD_SESSIONID|SSH_BUG_DEBUG| + SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| + SSH_BUG_PKAUTH|SSH_BUG_PKOK| + SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| + SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN| + SSH_BUG_FIRSTKEX }, + { "2.2.0*," + "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| + SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX }, + { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5| + SSH_BUG_FIRSTKEX }, + { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ + { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX| + SSH_BUG_RFWD_ADDR }, + { "3.0.*", SSH_BUG_DEBUG }, + { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, + { "1.7 SecureFX*", SSH_OLD_SESSIONID }, + { "1.2.18*," + "1.2.19*," + "1.2.20*," + "1.2.21*," + "1.2.22*", SSH_BUG_IGNOREMSG }, + { "1.3.2*", /* F-Secure */ + SSH_BUG_IGNOREMSG }, + { "Cisco-1.*", SSH_BUG_DHGEX_LARGE| + SSH_BUG_HOSTKEYS }, + { "*SSH Compatible Server*", /* Netscreen */ + SSH_BUG_PASSWORDPAD }, + { "*OSU_0*," + "OSU_1.0*," + "OSU_1.1*," + "OSU_1.2*," + "OSU_1.3*," + "OSU_1.4*," + "OSU_1.5alpha1*," + "OSU_1.5alpha2*," + "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, + { "*SSH_Version_Mapper*", + SSH_BUG_SCANNER }, + { "PuTTY_Local:*," /* dev versions < Sep 2014 */ + "PuTTY-Release-0.5*," /* 0.50-0.57, DH-GEX in >=0.52 */ + "PuTTY_Release_0.5*," /* 0.58-0.59 */ + "PuTTY_Release_0.60*," + "PuTTY_Release_0.61*," + "PuTTY_Release_0.62*," + "PuTTY_Release_0.63*," + "PuTTY_Release_0.64*", + SSH_OLD_DHGEX }, + { "FuTTY*", SSH_OLD_DHGEX }, /* Putty Fork */ + { "Probe-*", + SSH_BUG_PROBE }, + { "TeraTerm SSH*," + "TTSSH/1.5.*," + "TTSSH/2.1*," + "TTSSH/2.2*," + "TTSSH/2.3*," + "TTSSH/2.4*," + "TTSSH/2.5*," + "TTSSH/2.6*," + "TTSSH/2.70*," + "TTSSH/2.71*," + "TTSSH/2.72*", SSH_BUG_HOSTKEYS }, + { "WinSCP_release_4*," + "WinSCP_release_5.0*," + "WinSCP_release_5.1*," + "WinSCP_release_5.5*," + "WinSCP_release_5.6*," + "WinSCP_release_5.7," + "WinSCP_release_5.7.1," + "WinSCP_release_5.7.2," + "WinSCP_release_5.7.3," + "WinSCP_release_5.7.4", + SSH_OLD_DHGEX }, + { NULL, 0 } + }; + + /* process table, return first match */ + for (i = 0; check[i].pat; i++) { + if (match_pattern_list(nstate->server_version_string, check[i].pat, 0) == 1) { + debug("match: %s pat %s compat 0x%08x", + nstate->server_version_string, check[i].pat, check[i].bugs); + nstate->datafellows = check[i].bugs; + return 0; + } + } + debug("no match: %s", nstate->server_version_string); + + return 0; +} + +#define SEP "," +int +proto_spec(const char *spec) +{ + char *s, *p, *q; + int ret = SSH_PROTO_UNKNOWN; + + if (spec == NULL) + return ret; + q = s = strdup(spec); + if (s == NULL) + return ret; + for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { + switch (atoi(p)) { + case 1: +#ifdef WITH_SSH1 + if (ret == SSH_PROTO_UNKNOWN) + ret |= SSH_PROTO_1_PREFERRED; + ret |= SSH_PROTO_1; +#endif + break; + case 2: + ret |= SSH_PROTO_2; + break; + default: + //logit("ignoring bad proto spec: '%s'.", p); + break; + } + } + free(s); + return ret; +} + +/* + * Filters a proposal string, excluding any algorithm matching the 'filter' + * pattern list. + */ +static char * +filter_proposal(char *proposal, const char *filter) +{ + Buffer b; + char *orig_prop, *fix_prop; + char *cp, *tmp; + + buffer_init(&b); + tmp = orig_prop = xstrdup(proposal); + while ((cp = strsep(&tmp, ",")) != NULL) { + if (match_pattern_list(cp, filter, 0) != 1) { + if (buffer_len(&b) > 0) + buffer_append(&b, ",", 1); + buffer_append(&b, cp, strlen(cp)); + } else + debug2("Compat: skipping algorithm \"%s\"", cp); + } + buffer_append(&b, "\0", 1); + fix_prop = xstrdup((char *)buffer_ptr(&b)); + buffer_free(&b); + free(orig_prop); + + return fix_prop; +} + +char * +compat_cipher_proposal(ncrack_ssh_state *nstate, char *cipher_prop) +{ + if (!(nstate->datafellows & SSH_BUG_BIGENDIANAES)) + return cipher_prop; + debug2("%s: original cipher proposal: %s", __func__, cipher_prop); + cipher_prop = filter_proposal(cipher_prop, "aes*"); + debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); + if (*cipher_prop == '\0') + fatal("No supported ciphers found"); + return cipher_prop; +} + +char * +compat_pkalg_proposal(ncrack_ssh_state *nstate, char *pkalg_prop) +{ + if (!(nstate->datafellows & SSH_BUG_RSASIGMD5)) + return pkalg_prop; + debug2("%s: original public key proposal: %s", __func__, pkalg_prop); + pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa"); + debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); + if (*pkalg_prop == '\0') + fatal("No supported PK algorithms found"); + return pkalg_prop; +} + +char * +compat_kex_proposal(ncrack_ssh_state *nstate, char *p) +{ + if ((nstate->datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) + return p; + debug2("%s: original KEX proposal: %s", __func__, p); + if ((nstate->datafellows & SSH_BUG_CURVE25519PAD) != 0) + p = filter_proposal(p, "curve25519-sha256@libssh.org"); + if ((nstate->datafellows & SSH_OLD_DHGEX) != 0) { + p = filter_proposal(p, "diffie-hellman-group-exchange-sha256"); + p = filter_proposal(p, "diffie-hellman-group-exchange-sha1"); + } + debug2("%s: compat KEX proposal: %s", __func__, p); + if (*p == '\0') + fatal("No supported key exchange algorithms found"); + return p; +} + diff --git a/include/DomainExec/opensshlib/compat.h b/include/DomainExec/opensshlib/compat.h new file mode 100644 index 00000000..3b1cc238 --- /dev/null +++ b/include/DomainExec/opensshlib/compat.h @@ -0,0 +1,88 @@ +/* $OpenBSD: compat.h,v 1.48 2015/05/26 23:23:40 dtucker Exp $ */ + +/* + * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef COMPAT_H +#define COMPAT_H + +#include "opensshlib.h" + +#define SSH_PROTO_UNKNOWN 0x00 +#define SSH_PROTO_1 0x01 +#define SSH_PROTO_1_PREFERRED 0x02 +#define SSH_PROTO_2 0x04 + +#define SSH_BUG_SIGBLOB 0x00000001 +#define SSH_BUG_PKSERVICE 0x00000002 +#define SSH_BUG_HMAC 0x00000004 +#define SSH_BUG_X11FWD 0x00000008 +#define SSH_OLD_SESSIONID 0x00000010 +#define SSH_BUG_PKAUTH 0x00000020 +#define SSH_BUG_DEBUG 0x00000040 +#define SSH_BUG_BANNER 0x00000080 +#define SSH_BUG_IGNOREMSG 0x00000100 +#define SSH_BUG_PKOK 0x00000200 +#define SSH_BUG_PASSWORDPAD 0x00000400 +#define SSH_BUG_SCANNER 0x00000800 +#define SSH_BUG_BIGENDIANAES 0x00001000 +#define SSH_BUG_RSASIGMD5 0x00002000 +#define SSH_OLD_DHGEX 0x00004000 +#define SSH_BUG_NOREKEY 0x00008000 +#define SSH_BUG_HBSERVICE 0x00010000 +#define SSH_BUG_OPENFAILURE 0x00020000 +#define SSH_BUG_DERIVEKEY 0x00040000 +#define SSH_BUG_DUMMYCHAN 0x00100000 +#define SSH_BUG_EXTEOF 0x00200000 +#define SSH_BUG_PROBE 0x00400000 +#define SSH_BUG_FIRSTKEX 0x00800000 +#define SSH_OLD_FORWARD_ADDR 0x01000000 +#define SSH_BUG_RFWD_ADDR 0x02000000 +#define SSH_NEW_OPENSSH 0x04000000 +#define SSH_BUG_DYNAMIC_RPORT 0x08000000 +#define SSH_BUG_CURVE25519PAD 0x10000000 +#define SSH_BUG_HOSTKEYS 0x20000000 +#define SSH_BUG_DHGEX_LARGE 0x40000000 + +void enable_compat13(void); +void enable_compat20(void); +int proto_spec(const char *); + +#ifdef __cplusplus +extern "C" { +#endif + +u_int ncrackssh_compat_datafellows(ncrack_ssh_state *nstate); +char *compat_cipher_proposal(ncrack_ssh_state *, char *); +char *compat_pkalg_proposal(ncrack_ssh_state *, char *); +char *compat_kex_proposal(ncrack_ssh_state *, char *); + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + +extern int compat13; +extern int compat20; +extern int datafellows; +#endif diff --git a/include/DomainExec/opensshlib/config.guess b/include/DomainExec/opensshlib/config.guess new file mode 100644 index 00000000..dbfb9786 --- /dev/null +++ b/include/DomainExec/opensshlib/config.guess @@ -0,0 +1,1421 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright 1992-2015 Free Software Foundation, Inc. + +timestamp='2015-01-01' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). +# +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. +# +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# +# Please send patches to . + + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright 1992-2015 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ; set_cc_for_build= ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +case "${UNAME_SYSTEM}" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval $set_cc_for_build + cat <<-EOF > $dummy.c + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + ;; +esac + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ELF__ + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + exit ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit ;; + *:SolidBSD:*:*) + echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd${UNAME_RELEASE} + exit ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; + arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`$dummy $dummyarg` && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos${UNAME_RELEASE} + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[4567]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + eval $set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + grep -q __LP64__ + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:FreeBSD:*:*) + UNAME_PROCESSOR=`/usr/bin/uname -p` + case ${UNAME_PROCESSOR} in + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) + echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; + *:MINGW64*:*) + echo ${UNAME_MACHINE}-pc-mingw64 + exit ;; + *:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; + *:MSYS*:*) + echo ${UNAME_MACHINE}-pc-msys + exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 + exit ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit ;; + *:Interix*:*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + *:GNU:*:*) + # the GNU system + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + exit ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; + aarch64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arm*:Linux:*:*) + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + else + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi + else + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf + fi + fi + exit ;; + avr32*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + cris:Linux:*:*) + echo ${UNAME_MACHINE}-axis-linux-${LIBC} + exit ;; + crisv32:Linux:*:*) + echo ${UNAME_MACHINE}-axis-linux-${LIBC} + exit ;; + frv:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + hexagon:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + i*86:Linux:*:*) + echo ${UNAME_MACHINE}-pc-linux-${LIBC} + exit ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + mips:Linux:*:* | mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=${UNAME_MACHINE}el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=${UNAME_MACHINE} + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } + ;; + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} + exit ;; + or32:Linux:*:* | or1k*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-${LIBC} + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-${LIBC} + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; + esac + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-${LIBC} + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-${LIBC} + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux-${LIBC} + exit ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + vax:Linux:*:*) + echo ${UNAME_MACHINE}-dec-linux-${LIBC} + exit ;; + x86_64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo ${UNAME_MACHINE}-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + eval $set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; + NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + exit ;; + i*86:rdos:*:*) + echo ${UNAME_MACHINE}-pc-rdos + exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; + x86_64:VMkernel:*:*) + echo ${UNAME_MACHINE}-unknown-esx + exit ;; +esac + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/include/DomainExec/opensshlib/config.h.in b/include/DomainExec/opensshlib/config.h.in new file mode 100644 index 00000000..efe59ac4 --- /dev/null +++ b/include/DomainExec/opensshlib/config.h.in @@ -0,0 +1,1726 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +#undef AC_APPLE_UNIVERSAL_BUILD + +/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address + */ +#undef AIX_GETNAMEINFO_HACK + +/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ +#undef AIX_LOGINFAILED_4ARG + +/* System only supports IPv4 audit records */ +#undef AU_IPv4 + +/* Define if your resolver libs need this for getrrsetbyname */ +#undef BIND_8_COMPAT + +/* The system has incomplete BSM API */ +#undef BROKEN_BSM_API + +/* Define if cmsg_type is not passed correctly */ +#undef BROKEN_CMSG_TYPE + +/* getaddrinfo is broken (if present) */ +#undef BROKEN_GETADDRINFO + +/* getgroups(0,NULL) will return -1 */ +#undef BROKEN_GETGROUPS + +/* FreeBSD glob does not do what we need */ +#undef BROKEN_GLOB + +/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ +#undef BROKEN_INET_NTOA + +/* ia_uinfo routines not supported by OS yet */ +#undef BROKEN_LIBIAF + +/* Ultrix mmap can't map files */ +#undef BROKEN_MMAP + +/* Define if your struct dirent expects you to allocate extra space for d_name + */ +#undef BROKEN_ONE_BYTE_DIRENT_D_NAME + +/* Can't do comparisons on readv */ +#undef BROKEN_READV_COMPARISON + +/* NetBSD read function is sometimes redirected, breaking atomicio comparisons + against it */ +#undef BROKEN_READ_COMPARISON + +/* realpath does not work with nonexistent files */ +#undef BROKEN_REALPATH + +/* Needed for NeXT */ +#undef BROKEN_SAVED_UIDS + +/* Define if your setregid() is broken */ +#undef BROKEN_SETREGID + +/* Define if your setresgid() is broken */ +#undef BROKEN_SETRESGID + +/* Define if your setresuid() is broken */ +#undef BROKEN_SETRESUID + +/* Define if your setreuid() is broken */ +#undef BROKEN_SETREUID + +/* LynxOS has broken setvbuf() implementation */ +#undef BROKEN_SETVBUF + +/* QNX shadow support is broken */ +#undef BROKEN_SHADOW_EXPIRE + +/* Define if your snprintf is busted */ +#undef BROKEN_SNPRINTF + +/* FreeBSD strnvis argument order is swapped compared to OpenBSD */ +#undef BROKEN_STRNVIS + +/* tcgetattr with ICANON may hang */ +#undef BROKEN_TCGETATTR_ICANON + +/* updwtmpx is broken (if present) */ +#undef BROKEN_UPDWTMPX + +/* Define if you have BSD auth support */ +#undef BSD_AUTH + +/* Define if you want to specify the path to your lastlog file */ +#undef CONF_LASTLOG_FILE + +/* Define if you want to specify the path to your utmp file */ +#undef CONF_UTMP_FILE + +/* Define if you want to specify the path to your wtmpx file */ +#undef CONF_WTMPX_FILE + +/* Define if you want to specify the path to your wtmp file */ +#undef CONF_WTMP_FILE + +/* Define if your platform needs to skip post auth file descriptor passing */ +#undef DISABLE_FD_PASSING + +/* Define if you don't want to use lastlog */ +#undef DISABLE_LASTLOG + +/* Define if you don't want to use your system's login() call */ +#undef DISABLE_LOGIN + +/* Define if you don't want to use pututline() etc. to write [uw]tmp */ +#undef DISABLE_PUTUTLINE + +/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ +#undef DISABLE_PUTUTXLINE + +/* Define if you want to disable shadow passwords */ +#undef DISABLE_SHADOW + +/* Define if you don't want to use utmp */ +#undef DISABLE_UTMP + +/* Define if you don't want to use utmpx */ +#undef DISABLE_UTMPX + +/* Define if you don't want to use wtmp */ +#undef DISABLE_WTMP + +/* Define if you don't want to use wtmpx */ +#undef DISABLE_WTMPX + +/* Enable for PKCS#11 support */ +#undef ENABLE_PKCS11 + +/* File names may not contain backslash characters */ +#undef FILESYSTEM_NO_BACKSLASH + +/* fsid_t has member val */ +#undef FSID_HAS_VAL + +/* fsid_t has member __val */ +#undef FSID_HAS___VAL + +/* Define to 1 if the `getpgrp' function requires zero arguments. */ +#undef GETPGRP_VOID + +/* Conflicting defs for getspnam */ +#undef GETSPNAM_CONFLICTING_DEFS + +/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ +#undef GLOB_HAS_ALTDIRFUNC + +/* Define if your system glob() function has gl_matchc options in glob_t */ +#undef GLOB_HAS_GL_MATCHC + +/* Define if your system glob() function has gl_statv options in glob_t */ +#undef GLOB_HAS_GL_STATV + +/* Define this if you want GSSAPI support in the version 2 protocol */ +#undef GSSAPI + +/* Define if you want to use shadow password expire field */ +#undef HAS_SHADOW_EXPIRE + +/* Define if your system uses access rights style file descriptor passing */ +#undef HAVE_ACCRIGHTS_IN_MSGHDR + +/* Define if you have ut_addr in utmp.h */ +#undef HAVE_ADDR_IN_UTMP + +/* Define if you have ut_addr in utmpx.h */ +#undef HAVE_ADDR_IN_UTMPX + +/* Define if you have ut_addr_v6 in utmp.h */ +#undef HAVE_ADDR_V6_IN_UTMP + +/* Define if you have ut_addr_v6 in utmpx.h */ +#undef HAVE_ADDR_V6_IN_UTMPX + +/* Define to 1 if you have the `arc4random' function. */ +#undef HAVE_ARC4RANDOM + +/* Define to 1 if you have the `arc4random_buf' function. */ +#undef HAVE_ARC4RANDOM_BUF + +/* Define to 1 if you have the `arc4random_stir' function. */ +#undef HAVE_ARC4RANDOM_STIR + +/* Define to 1 if you have the `arc4random_uniform' function. */ +#undef HAVE_ARC4RANDOM_UNIFORM + +/* Define to 1 if you have the `asprintf' function. */ +#undef HAVE_ASPRINTF + +/* OpenBSD's gcc has bounded */ +#undef HAVE_ATTRIBUTE__BOUNDED__ + +/* Have attribute nonnull */ +#undef HAVE_ATTRIBUTE__NONNULL__ + +/* OpenBSD's gcc has sentinel */ +#undef HAVE_ATTRIBUTE__SENTINEL__ + +/* Define to 1 if you have the `aug_get_machine' function. */ +#undef HAVE_AUG_GET_MACHINE + +/* Define to 1 if you have the `b64_ntop' function. */ +#undef HAVE_B64_NTOP + +/* Define to 1 if you have the `b64_pton' function. */ +#undef HAVE_B64_PTON + +/* Define if you have the basename function. */ +#undef HAVE_BASENAME + +/* Define to 1 if you have the `bcopy' function. */ +#undef HAVE_BCOPY + +/* Define to 1 if you have the `bcrypt_pbkdf' function. */ +#undef HAVE_BCRYPT_PBKDF + +/* Define to 1 if you have the `bindresvport_sa' function. */ +#undef HAVE_BINDRESVPORT_SA + +/* Define to 1 if you have the `blf_enc' function. */ +#undef HAVE_BLF_ENC + +/* Define to 1 if you have the header file. */ +#undef HAVE_BLF_H + +/* Define to 1 if you have the `Blowfish_expand0state' function. */ +#undef HAVE_BLOWFISH_EXPAND0STATE + +/* Define to 1 if you have the `Blowfish_expandstate' function. */ +#undef HAVE_BLOWFISH_EXPANDSTATE + +/* Define to 1 if you have the `Blowfish_initstate' function. */ +#undef HAVE_BLOWFISH_INITSTATE + +/* Define to 1 if you have the `Blowfish_stream2word' function. */ +#undef HAVE_BLOWFISH_STREAM2WORD + +/* Define to 1 if you have the `BN_is_prime_ex' function. */ +#undef HAVE_BN_IS_PRIME_EX + +/* Define to 1 if you have the header file. */ +#undef HAVE_BSD_LIBUTIL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_BSM_AUDIT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_BSTRING_H + +/* Define to 1 if you have the `cap_rights_limit' function. */ +#undef HAVE_CAP_RIGHTS_LIMIT + +/* Define to 1 if you have the `clock' function. */ +#undef HAVE_CLOCK + +/* Have clock_gettime */ +#undef HAVE_CLOCK_GETTIME + +/* define if you have clock_t data type */ +#undef HAVE_CLOCK_T + +/* Define to 1 if you have the `closefrom' function. */ +#undef HAVE_CLOSEFROM + +/* Define if gai_strerror() returns const char * */ +#undef HAVE_CONST_GAI_STRERROR_PROTO + +/* Define if your system uses ancillary data style file descriptor passing */ +#undef HAVE_CONTROL_IN_MSGHDR + +/* Define to 1 if you have the `crypt' function. */ +#undef HAVE_CRYPT + +/* Define to 1 if you have the header file. */ +#undef HAVE_CRYPTO_SHA2_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_CRYPT_H + +/* Define if you are on Cygwin */ +#undef HAVE_CYGWIN + +/* Define if your libraries define daemon() */ +#undef HAVE_DAEMON + +/* Define to 1 if you have the declaration of `AI_NUMERICSERV', and to 0 if + you don't. */ +#undef HAVE_DECL_AI_NUMERICSERV + +/* Define to 1 if you have the declaration of `authenticate', and to 0 if you + don't. */ +#undef HAVE_DECL_AUTHENTICATE + +/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you + don't. */ +#undef HAVE_DECL_GLOB_NOMATCH + +/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE', + and to 0 if you don't. */ +#undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE + +/* Define to 1 if you have the declaration of `howmany', and to 0 if you + don't. */ +#undef HAVE_DECL_HOWMANY + +/* Define to 1 if you have the declaration of `h_errno', and to 0 if you + don't. */ +#undef HAVE_DECL_H_ERRNO + +/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you + don't. */ +#undef HAVE_DECL_LOGINFAILED + +/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if + you don't. */ +#undef HAVE_DECL_LOGINRESTRICTIONS + +/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you + don't. */ +#undef HAVE_DECL_LOGINSUCCESS + +/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you + don't. */ +#undef HAVE_DECL_MAXSYMLINKS + +/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you + don't. */ +#undef HAVE_DECL_NFDBITS + +/* Define to 1 if you have the declaration of `offsetof', and to 0 if you + don't. */ +#undef HAVE_DECL_OFFSETOF + +/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you + don't. */ +#undef HAVE_DECL_O_NONBLOCK + +/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you + don't. */ +#undef HAVE_DECL_PASSWDEXPIRED + +/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you + don't. */ +#undef HAVE_DECL_SETAUTHDB + +/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you + don't. */ +#undef HAVE_DECL_SHUT_RD + +/* Define to 1 if you have the declaration of `writev', and to 0 if you don't. + */ +#undef HAVE_DECL_WRITEV + +/* Define to 1 if you have the declaration of `_getlong', and to 0 if you + don't. */ +#undef HAVE_DECL__GETLONG + +/* Define to 1 if you have the declaration of `_getshort', and to 0 if you + don't. */ +#undef HAVE_DECL__GETSHORT + +/* Define to 1 if you have the `DES_crypt' function. */ +#undef HAVE_DES_CRYPT + +/* Define if you have /dev/ptmx */ +#undef HAVE_DEV_PTMX + +/* Define if you have /dev/ptc */ +#undef HAVE_DEV_PTS_AND_PTC + +/* Define to 1 if you have the header file. */ +#undef HAVE_DIRENT_H + +/* Define to 1 if you have the `dirfd' function. */ +#undef HAVE_DIRFD + +/* Define to 1 if you have the `dirname' function. */ +#undef HAVE_DIRNAME + +/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ +#undef HAVE_DSA_GENERATE_PARAMETERS_EX + +/* Define to 1 if you have the header file. */ +#undef HAVE_ELF_H + +/* Define to 1 if you have the `endgrent' function. */ +#undef HAVE_ENDGRENT + +/* Define to 1 if you have the header file. */ +#undef HAVE_ENDIAN_H + +/* Define to 1 if you have the `endutent' function. */ +#undef HAVE_ENDUTENT + +/* Define to 1 if you have the `endutxent' function. */ +#undef HAVE_ENDUTXENT + +/* Define if your system has /etc/default/login */ +#undef HAVE_ETC_DEFAULT_LOGIN + +/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */ +#undef HAVE_EVP_CIPHER_CTX_CTRL + +/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */ +#undef HAVE_EVP_DIGESTFINAL_EX + +/* Define to 1 if you have the `EVP_DigestInit_ex' function. */ +#undef HAVE_EVP_DIGESTINIT_EX + +/* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */ +#undef HAVE_EVP_MD_CTX_CLEANUP + +/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */ +#undef HAVE_EVP_MD_CTX_COPY_EX + +/* Define to 1 if you have the `EVP_MD_CTX_init' function. */ +#undef HAVE_EVP_MD_CTX_INIT + +/* Define to 1 if you have the `EVP_ripemd160' function. */ +#undef HAVE_EVP_RIPEMD160 + +/* Define to 1 if you have the `EVP_sha256' function. */ +#undef HAVE_EVP_SHA256 + +/* Define if you have ut_exit in utmp.h */ +#undef HAVE_EXIT_IN_UTMP + +/* Define to 1 if you have the `explicit_bzero' function. */ +#undef HAVE_EXPLICIT_BZERO + +/* Define to 1 if you have the `fchmod' function. */ +#undef HAVE_FCHMOD + +/* Define to 1 if you have the `fchown' function. */ +#undef HAVE_FCHOWN + +/* Use F_CLOSEM fcntl for closefrom */ +#undef HAVE_FCNTL_CLOSEM + +/* Define to 1 if you have the header file. */ +#undef HAVE_FCNTL_H + +/* Define to 1 if the system has the type `fd_mask'. */ +#undef HAVE_FD_MASK + +/* Define to 1 if you have the header file. */ +#undef HAVE_FEATURES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_FLOATINGPOINT_H + +/* Define to 1 if you have the `fmt_scaled' function. */ +#undef HAVE_FMT_SCALED + +/* Define to 1 if you have the `freeaddrinfo' function. */ +#undef HAVE_FREEADDRINFO + +/* Define to 1 if the system has the type `fsblkcnt_t'. */ +#undef HAVE_FSBLKCNT_T + +/* Define to 1 if the system has the type `fsfilcnt_t'. */ +#undef HAVE_FSFILCNT_T + +/* Define to 1 if you have the `fstatfs' function. */ +#undef HAVE_FSTATFS + +/* Define to 1 if you have the `fstatvfs' function. */ +#undef HAVE_FSTATVFS + +/* Define to 1 if you have the `futimes' function. */ +#undef HAVE_FUTIMES + +/* Define to 1 if you have the `gai_strerror' function. */ +#undef HAVE_GAI_STRERROR + +/* Define to 1 if you have the `getaddrinfo' function. */ +#undef HAVE_GETADDRINFO + +/* Define to 1 if you have the `getaudit' function. */ +#undef HAVE_GETAUDIT + +/* Define to 1 if you have the `getaudit_addr' function. */ +#undef HAVE_GETAUDIT_ADDR + +/* Define to 1 if you have the `getcwd' function. */ +#undef HAVE_GETCWD + +/* Define to 1 if you have the `getgrouplist' function. */ +#undef HAVE_GETGROUPLIST + +/* Define to 1 if you have the `getgrset' function. */ +#undef HAVE_GETGRSET + +/* Define to 1 if you have the `getlastlogxbyname' function. */ +#undef HAVE_GETLASTLOGXBYNAME + +/* Define to 1 if you have the `getluid' function. */ +#undef HAVE_GETLUID + +/* Define to 1 if you have the `getnameinfo' function. */ +#undef HAVE_GETNAMEINFO + +/* Define to 1 if you have the `getopt' function. */ +#undef HAVE_GETOPT + +/* Define to 1 if you have the header file. */ +#undef HAVE_GETOPT_H + +/* Define if your getopt(3) defines and uses optreset */ +#undef HAVE_GETOPT_OPTRESET + +/* Define if your libraries define getpagesize() */ +#undef HAVE_GETPAGESIZE + +/* Define to 1 if you have the `getpeereid' function. */ +#undef HAVE_GETPEEREID + +/* Define to 1 if you have the `getpeerucred' function. */ +#undef HAVE_GETPEERUCRED + +/* Define to 1 if you have the `getpgid' function. */ +#undef HAVE_GETPGID + +/* Define to 1 if you have the `getpgrp' function. */ +#undef HAVE_GETPGRP + +/* Define to 1 if you have the `getpwanam' function. */ +#undef HAVE_GETPWANAM + +/* Define to 1 if you have the `getrlimit' function. */ +#undef HAVE_GETRLIMIT + +/* Define if getrrsetbyname() exists */ +#undef HAVE_GETRRSETBYNAME + +/* Define to 1 if you have the `getrusage' function. */ +#undef HAVE_GETRUSAGE + +/* Define to 1 if you have the `getseuserbyname' function. */ +#undef HAVE_GETSEUSERBYNAME + +/* Define to 1 if you have the `gettimeofday' function. */ +#undef HAVE_GETTIMEOFDAY + +/* Define to 1 if you have the `getttyent' function. */ +#undef HAVE_GETTTYENT + +/* Define to 1 if you have the `getutent' function. */ +#undef HAVE_GETUTENT + +/* Define to 1 if you have the `getutid' function. */ +#undef HAVE_GETUTID + +/* Define to 1 if you have the `getutline' function. */ +#undef HAVE_GETUTLINE + +/* Define to 1 if you have the `getutxent' function. */ +#undef HAVE_GETUTXENT + +/* Define to 1 if you have the `getutxid' function. */ +#undef HAVE_GETUTXID + +/* Define to 1 if you have the `getutxline' function. */ +#undef HAVE_GETUTXLINE + +/* Define to 1 if you have the `getutxuser' function. */ +#undef HAVE_GETUTXUSER + +/* Define to 1 if you have the `get_default_context_with_level' function. */ +#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL + +/* Define to 1 if you have the `glob' function. */ +#undef HAVE_GLOB + +/* Define to 1 if you have the header file. */ +#undef HAVE_GLOB_H + +/* Define to 1 if you have the `group_from_gid' function. */ +#undef HAVE_GROUP_FROM_GID + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_GENERIC_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_GSSAPI_GENERIC_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_GSSAPI_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_GSSAPI_KRB5_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_KRB5_H + +/* Define if HEADER.ad exists in arpa/nameser.h */ +#undef HAVE_HEADER_AD + +/* Define to 1 if you have the `HMAC_CTX_init' function. */ +#undef HAVE_HMAC_CTX_INIT + +/* Define if you have ut_host in utmp.h */ +#undef HAVE_HOST_IN_UTMP + +/* Define if you have ut_host in utmpx.h */ +#undef HAVE_HOST_IN_UTMPX + +/* Define to 1 if you have the header file. */ +#undef HAVE_IAF_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_IA_H + +/* Define if you have ut_id in utmp.h */ +#undef HAVE_ID_IN_UTMP + +/* Define if you have ut_id in utmpx.h */ +#undef HAVE_ID_IN_UTMPX + +/* Define to 1 if you have the `inet_aton' function. */ +#undef HAVE_INET_ATON + +/* Define to 1 if you have the `inet_ntoa' function. */ +#undef HAVE_INET_NTOA + +/* Define to 1 if you have the `inet_ntop' function. */ +#undef HAVE_INET_NTOP + +/* Define to 1 if you have the `innetgr' function. */ +#undef HAVE_INNETGR + +/* define if you have int64_t data type */ +#undef HAVE_INT64_T + +/* Define to 1 if the system has the type `intmax_t'. */ +#undef HAVE_INTMAX_T + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* define if you have intxx_t data type */ +#undef HAVE_INTXX_T + +/* Define to 1 if the system has the type `in_addr_t'. */ +#undef HAVE_IN_ADDR_T + +/* Define to 1 if the system has the type `in_port_t'. */ +#undef HAVE_IN_PORT_T + +/* Define if you have isblank(3C). */ +#undef HAVE_ISBLANK + +/* Define to 1 if you have the `krb5_cc_new_unique' function. */ +#undef HAVE_KRB5_CC_NEW_UNIQUE + +/* Define to 1 if you have the `krb5_free_error_message' function. */ +#undef HAVE_KRB5_FREE_ERROR_MESSAGE + +/* Define to 1 if you have the `krb5_get_error_message' function. */ +#undef HAVE_KRB5_GET_ERROR_MESSAGE + +/* Define to 1 if you have the header file. */ +#undef HAVE_LASTLOG_H + +/* Define if you want ldns support */ +#undef HAVE_LDNS + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBAUDIT_H + +/* Define to 1 if you have the `bsm' library (-lbsm). */ +#undef HAVE_LIBBSM + +/* Define to 1 if you have the `crypt' library (-lcrypt). */ +#undef HAVE_LIBCRYPT + +/* Define to 1 if you have the `dl' library (-ldl). */ +#undef HAVE_LIBDL + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBGEN_H + +/* Define if system has libiaf that supports set_id */ +#undef HAVE_LIBIAF + +/* Define to 1 if you have the `network' library (-lnetwork). */ +#undef HAVE_LIBNETWORK + +/* Define to 1 if you have the `nsl' library (-lnsl). */ +#undef HAVE_LIBNSL + +/* Define to 1 if you have the `pam' library (-lpam). */ +#undef HAVE_LIBPAM + +/* Define to 1 if you have the `socket' library (-lsocket). */ +#undef HAVE_LIBSOCKET + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBUTIL_H + +/* Define to 1 if you have the `xnet' library (-lxnet). */ +#undef HAVE_LIBXNET + +/* Define to 1 if you have the `z' library (-lz). */ +#undef HAVE_LIBZ + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIMITS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_AUDIT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_FILTER_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_IF_TUN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_SECCOMP_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_LOCALE_H + +/* Define to 1 if you have the `login' function. */ +#undef HAVE_LOGIN + +/* Define to 1 if you have the header file. */ +#undef HAVE_LOGIN_CAP_H + +/* Define to 1 if you have the `login_getcapbool' function. */ +#undef HAVE_LOGIN_GETCAPBOOL + +/* Define to 1 if you have the header file. */ +#undef HAVE_LOGIN_H + +/* Define to 1 if you have the `logout' function. */ +#undef HAVE_LOGOUT + +/* Define to 1 if you have the `logwtmp' function. */ +#undef HAVE_LOGWTMP + +/* Define to 1 if the system has the type `long double'. */ +#undef HAVE_LONG_DOUBLE + +/* Define to 1 if the system has the type `long long'. */ +#undef HAVE_LONG_LONG + +/* Define to 1 if you have the header file. */ +#undef HAVE_MAILLOCK_H + +/* Define to 1 if you have the `mblen' function. */ +#undef HAVE_MBLEN + +/* Define to 1 if you have the `md5_crypt' function. */ +#undef HAVE_MD5_CRYPT + +/* Define if you want to allow MD5 passwords */ +#undef HAVE_MD5_PASSWORDS + +/* Define to 1 if you have the `memmove' function. */ +#undef HAVE_MEMMOVE + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the `memset_s' function. */ +#undef HAVE_MEMSET_S + +/* Define to 1 if you have the `mkdtemp' function. */ +#undef HAVE_MKDTEMP + +/* Define to 1 if you have the `mmap' function. */ +#undef HAVE_MMAP + +/* define if you have mode_t data type */ +#undef HAVE_MODE_T + +/* Some systems put nanosleep outside of libc */ +#undef HAVE_NANOSLEEP + +/* Define to 1 if you have the header file. */ +#undef HAVE_NDIR_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETDB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETGROUP_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NET_IF_TUN_H + +/* Define if you are on NeXT */ +#undef HAVE_NEXT + +/* Define to 1 if you have the `ngetaddrinfo' function. */ +#undef HAVE_NGETADDRINFO + +/* Define to 1 if you have the `nsleep' function. */ +#undef HAVE_NSLEEP + +/* Define to 1 if you have the `ogetaddrinfo' function. */ +#undef HAVE_OGETADDRINFO + +/* Define if you have an old version of PAM which takes only one argument to + pam_strerror */ +#undef HAVE_OLD_PAM + +/* Define to 1 if you have the `openlog_r' function. */ +#undef HAVE_OPENLOG_R + +/* Define to 1 if you have the `openpty' function. */ +#undef HAVE_OPENPTY + +/* Define if your ssl headers are included with #include */ +#undef HAVE_OPENSSL + +/* Define if you have Digital Unix Security Integration Architecture */ +#undef HAVE_OSF_SIA + +/* Define to 1 if you have the `pam_getenvlist' function. */ +#undef HAVE_PAM_GETENVLIST + +/* Define to 1 if you have the header file. */ +#undef HAVE_PAM_PAM_APPL_H + +/* Define to 1 if you have the `pam_putenv' function. */ +#undef HAVE_PAM_PUTENV + +/* Define to 1 if you have the header file. */ +#undef HAVE_PATHS_H + +/* Define if you have ut_pid in utmp.h */ +#undef HAVE_PID_IN_UTMP + +/* define if you have pid_t data type */ +#undef HAVE_PID_T + +/* Define to 1 if you have the `poll' function. */ +#undef HAVE_POLL + +/* Define to 1 if you have the header file. */ +#undef HAVE_POLL_H + +/* Define to 1 if you have the `prctl' function. */ +#undef HAVE_PRCTL + +/* Define if you have /proc/$pid/fd */ +#undef HAVE_PROC_PID + +/* Define to 1 if you have the `pstat' function. */ +#undef HAVE_PSTAT + +/* Define to 1 if you have the header file. */ +#undef HAVE_PTY_H + +/* Define to 1 if you have the `pututline' function. */ +#undef HAVE_PUTUTLINE + +/* Define to 1 if you have the `pututxline' function. */ +#undef HAVE_PUTUTXLINE + +/* Define to 1 if you have the `readpassphrase' function. */ +#undef HAVE_READPASSPHRASE + +/* Define to 1 if you have the header file. */ +#undef HAVE_READPASSPHRASE_H + +/* Define to 1 if you have the `reallocarray' function. */ +#undef HAVE_REALLOCARRAY + +/* Define to 1 if you have the `realpath' function. */ +#undef HAVE_REALPATH + +/* Define to 1 if you have the `recvmsg' function. */ +#undef HAVE_RECVMSG + +/* sys/resource.h has RLIMIT_NPROC */ +#undef HAVE_RLIMIT_NPROC + +/* Define to 1 if you have the header file. */ +#undef HAVE_RPC_TYPES_H + +/* Define to 1 if you have the `rresvport_af' function. */ +#undef HAVE_RRESVPORT_AF + +/* Define to 1 if you have the `RSA_generate_key_ex' function. */ +#undef HAVE_RSA_GENERATE_KEY_EX + +/* Define to 1 if you have the `RSA_get_default_method' function. */ +#undef HAVE_RSA_GET_DEFAULT_METHOD + +/* Define to 1 if you have the header file. */ +#undef HAVE_SANDBOX_H + +/* Define to 1 if you have the `sandbox_init' function. */ +#undef HAVE_SANDBOX_INIT + +/* define if you have sa_family_t data type */ +#undef HAVE_SA_FAMILY_T + +/* Define to 1 if you have the `scan_scaled' function. */ +#undef HAVE_SCAN_SCALED + +/* Define if you have SecureWare-based protected password database */ +#undef HAVE_SECUREWARE + +/* Define to 1 if you have the header file. */ +#undef HAVE_SECURITY_PAM_APPL_H + +/* Define to 1 if you have the `sendmsg' function. */ +#undef HAVE_SENDMSG + +/* Define to 1 if you have the `setauthdb' function. */ +#undef HAVE_SETAUTHDB + +/* Define to 1 if you have the `setdtablesize' function. */ +#undef HAVE_SETDTABLESIZE + +/* Define to 1 if you have the `setegid' function. */ +#undef HAVE_SETEGID + +/* Define to 1 if you have the `setenv' function. */ +#undef HAVE_SETENV + +/* Define to 1 if you have the `seteuid' function. */ +#undef HAVE_SETEUID + +/* Define to 1 if you have the `setgroupent' function. */ +#undef HAVE_SETGROUPENT + +/* Define to 1 if you have the `setgroups' function. */ +#undef HAVE_SETGROUPS + +/* Define to 1 if you have the `setlinebuf' function. */ +#undef HAVE_SETLINEBUF + +/* Define to 1 if you have the `setlogin' function. */ +#undef HAVE_SETLOGIN + +/* Define to 1 if you have the `setluid' function. */ +#undef HAVE_SETLUID + +/* Define to 1 if you have the `setpassent' function. */ +#undef HAVE_SETPASSENT + +/* Define to 1 if you have the `setpcred' function. */ +#undef HAVE_SETPCRED + +/* Define to 1 if you have the `setproctitle' function. */ +#undef HAVE_SETPROCTITLE + +/* Define to 1 if you have the `setregid' function. */ +#undef HAVE_SETREGID + +/* Define to 1 if you have the `setresgid' function. */ +#undef HAVE_SETRESGID + +/* Define to 1 if you have the `setresuid' function. */ +#undef HAVE_SETRESUID + +/* Define to 1 if you have the `setreuid' function. */ +#undef HAVE_SETREUID + +/* Define to 1 if you have the `setrlimit' function. */ +#undef HAVE_SETRLIMIT + +/* Define to 1 if you have the `setsid' function. */ +#undef HAVE_SETSID + +/* Define to 1 if you have the `setutent' function. */ +#undef HAVE_SETUTENT + +/* Define to 1 if you have the `setutxdb' function. */ +#undef HAVE_SETUTXDB + +/* Define to 1 if you have the `setutxent' function. */ +#undef HAVE_SETUTXENT + +/* Define to 1 if you have the `setvbuf' function. */ +#undef HAVE_SETVBUF + +/* Define to 1 if you have the `set_id' function. */ +#undef HAVE_SET_ID + +/* Define to 1 if you have the `SHA256_Update' function. */ +#undef HAVE_SHA256_UPDATE + +/* Define to 1 if you have the header file. */ +#undef HAVE_SHA2_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SHADOW_H + +/* Define to 1 if you have the `sigaction' function. */ +#undef HAVE_SIGACTION + +/* Define to 1 if you have the `sigvec' function. */ +#undef HAVE_SIGVEC + +/* Define to 1 if the system has the type `sig_atomic_t'. */ +#undef HAVE_SIG_ATOMIC_T + +/* define if you have size_t data type */ +#undef HAVE_SIZE_T + +/* Define to 1 if you have the `snprintf' function. */ +#undef HAVE_SNPRINTF + +/* Define to 1 if you have the `socketpair' function. */ +#undef HAVE_SOCKETPAIR + +/* Have PEERCRED socket option */ +#undef HAVE_SO_PEERCRED + +/* define if you have ssize_t data type */ +#undef HAVE_SSIZE_T + +/* Fields in struct sockaddr_storage */ +#undef HAVE_SS_FAMILY_IN_SS + +/* Define to 1 if you have the `statfs' function. */ +#undef HAVE_STATFS + +/* Define to 1 if you have the `statvfs' function. */ +#undef HAVE_STATVFS + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDDEF_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the `strdup' function. */ +#undef HAVE_STRDUP + +/* Define to 1 if you have the `strerror' function. */ +#undef HAVE_STRERROR + +/* Define to 1 if you have the `strftime' function. */ +#undef HAVE_STRFTIME + +/* Silly mkstemp() */ +#undef HAVE_STRICT_MKSTEMP + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the `strlcat' function. */ +#undef HAVE_STRLCAT + +/* Define to 1 if you have the `strlcpy' function. */ +#undef HAVE_STRLCPY + +/* Define to 1 if you have the `strmode' function. */ +#undef HAVE_STRMODE + +/* Define to 1 if you have the `strnlen' function. */ +#undef HAVE_STRNLEN + +/* Define to 1 if you have the `strnvis' function. */ +#undef HAVE_STRNVIS + +/* Define to 1 if you have the `strptime' function. */ +#undef HAVE_STRPTIME + +/* Define to 1 if you have the `strsep' function. */ +#undef HAVE_STRSEP + +/* Define to 1 if you have the `strtoll' function. */ +#undef HAVE_STRTOLL + +/* Define to 1 if you have the `strtonum' function. */ +#undef HAVE_STRTONUM + +/* Define to 1 if you have the `strtoul' function. */ +#undef HAVE_STRTOUL + +/* Define to 1 if you have the `strtoull' function. */ +#undef HAVE_STRTOULL + +/* define if you have struct addrinfo data type */ +#undef HAVE_STRUCT_ADDRINFO + +/* define if you have struct in6_addr data type */ +#undef HAVE_STRUCT_IN6_ADDR + +/* Define to 1 if `pw_change' is a member of `struct passwd'. */ +#undef HAVE_STRUCT_PASSWD_PW_CHANGE + +/* Define to 1 if `pw_class' is a member of `struct passwd'. */ +#undef HAVE_STRUCT_PASSWD_PW_CLASS + +/* Define to 1 if `pw_expire' is a member of `struct passwd'. */ +#undef HAVE_STRUCT_PASSWD_PW_EXPIRE + +/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */ +#undef HAVE_STRUCT_PASSWD_PW_GECOS + +/* define if you have struct sockaddr_in6 data type */ +#undef HAVE_STRUCT_SOCKADDR_IN6 + +/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ +#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID + +/* define if you have struct sockaddr_storage data type */ +#undef HAVE_STRUCT_SOCKADDR_STORAGE + +/* Define to 1 if `st_blksize' is a member of `struct stat'. */ +#undef HAVE_STRUCT_STAT_ST_BLKSIZE + +/* Define to 1 if the system has the type `struct timespec'. */ +#undef HAVE_STRUCT_TIMESPEC + +/* define if you have struct timeval */ +#undef HAVE_STRUCT_TIMEVAL + +/* Define to 1 if you have the `swap32' function. */ +#undef HAVE_SWAP32 + +/* Define to 1 if you have the `sysconf' function. */ +#undef HAVE_SYSCONF + +/* Define if you have syslen in utmpx.h */ +#undef HAVE_SYSLEN_IN_UTMPX + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_AUDIT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_BITYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_BSDTTY_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_CAPABILITY_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_CDEFS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_DIR_H + +/* Define if your system defines sys_errlist[] */ +#undef HAVE_SYS_ERRLIST + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_MMAN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_MOUNT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_NDIR_H + +/* Define if your system defines sys_nerr */ +#undef HAVE_SYS_NERR + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_POLL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PRCTL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PSTAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PTMS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SELECT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STATVFS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STREAM_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STROPTS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STRTIO_H + +/* Force use of sys/syslog.h on Ultrix */ +#undef HAVE_SYS_SYSLOG_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SYSMACROS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TIMERS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TIME_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_UN_H + +/* Define to 1 if you have the `tcgetpgrp' function. */ +#undef HAVE_TCGETPGRP + +/* Define to 1 if you have the `tcsendbreak' function. */ +#undef HAVE_TCSENDBREAK + +/* Define to 1 if you have the `time' function. */ +#undef HAVE_TIME + +/* Define to 1 if you have the header file. */ +#undef HAVE_TIME_H + +/* Define if you have ut_time in utmp.h */ +#undef HAVE_TIME_IN_UTMP + +/* Define if you have ut_time in utmpx.h */ +#undef HAVE_TIME_IN_UTMPX + +/* Define to 1 if you have the `timingsafe_bcmp' function. */ +#undef HAVE_TIMINGSAFE_BCMP + +/* Define to 1 if you have the header file. */ +#undef HAVE_TMPDIR_H + +/* Define to 1 if you have the `truncate' function. */ +#undef HAVE_TRUNCATE + +/* Define to 1 if you have the header file. */ +#undef HAVE_TTYENT_H + +/* Define if you have ut_tv in utmp.h */ +#undef HAVE_TV_IN_UTMP + +/* Define if you have ut_tv in utmpx.h */ +#undef HAVE_TV_IN_UTMPX + +/* Define if you have ut_type in utmp.h */ +#undef HAVE_TYPE_IN_UTMP + +/* Define if you have ut_type in utmpx.h */ +#undef HAVE_TYPE_IN_UTMPX + +/* Define to 1 if you have the header file. */ +#undef HAVE_UCRED_H + +/* Define to 1 if the system has the type `uintmax_t'. */ +#undef HAVE_UINTMAX_T + +/* define if you have uintxx_t data type */ +#undef HAVE_UINTXX_T + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the `unsetenv' function. */ +#undef HAVE_UNSETENV + +/* Define to 1 if the system has the type `unsigned long long'. */ +#undef HAVE_UNSIGNED_LONG_LONG + +/* Define to 1 if you have the `updwtmp' function. */ +#undef HAVE_UPDWTMP + +/* Define to 1 if you have the `updwtmpx' function. */ +#undef HAVE_UPDWTMPX + +/* Define to 1 if you have the header file. */ +#undef HAVE_USERSEC_H + +/* Define to 1 if you have the `user_from_uid' function. */ +#undef HAVE_USER_FROM_UID + +/* Define to 1 if you have the `usleep' function. */ +#undef HAVE_USLEEP + +/* Define to 1 if you have the header file. */ +#undef HAVE_UTIL_H + +/* Define to 1 if you have the `utimes' function. */ +#undef HAVE_UTIMES + +/* Define to 1 if you have the header file. */ +#undef HAVE_UTIME_H + +/* Define to 1 if you have the `utmpname' function. */ +#undef HAVE_UTMPNAME + +/* Define to 1 if you have the `utmpxname' function. */ +#undef HAVE_UTMPXNAME + +/* Define to 1 if you have the header file. */ +#undef HAVE_UTMPX_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UTMP_H + +/* define if you have u_char data type */ +#undef HAVE_U_CHAR + +/* define if you have u_int data type */ +#undef HAVE_U_INT + +/* define if you have u_int64_t data type */ +#undef HAVE_U_INT64_T + +/* define if you have u_intxx_t data type */ +#undef HAVE_U_INTXX_T + +/* Define to 1 if you have the `vasprintf' function. */ +#undef HAVE_VASPRINTF + +/* Define if va_copy exists */ +#undef HAVE_VA_COPY + +/* Define to 1 if you have the header file. */ +#undef HAVE_VIS_H + +/* Define to 1 if you have the `vsnprintf' function. */ +#undef HAVE_VSNPRINTF + +/* Define to 1 if you have the `waitpid' function. */ +#undef HAVE_WAITPID + +/* Define to 1 if you have the `_getlong' function. */ +#undef HAVE__GETLONG + +/* Define to 1 if you have the `_getpty' function. */ +#undef HAVE__GETPTY + +/* Define to 1 if you have the `_getshort' function. */ +#undef HAVE__GETSHORT + +/* Define if you have struct __res_state _res as an extern */ +#undef HAVE__RES_EXTERN + +/* Define to 1 if you have the `__b64_ntop' function. */ +#undef HAVE___B64_NTOP + +/* Define to 1 if you have the `__b64_pton' function. */ +#undef HAVE___B64_PTON + +/* Define if compiler implements __FUNCTION__ */ +#undef HAVE___FUNCTION__ + +/* Define if libc defines __progname */ +#undef HAVE___PROGNAME + +/* Fields in struct sockaddr_storage */ +#undef HAVE___SS_FAMILY_IN_SS + +/* Define if __va_copy exists */ +#undef HAVE___VA_COPY + +/* Define if compiler implements __func__ */ +#undef HAVE___func__ + +/* Define this if you are using the Heimdal version of Kerberos V5 */ +#undef HEIMDAL + +/* Define if you need to use IP address instead of hostname in $DISPLAY */ +#undef IPADDR_IN_DISPLAY + +/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ +#undef IPV4_IN_IPV6 + +/* Define if your system choked on IP TOS setting */ +#undef IP_TOS_IS_BROKEN + +/* Define if you want Kerberos 5 support */ +#undef KRB5 + +/* Define if pututxline updates lastlog too */ +#undef LASTLOG_WRITE_PUTUTXLINE + +/* Define to whatever link() returns for "not supported" if it doesn't return + EOPNOTSUPP. */ +#undef LINK_OPNOTSUPP_ERRNO + +/* Adjust Linux out-of-memory killer */ +#undef LINUX_OOM_ADJUST + +/* max value of long long calculated by configure */ +#undef LLONG_MAX + +/* min value of long long calculated by configure */ +#undef LLONG_MIN + +/* Account locked with pw(1) */ +#undef LOCKED_PASSWD_PREFIX + +/* String used in /etc/passwd to denote locked account */ +#undef LOCKED_PASSWD_STRING + +/* String used in /etc/passwd to denote locked account */ +#undef LOCKED_PASSWD_SUBSTR + +/* Some versions of /bin/login need the TERM supplied on the commandline */ +#undef LOGIN_NEEDS_TERM + +/* Some systems need a utmpx entry for /bin/login to work */ +#undef LOGIN_NEEDS_UTMPX + +/* Define if your login program cannot handle end of options ("--") */ +#undef LOGIN_NO_ENDOPT + +/* If your header files don't define LOGIN_PROGRAM, then use this (detected) + from environment and PATH */ +#undef LOGIN_PROGRAM_FALLBACK + +/* Set this to your mail directory if you do not have _PATH_MAILDIR */ +#undef MAIL_DIRECTORY + +/* Need setpgrp to acquire controlling tty */ +#undef NEED_SETPGRP + +/* compiler does not accept __attribute__ on return types */ +#undef NO_ATTRIBUTE_ON_RETURN_TYPE + +/* Define if the concept of ports only accessible to superusers isn't known */ +#undef NO_IPPORT_RESERVED_CONCEPT + +/* Define if you don't want to use lastlog in session.c */ +#undef NO_SSH_LASTLOG + +/* Define if X11 doesn't support AF_UNIX sockets on that system */ +#undef NO_X11_UNIX_SOCKETS + +/* Define if EVP_DigestUpdate returns void */ +#undef OPENSSL_EVP_DIGESTUPDATE_VOID + +/* OpenSSL has ECC */ +#undef OPENSSL_HAS_ECC + +/* libcrypto has NID_X9_62_prime256v1 */ +#undef OPENSSL_HAS_NISTP256 + +/* libcrypto has NID_secp384r1 */ +#undef OPENSSL_HAS_NISTP384 + +/* libcrypto has NID_secp521r1 */ +#undef OPENSSL_HAS_NISTP521 + +/* libcrypto has EVP AES CTR */ +#undef OPENSSL_HAVE_EVPCTR + +/* libcrypto has EVP AES GCM */ +#undef OPENSSL_HAVE_EVPGCM + +/* libcrypto is missing AES 192 and 256 bit functions */ +#undef OPENSSL_LOBOTOMISED_AES + +/* Define if you want the OpenSSL internally seeded PRNG only */ +#undef OPENSSL_PRNG_ONLY + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define if you are using Solaris-derived PAM which passes pam_messages to + the conversation function with an extra level of indirection */ +#undef PAM_SUN_CODEBASE + +/* Work around problematic Linux PAM modules handling of PAM_TTY */ +#undef PAM_TTY_KLUDGE + +/* must supply username to passwd */ +#undef PASSWD_NEEDS_USERNAME + +/* System dirs owned by bin (uid 2) */ +#undef PLATFORM_SYS_DIR_UID + +/* Port number of PRNGD/EGD random number socket */ +#undef PRNGD_PORT + +/* Location of PRNGD/EGD random number socket */ +#undef PRNGD_SOCKET + +/* read(1) can return 0 for a non-closed fd */ +#undef PTY_ZEROREAD + +/* Sandbox using capsicum */ +#undef SANDBOX_CAPSICUM + +/* Sandbox using Darwin sandbox_init(3) */ +#undef SANDBOX_DARWIN + +/* no privsep sandboxing */ +#undef SANDBOX_NULL + +/* Sandbox using setrlimit(2) */ +#undef SANDBOX_RLIMIT + +/* Sandbox using seccomp filter */ +#undef SANDBOX_SECCOMP_FILTER + +/* setrlimit RLIMIT_FSIZE works */ +#undef SANDBOX_SKIP_RLIMIT_FSIZE + +/* define if setrlimit RLIMIT_NOFILE breaks things */ +#undef SANDBOX_SKIP_RLIMIT_NOFILE + +/* Sandbox using systrace(4) */ +#undef SANDBOX_SYSTRACE + +/* Specify the system call convention in use */ +#undef SECCOMP_AUDIT_ARCH + +/* Define if your platform breaks doing a seteuid before a setuid */ +#undef SETEUID_BREAKS_SETUID + +/* The size of `int', as computed by sizeof. */ +#undef SIZEOF_INT + +/* The size of `long int', as computed by sizeof. */ +#undef SIZEOF_LONG_INT + +/* The size of `long long int', as computed by sizeof. */ +#undef SIZEOF_LONG_LONG_INT + +/* The size of `short int', as computed by sizeof. */ +#undef SIZEOF_SHORT_INT + +/* Define if you want S/Key support */ +#undef SKEY + +/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */ +#undef SKEYCHALLENGE_4ARG + +/* Define as const if snprintf() can declare const char *fmt */ +#undef SNPRINTF_CONST + +/* Define to a Set Process Title type if your system is supported by + bsd-setproctitle.c */ +#undef SPT_TYPE + +/* Define if sshd somehow reacquires a controlling TTY after setsid() */ +#undef SSHD_ACQUIRES_CTTY + +/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ +#undef SSHPAM_CHAUTHTOK_NEEDS_RUID + +/* Use audit debugging module */ +#undef SSH_AUDIT_EVENTS + +/* Windows is sensitive to read buffer size */ +#undef SSH_IOBUFSZ + +/* non-privileged user for privilege separation */ +#undef SSH_PRIVSEP_USER + +/* Use tunnel device compatibility to OpenBSD */ +#undef SSH_TUN_COMPAT_AF + +/* Open tunnel devices the FreeBSD way */ +#undef SSH_TUN_FREEBSD + +/* Open tunnel devices the Linux tun/tap way */ +#undef SSH_TUN_LINUX + +/* No layer 2 tunnel support */ +#undef SSH_TUN_NO_L2 + +/* Open tunnel devices the OpenBSD way */ +#undef SSH_TUN_OPENBSD + +/* Prepend the address family to IP tunnel traffic */ +#undef SSH_TUN_PREPEND_AF + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define if you want a different $PATH for the superuser */ +#undef SUPERUSER_PATH + +/* syslog_r function is safe to use in in a signal handler */ +#undef SYSLOG_R_SAFE_IN_SIGHAND + +/* Support passwords > 8 chars */ +#undef UNIXWARE_LONG_PASSWORDS + +/* Specify default $PATH */ +#undef USER_PATH + +/* Define this if you want to use libkafs' AFS support */ +#undef USE_AFS + +/* Use BSM audit module */ +#undef USE_BSM_AUDIT + +/* Use btmp to log bad logins */ +#undef USE_BTMP + +/* Use libedit for sftp */ +#undef USE_LIBEDIT + +/* Use Linux audit module */ +#undef USE_LINUX_AUDIT + +/* Enable OpenSSL engine support */ +#undef USE_OPENSSL_ENGINE + +/* Define if you want to enable PAM support */ +#undef USE_PAM + +/* Use PIPES instead of a socketpair() */ +#undef USE_PIPES + +/* Define if you have Solaris process contracts */ +#undef USE_SOLARIS_PROCESS_CONTRACTS + +/* Define if you have Solaris projects */ +#undef USE_SOLARIS_PROJECTS + +/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ +#undef WITH_ABBREV_NO_TTY + +/* Define if you want to enable AIX4's authenticate function */ +#undef WITH_AIXAUTHENTICATE + +/* Define if you have/want arrays (cluster-wide session managment, not C + arrays) */ +#undef WITH_IRIX_ARRAY + +/* Define if you want IRIX audit trails */ +#undef WITH_IRIX_AUDIT + +/* Define if you want IRIX kernel jobs */ +#undef WITH_IRIX_JOBS + +/* Define if you want IRIX project management */ +#undef WITH_IRIX_PROJECT + +/* use libcrypto for cryptography */ +#undef WITH_OPENSSL + +/* Define if you want SELinux support. */ +#undef WITH_SELINUX + +/* include SSH protocol version 1 support */ +#undef WITH_SSH1 + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +# undef WORDS_BIGENDIAN +# endif +#endif + +/* Define if xauth is found in your path */ +#undef XAUTH_PATH + +/* Enable large inode numbers on Mac OS X 10.5. */ +#ifndef _DARWIN_USE_64_BIT_INODE +# define _DARWIN_USE_64_BIT_INODE 1 +#endif + +/* Number of bits in a file offset, on hosts where this is settable. */ +#undef _FILE_OFFSET_BITS + +/* Define for large files, on AIX-style hosts. */ +#undef _LARGE_FILES + +/* log for bad login attempts */ +#undef _PATH_BTMP + +/* Full path of your "passwd" program */ +#undef _PATH_PASSWD_PROG + +/* Specify location of ssh.pid */ +#undef _PATH_SSH_PIDDIR + +/* Define if we don't have struct __res_state in resolv.h */ +#undef __res_state + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +#undef inline +#endif + +/* type to use in place of socklen_t if not defined */ +#undef socklen_t diff --git a/include/DomainExec/opensshlib/config.sub b/include/DomainExec/opensshlib/config.sub new file mode 100644 index 00000000..6d2e94c8 --- /dev/null +++ b/include/DomainExec/opensshlib/config.sub @@ -0,0 +1,1807 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright 1992-2015 Free Software Foundation, Inc. + +timestamp='2015-01-01' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). + + +# Please send patches to . +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright 1992-2015 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + android-linux) + os=-linux-android + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis | -knuth | -cray | -microblaze*) + os= + basic_machine=$1 + ;; + -bluegene*) + os=-cnk + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco6) + os=-sco5v6 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*178) + os=-lynxos178 + ;; + -lynx*5) + os=-lynxos5 + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | be32 | be64 \ + | bfin \ + | c4x | c8051 | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | epiphany \ + | fido | fr30 | frv | ft32 \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ + | k1om \ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nios | nios2 | nios2eb | nios2el \ + | ns16k | ns32k \ + | open8 | or1k | or1knd | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pyramid \ + | riscv32 | riscv64 \ + | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ + | we32k \ + | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) + basic_machine=$basic_machine-unknown + ;; + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + ms1) + basic_machine=mt-unknown + ;; + + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; + xgate) + basic_machine=$basic_machine-unknown + os=-none + ;; + xscaleeb) + basic_machine=armeb-unknown + ;; + + xscaleel) + basic_machine=armel-unknown + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | aarch64-* | aarch64_be-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ + | be32-* | be64-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | hexagon-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ + | k1om-* \ + | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | mt-* \ + | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | open8-* \ + | or1k*-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pyramid-* \ + | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile*-* \ + | tron-* \ + | ubicom32-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ + | visium-* \ + | we32k-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ + | ymp-* \ + | z8k-* | z80-*) + ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + abacus) + basic_machine=abacus-unknown + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amd64-*) + basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aros) + basic_machine=i386-pc + os=-aros + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16 | cr16-*) + basic_machine=cr16-unknown + os=-elf + ;; + crds | unos) + basic_machine=m68k-crds + ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + microblaze*) + basic_machine=microblaze-xilinx + ;; + mingw64) + basic_machine=x86_64-pc + os=-mingw64 + ;; + mingw32) + basic_machine=i686-pc + os=-mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; + msys) + basic_machine=i686-pc + os=-msys + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + nacl) + basic_machine=le32-unknown + os=-nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + openrisc | openrisc-*) + basic_machine=or32-unknown + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pc98) + basic_machine=i386-pc + ;; + pc98-*) + basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc | ppcbe) basic_machine=powerpc-unknown + ;; + ppc-* | ppcbe-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) + basic_machine=i386-pc + os=-rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sde) + basic_machine=mipsisa32-sde + os=-elf + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sh5el) + basic_machine=sh5le-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + strongarm-* | thumb-*) + basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tile*) + basic_machine=$basic_machine-unknown + os=-linux-gnu + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + xscale-* | xscalee[bl]-*) + basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + mmix) + basic_machine=mmix-knuth + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* | -plan9* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* | -aros* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ + | -bitrig* | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -os400*) + os=-os400 + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -syllable*) + os=-syllable + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -tpf*) + os=-tpf + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -zvmoe) + os=-zvmoe + ;; + -dicos*) + os=-dicos + ;; + -nacl*) + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + score-*) + os=-elf + ;; + spu-*) + os=-elf + ;; + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + c4x-* | tic4x-*) + os=-coff + ;; + c8051-*) + os=-elf + ;; + hexagon-*) + os=-elf + ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + ;; + m68*-cisco) + os=-aout + ;; + mep-*) + os=-elf + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-haiku) + os=-haiku + ;; + *-ibm) + os=-aix + ;; + *-knuth) + os=-mmixware + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -cnk*|-aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -os400*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -tpf*) + vendor=ibm + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/include/DomainExec/opensshlib/configure b/include/DomainExec/opensshlib/configure new file mode 100644 index 00000000..402492a4 --- /dev/null +++ b/include/DomainExec/opensshlib/configure @@ -0,0 +1,20013 @@ +#! /bin/sh +# From configure.ac Revision: 1.583 . +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.69 for OpenSSH Portable. +# +# Report bugs to . +# +# +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org and +$0: openssh-unix-dev@mindrot.org about your system, +$0: including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='OpenSSH' +PACKAGE_TARNAME='openssh' +PACKAGE_VERSION='Portable' +PACKAGE_STRING='OpenSSH Portable' +PACKAGE_BUGREPORT='openssh-unix-dev@mindrot.org' +PACKAGE_URL='' + +ac_unique_file="ssh.c" +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +ac_subst_vars='LTLIBOBJS +LIBOBJS +UNSUPPORTED_ALGORITHMS +TEST_MALLOC_OPTIONS +TEST_SSH_IPV6 +piddir +user_path +mansubdir +MANTYPE +XAUTH_PATH +STRIP_OPT +xauth_path +PRIVSEP_PATH +K5LIBS +GSSLIBS +KRB5CONF +SSHDLIBS +SSHLIBS +SSH_PRIVSEP_USER +COMMENT_OUT_ECC +TEST_SSH_ECC +LIBEDIT +PKGCONFIG +LD +PATH_PASSWD_PROG +LOGIN_PROGRAM_FALLBACK +STARTUP_SCRIPT_SHELL +MAKE_PACKAGE_SUPPORTED +PATH_USERADD_PROG +PATH_GROUPADD_PROG +MANFMT +TEST_SHELL +MANDOC +NROFF +GROFF +SH +TEST_MINUS_S_SH +ENT +SED +PERL +KILL +CAT +ac_ct_AR +AR +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM +RANLIB +AWK +EGREP +GREP +CPP +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_largefile +with_openssl +with_ssh1 +with_stackprotect +with_hardening +with_rpath +with_cflags +with_cppflags +with_ldflags +with_libs +with_Werror +with_solaris_contracts +with_solaris_projects +with_osfsia +with_zlib +with_zlib_version_check +with_skey +with_ldns +with_libedit +with_audit +with_pie +with_ssl_dir +with_openssl_header_check +with_ssl_engine +with_prngd_port +with_prngd_socket +with_pam +with_privsep_user +with_sandbox +with_selinux +with_kerberos5 +with_privsep_path +with_xauth +enable_strip +with_maildir +with_mantype +with_md5_passwords +with_shadow +with_ipaddr_display +enable_etc_default_login +with_default_path +with_superuser_path +with_4in6 +with_bsd_auth +with_pid_dir +enable_lastlog +enable_utmp +enable_utmpx +enable_wtmp +enable_wtmpx +enable_libutil +enable_pututline +enable_pututxline +with_lastlog +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures OpenSSH Portable to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/openssh] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of OpenSSH Portable:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --disable-largefile omit support for large files + --disable-strip Disable calling strip(1) on install + --disable-etc-default-login Disable using PATH from /etc/default/login no + --disable-lastlog disable use of lastlog even if detected no + --disable-utmp disable use of utmp even if detected no + --disable-utmpx disable use of utmpx even if detected no + --disable-wtmp disable use of wtmp even if detected no + --disable-wtmpx disable use of wtmpx even if detected no + --disable-libutil disable use of libutil (login() etc.) no + --disable-pututline disable use of pututline() etc. (uwtmp) no + --disable-pututxline disable use of pututxline() etc. (uwtmpx) no + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** + --without-ssh1 Enable support for SSH protocol 1 + --without-stackprotect Don't use compiler's stack protection + --without-hardening Don't use toolchain hardening flags + --without-rpath Disable auto-added -R linker paths + --with-cflags Specify additional flags to pass to compiler + --with-cppflags Specify additional flags to pass to preprocessor + --with-ldflags Specify additional flags to pass to linker + --with-libs Specify additional libraries to link with + --with-Werror Build main code with -Werror + --with-solaris-contracts Enable Solaris process contracts (experimental) + --with-solaris-projects Enable Solaris projects (experimental) + --with-osfsia Enable Digital Unix SIA + --with-zlib=PATH Use zlib in PATH + --without-zlib-version-check Disable zlib version check + --with-skey[=PATH] Enable S/Key support (optionally in PATH) + --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH) + --with-libedit[=PATH] Enable libedit support for sftp + --with-audit=module Enable audit support (modules=debug,bsm,linux) + --with-pie Build Position Independent Executables if possible + --with-openssl=PATH Specify path to OpenSSL installation + --without-openssl-header-check Disable OpenSSL version consistency check + --with-ssl-engine Enable OpenSSL (hardware) ENGINE support + --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT + --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool) + --with-pam Enable PAM support + --with-privsep-user=user Specify non-privileged user for privilege separation + --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum) + --with-selinux Enable SELinux support + --with-kerberos5=PATH Enable Kerberos 5 support + --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) + --with-xauth=PATH Specify path to xauth program + --with-maildir=/path/to/mail Specify your system mail directory + --with-mantype=man|cat|doc Set man page type + --with-md5-passwords Enable use of MD5 passwords + --without-shadow Disable shadow password support + --with-ipaddr-display Use ip address instead of hostname in $DISPLAY + --with-default-path= Specify default $PATH environment for server + --with-superuser-path= Specify different path for super-user + --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses + --with-bsd-auth Enable BSD auth support + --with-pid-dir=PATH Specify location of ssh.pid file + --with-lastlog=FILE|DIR specify lastlog location common locations + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to . +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +OpenSSH configure Portable +generated by GNU Autoconf 2.69 + +Copyright (C) 2012 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + +# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES +# --------------------------------------------- +# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR +# accordingly. +ac_fn_c_check_decl () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + as_decl_name=`echo $2|sed 's/ *(.*//'` + as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 +$as_echo_n "checking whether $as_decl_name is declared... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +#ifndef $as_decl_name +#ifdef __cplusplus + (void) $as_decl_use; +#else + (void) $as_decl_name; +#endif +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_decl + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} +( $as_echo "## ------------------------------------------- ## +## Report this to openssh-unix-dev@mindrot.org ## +## ------------------------------------------- ##" + ) | sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_mongrel + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_func + +# ac_fn_c_check_type LINENO TYPE VAR INCLUDES +# ------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_c_check_type () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof ($2)) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_type + +# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES +# -------------------------------------------- +# Tries to find the compile-time value of EXPR in a program that includes +# INCLUDES, setting VAR accordingly. Returns whether the value could be +# computed +ac_fn_c_compute_int () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if test "$cross_compiling" = yes; then + # Depending upon the size, compute the lo and hi bounds. +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= 0)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=0 ac_mid=0 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid; break +else + as_fn_arith $ac_mid + 1 && ac_lo=$as_val + if test $ac_lo -le $ac_mid; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) < 0)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=-1 ac_mid=-1 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=$ac_mid; break +else + as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val + if test $ac_mid -le $ac_hi; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + ac_lo= ac_hi= +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +# Binary search between lo and hi bounds. +while test "x$ac_lo" != "x$ac_hi"; do + as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid +else + as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +done +case $ac_lo in #(( +?*) eval "$3=\$ac_lo"; ac_retval=0 ;; +'') ac_retval=1 ;; +esac + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +static long int longval () { return $2; } +static unsigned long int ulongval () { return $2; } +#include +#include +int +main () +{ + + FILE *f = fopen ("conftest.val", "w"); + if (! f) + return 1; + if (($2) < 0) + { + long int i = longval (); + if (i != ($2)) + return 1; + fprintf (f, "%ld", i); + } + else + { + unsigned long int i = ulongval (); + if (i != ($2)) + return 1; + fprintf (f, "%lu", i); + } + /* Do not output a trailing newline, as this causes \r\n confusion + on some platforms. */ + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + echo >>conftest.val; read $3 &5 +$as_echo_n "checking for $2.$3... " >&6; } +if eval \${$4+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (sizeof ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + eval "$4=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$4 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_member +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by OpenSSH $as_me Portable, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +ac_config_headers="$ac_config_headers config.h" + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if ${ac_cv_objext+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if ${ac_cv_build+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if ${ac_cv_host+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 +$as_echo_n "checking whether byte ordering is bigendian... " >&6; } +if ${ac_cv_c_bigendian+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_bigendian=unknown + # See if we're dealing with a universal compiler. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __APPLE_CC__ + not a universal capable compiler + #endif + typedef int dummy; + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + # Check for potential -arch flags. It is not universal unless + # there are at least two -arch flags with different values. + ac_arch= + ac_prev= + for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do + if test -n "$ac_prev"; then + case $ac_word in + i?86 | x86_64 | ppc | ppc64) + if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then + ac_arch=$ac_word + else + ac_cv_c_bigendian=universal + break + fi + ;; + esac + ac_prev= + elif test "x$ac_word" = "x-arch"; then + ac_prev=arch + fi + done +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $ac_cv_c_bigendian = unknown; then + # See if sys/param.h defines the BYTE_ORDER macro. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ + && LITTLE_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to _BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#ifndef _BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # Compile a test program. + if test "$cross_compiling" = yes; then : + # Try to guess by grepping values from an object file. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +short int ascii_mm[] = + { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; + short int ascii_ii[] = + { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; + int use_ascii (int i) { + return ascii_mm[i] + ascii_ii[i]; + } + short int ebcdic_ii[] = + { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; + short int ebcdic_mm[] = + { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; + int use_ebcdic (int i) { + return ebcdic_mm[i] + ebcdic_ii[i]; + } + extern int foo; + +int +main () +{ +return use_ascii (foo) == use_ebcdic (foo); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + ac_cv_c_bigendian=yes + fi + if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi + fi +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long int l; + char c[sizeof (long int)]; + } u; + u.l = 1; + return u.c[sizeof (long int) - 1] == 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_c_bigendian=no +else + ac_cv_c_bigendian=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 +$as_echo "$ac_cv_c_bigendian" >&6; } + case $ac_cv_c_bigendian in #( + yes) + $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h +;; #( + no) + ;; #( + universal) + +$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h + + ;; #( + *) + as_fn_error $? "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + esac + + +# Checks for programs. +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AWK+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AWK="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AWK" && break +done + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if ${ac_cv_path_install+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + + done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +if test -n "$ac_tool_prefix"; then + for ac_prog in ar + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_AR="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +# Extract the first word of "cat", so it can be a program name with args. +set dummy cat; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_CAT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $CAT in + [\\/]* | ?:[\\/]*) + ac_cv_path_CAT="$CAT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_CAT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +CAT=$ac_cv_path_CAT +if test -n "$CAT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CAT" >&5 +$as_echo "$CAT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "kill", so it can be a program name with args. +set dummy kill; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_KILL+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $KILL in + [\\/]* | ?:[\\/]*) + ac_cv_path_KILL="$KILL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_KILL="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +KILL=$ac_cv_path_KILL +if test -n "$KILL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KILL" >&5 +$as_echo "$KILL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +for ac_prog in perl5 perl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PERL+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PERL in + [\\/]* | ?:[\\/]*) + ac_cv_path_PERL="$PERL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PERL=$ac_cv_path_PERL +if test -n "$PERL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5 +$as_echo "$PERL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$PERL" && break +done + +# Extract the first word of "sed", so it can be a program name with args. +set dummy sed; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $SED in + [\\/]* | ?:[\\/]*) + ac_cv_path_SED="$SED" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +SED=$ac_cv_path_SED +if test -n "$SED"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SED" >&5 +$as_echo "$SED" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + +# Extract the first word of "ent", so it can be a program name with args. +set dummy ent; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ENT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ENT in + [\\/]* | ?:[\\/]*) + ac_cv_path_ENT="$ENT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ENT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ENT=$ac_cv_path_ENT +if test -n "$ENT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ENT" >&5 +$as_echo "$ENT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + +# Extract the first word of "bash", so it can be a program name with args. +set dummy bash; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $TEST_MINUS_S_SH in + [\\/]* | ?:[\\/]*) + ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH +if test -n "$TEST_MINUS_S_SH"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 +$as_echo "$TEST_MINUS_S_SH" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "ksh", so it can be a program name with args. +set dummy ksh; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $TEST_MINUS_S_SH in + [\\/]* | ?:[\\/]*) + ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH +if test -n "$TEST_MINUS_S_SH"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 +$as_echo "$TEST_MINUS_S_SH" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "sh", so it can be a program name with args. +set dummy sh; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $TEST_MINUS_S_SH in + [\\/]* | ?:[\\/]*) + ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH +if test -n "$TEST_MINUS_S_SH"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 +$as_echo "$TEST_MINUS_S_SH" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "sh", so it can be a program name with args. +set dummy sh; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_SH+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $SH in + [\\/]* | ?:[\\/]*) + ac_cv_path_SH="$SH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +SH=$ac_cv_path_SH +if test -n "$SH"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH" >&5 +$as_echo "$SH" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "groff", so it can be a program name with args. +set dummy groff; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GROFF+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GROFF in + [\\/]* | ?:[\\/]*) + ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GROFF=$ac_cv_path_GROFF +if test -n "$GROFF"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5 +$as_echo "$GROFF" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "nroff", so it can be a program name with args. +set dummy nroff; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_NROFF+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $NROFF in + [\\/]* | ?:[\\/]*) + ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +NROFF=$ac_cv_path_NROFF +if test -n "$NROFF"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5 +$as_echo "$NROFF" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "mandoc", so it can be a program name with args. +set dummy mandoc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_MANDOC+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MANDOC in + [\\/]* | ?:[\\/]*) + ac_cv_path_MANDOC="$MANDOC" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_MANDOC="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +MANDOC=$ac_cv_path_MANDOC +if test -n "$MANDOC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANDOC" >&5 +$as_echo "$MANDOC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +TEST_SHELL=sh + + +if test "x$MANDOC" != "x" ; then + MANFMT="$MANDOC" +elif test "x$NROFF" != "x" ; then + MANFMT="$NROFF -mandoc" +elif test "x$GROFF" != "x" ; then + MANFMT="$GROFF -mandoc -Tascii" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no manpage formatted found" >&5 +$as_echo "$as_me: WARNING: no manpage formatted found" >&2;} + MANFMT="false" +fi + + +# Extract the first word of "groupadd", so it can be a program name with args. +set dummy groupadd; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PATH_GROUPADD_PROG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PATH_GROUPADD_PROG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PATH_GROUPADD_PROG="$PATH_GROUPADD_PROG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /usr/sbin${PATH_SEPARATOR}/etc +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PATH_GROUPADD_PROG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_PATH_GROUPADD_PROG" && ac_cv_path_PATH_GROUPADD_PROG="groupadd" + ;; +esac +fi +PATH_GROUPADD_PROG=$ac_cv_path_PATH_GROUPADD_PROG +if test -n "$PATH_GROUPADD_PROG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_GROUPADD_PROG" >&5 +$as_echo "$PATH_GROUPADD_PROG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "useradd", so it can be a program name with args. +set dummy useradd; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PATH_USERADD_PROG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PATH_USERADD_PROG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PATH_USERADD_PROG="$PATH_USERADD_PROG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /usr/sbin${PATH_SEPARATOR}/etc +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PATH_USERADD_PROG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_PATH_USERADD_PROG" && ac_cv_path_PATH_USERADD_PROG="useradd" + ;; +esac +fi +PATH_USERADD_PROG=$ac_cv_path_PATH_USERADD_PROG +if test -n "$PATH_USERADD_PROG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_USERADD_PROG" >&5 +$as_echo "$PATH_USERADD_PROG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "pkgmk", so it can be a program name with args. +set dummy pkgmk; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_MAKE_PACKAGE_SUPPORTED+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$MAKE_PACKAGE_SUPPORTED"; then + ac_cv_prog_MAKE_PACKAGE_SUPPORTED="$MAKE_PACKAGE_SUPPORTED" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_MAKE_PACKAGE_SUPPORTED="yes" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_prog_MAKE_PACKAGE_SUPPORTED" && ac_cv_prog_MAKE_PACKAGE_SUPPORTED="no" +fi +fi +MAKE_PACKAGE_SUPPORTED=$ac_cv_prog_MAKE_PACKAGE_SUPPORTED +if test -n "$MAKE_PACKAGE_SUPPORTED"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAKE_PACKAGE_SUPPORTED" >&5 +$as_echo "$MAKE_PACKAGE_SUPPORTED" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +if test -x /sbin/sh; then + STARTUP_SCRIPT_SHELL=/sbin/sh + +else + STARTUP_SCRIPT_SHELL=/bin/sh + +fi + +# System features +# Check whether --enable-largefile was given. +if test "${enable_largefile+set}" = set; then : + enableval=$enable_largefile; +fi + +if test "$enable_largefile" != no; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 +$as_echo_n "checking for special C compiler options needed for large files... " >&6; } +if ${ac_cv_sys_largefile_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_sys_largefile_CC=no + if test "$GCC" != yes; then + ac_save_CC=$CC + while :; do + # IRIX 6.2 and later do not support large files by default, + # so use the C compiler's -n32 option if that helps. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF + if ac_fn_c_try_compile "$LINENO"; then : + break +fi +rm -f core conftest.err conftest.$ac_objext + CC="$CC -n32" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_largefile_CC=' -n32'; break +fi +rm -f core conftest.err conftest.$ac_objext + break + done + CC=$ac_save_CC + rm -f conftest.$ac_ext + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 +$as_echo "$ac_cv_sys_largefile_CC" >&6; } + if test "$ac_cv_sys_largefile_CC" != no; then + CC=$CC$ac_cv_sys_largefile_CC + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if ${ac_cv_sys_file_offset_bits+:} false; then : + $as_echo_n "(cached) " >&6 +else + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_file_offset_bits=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _FILE_OFFSET_BITS 64 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_file_offset_bits=64; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_file_offset_bits=unknown + break +done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 +$as_echo "$ac_cv_sys_file_offset_bits" >&6; } +case $ac_cv_sys_file_offset_bits in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits +_ACEOF +;; +esac +rm -rf conftest* + if test $ac_cv_sys_file_offset_bits = unknown; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 +$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } +if ${ac_cv_sys_large_files+:} false; then : + $as_echo_n "(cached) " >&6 +else + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_large_files=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _LARGE_FILES 1 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_large_files=1; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_large_files=unknown + break +done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 +$as_echo "$ac_cv_sys_large_files" >&6; } +case $ac_cv_sys_large_files in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _LARGE_FILES $ac_cv_sys_large_files +_ACEOF +;; +esac +rm -rf conftest* + fi + + +fi + + +if test -z "$AR" ; then + as_fn_error $? "*** 'ar' missing, please install or fix your \$PATH ***" "$LINENO" 5 +fi + +# Use LOGIN_PROGRAM from environment if possible +if test ! -z "$LOGIN_PROGRAM" ; then + +cat >>confdefs.h <<_ACEOF +#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM" +_ACEOF + +else + # Search for login + # Extract the first word of "login", so it can be a program name with args. +set dummy login; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_LOGIN_PROGRAM_FALLBACK+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $LOGIN_PROGRAM_FALLBACK in + [\\/]* | ?:[\\/]*) + ac_cv_path_LOGIN_PROGRAM_FALLBACK="$LOGIN_PROGRAM_FALLBACK" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_LOGIN_PROGRAM_FALLBACK="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +LOGIN_PROGRAM_FALLBACK=$ac_cv_path_LOGIN_PROGRAM_FALLBACK +if test -n "$LOGIN_PROGRAM_FALLBACK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LOGIN_PROGRAM_FALLBACK" >&5 +$as_echo "$LOGIN_PROGRAM_FALLBACK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then + cat >>confdefs.h <<_ACEOF +#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM_FALLBACK" +_ACEOF + + fi +fi + +# Extract the first word of "passwd", so it can be a program name with args. +set dummy passwd; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PATH_PASSWD_PROG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PATH_PASSWD_PROG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PATH_PASSWD_PROG="$PATH_PASSWD_PROG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PATH_PASSWD_PROG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG +if test -n "$PATH_PASSWD_PROG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_PASSWD_PROG" >&5 +$as_echo "$PATH_PASSWD_PROG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +if test ! -z "$PATH_PASSWD_PROG" ; then + +cat >>confdefs.h <<_ACEOF +#define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG" +_ACEOF + +fi + +if test -z "$LD" ; then + LD=$CC +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 +$as_echo_n "checking for inline... " >&6; } +if ${ac_cv_c_inline+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_inline=no +for ac_kw in inline __inline__ __inline; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __cplusplus +typedef int foo_t; +static $ac_kw foo_t static_foo () {return 0; } +$ac_kw foo_t foo () {return 0; } +#endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_inline=$ac_kw +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test "$ac_cv_c_inline" != no && break +done + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 +$as_echo "$ac_cv_c_inline" >&6; } + +case $ac_cv_c_inline in + inline | yes) ;; + *) + case $ac_cv_c_inline in + no) ac_val=;; + *) ac_val=$ac_cv_c_inline;; + esac + cat >>confdefs.h <<_ACEOF +#ifndef __cplusplus +#define inline $ac_val +#endif +_ACEOF + ;; +esac + + +ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include +" +if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then : + have_llong_max=1 +fi + +ac_fn_c_check_decl "$LINENO" "SYSTR_POLICY_KILL" "ac_cv_have_decl_SYSTR_POLICY_KILL" " + #include + #include + #include + +" +if test "x$ac_cv_have_decl_SYSTR_POLICY_KILL" = xyes; then : + have_systr_policy_kill=1 +fi + +ac_fn_c_check_decl "$LINENO" "RLIMIT_NPROC" "ac_cv_have_decl_RLIMIT_NPROC" " + #include + #include + +" +if test "x$ac_cv_have_decl_RLIMIT_NPROC" = xyes; then : + +$as_echo "#define HAVE_RLIMIT_NPROC /**/" >>confdefs.h + +fi + +ac_fn_c_check_decl "$LINENO" "PR_SET_NO_NEW_PRIVS" "ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" " + #include + #include + +" +if test "x$ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" = xyes; then : + have_linux_no_new_privs=1 +fi + + +openssl=yes +ssh1=no + +# Check whether --with-openssl was given. +if test "${with_openssl+set}" = set; then : + withval=$with_openssl; if test "x$withval" = "xno" ; then + openssl=no + ssh1=no + fi + + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL will be used for cryptography" >&5 +$as_echo_n "checking whether OpenSSL will be used for cryptography... " >&6; } +if test "x$openssl" = "xyes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +cat >>confdefs.h <<_ACEOF +#define WITH_OPENSSL 1 +_ACEOF + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Check whether --with-ssh1 was given. +if test "${with_ssh1+set}" = set; then : + withval=$with_ssh1; + if test "x$withval" = "xyes" ; then + if test "x$openssl" = "xno" ; then + as_fn_error $? "Cannot enable SSH protocol 1 with OpenSSL disabled" "$LINENO" 5 + fi + ssh1=yes + elif test "x$withval" = "xno" ; then + ssh1=no + else + as_fn_error $? "unknown --with-ssh1 argument" "$LINENO" 5 + fi + + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether SSH protocol 1 support is enabled" >&5 +$as_echo_n "checking whether SSH protocol 1 support is enabled... " >&6; } +if test "x$ssh1" = "xyes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +cat >>confdefs.h <<_ACEOF +#define WITH_SSH1 1 +_ACEOF + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + +use_stack_protector=1 +use_toolchain_hardening=1 + +# Check whether --with-stackprotect was given. +if test "${with_stackprotect+set}" = set; then : + withval=$with_stackprotect; + if test "x$withval" = "xno"; then + use_stack_protector=0 + fi +fi + + +# Check whether --with-hardening was given. +if test "${with_hardening+set}" = set; then : + withval=$with_hardening; + if test "x$withval" = "xno"; then + use_toolchain_hardening=0 + fi +fi + + +# We use -Werror for the tests only so that we catch warnings like "this is +# on by default" for things like -fPIE. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Werror" >&5 +$as_echo_n "checking if $CC supports -Werror... " >&6; } +saved_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Werror" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int main(void) { return 0; } +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + WERROR="-Werror" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + WERROR="" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CFLAGS="$saved_CFLAGS" + +if test "$GCC" = "yes" || test "$GCC" = "egcs"; then + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Qunused-arguments" >&5 +$as_echo_n "checking if $CC supports compile flag -Qunused-arguments... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Qunused-arguments" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunknown-warning-option" >&5 +$as_echo_n "checking if $CC supports compile flag -Wunknown-warning-option... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wunknown-warning-option" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wall" >&5 +$as_echo_n "checking if $CC supports compile flag -Wall... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wall" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wall" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-arith" >&5 +$as_echo_n "checking if $CC supports compile flag -Wpointer-arith... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wpointer-arith" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wpointer-arith" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wuninitialized" >&5 +$as_echo_n "checking if $CC supports compile flag -Wuninitialized... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wuninitialized" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wuninitialized" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsign-compare" >&5 +$as_echo_n "checking if $CC supports compile flag -Wsign-compare... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wsign-compare" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wsign-compare" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wformat-security" >&5 +$as_echo_n "checking if $CC supports compile flag -Wformat-security... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wformat-security" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wformat-security" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsizeof-pointer-memaccess" >&5 +$as_echo_n "checking if $CC supports compile flag -Wsizeof-pointer-memaccess... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wsizeof-pointer-memaccess" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-sign" >&5 +$as_echo_n "checking if $CC supports compile flag -Wpointer-sign... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wpointer-sign" + _define_flag="-Wno-pointer-sign" + test "x$_define_flag" = "x" && _define_flag="-Wpointer-sign" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunused-result" >&5 +$as_echo_n "checking if $CC supports compile flag -Wunused-result... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wunused-result" + _define_flag="-Wno-unused-result" + test "x$_define_flag" = "x" && _define_flag="-Wunused-result" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fno-strict-aliasing" >&5 +$as_echo_n "checking if $CC supports compile flag -fno-strict-aliasing... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -fno-strict-aliasing" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-fno-strict-aliasing" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -D_FORTIFY_SOURCE=2" >&5 +$as_echo_n "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -D_FORTIFY_SOURCE=2" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + if test "x$use_toolchain_hardening" = "x1"; then + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,relro" >&5 +$as_echo_n "checking if $LD supports link flag -Wl,-z,relro... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,relro" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,relro" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LDFLAGS="$saved_LDFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,now" >&5 +$as_echo_n "checking if $LD supports link flag -Wl,-z,now... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,now" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,now" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LDFLAGS="$saved_LDFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,noexecstack" >&5 +$as_echo_n "checking if $LD supports link flag -Wl,-z,noexecstack... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,noexecstack" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,noexecstack" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LDFLAGS="$saved_LDFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +} + # NB. -ftrapv expects certain support functions to be present in + # the compiler library (libgcc or similar) to detect integer operations + # that can overflow. We must check that the result of enabling it + # actually links. The test program compiled/linked includes a number + # of integer operations that should exercise this. + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrapv and linking succeeds" >&5 +$as_echo_n "checking if $CC supports compile flag -ftrapv and linking succeeds... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -ftrapv" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-ftrapv" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +} + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5 +$as_echo_n "checking gcc version... " >&6; } + GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` + case $GCC_VER in + 1.*) no_attrib_nonnull=1 ;; + 2.8* | 2.9*) + no_attrib_nonnull=1 + ;; + 2.*) no_attrib_nonnull=1 ;; + *) ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCC_VER" >&5 +$as_echo "$GCC_VER" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC accepts -fno-builtin-memset" >&5 +$as_echo_n "checking if $CC accepts -fno-builtin-memset... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fno-builtin-memset" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + char b[10]; memset(b, 0, sizeof(b)); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + # -fstack-protector-all doesn't always work for some GCC versions + # and/or platforms, so we test if we can. If it's not supported + # on a given platform gcc will emit a warning so we use -Werror. + if test "x$use_stack_protector" = "x1"; then + for t in -fstack-protector-strong -fstack-protector-all \ + -fstack-protector; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports $t" >&5 +$as_echo_n "checking if $CC supports $t... " >&6; } + saved_CFLAGS="$CFLAGS" + saved_LDFLAGS="$LDFLAGS" + CFLAGS="$CFLAGS $t -Werror" + LDFLAGS="$LDFLAGS $t -Werror" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + + char x[256]; + snprintf(x, sizeof(x), "XXX"); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $t" + LDFLAGS="$saved_LDFLAGS $t" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $t works" >&5 +$as_echo_n "checking if $t works... " >&6; } + if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: cannot test" >&5 +$as_echo "$as_me: WARNING: cross compiling: cannot test" >&2;} + break + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + + char x[256]; + snprintf(x, sizeof(x), "XXX"); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + break +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" + done + fi + + if test -z "$have_llong_max"; then + # retry LLONG_MAX with -std=gnu99, needed on some Linuxes + unset ac_cv_have_decl_LLONG_MAX + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -std=gnu99" + ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include + +" +if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then : + have_llong_max=1 +else + CFLAGS="$saved_CFLAGS" +fi + + fi +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows __attribute__ on return types" >&5 +$as_echo_n "checking if compiler allows __attribute__ on return types... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +__attribute__((__unused__)) static void foo(void){return;} +int +main () +{ + exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define NO_ATTRIBUTE_ON_RETURN_TYPE 1" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test "x$no_attrib_nonnull" != "x1" ; then + +$as_echo "#define HAVE_ATTRIBUTE__NONNULL__ 1" >>confdefs.h + +fi + + +# Check whether --with-rpath was given. +if test "${with_rpath+set}" = set; then : + withval=$with_rpath; + if test "x$withval" = "xno" ; then + need_dash_r="" + fi + if test "x$withval" = "xyes" ; then + need_dash_r=1 + fi + + +fi + + +# Allow user to specify flags + +# Check whether --with-cflags was given. +if test "${with_cflags+set}" = set; then : + withval=$with_cflags; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CFLAGS="$CFLAGS $withval" + fi + + +fi + + +# Check whether --with-cppflags was given. +if test "${with_cppflags+set}" = set; then : + withval=$with_cppflags; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CPPFLAGS="$CPPFLAGS $withval" + fi + + +fi + + +# Check whether --with-ldflags was given. +if test "${with_ldflags+set}" = set; then : + withval=$with_ldflags; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LDFLAGS="$LDFLAGS $withval" + fi + + +fi + + +# Check whether --with-libs was given. +if test "${with_libs+set}" = set; then : + withval=$with_libs; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LIBS="$LIBS $withval" + fi + + +fi + + +# Check whether --with-Werror was given. +if test "${with_Werror+set}" = set; then : + withval=$with_Werror; + if test -n "$withval" && test "x$withval" != "xno"; then + werror_flags="-Werror" + if test "x${withval}" != "xyes"; then + werror_flags="$withval" + fi + fi + + +fi + + +for ac_header in \ + blf.h \ + bstring.h \ + crypt.h \ + crypto/sha2.h \ + dirent.h \ + endian.h \ + elf.h \ + features.h \ + fcntl.h \ + floatingpoint.h \ + getopt.h \ + glob.h \ + ia.h \ + iaf.h \ + inttypes.h \ + limits.h \ + locale.h \ + login.h \ + maillock.h \ + ndir.h \ + net/if_tun.h \ + netdb.h \ + netgroup.h \ + pam/pam_appl.h \ + paths.h \ + poll.h \ + pty.h \ + readpassphrase.h \ + rpc/types.h \ + security/pam_appl.h \ + sha2.h \ + shadow.h \ + stddef.h \ + stdint.h \ + string.h \ + strings.h \ + sys/audit.h \ + sys/bitypes.h \ + sys/bsdtty.h \ + sys/capability.h \ + sys/cdefs.h \ + sys/dir.h \ + sys/mman.h \ + sys/ndir.h \ + sys/poll.h \ + sys/prctl.h \ + sys/pstat.h \ + sys/select.h \ + sys/stat.h \ + sys/stream.h \ + sys/stropts.h \ + sys/strtio.h \ + sys/statvfs.h \ + sys/sysmacros.h \ + sys/time.h \ + sys/timers.h \ + time.h \ + tmpdir.h \ + ttyent.h \ + ucred.h \ + unistd.h \ + usersec.h \ + util.h \ + utime.h \ + utmp.h \ + utmpx.h \ + vis.h \ + +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +# lastlog.h requires sys/time.h to be included first on Solaris +for ac_header in lastlog.h +do : + ac_fn_c_check_header_compile "$LINENO" "lastlog.h" "ac_cv_header_lastlog_h" " +#ifdef HAVE_SYS_TIME_H +# include +#endif + +" +if test "x$ac_cv_header_lastlog_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LASTLOG_H 1 +_ACEOF + +fi + +done + + +# sys/ptms.h requires sys/stream.h to be included first on Solaris +for ac_header in sys/ptms.h +do : + ac_fn_c_check_header_compile "$LINENO" "sys/ptms.h" "ac_cv_header_sys_ptms_h" " +#ifdef HAVE_SYS_STREAM_H +# include +#endif + +" +if test "x$ac_cv_header_sys_ptms_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_PTMS_H 1 +_ACEOF + +fi + +done + + +# login_cap.h requires sys/types.h on NetBSD +for ac_header in login_cap.h +do : + ac_fn_c_check_header_compile "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" " +#include + +" +if test "x$ac_cv_header_login_cap_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LOGIN_CAP_H 1 +_ACEOF + +fi + +done + + +# older BSDs need sys/param.h before sys/mount.h +for ac_header in sys/mount.h +do : + ac_fn_c_check_header_compile "$LINENO" "sys/mount.h" "ac_cv_header_sys_mount_h" " +#include + +" +if test "x$ac_cv_header_sys_mount_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_MOUNT_H 1 +_ACEOF + +fi + +done + + +# Android requires sys/socket.h to be included before sys/un.h +for ac_header in sys/un.h +do : + ac_fn_c_check_header_compile "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" " +#include +#include + +" +if test "x$ac_cv_header_sys_un_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_UN_H 1 +_ACEOF + +fi + +done + + +# Messages for features tested for in target-specific section +SIA_MSG="no" +SPC_MSG="no" +SP_MSG="no" + +# Check for some target-specific stuff +case "$host" in +*-*-aix*) + # Some versions of VAC won't allow macro redefinitions at + # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that + # particularly with older versions of vac or xlc. + # It also throws errors about null macro argments, but these are + # not fatal. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows macro redefinitions" >&5 +$as_echo_n "checking if compiler allows macro redefinitions... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#define testmacro foo +#define testmacro bar +int +main () +{ + exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" + LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" + CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" + CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to specify blibpath for linker ($LD)" >&5 +$as_echo_n "checking how to specify blibpath for linker ($LD)... " >&6; } + if (test -z "$blibpath"); then + blibpath="/usr/lib:/lib" + fi + saved_LDFLAGS="$LDFLAGS" + if test "$GCC" = "yes"; then + flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" + else + flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," + fi + for tryflags in $flags ;do + if (test -z "$blibflags"); then + LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + blibflags=$tryflags +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + done + if (test -z "$blibflags"); then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +$as_echo "not found" >&6; } + as_fn_error $? "*** must be able to specify blibpath on AIX - check config.log" "$LINENO" 5 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $blibflags" >&5 +$as_echo "$blibflags" >&6; } + fi + LDFLAGS="$saved_LDFLAGS" + ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate" +if test "x$ac_cv_func_authenticate" = xyes; then : + +$as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for authenticate in -ls" >&5 +$as_echo_n "checking for authenticate in -ls... " >&6; } +if ${ac_cv_lib_s_authenticate+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ls $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char authenticate (); +int +main () +{ +return authenticate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_s_authenticate=yes +else + ac_cv_lib_s_authenticate=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_s_authenticate" >&5 +$as_echo "$ac_cv_lib_s_authenticate" >&6; } +if test "x$ac_cv_lib_s_authenticate" = xyes; then : + $as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h + + LIBS="$LIBS -ls" + +fi + + +fi + + ac_fn_c_check_decl "$LINENO" "authenticate" "ac_cv_have_decl_authenticate" "#include +" +if test "x$ac_cv_have_decl_authenticate" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_AUTHENTICATE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "loginrestrictions" "ac_cv_have_decl_loginrestrictions" "#include +" +if test "x$ac_cv_have_decl_loginrestrictions" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_LOGINRESTRICTIONS $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "loginsuccess" "ac_cv_have_decl_loginsuccess" "#include +" +if test "x$ac_cv_have_decl_loginsuccess" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_LOGINSUCCESS $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "passwdexpired" "ac_cv_have_decl_passwdexpired" "#include +" +if test "x$ac_cv_have_decl_passwdexpired" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PASSWDEXPIRED $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "setauthdb" "ac_cv_have_decl_setauthdb" "#include +" +if test "x$ac_cv_have_decl_setauthdb" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SETAUTHDB $ac_have_decl +_ACEOF + + ac_fn_c_check_decl "$LINENO" "loginfailed" "ac_cv_have_decl_loginfailed" "#include + +" +if test "x$ac_cv_have_decl_loginfailed" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_LOGINFAILED $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if loginfailed takes 4 arguments" >&5 +$as_echo_n "checking if loginfailed takes 4 arguments... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + (void)loginfailed("user","host","tty",0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define AIX_LOGINFAILED_4ARG 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + for ac_func in getgrset setauthdb +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " #include + #include + +" +if test "x$ac_cv_have_decl_F_CLOSEM" = xyes; then : + +$as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h + +fi + + check_for_aix_broken_getaddrinfo=1 + +$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h + + +$as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + +$as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + +$as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + +$as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h + + +$as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h + + +$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h + + +$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h + + +$as_echo "#define PTY_ZEROREAD 1" >>confdefs.h + + +$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h + + ;; +*-*-android*) + +$as_echo "#define DISABLE_UTMP 1" >>confdefs.h + + +$as_echo "#define DISABLE_WTMP 1" >>confdefs.h + + ;; +*-*-cygwin*) + check_for_libcrypt_later=1 + LIBS="$LIBS /usr/lib/textreadmode.o" + +$as_echo "#define HAVE_CYGWIN 1" >>confdefs.h + + +$as_echo "#define USE_PIPES 1" >>confdefs.h + + +$as_echo "#define DISABLE_SHADOW 1" >>confdefs.h + + +$as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h + + +$as_echo "#define NO_IPPORT_RESERVED_CONCEPT 1" >>confdefs.h + + +$as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h + + +$as_echo "#define SSH_IOBUFSZ 65535" >>confdefs.h + + +$as_echo "#define FILESYSTEM_NO_BACKSLASH 1" >>confdefs.h + + # Cygwin defines optargs, optargs as declspec(dllimport) for historical + # reasons which cause compile warnings, so we disable those warnings. + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wno-attributes" >&5 +$as_echo_n "checking if $CC supports compile flag -Wno-attributes... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wno-attributes" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wno-attributes" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + ;; +*-*-dgux*) + +$as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h + + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + ;; +*-*-darwin*) + use_pie=auto + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have working getaddrinfo" >&5 +$as_echo_n "checking if we have working getaddrinfo... " >&6; } + if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: assume it is working" >&5 +$as_echo "assume it is working" >&6; } +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) + exit(0); + else + exit(1); +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: working" >&5 +$as_echo "working" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: buggy" >&5 +$as_echo "buggy" >&6; } + +$as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + +$as_echo "#define BROKEN_GLOB 1" >>confdefs.h + + +cat >>confdefs.h <<_ACEOF +#define BIND_8_COMPAT 1 +_ACEOF + + +$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h + + +$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h + + +$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h + + + ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default" +if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then : + +else + +$as_echo "#define AU_IPv4 0" >>confdefs.h + + #include + +$as_echo "#define LASTLOG_WRITE_PUTUTXLINE 1" >>confdefs.h + + +fi + + +$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h + + for ac_func in sandbox_init +do : + ac_fn_c_check_func "$LINENO" "sandbox_init" "ac_cv_func_sandbox_init" +if test "x$ac_cv_func_sandbox_init" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SANDBOX_INIT 1 +_ACEOF + +fi +done + + for ac_header in sandbox.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "sandbox.h" "ac_cv_header_sandbox_h" "$ac_includes_default" +if test "x$ac_cv_header_sandbox_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SANDBOX_H 1 +_ACEOF + +fi + +done + + ;; +*-*-dragonfly*) + SSHDLIBS="$SSHDLIBS -lcrypt" + TEST_MALLOC_OPTIONS="AFGJPRX" + ;; +*-*-haiku*) + LIBS="$LIBS -lbsd " + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnetwork" >&5 +$as_echo_n "checking for socket in -lnetwork... " >&6; } +if ${ac_cv_lib_network_socket+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnetwork $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char socket (); +int +main () +{ +return socket (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_network_socket=yes +else + ac_cv_lib_network_socket=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_network_socket" >&5 +$as_echo "$ac_cv_lib_network_socket" >&6; } +if test "x$ac_cv_lib_network_socket" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBNETWORK 1 +_ACEOF + + LIBS="-lnetwork $LIBS" + +fi + + $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h + + MANTYPE=man + ;; +*-*-hpux*) + # first we define all of the options common to all HP-UX releases + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" + IPADDR_IN_DISPLAY=yes + $as_echo "#define USE_PIPES 1" >>confdefs.h + + +$as_echo "#define LOGIN_NO_ENDOPT 1" >>confdefs.h + + $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h + + +$as_echo "#define LOCKED_PASSWD_STRING \"*\"" >>confdefs.h + + $as_echo "#define SPT_TYPE SPT_PSTAT" >>confdefs.h + + +$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h + + maildir="/var/mail" + LIBS="$LIBS -lsec" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for t_error in -lxnet" >&5 +$as_echo_n "checking for t_error in -lxnet... " >&6; } +if ${ac_cv_lib_xnet_t_error+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lxnet $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char t_error (); +int +main () +{ +return t_error (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_xnet_t_error=yes +else + ac_cv_lib_xnet_t_error=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xnet_t_error" >&5 +$as_echo "$ac_cv_lib_xnet_t_error" >&6; } +if test "x$ac_cv_lib_xnet_t_error" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBXNET 1 +_ACEOF + + LIBS="-lxnet $LIBS" + +else + as_fn_error $? "*** -lxnet needed on HP-UX - check config.log ***" "$LINENO" 5 +fi + + + # next, we define all of the options specific to major releases + case "$host" in + *-*-hpux10*) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -Ae" + fi + ;; + *-*-hpux11*) + +$as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h + + +$as_echo "#define DISABLE_UTMP 1" >>confdefs.h + + +$as_echo "#define USE_BTMP 1" >>confdefs.h + + check_for_hpux_broken_getaddrinfo=1 + check_for_conflicting_getspnam=1 + ;; + esac + + # lastly, we define options specific to minor releases + case "$host" in + *-*-hpux10.26) + +$as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h + + disable_ptmx_check=yes + LIBS="$LIBS -lsecpw" + ;; + esac + ;; +*-*-irix5*) + PATH="$PATH:/usr/etc" + +$as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h + + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + +$as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h + + $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h + + ;; +*-*-irix6*) + PATH="$PATH:/usr/etc" + +$as_echo "#define WITH_IRIX_ARRAY 1" >>confdefs.h + + +$as_echo "#define WITH_IRIX_PROJECT 1" >>confdefs.h + + +$as_echo "#define WITH_IRIX_AUDIT 1" >>confdefs.h + + ac_fn_c_check_func "$LINENO" "jlimit_startjob" "ac_cv_func_jlimit_startjob" +if test "x$ac_cv_func_jlimit_startjob" = xyes; then : + +$as_echo "#define WITH_IRIX_JOBS 1" >>confdefs.h + +fi + + $as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h + + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + +$as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h + + $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h + + $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h + + ;; +*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) + check_for_libcrypt_later=1 + $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h + + $as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h + + $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h + + +$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h + + +$as_echo "#define USE_BTMP 1" >>confdefs.h + + ;; +*-*-linux*) + no_dev_ptmx=1 + use_pie=auto + check_for_libcrypt_later=1 + check_for_openpty_ctty_bug=1 + +$as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h + + +$as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h + + $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h + + +$as_echo "#define LINK_OPNOTSUPP_ERRNO EPERM" >>confdefs.h + + +$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h + + $as_echo "#define USE_BTMP 1" >>confdefs.h + + +$as_echo "#define LINUX_OOM_ADJUST 1" >>confdefs.h + + inet6_default_4in6=yes + case `uname -r` in + 1.*|2.0.*) + +$as_echo "#define BROKEN_CMSG_TYPE 1" >>confdefs.h + + ;; + esac + # tun(4) forwarding compat code + for ac_header in linux/if_tun.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "linux/if_tun.h" "ac_cv_header_linux_if_tun_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_if_tun_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_IF_TUN_H 1 +_ACEOF + +fi + +done + + if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then + +$as_echo "#define SSH_TUN_LINUX 1" >>confdefs.h + + +$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h + + +$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h + + fi + for ac_header in linux/seccomp.h linux/filter.h linux/audit.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + for ac_func in prctl +do : + ac_fn_c_check_func "$LINENO" "prctl" "ac_cv_func_prctl" +if test "x$ac_cv_func_prctl" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PRCTL 1 +_ACEOF + +fi +done + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp architecture" >&5 +$as_echo_n "checking for seccomp architecture... " >&6; } + seccomp_audit_arch= + case "$host" in + x86_64-*) + seccomp_audit_arch=AUDIT_ARCH_X86_64 + ;; + i*86-*) + seccomp_audit_arch=AUDIT_ARCH_I386 + ;; + arm*-*) + seccomp_audit_arch=AUDIT_ARCH_ARM + ;; + aarch64*-*) + seccomp_audit_arch=AUDIT_ARCH_AARCH64 + ;; + esac + if test "x$seccomp_audit_arch" != "x" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$seccomp_audit_arch\"" >&5 +$as_echo "\"$seccomp_audit_arch\"" >&6; } + +cat >>confdefs.h <<_ACEOF +#define SECCOMP_AUDIT_ARCH $seccomp_audit_arch +_ACEOF + + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: architecture not supported" >&5 +$as_echo "architecture not supported" >&6; } + fi + ;; +mips-sony-bsd|mips-sony-newsos4) + +$as_echo "#define NEED_SETPGRP 1" >>confdefs.h + + SONY=1 + ;; +*-*-netbsd*) + check_for_libcrypt_before=1 + if test "x$withval" != "xno" ; then + need_dash_r=1 + fi + +$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h + + ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default" +if test "x$ac_cv_header_net_if_tap_h" = xyes; then : + +else + +$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h + +fi + + + +$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h + + TEST_MALLOC_OPTIONS="AJRX" + +$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h + + +$as_echo "#define BROKEN_READ_COMPARISON 1" >>confdefs.h + + ;; +*-*-freebsd*) + check_for_libcrypt_later=1 + +$as_echo "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h + + +$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h + + ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default" +if test "x$ac_cv_header_net_if_tap_h" = xyes; then : + +else + +$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h + +fi + + + +$as_echo "#define BROKEN_GLOB 1" >>confdefs.h + + +$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h + + TEST_MALLOC_OPTIONS="AJRX" + # Preauth crypto occasionally uses file descriptors for crypto offload + # and will crash if they cannot be opened. + +$as_echo "#define SANDBOX_SKIP_RLIMIT_NOFILE 1" >>confdefs.h + + ;; +*-*-bsdi*) + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + ;; +*-next-*) + conf_lastlog_location="/usr/adm/lastlog" + conf_utmp_location=/etc/utmp + conf_wtmp_location=/usr/adm/wtmp + maildir=/usr/spool/mail + +$as_echo "#define HAVE_NEXT 1" >>confdefs.h + + $as_echo "#define BROKEN_REALPATH 1" >>confdefs.h + + $as_echo "#define USE_PIPES 1" >>confdefs.h + + +$as_echo "#define BROKEN_SAVED_UIDS 1" >>confdefs.h + + ;; +*-*-openbsd*) + use_pie=auto + +$as_echo "#define HAVE_ATTRIBUTE__SENTINEL__ 1" >>confdefs.h + + +$as_echo "#define HAVE_ATTRIBUTE__BOUNDED__ 1" >>confdefs.h + + +$as_echo "#define SSH_TUN_OPENBSD 1" >>confdefs.h + + +$as_echo "#define SYSLOG_R_SAFE_IN_SIGHAND 1" >>confdefs.h + + TEST_MALLOC_OPTIONS="AFGJPRX" + ;; +*-*-solaris*) + if test "x$withval" != "xno" ; then + need_dash_r=1 + fi + $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h + + $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h + + +$as_echo "#define LOGIN_NEEDS_TERM 1" >>confdefs.h + + $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h + + +$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h + + $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h + + # Pushing STREAMS modules will cause sshd to acquire a controlling tty. + +$as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h + + +$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h + + +$as_echo "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h + + external_path_file=/etc/default/login + # hardwire lastlog location (can't detect it on some versions) + conf_lastlog_location="/var/adm/lastlog" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for obsolete utmp and wtmp in solaris2.x" >&5 +$as_echo_n "checking for obsolete utmp and wtmp in solaris2.x... " >&6; } + sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'` + if test "$sol2ver" -ge 8; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + $as_echo "#define DISABLE_UTMP 1" >>confdefs.h + + +$as_echo "#define DISABLE_WTMP 1" >>confdefs.h + + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + +# Check whether --with-solaris-contracts was given. +if test "${with_solaris_contracts+set}" = set; then : + withval=$with_solaris_contracts; + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ct_tmpl_activate in -lcontract" >&5 +$as_echo_n "checking for ct_tmpl_activate in -lcontract... " >&6; } +if ${ac_cv_lib_contract_ct_tmpl_activate+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcontract $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char ct_tmpl_activate (); +int +main () +{ +return ct_tmpl_activate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_contract_ct_tmpl_activate=yes +else + ac_cv_lib_contract_ct_tmpl_activate=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_contract_ct_tmpl_activate" >&5 +$as_echo "$ac_cv_lib_contract_ct_tmpl_activate" >&6; } +if test "x$ac_cv_lib_contract_ct_tmpl_activate" = xyes; then : + +$as_echo "#define USE_SOLARIS_PROCESS_CONTRACTS 1" >>confdefs.h + + SSHDLIBS="$SSHDLIBS -lcontract" + SPC_MSG="yes" +fi + + +fi + + +# Check whether --with-solaris-projects was given. +if test "${with_solaris_projects+set}" = set; then : + withval=$with_solaris_projects; + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5 +$as_echo_n "checking for setproject in -lproject... " >&6; } +if ${ac_cv_lib_project_setproject+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lproject $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char setproject (); +int +main () +{ +return setproject (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_project_setproject=yes +else + ac_cv_lib_project_setproject=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5 +$as_echo "$ac_cv_lib_project_setproject" >&6; } +if test "x$ac_cv_lib_project_setproject" = xyes; then : + +$as_echo "#define USE_SOLARIS_PROJECTS 1" >>confdefs.h + + SSHDLIBS="$SSHDLIBS -lproject" + SP_MSG="yes" +fi + + +fi + + TEST_SHELL=$SHELL # let configure find us a capable shell + ;; +*-*-sunos4*) + CPPFLAGS="$CPPFLAGS -DSUNOS4" + for ac_func in getpwanam +do : + ac_fn_c_check_func "$LINENO" "getpwanam" "ac_cv_func_getpwanam" +if test "x$ac_cv_func_getpwanam" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETPWANAM 1 +_ACEOF + +fi +done + + $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h + + conf_utmp_location=/etc/utmp + conf_wtmp_location=/var/adm/wtmp + conf_lastlog_location=/var/adm/lastlog + $as_echo "#define USE_PIPES 1" >>confdefs.h + + ;; +*-ncr-sysv*) + LIBS="$LIBS -lc89" + $as_echo "#define USE_PIPES 1" >>confdefs.h + + $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h + + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + ;; +*-sni-sysv*) + # /usr/ucblib MUST NOT be searched on ReliantUNIX + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlsym in -ldl" >&5 +$as_echo_n "checking for dlsym in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlsym+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlsym (); +int +main () +{ +return dlsym (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlsym=yes +else + ac_cv_lib_dl_dlsym=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlsym" >&5 +$as_echo "$ac_cv_lib_dl_dlsym" >&6; } +if test "x$ac_cv_lib_dl_dlsym" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBDL 1 +_ACEOF + + LIBS="-ldl $LIBS" + +fi + + # -lresolv needs to be at the end of LIBS or DNS lookups break + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5 +$as_echo_n "checking for res_query in -lresolv... " >&6; } +if ${ac_cv_lib_resolv_res_query+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lresolv $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char res_query (); +int +main () +{ +return res_query (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_resolv_res_query=yes +else + ac_cv_lib_resolv_res_query=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_query" >&5 +$as_echo "$ac_cv_lib_resolv_res_query" >&6; } +if test "x$ac_cv_lib_resolv_res_query" = xyes; then : + LIBS="$LIBS -lresolv" +fi + + IPADDR_IN_DISPLAY=yes + $as_echo "#define USE_PIPES 1" >>confdefs.h + + $as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h + + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h + + external_path_file=/etc/default/login + # /usr/ucblib/libucb.a no longer needed on ReliantUNIX + # Attention: always take care to bind libsocket and libnsl before libc, + # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog + ;; +# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. +*-*-sysv4.2*) + $as_echo "#define USE_PIPES 1" >>confdefs.h + + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + +$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h + + $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h + + TEST_SHELL=$SHELL # let configure find us a capable shell + ;; +# UnixWare 7.x, OpenUNIX 8 +*-*-sysv5*) + CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" + +$as_echo "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h + + $as_echo "#define USE_PIPES 1" >>confdefs.h + + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h + + TEST_SHELL=$SHELL # let configure find us a capable shell + case "$host" in + *-*-sysv5SCO_SV*) # SCO OpenServer 6.x + maildir=/var/spool/mail + +$as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h + + $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getluid in -lprot" >&5 +$as_echo_n "checking for getluid in -lprot... " >&6; } +if ${ac_cv_lib_prot_getluid+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lprot $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char getluid (); +int +main () +{ +return getluid (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_prot_getluid=yes +else + ac_cv_lib_prot_getluid=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_prot_getluid" >&5 +$as_echo "$ac_cv_lib_prot_getluid" >&6; } +if test "x$ac_cv_lib_prot_getluid" = xyes; then : + LIBS="$LIBS -lprot" + for ac_func in getluid setluid +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h + + $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h + + +fi + + ;; + *) $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h + + check_for_libcrypt_later=1 + ;; + esac + ;; +*-*-sysv*) + ;; +# SCO UNIX and OEM versions of SCO UNIX +*-*-sco3.2v4*) + as_fn_error $? "\"This Platform is no longer supported.\"" "$LINENO" 5 + ;; +# SCO OpenServer 5.x +*-*-sco3.2v5*) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -belf" + fi + LIBS="$LIBS -lprot -lx -ltinfo -lm" + no_dev_ptmx=1 + $as_echo "#define USE_PIPES 1" >>confdefs.h + + $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h + + $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h + + $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h + + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h + + $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h + + $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h + + for ac_func in getluid setluid +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + MANTYPE=man + TEST_SHELL=$SHELL # let configure find us a capable shell + SKIP_DISABLE_LASTLOG_DEFINE=yes + ;; +*-*-unicosmk*) + +$as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h + + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + $as_echo "#define USE_PIPES 1" >>confdefs.h + + $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h + + LDFLAGS="$LDFLAGS" + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" + MANTYPE=cat + ;; +*-*-unicosmp*) + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h + + $as_echo "#define USE_PIPES 1" >>confdefs.h + + $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h + + LDFLAGS="$LDFLAGS" + LIBS="$LIBS -lgen -lacid -ldb" + MANTYPE=cat + ;; +*-*-unicos*) + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + $as_echo "#define USE_PIPES 1" >>confdefs.h + + $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h + + $as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h + + LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" + MANTYPE=cat + ;; +*-dec-osf*) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Digital Unix SIA" >&5 +$as_echo_n "checking for Digital Unix SIA... " >&6; } + no_osfsia="" + +# Check whether --with-osfsia was given. +if test "${with_osfsia+set}" = set; then : + withval=$with_osfsia; + if test "x$withval" = "xno" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 +$as_echo "disabled" >&6; } + no_osfsia=1 + fi + +fi + + if test -z "$no_osfsia" ; then + if test -f /etc/sia/matrix.conf; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_OSF_SIA 1" >>confdefs.h + + +$as_echo "#define DISABLE_LOGIN 1" >>confdefs.h + + $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h + + LIBS="$LIBS -lsecurity -ldb -lm -laud" + SIA_MSG="yes" + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define LOCKED_PASSWD_SUBSTR \"Nologin\"" >>confdefs.h + + fi + fi + $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h + + $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h + + +$as_echo "#define BROKEN_READV_COMPARISON 1" >>confdefs.h + + ;; + +*-*-nto-qnx*) + $as_echo "#define USE_PIPES 1" >>confdefs.h + + $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h + + $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h + + $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h + + +$as_echo "#define BROKEN_SHADOW_EXPIRE 1" >>confdefs.h + + enable_etc_default_login=no # has incompatible /etc/default/login + case "$host" in + *-*-nto-qnx6*) + $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h + + ;; + esac + ;; + +*-*-ultrix*) + +$as_echo "#define BROKEN_GETGROUPS 1" >>confdefs.h + + +$as_echo "#define BROKEN_MMAP 1" >>confdefs.h + + $as_echo "#define NEED_SETPGRP 1" >>confdefs.h + + +$as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h + + ;; + +*-*-lynxos) + CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" + +$as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h + + ;; +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler and flags for sanity" >&5 +$as_echo_n "checking compiler and flags for sanity... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking compiler sanity" >&5 +$as_echo "$as_me: WARNING: cross compiling: not checking compiler sanity" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "*** compiler cannot create working executables, check config.log ***" "$LINENO" 5 + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +# Checks for libraries. +ac_fn_c_check_func "$LINENO" "yp_match" "ac_cv_func_yp_match" +if test "x$ac_cv_func_yp_match" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for yp_match in -lnsl" >&5 +$as_echo_n "checking for yp_match in -lnsl... " >&6; } +if ${ac_cv_lib_nsl_yp_match+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnsl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char yp_match (); +int +main () +{ +return yp_match (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_nsl_yp_match=yes +else + ac_cv_lib_nsl_yp_match=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_yp_match" >&5 +$as_echo "$ac_cv_lib_nsl_yp_match" >&6; } +if test "x$ac_cv_lib_nsl_yp_match" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBNSL 1 +_ACEOF + + LIBS="-lnsl $LIBS" + +fi + +fi + +ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt" +if test "x$ac_cv_func_setsockopt" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5 +$as_echo_n "checking for setsockopt in -lsocket... " >&6; } +if ${ac_cv_lib_socket_setsockopt+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsocket $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char setsockopt (); +int +main () +{ +return setsockopt (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_socket_setsockopt=yes +else + ac_cv_lib_socket_setsockopt=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5 +$as_echo "$ac_cv_lib_socket_setsockopt" >&6; } +if test "x$ac_cv_lib_socket_setsockopt" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBSOCKET 1 +_ACEOF + + LIBS="-lsocket $LIBS" + +fi + +fi + + +for ac_func in dirname +do : + ac_fn_c_check_func "$LINENO" "dirname" "ac_cv_func_dirname" +if test "x$ac_cv_func_dirname" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DIRNAME 1 +_ACEOF + for ac_header in libgen.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default" +if test "x$ac_cv_header_libgen_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBGEN_H 1 +_ACEOF + +fi + +done + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dirname in -lgen" >&5 +$as_echo_n "checking for dirname in -lgen... " >&6; } +if ${ac_cv_lib_gen_dirname+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgen $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dirname (); +int +main () +{ +return dirname (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_gen_dirname=yes +else + ac_cv_lib_gen_dirname=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_dirname" >&5 +$as_echo "$ac_cv_lib_gen_dirname" >&6; } +if test "x$ac_cv_lib_gen_dirname" = xyes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken dirname" >&5 +$as_echo_n "checking for broken dirname... " >&6; } +if ${ac_cv_have_broken_dirname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + save_LIBS="$LIBS" + LIBS="$LIBS -lgen" + if test "$cross_compiling" = yes; then : + ac_cv_have_broken_dirname="no" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int main(int argc, char **argv) { + char *s, buf[32]; + + strncpy(buf,"/etc", 32); + s = dirname(buf); + if (!s || strncmp(s, "/", 32) != 0) { + exit(1); + } else { + exit(0); + } +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_have_broken_dirname="no" +else + ac_cv_have_broken_dirname="yes" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + LIBS="$save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_broken_dirname" >&5 +$as_echo "$ac_cv_have_broken_dirname" >&6; } + if test "x$ac_cv_have_broken_dirname" = "xno" ; then + LIBS="$LIBS -lgen" + $as_echo "#define HAVE_DIRNAME 1" >>confdefs.h + + for ac_header in libgen.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default" +if test "x$ac_cv_header_libgen_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBGEN_H 1 +_ACEOF + +fi + +done + + fi + +fi + + +fi +done + + +ac_fn_c_check_func "$LINENO" "getspnam" "ac_cv_func_getspnam" +if test "x$ac_cv_func_getspnam" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getspnam in -lgen" >&5 +$as_echo_n "checking for getspnam in -lgen... " >&6; } +if ${ac_cv_lib_gen_getspnam+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgen $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char getspnam (); +int +main () +{ +return getspnam (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_gen_getspnam=yes +else + ac_cv_lib_gen_getspnam=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_getspnam" >&5 +$as_echo "$ac_cv_lib_gen_getspnam" >&6; } +if test "x$ac_cv_lib_gen_getspnam" = xyes; then : + LIBS="$LIBS -lgen" +fi + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing basename" >&5 +$as_echo_n "checking for library containing basename... " >&6; } +if ${ac_cv_search_basename+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char basename (); +int +main () +{ +return basename (); + ; + return 0; +} +_ACEOF +for ac_lib in '' gen; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_basename=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_basename+:} false; then : + break +fi +done +if ${ac_cv_search_basename+:} false; then : + +else + ac_cv_search_basename=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_basename" >&5 +$as_echo "$ac_cv_search_basename" >&6; } +ac_res=$ac_cv_search_basename +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define HAVE_BASENAME 1" >>confdefs.h + +fi + + + +# Check whether --with-zlib was given. +if test "${with_zlib+set}" = set; then : + withval=$with_zlib; if test "x$withval" = "xno" ; then + as_fn_error $? "*** zlib is required ***" "$LINENO" 5 + elif test "x$withval" != "xyes"; then + if test -d "$withval/lib"; then + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + else + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" + else + LDFLAGS="-L${withval} ${LDFLAGS}" + fi + fi + if test -d "$withval/include"; then + CPPFLAGS="-I${withval}/include ${CPPFLAGS}" + else + CPPFLAGS="-I${withval} ${CPPFLAGS}" + fi + fi + +fi + + +ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" +if test "x$ac_cv_header_zlib_h" = xyes; then : + +else + as_fn_error $? "*** zlib.h missing - please install first or check config.log ***" "$LINENO" 5 +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5 +$as_echo_n "checking for deflate in -lz... " >&6; } +if ${ac_cv_lib_z_deflate+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lz $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char deflate (); +int +main () +{ +return deflate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_z_deflate=yes +else + ac_cv_lib_z_deflate=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_deflate" >&5 +$as_echo "$ac_cv_lib_z_deflate" >&6; } +if test "x$ac_cv_lib_z_deflate" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBZ 1 +_ACEOF + + LIBS="-lz $LIBS" + +else + + saved_CPPFLAGS="$CPPFLAGS" + saved_LDFLAGS="$LDFLAGS" + save_LIBS="$LIBS" + if test -n "${need_dash_r}"; then + LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" + else + LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" + fi + CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" + LIBS="$LIBS -lz" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char deflate (); +int +main () +{ +return deflate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + $as_echo "#define HAVE_LIBZ 1" >>confdefs.h + +else + + as_fn_error $? "*** zlib missing - please install first or check config.log ***" "$LINENO" 5 + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + +fi + + + +# Check whether --with-zlib-version-check was given. +if test "${with_zlib_version_check+set}" = set; then : + withval=$with_zlib_version_check; if test "x$withval" = "xno" ; then + zlib_check_nonfatal=1 + fi + + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for possibly buggy zlib" >&5 +$as_echo_n "checking for possibly buggy zlib... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking zlib version" >&5 +$as_echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main () +{ + + int a=0, b=0, c=0, d=0, n, v; + n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); + if (n != 3 && n != 4) + exit(1); + v = a*1000000 + b*10000 + c*100 + d; + fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); + + /* 1.1.4 is OK */ + if (a == 1 && b == 1 && c >= 4) + exit(0); + + /* 1.2.3 and up are OK */ + if (v >= 1020300) + exit(0); + + exit(2); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + if test -z "$zlib_check_nonfatal" ; then + as_fn_error $? "*** zlib too old - check config.log *** +Your reported zlib version has known security problems. It's possible your +vendor has fixed these problems without changing the version number. If you +are sure this is the case, you can disable the check by running +\"./configure --without-zlib-version-check\". +If you are in doubt, upgrade zlib to version 1.2.3 or greater. +See http://www.gzip.org/zlib/ for details." "$LINENO" 5 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib version may have security problems" >&5 +$as_echo "$as_me: WARNING: zlib version may have security problems" >&2;} + fi + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp" +if test "x$ac_cv_func_strcasecmp" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lresolv" >&5 +$as_echo_n "checking for strcasecmp in -lresolv... " >&6; } +if ${ac_cv_lib_resolv_strcasecmp+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lresolv $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char strcasecmp (); +int +main () +{ +return strcasecmp (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_resolv_strcasecmp=yes +else + ac_cv_lib_resolv_strcasecmp=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_strcasecmp" >&5 +$as_echo "$ac_cv_lib_resolv_strcasecmp" >&6; } +if test "x$ac_cv_lib_resolv_strcasecmp" = xyes; then : + LIBS="$LIBS -lresolv" +fi + + +fi + +for ac_func in utimes +do : + ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes" +if test "x$ac_cv_func_utimes" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_UTIMES 1 +_ACEOF + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utimes in -lc89" >&5 +$as_echo_n "checking for utimes in -lc89... " >&6; } +if ${ac_cv_lib_c89_utimes+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lc89 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char utimes (); +int +main () +{ +return utimes (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_c89_utimes=yes +else + ac_cv_lib_c89_utimes=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_utimes" >&5 +$as_echo "$ac_cv_lib_c89_utimes" >&6; } +if test "x$ac_cv_lib_c89_utimes" = xyes; then : + $as_echo "#define HAVE_UTIMES 1" >>confdefs.h + + LIBS="$LIBS -lc89" +fi + + +fi +done + + +for ac_header in bsd/libutil.h libutil.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing fmt_scaled" >&5 +$as_echo_n "checking for library containing fmt_scaled... " >&6; } +if ${ac_cv_search_fmt_scaled+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char fmt_scaled (); +int +main () +{ +return fmt_scaled (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_fmt_scaled=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_fmt_scaled+:} false; then : + break +fi +done +if ${ac_cv_search_fmt_scaled+:} false; then : + +else + ac_cv_search_fmt_scaled=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_fmt_scaled" >&5 +$as_echo "$ac_cv_search_fmt_scaled" >&6; } +ac_res=$ac_cv_search_fmt_scaled +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing scan_scaled" >&5 +$as_echo_n "checking for library containing scan_scaled... " >&6; } +if ${ac_cv_search_scan_scaled+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char scan_scaled (); +int +main () +{ +return scan_scaled (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_scan_scaled=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_scan_scaled+:} false; then : + break +fi +done +if ${ac_cv_search_scan_scaled+:} false; then : + +else + ac_cv_search_scan_scaled=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_scan_scaled" >&5 +$as_echo "$ac_cv_search_scan_scaled" >&6; } +ac_res=$ac_cv_search_scan_scaled +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5 +$as_echo_n "checking for library containing login... " >&6; } +if ${ac_cv_search_login+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char login (); +int +main () +{ +return login (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_login=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_login+:} false; then : + break +fi +done +if ${ac_cv_search_login+:} false; then : + +else + ac_cv_search_login=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_login" >&5 +$as_echo "$ac_cv_search_login" >&6; } +ac_res=$ac_cv_search_login +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logout" >&5 +$as_echo_n "checking for library containing logout... " >&6; } +if ${ac_cv_search_logout+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char logout (); +int +main () +{ +return logout (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_logout=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_logout+:} false; then : + break +fi +done +if ${ac_cv_search_logout+:} false; then : + +else + ac_cv_search_logout=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logout" >&5 +$as_echo "$ac_cv_search_logout" >&6; } +ac_res=$ac_cv_search_logout +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logwtmp" >&5 +$as_echo_n "checking for library containing logwtmp... " >&6; } +if ${ac_cv_search_logwtmp+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char logwtmp (); +int +main () +{ +return logwtmp (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_logwtmp=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_logwtmp+:} false; then : + break +fi +done +if ${ac_cv_search_logwtmp+:} false; then : + +else + ac_cv_search_logwtmp=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logwtmp" >&5 +$as_echo "$ac_cv_search_logwtmp" >&6; } +ac_res=$ac_cv_search_logwtmp +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing openpty" >&5 +$as_echo_n "checking for library containing openpty... " >&6; } +if ${ac_cv_search_openpty+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char openpty (); +int +main () +{ +return openpty (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_openpty=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_openpty+:} false; then : + break +fi +done +if ${ac_cv_search_openpty+:} false; then : + +else + ac_cv_search_openpty=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_openpty" >&5 +$as_echo "$ac_cv_search_openpty" >&6; } +ac_res=$ac_cv_search_openpty +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing updwtmp" >&5 +$as_echo_n "checking for library containing updwtmp... " >&6; } +if ${ac_cv_search_updwtmp+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char updwtmp (); +int +main () +{ +return updwtmp (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_updwtmp=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_updwtmp+:} false; then : + break +fi +done +if ${ac_cv_search_updwtmp+:} false; then : + +else + ac_cv_search_updwtmp=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_updwtmp" >&5 +$as_echo "$ac_cv_search_updwtmp" >&6; } +ac_res=$ac_cv_search_updwtmp +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +for ac_func in fmt_scaled scan_scaled login logout openpty updwtmp logwtmp +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +# On some platforms, inet_ntop may be found in libresolv or libnsl. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntop" >&5 +$as_echo_n "checking for library containing inet_ntop... " >&6; } +if ${ac_cv_search_inet_ntop+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char inet_ntop (); +int +main () +{ +return inet_ntop (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv nsl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_inet_ntop=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_inet_ntop+:} false; then : + break +fi +done +if ${ac_cv_search_inet_ntop+:} false; then : + +else + ac_cv_search_inet_ntop=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntop" >&5 +$as_echo "$ac_cv_search_inet_ntop" >&6; } +ac_res=$ac_cv_search_inet_ntop +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + +for ac_func in strftime +do : + ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime" +if test "x$ac_cv_func_strftime" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STRFTIME 1 +_ACEOF + +else + # strftime is in -lintl on SCO UNIX. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5 +$as_echo_n "checking for strftime in -lintl... " >&6; } +if ${ac_cv_lib_intl_strftime+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lintl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char strftime (); +int +main () +{ +return strftime (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_intl_strftime=yes +else + ac_cv_lib_intl_strftime=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5 +$as_echo "$ac_cv_lib_intl_strftime" >&6; } +if test "x$ac_cv_lib_intl_strftime" = xyes; then : + $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h + +LIBS="-lintl $LIBS" +fi + +fi +done + + +# Check for ALTDIRFUNC glob() extension +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_ALTDIRFUNC support" >&5 +$as_echo_n "checking for GLOB_ALTDIRFUNC support... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #ifdef GLOB_ALTDIRFUNC + FOUNDIT + #endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "FOUNDIT" >/dev/null 2>&1; then : + + +$as_echo "#define GLOB_HAS_ALTDIRFUNC 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + +fi +rm -f conftest* + + +# Check for g.gl_matchc glob() extension +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_matchc field in glob_t" >&5 +$as_echo_n "checking for gl_matchc field in glob_t... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + glob_t g; g.gl_matchc = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + +$as_echo "#define GLOB_HAS_GL_MATCHC 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +# Check for g.gl_statv glob() extension +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_statv and GLOB_KEEPSTAT extensions for glob" >&5 +$as_echo_n "checking for gl_statv and GLOB_KEEPSTAT extensions for glob... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + +#ifndef GLOB_KEEPSTAT +#error "glob does not support GLOB_KEEPSTAT extension" +#endif +glob_t g; +g.gl_statv = NULL; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + +$as_echo "#define GLOB_HAS_GL_STATV 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +ac_fn_c_check_decl "$LINENO" "GLOB_NOMATCH" "ac_cv_have_decl_GLOB_NOMATCH" "#include +" +if test "x$ac_cv_have_decl_GLOB_NOMATCH" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GLOB_NOMATCH $ac_have_decl +_ACEOF + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct dirent allocates space for d_name" >&5 +$as_echo_n "checking whether struct dirent allocates space for d_name... " >&6; } +if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&2;} + $as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h + + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int +main () +{ + + struct dirent d; + exit(sizeof(d.d_name)<=sizeof(char)); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for /proc/pid/fd directory" >&5 +$as_echo_n "checking for /proc/pid/fd directory... " >&6; } +if test -d "/proc/$$/fd" ; then + +$as_echo "#define HAVE_PROC_PID 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + +# Check whether user wants S/Key support +SKEY_MSG="no" + +# Check whether --with-skey was given. +if test "${with_skey+set}" = set; then : + withval=$with_skey; + if test "x$withval" != "xno" ; then + + if test "x$withval" != "xyes" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + fi + + +$as_echo "#define SKEY 1" >>confdefs.h + + LIBS="-lskey $LIBS" + SKEY_MSG="yes" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for s/key support" >&5 +$as_echo_n "checking for s/key support... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + + char *ff = skey_keyinfo(""); ff=""; + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "** Incomplete or missing s/key libraries." "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if skeychallenge takes 4 arguments" >&5 +$as_echo_n "checking if skeychallenge takes 4 arguments... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + + (void)skeychallenge(NULL,"name","",0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define SKEYCHALLENGE_4ARG 1" >>confdefs.h + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + + +fi + + +# Check whether user wants to use ldns +LDNS_MSG="no" + +# Check whether --with-ldns was given. +if test "${with_ldns+set}" = set; then : + withval=$with_ldns; + if test "x$withval" != "xno" ; then + + if test "x$withval" != "xyes" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + fi + + +$as_echo "#define HAVE_LDNS 1" >>confdefs.h + + LIBS="-lldns $LIBS" + LDNS_MSG="yes" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5 +$as_echo_n "checking for ldns support... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } + + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "** Incomplete or missing ldns libraries." "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + + +fi + + +# Check whether user wants libedit support +LIBEDIT_MSG="no" + +# Check whether --with-libedit was given. +if test "${with_libedit+set}" = set; then : + withval=$with_libedit; if test "x$withval" != "xno" ; then + if test "x$withval" = "xyes" ; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKGCONFIG=$ac_cv_path_PKGCONFIG +if test -n "$PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 +$as_echo "$PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKGCONFIG"; then + ac_pt_PKGCONFIG=$PKGCONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG +if test -n "$ac_pt_PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 +$as_echo "$ac_pt_PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKGCONFIG" = x; then + PKGCONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKGCONFIG=$ac_pt_PKGCONFIG + fi +else + PKGCONFIG="$ac_cv_path_PKGCONFIG" +fi + + if test "x$PKGCONFIG" != "xno"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5 +$as_echo_n "checking if $PKGCONFIG knows about libedit... " >&6; } + if "$PKGCONFIG" libedit; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + use_pkgconfig_for_libedit=yes + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + fi + else + CPPFLAGS="$CPPFLAGS -I${withval}/include" + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + fi + if test "x$use_pkgconfig_for_libedit" = "xyes"; then + LIBEDIT=`$PKGCONFIG --libs libedit` + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" + else + LIBEDIT="-ledit -lcurses" + fi + OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for el_init in -ledit" >&5 +$as_echo_n "checking for el_init in -ledit... " >&6; } +if ${ac_cv_lib_edit_el_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ledit $OTHERLIBS + $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char el_init (); +int +main () +{ +return el_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_edit_el_init=yes +else + ac_cv_lib_edit_el_init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_edit_el_init" >&5 +$as_echo "$ac_cv_lib_edit_el_init" >&6; } +if test "x$ac_cv_lib_edit_el_init" = xyes; then : + +$as_echo "#define USE_LIBEDIT 1" >>confdefs.h + + LIBEDIT_MSG="yes" + + +else + as_fn_error $? "libedit not found" "$LINENO" 5 +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libedit version is compatible" >&5 +$as_echo_n "checking if libedit version is compatible... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + + int i = H_SETSIZE; + el_init("", NULL, NULL, NULL); + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "libedit version is not compatible" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + +fi + + +AUDIT_MODULE=none + +# Check whether --with-audit was given. +if test "${with_audit+set}" = set; then : + withval=$with_audit; + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for supported audit module" >&5 +$as_echo_n "checking for supported audit module... " >&6; } + case "$withval" in + bsm) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: bsm" >&5 +$as_echo "bsm" >&6; } + AUDIT_MODULE=bsm + for ac_header in bsm/audit.h +do : + ac_fn_c_check_header_compile "$LINENO" "bsm/audit.h" "ac_cv_header_bsm_audit_h" " +#ifdef HAVE_TIME_H +# include +#endif + + +" +if test "x$ac_cv_header_bsm_audit_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_BSM_AUDIT_H 1 +_ACEOF + +else + as_fn_error $? "BSM enabled and bsm/audit.h not found" "$LINENO" 5 +fi + +done + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaudit in -lbsm" >&5 +$as_echo_n "checking for getaudit in -lbsm... " >&6; } +if ${ac_cv_lib_bsm_getaudit+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lbsm $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char getaudit (); +int +main () +{ +return getaudit (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_bsm_getaudit=yes +else + ac_cv_lib_bsm_getaudit=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsm_getaudit" >&5 +$as_echo "$ac_cv_lib_bsm_getaudit" >&6; } +if test "x$ac_cv_lib_bsm_getaudit" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBBSM 1 +_ACEOF + + LIBS="-lbsm $LIBS" + +else + as_fn_error $? "BSM enabled and required library not found" "$LINENO" 5 +fi + + for ac_func in getaudit +do : + ac_fn_c_check_func "$LINENO" "getaudit" "ac_cv_func_getaudit" +if test "x$ac_cv_func_getaudit" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETAUDIT 1 +_ACEOF + +else + as_fn_error $? "BSM enabled and required function not found" "$LINENO" 5 +fi +done + + # These are optional + for ac_func in getaudit_addr aug_get_machine +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +$as_echo "#define USE_BSM_AUDIT 1" >>confdefs.h + + if test "$sol2ver" -ge 11; then + SSHDLIBS="$SSHDLIBS -lscf" + +$as_echo "#define BROKEN_BSM_API 1" >>confdefs.h + + fi + ;; + linux) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: linux" >&5 +$as_echo "linux" >&6; } + AUDIT_MODULE=linux + for ac_header in libaudit.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "libaudit.h" "ac_cv_header_libaudit_h" "$ac_includes_default" +if test "x$ac_cv_header_libaudit_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBAUDIT_H 1 +_ACEOF + +fi + +done + + SSHDLIBS="$SSHDLIBS -laudit" + +$as_echo "#define USE_LINUX_AUDIT 1" >>confdefs.h + + ;; + debug) + AUDIT_MODULE=debug + { $as_echo "$as_me:${as_lineno-$LINENO}: result: debug" >&5 +$as_echo "debug" >&6; } + +$as_echo "#define SSH_AUDIT_EVENTS 1" >>confdefs.h + + ;; + no) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + *) + as_fn_error $? "Unknown audit module $withval" "$LINENO" 5 + ;; + esac + +fi + + + +# Check whether --with-pie was given. +if test "${with_pie+set}" = set; then : + withval=$with_pie; + if test "x$withval" = "xno"; then + use_pie=no + fi + if test "x$withval" = "xyes"; then + use_pie=yes + fi + + +fi + +if test "x$use_pie" = "x"; then + use_pie=no +fi +if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then + # Turn off automatic PIE when toolchain hardening is off. + use_pie=no +fi +if test "x$use_pie" = "xauto"; then + # Automatic PIE requires gcc >= 4.x + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcc >= 4.x" >&5 +$as_echo_n "checking for gcc >= 4.x... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if !defined(__GNUC__) || __GNUC__ < 4 +#error gcc is too old +#endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + use_pie=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +if test "x$use_pie" != "xno"; then + SAVED_CFLAGS="$CFLAGS" + SAVED_LDFLAGS="$LDFLAGS" + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fPIE" >&5 +$as_echo_n "checking if $CC supports compile flag -fPIE... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -fPIE" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-fPIE" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -pie" >&5 +$as_echo_n "checking if $LD supports link flag -pie... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -pie" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-pie" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LDFLAGS="$saved_LDFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +} + # We use both -fPIE and -pie or neither. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether both -fPIE and -pie are supported" >&5 +$as_echo_n "checking whether both -fPIE and -pie are supported... " >&6; } + if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ + echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$SAVED_CFLAGS" + LDFLAGS="$SAVED_LDFLAGS" + fi +fi + +for ac_func in \ + Blowfish_initstate \ + Blowfish_expandstate \ + Blowfish_expand0state \ + Blowfish_stream2word \ + asprintf \ + b64_ntop \ + __b64_ntop \ + b64_pton \ + __b64_pton \ + bcopy \ + bcrypt_pbkdf \ + bindresvport_sa \ + blf_enc \ + cap_rights_limit \ + clock \ + closefrom \ + dirfd \ + endgrent \ + explicit_bzero \ + fchmod \ + fchown \ + freeaddrinfo \ + fstatfs \ + fstatvfs \ + futimes \ + getaddrinfo \ + getcwd \ + getgrouplist \ + getnameinfo \ + getopt \ + getpeereid \ + getpeerucred \ + getpgid \ + getpgrp \ + _getpty \ + getrlimit \ + getttyent \ + glob \ + group_from_gid \ + inet_aton \ + inet_ntoa \ + inet_ntop \ + innetgr \ + login_getcapbool \ + mblen \ + md5_crypt \ + memmove \ + memset_s \ + mkdtemp \ + mmap \ + ngetaddrinfo \ + nsleep \ + ogetaddrinfo \ + openlog_r \ + poll \ + prctl \ + pstat \ + readpassphrase \ + reallocarray \ + recvmsg \ + rresvport_af \ + sendmsg \ + setdtablesize \ + setegid \ + setenv \ + seteuid \ + setgroupent \ + setgroups \ + setlinebuf \ + setlogin \ + setpassent\ + setpcred \ + setproctitle \ + setregid \ + setreuid \ + setrlimit \ + setsid \ + setvbuf \ + sigaction \ + sigvec \ + snprintf \ + socketpair \ + statfs \ + statvfs \ + strdup \ + strerror \ + strlcat \ + strlcpy \ + strmode \ + strnlen \ + strnvis \ + strptime \ + strtonum \ + strtoll \ + strtoul \ + strtoull \ + swap32 \ + sysconf \ + tcgetpgrp \ + timingsafe_bcmp \ + truncate \ + unsetenv \ + updwtmpx \ + user_from_uid \ + usleep \ + vasprintf \ + vsnprintf \ + waitpid \ + +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + return (isblank('a')); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +$as_echo "#define HAVE_ISBLANK 1" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +# PKCS11 depends on OpenSSL. +if test "x$openssl" = "xyes" ; then + # PKCS#11 support requires dlopen() and co + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 +$as_echo_n "checking for library containing dlopen... " >&6; } +if ${ac_cv_search_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +for ac_lib in '' dl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_dlopen=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_dlopen+:} false; then : + break +fi +done +if ${ac_cv_search_dlopen+:} false; then : + +else + ac_cv_search_dlopen=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 +$as_echo "$ac_cv_search_dlopen" >&6; } +ac_res=$ac_cv_search_dlopen +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define ENABLE_PKCS11 /**/" >>confdefs.h + + +fi + +fi + +# IRIX has a const char return value for gai_strerror() +for ac_func in gai_strerror +do : + ac_fn_c_check_func "$LINENO" "gai_strerror" "ac_cv_func_gai_strerror" +if test "x$ac_cv_func_gai_strerror" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GAI_STRERROR 1 +_ACEOF + + $as_echo "#define HAVE_GAI_STRERROR 1" >>confdefs.h + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +const char *gai_strerror(int); + +int +main () +{ + + char *str; + str = gai_strerror(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + +$as_echo "#define HAVE_CONST_GAI_STRERROR_PROTO 1" >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +done + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing nanosleep" >&5 +$as_echo_n "checking for library containing nanosleep... " >&6; } +if ${ac_cv_search_nanosleep+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char nanosleep (); +int +main () +{ +return nanosleep (); + ; + return 0; +} +_ACEOF +for ac_lib in '' rt posix4; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_nanosleep=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_nanosleep+:} false; then : + break +fi +done +if ${ac_cv_search_nanosleep+:} false; then : + +else + ac_cv_search_nanosleep=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_nanosleep" >&5 +$as_echo "$ac_cv_search_nanosleep" >&6; } +ac_res=$ac_cv_search_nanosleep +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 +$as_echo_n "checking for library containing clock_gettime... " >&6; } +if ${ac_cv_search_clock_gettime+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char clock_gettime (); +int +main () +{ +return clock_gettime (); + ; + return 0; +} +_ACEOF +for ac_lib in '' rt; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_clock_gettime=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_clock_gettime+:} false; then : + break +fi +done +if ${ac_cv_search_clock_gettime+:} false; then : + +else + ac_cv_search_clock_gettime=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 +$as_echo "$ac_cv_search_clock_gettime" >&6; } +ac_res=$ac_cv_search_clock_gettime +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h + +fi + + +ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default" +if test "x$ac_cv_have_decl_getrusage" = xyes; then : + for ac_func in getrusage +do : + ac_fn_c_check_func "$LINENO" "getrusage" "ac_cv_func_getrusage" +if test "x$ac_cv_func_getrusage" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETRUSAGE 1 +_ACEOF + +fi +done + +fi + +ac_fn_c_check_decl "$LINENO" "strsep" "ac_cv_have_decl_strsep" " +#ifdef HAVE_STRING_H +# include +#endif + +" +if test "x$ac_cv_have_decl_strsep" = xyes; then : + for ac_func in strsep +do : + ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep" +if test "x$ac_cv_func_strsep" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STRSEP 1 +_ACEOF + +fi +done + +fi + + +ac_fn_c_check_decl "$LINENO" "tcsendbreak" "ac_cv_have_decl_tcsendbreak" "#include + +" +if test "x$ac_cv_have_decl_tcsendbreak" = xyes; then : + $as_echo "#define HAVE_TCSENDBREAK 1" >>confdefs.h + +else + for ac_func in tcsendbreak +do : + ac_fn_c_check_func "$LINENO" "tcsendbreak" "ac_cv_func_tcsendbreak" +if test "x$ac_cv_func_tcsendbreak" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_TCSENDBREAK 1 +_ACEOF + +fi +done + +fi + + +ac_fn_c_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" "#include +" +if test "x$ac_cv_have_decl_h_errno" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_H_ERRNO $ac_have_decl +_ACEOF + + +ac_fn_c_check_decl "$LINENO" "SHUT_RD" "ac_cv_have_decl_SHUT_RD" " +#include +#include + +" +if test "x$ac_cv_have_decl_SHUT_RD" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SHUT_RD $ac_have_decl +_ACEOF + + +ac_fn_c_check_decl "$LINENO" "O_NONBLOCK" "ac_cv_have_decl_O_NONBLOCK" " +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef HAVE_FCNTL_H +# include +#endif + +" +if test "x$ac_cv_have_decl_O_NONBLOCK" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_O_NONBLOCK $ac_have_decl +_ACEOF + + +ac_fn_c_check_decl "$LINENO" "writev" "ac_cv_have_decl_writev" " +#include +#include +#include + +" +if test "x$ac_cv_have_decl_writev" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_WRITEV $ac_have_decl +_ACEOF + + +ac_fn_c_check_decl "$LINENO" "MAXSYMLINKS" "ac_cv_have_decl_MAXSYMLINKS" " +#include + +" +if test "x$ac_cv_have_decl_MAXSYMLINKS" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_MAXSYMLINKS $ac_have_decl +_ACEOF + + +ac_fn_c_check_decl "$LINENO" "offsetof" "ac_cv_have_decl_offsetof" " +#include + +" +if test "x$ac_cv_have_decl_offsetof" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_OFFSETOF $ac_have_decl +_ACEOF + + +# extra bits for select(2) +ac_fn_c_check_decl "$LINENO" "howmany" "ac_cv_have_decl_howmany" " +#include +#include +#ifdef HAVE_SYS_SYSMACROS_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + +" +if test "x$ac_cv_have_decl_howmany" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_HOWMANY $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "NFDBITS" "ac_cv_have_decl_NFDBITS" " +#include +#include +#ifdef HAVE_SYS_SYSMACROS_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + +" +if test "x$ac_cv_have_decl_NFDBITS" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_NFDBITS $ac_have_decl +_ACEOF + +ac_fn_c_check_type "$LINENO" "fd_mask" "ac_cv_type_fd_mask" " +#include +#include +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + +" +if test "x$ac_cv_type_fd_mask" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_FD_MASK 1 +_ACEOF + + +fi + + +for ac_func in setresuid +do : + ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" +if test "x$ac_cv_func_setresuid" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SETRESUID 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresuid seems to work" >&5 +$as_echo_n "checking if setresuid seems to work... " >&6; } + if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5 +$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + + errno=0; + setresuid(0,0,0); + if (errno==ENOSYS) + exit(1); + else + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + +$as_echo "#define BROKEN_SETRESUID 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5 +$as_echo "not implemented" >&6; } +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +done + + +for ac_func in setresgid +do : + ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid" +if test "x$ac_cv_func_setresgid" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SETRESGID 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresgid seems to work" >&5 +$as_echo_n "checking if setresgid seems to work... " >&6; } + if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5 +$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + + errno=0; + setresgid(0,0,0); + if (errno==ENOSYS) + exit(1); + else + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + +$as_echo "#define BROKEN_SETRESGID 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5 +$as_echo "not implemented" >&6; } +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +done + + +for ac_func in realpath +do : + ac_fn_c_check_func "$LINENO" "realpath" "ac_cv_func_realpath" +if test "x$ac_cv_func_realpath" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_REALPATH 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if realpath works with non-existent files" >&5 +$as_echo_n "checking if realpath works with non-existent files... " >&6; } + if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming working" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming working" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main () +{ + + char buf[PATH_MAX]; + if (realpath("/opensshnonexistentfilename1234", buf) == NULL) + if (errno == ENOENT) + exit(1); + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + +$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +done + + +for ac_func in gettimeofday time +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +for ac_func in endutent getutent getutid getutline pututline setutent +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +for ac_func in utmpname +do : + ac_fn_c_check_func "$LINENO" "utmpname" "ac_cv_func_utmpname" +if test "x$ac_cv_func_utmpname" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_UTMPNAME 1 +_ACEOF + +fi +done + +for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +for ac_func in setutxdb setutxent utmpxname +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +for ac_func in getlastlogxbyname +do : + ac_fn_c_check_func "$LINENO" "getlastlogxbyname" "ac_cv_func_getlastlogxbyname" +if test "x$ac_cv_func_getlastlogxbyname" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETLASTLOGXBYNAME 1 +_ACEOF + +fi +done + + +ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon" +if test "x$ac_cv_func_daemon" = xyes; then : + +$as_echo "#define HAVE_DAEMON 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for daemon in -lbsd" >&5 +$as_echo_n "checking for daemon in -lbsd... " >&6; } +if ${ac_cv_lib_bsd_daemon+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lbsd $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char daemon (); +int +main () +{ +return daemon (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_bsd_daemon=yes +else + ac_cv_lib_bsd_daemon=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_daemon" >&5 +$as_echo "$ac_cv_lib_bsd_daemon" >&6; } +if test "x$ac_cv_lib_bsd_daemon" = xyes; then : + LIBS="$LIBS -lbsd"; $as_echo "#define HAVE_DAEMON 1" >>confdefs.h + +fi + + +fi + + +ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize" +if test "x$ac_cv_func_getpagesize" = xyes; then : + +$as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpagesize in -lucb" >&5 +$as_echo_n "checking for getpagesize in -lucb... " >&6; } +if ${ac_cv_lib_ucb_getpagesize+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lucb $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char getpagesize (); +int +main () +{ +return getpagesize (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_ucb_getpagesize=yes +else + ac_cv_lib_ucb_getpagesize=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ucb_getpagesize" >&5 +$as_echo "$ac_cv_lib_ucb_getpagesize" >&6; } +if test "x$ac_cv_lib_ucb_getpagesize" = xyes; then : + LIBS="$LIBS -lucb"; $as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h + +fi + + +fi + + +# Check for broken snprintf +if test "x$ac_cv_func_snprintf" = "xyes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf correctly terminates long strings" >&5 +$as_echo_n "checking whether snprintf correctly terminates long strings... " >&6; } + if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 +$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + + char b[5]; + snprintf(b,5,"123456789"); + exit(b[4]!='\0'); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5 +$as_echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;} + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +# We depend on vsnprintf returning the right thing on overflow: the +# number of characters it tried to create (as per SUSv3) +if test "x$ac_cv_func_vsnprintf" = "xyes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether vsnprintf returns correct values on overflow" >&5 +$as_echo_n "checking whether vsnprintf returns correct values on overflow... " >&6; } + if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working vsnprintf()" >&5 +$as_echo "$as_me: WARNING: cross compiling: Assuming working vsnprintf()" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int x_snprintf(char *str, size_t count, const char *fmt, ...) +{ + size_t ret; + va_list ap; + + va_start(ap, fmt); + ret = vsnprintf(str, count, fmt, ap); + va_end(ap); + return ret; +} + +int +main () +{ + +char x[1]; +if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) + return 1; +if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) + return 1; +return 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&5 +$as_echo "$as_me: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&2;} + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +# On systems where [v]snprintf is broken, but is declared in stdio, +# check that the fmt argument is const char * or just char *. +# This is only useful for when BROKEN_SNPRINTF +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf can declare const char *fmt" >&5 +$as_echo_n "checking whether snprintf can declare const char *fmt... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +int snprintf(char *a, size_t b, const char *c, ...) { return 0; } + +int +main () +{ + + snprintf(0, 0, 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define SNPRINTF_CONST const" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + $as_echo "#define SNPRINTF_CONST /* not const */" >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +# Check for missing getpeereid (or equiv) support +NO_PEERCHECK="" +if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether system supports SO_PEERCRED getsockopt" >&5 +$as_echo_n "checking whether system supports SO_PEERCRED getsockopt... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int +main () +{ +int i = SO_PEERCRED; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_SO_PEERCRED 1" >>confdefs.h + + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + NO_PEERCHECK=1 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +if test "x$ac_cv_func_mkdtemp" = "xyes" ; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for (overly) strict mkstemp" >&5 +$as_echo_n "checking for (overly) strict mkstemp... " >&6; } +if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + $as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h + + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main () +{ + + char template[]="conftest.mkstemp-test"; + if (mkstemp(template) == -1) + exit(1); + unlink(template); + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +if test ! -z "$check_for_openpty_ctty_bug"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if openpty correctly handles controlling tty" >&5 +$as_echo_n "checking if openpty correctly handles controlling tty... " >&6; } + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5 +$as_echo "cross-compiling, assuming yes" >&6; } + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include + +int +main () +{ + + pid_t pid; + int fd, ptyfd, ttyfd, status; + + pid = fork(); + if (pid < 0) { /* failed */ + exit(1); + } else if (pid > 0) { /* parent */ + waitpid(pid, &status, 0); + if (WIFEXITED(status)) + exit(WEXITSTATUS(status)); + else + exit(2); + } else { /* child */ + close(0); close(1); close(2); + setsid(); + openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); + fd = open("/dev/tty", O_RDWR | O_NOCTTY); + if (fd >= 0) + exit(3); /* Acquired ctty: broken */ + else + exit(0); /* Did not acquire ctty: OK */ + } + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ + test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5 +$as_echo_n "checking if getaddrinfo seems to work... " >&6; } + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5 +$as_echo "cross-compiling, assuming yes" >&6; } + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include + +#define TEST_PORT "2222" + +int +main () +{ + + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (err != 0) { + if (err == EAI_SYSTEM) + perror("getnameinfo EAI_SYSTEM"); + else + fprintf(stderr, "getnameinfo failed: %s\n", + gai_strerror(err)); + exit(2); + } + + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + if (sock < 0) + perror("socket"); + if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (errno == EBADF) + exit(3); + } + } + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ + test "x$check_for_aix_broken_getaddrinfo" = "x1"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5 +$as_echo_n "checking if getaddrinfo seems to work... " >&6; } + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming no" >&5 +$as_echo "cross-compiling, assuming no" >&6; } + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include + +#define TEST_PORT "2222" + +int +main () +{ + + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (ai->ai_family == AF_INET && err != 0) { + perror("getnameinfo"); + exit(2); + } + } + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define AIX_GETNAMEINFO_HACK 1" >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +if test "x$ac_cv_func_getaddrinfo" = "xyes"; then + ac_fn_c_check_decl "$LINENO" "AI_NUMERICSERV" "ac_cv_have_decl_AI_NUMERICSERV" "#include + #include + #include +" +if test "x$ac_cv_have_decl_AI_NUMERICSERV" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_AI_NUMERICSERV $ac_have_decl +_ACEOF + +fi + +if test "x$check_for_conflicting_getspnam" = "x1"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for conflicting getspnam in shadow.h" >&5 +$as_echo_n "checking for conflicting getspnam in shadow.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define GETSPNAM_CONFLICTING_DEFS 1" >>confdefs.h + + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getpgrp requires zero arguments" >&5 +$as_echo_n "checking whether getpgrp requires zero arguments... " >&6; } +if ${ac_cv_func_getpgrp_void+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Use it with a single arg. +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +getpgrp (0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_func_getpgrp_void=no +else + ac_cv_func_getpgrp_void=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpgrp_void" >&5 +$as_echo "$ac_cv_func_getpgrp_void" >&6; } +if test $ac_cv_func_getpgrp_void = yes; then + +$as_echo "#define GETPGRP_VOID 1" >>confdefs.h + +fi + + +# Search for OpenSSL +saved_CPPFLAGS="$CPPFLAGS" +saved_LDFLAGS="$LDFLAGS" + +# Check whether --with-ssl-dir was given. +if test "${with_ssl_dir+set}" = set; then : + withval=$with_ssl_dir; + if test "x$openssl" = "xno" ; then + as_fn_error $? "cannot use --with-openssl when OpenSSL disabled" "$LINENO" 5 + fi + if test "x$withval" != "xno" ; then + case "$withval" in + # Relative paths + ./*|../*) withval="`pwd`/$withval" + esac + if test -d "$withval/lib"; then + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + elif test -d "$withval/lib64"; then + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" + fi + else + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" + else + LDFLAGS="-L${withval} ${LDFLAGS}" + fi + fi + if test -d "$withval/include"; then + CPPFLAGS="-I${withval}/include ${CPPFLAGS}" + else + CPPFLAGS="-I${withval} ${CPPFLAGS}" + fi + fi + + +fi + + + +# Check whether --with-openssl-header-check was given. +if test "${with_openssl_header_check+set}" = set; then : + withval=$with_openssl_header_check; + if test "x$withval" = "xno" ; then + openssl_check_nonfatal=1 + fi + + +fi + + +openssl_engine=no + +# Check whether --with-ssl-engine was given. +if test "${with_ssl_engine+set}" = set; then : + withval=$with_ssl_engine; + if test "x$openssl" = "xno" ; then + as_fn_error $? "cannot use --with-ssl-engine when OpenSSL disabled" "$LINENO" 5 + fi + if test "x$withval" != "xno" ; then + openssl_engine=yes + fi + + +fi + + +if test "x$openssl" = "xyes" ; then + LIBS="-lcrypto $LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char RAND_add (); +int +main () +{ +return RAND_add (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h + +else + + if test -n "${need_dash_r}"; then + LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" + else + LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" + fi + CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" + ac_fn_c_check_header_mongrel "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_opensslv_h" = xyes; then : + +else + as_fn_error $? "*** OpenSSL headers missing - please install first or check config.log ***" "$LINENO" 5 +fi + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char RAND_add (); +int +main () +{ +return RAND_add (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h + +else + + as_fn_error $? "*** Can't find recent OpenSSL libcrypto (see config.log for details) ***" "$LINENO" 5 + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + # Determine OpenSSL header version + { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL header version" >&5 +$as_echo_n "checking OpenSSL header version... " >&6; } + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 +$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #define DATA "conftest.sslincver" + +int +main () +{ + + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) + exit(1); + + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + ssl_header_ver=`cat conftest.sslincver` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_header_ver" >&5 +$as_echo "$ssl_header_ver" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +$as_echo "not found" >&6; } + as_fn_error $? "OpenSSL version header not found." "$LINENO" 5 + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + # Determine OpenSSL library version + { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5 +$as_echo_n "checking OpenSSL library version... " >&6; } + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 +$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #define OPENSSL_API_COMPAT 0x10000000L + #include + #include + #define DATA "conftest.ssllibver" + +int +main () +{ + + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), + SSLeay_version(SSLEAY_VERSION))) <0) + exit(1); + + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + ssl_library_ver=`cat conftest.ssllibver` + # Check version is supported. + case "$ssl_library_ver" in + 0090[0-7]*|009080[0-5]*) + as_fn_error $? "OpenSSL >= 0.9.8f required (have \"$ssl_library_ver\")" "$LINENO" 5 + ;; + *) ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5 +$as_echo "$ssl_library_ver" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +$as_echo "not found" >&6; } + as_fn_error $? "OpenSSL library not found." "$LINENO" 5 + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + # Sanity check OpenSSL headers + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's headers match the library" >&5 +$as_echo_n "checking whether OpenSSL's headers match the library... " >&6; } + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 +$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #define OPENSSL_API_COMPAT 0x10000000L + #include + #include + +int +main () +{ + + exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + if test "x$openssl_check_nonfatal" = "x"; then + as_fn_error $? "Your OpenSSL headers do not match your + library. Check config.log for details. + If you are sure your installation is consistent, you can disable the check + by running \"./configure --without-openssl-header-check\". + Also see contrib/findssl.sh for help identifying header/library mismatches. + " "$LINENO" 5 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your OpenSSL headers do not match your + library. Check config.log for details. + Also see contrib/findssl.sh for help identifying header/library mismatches." >&5 +$as_echo "$as_me: WARNING: Your OpenSSL headers do not match your + library. Check config.log for details. + Also see contrib/findssl.sh for help identifying header/library mismatches." >&2;} + fi + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL functions will link" >&5 +$as_echo_n "checking if programs using OpenSSL functions will link... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define OPENSSL_API_COMPAT 0x10000000L + #include + +int +main () +{ + SSLeay_add_all_algorithms(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + saved_LIBS="$LIBS" + LIBS="$LIBS -ldl" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL need -ldl" >&5 +$as_echo_n "checking if programs using OpenSSL need -ldl... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + SSLeay_add_all_algorithms(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LIBS="$saved_LIBS" + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + for ac_func in \ + BN_is_prime_ex \ + DSA_generate_parameters_ex \ + EVP_DigestInit_ex \ + EVP_DigestFinal_ex \ + EVP_MD_CTX_init \ + EVP_MD_CTX_cleanup \ + EVP_MD_CTX_copy_ex \ + HMAC_CTX_init \ + RSA_generate_key_ex \ + RSA_get_default_method \ + +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + + if test "x$openssl_engine" = "xyes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ENGINE support" >&5 +$as_echo_n "checking for OpenSSL ENGINE support... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +int +main () +{ + + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define USE_OPENSSL_ENGINE 1" >>confdefs.h + + +else + as_fn_error $? "OpenSSL ENGINE support not found" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + + # Check for OpenSSL without EVP_aes_{192,256}_cbc + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has crippled AES support" >&5 +$as_echo_n "checking whether OpenSSL has crippled AES support... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + +int +main () +{ + + exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define OPENSSL_LOBOTOMISED_AES 1" >>confdefs.h + + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + # Check for OpenSSL with EVP_aes_*ctr + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES CTR via EVP" >&5 +$as_echo_n "checking whether OpenSSL has AES CTR via EVP... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + +int +main () +{ + + exit(EVP_aes_128_ctr() == NULL || + EVP_aes_192_cbc() == NULL || + EVP_aes_256_cbc() == NULL); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define OPENSSL_HAVE_EVPCTR 1" >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + # Check for OpenSSL with EVP_aes_*gcm + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES GCM via EVP" >&5 +$as_echo_n "checking whether OpenSSL has AES GCM via EVP... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + +int +main () +{ + + exit(EVP_aes_128_gcm() == NULL || + EVP_aes_256_gcm() == NULL || + EVP_CTRL_GCM_SET_IV_FIXED == 0 || + EVP_CTRL_GCM_IV_GEN == 0 || + EVP_CTRL_GCM_SET_TAG == 0 || + EVP_CTRL_GCM_GET_TAG == 0 || + EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define OPENSSL_HAVE_EVPGCM 1" >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + unsupported_algorithms="$unsupported_cipers \ + aes128-gcm@openssh.com aes256-gcm@openssh.com" + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_CIPHER_CTX_ctrl" >&5 +$as_echo_n "checking for library containing EVP_CIPHER_CTX_ctrl... " >&6; } +if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char EVP_CIPHER_CTX_ctrl (); +int +main () +{ +return EVP_CIPHER_CTX_ctrl (); + ; + return 0; +} +_ACEOF +for ac_lib in '' crypto; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_EVP_CIPHER_CTX_ctrl=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then : + break +fi +done +if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then : + +else + ac_cv_search_EVP_CIPHER_CTX_ctrl=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_CIPHER_CTX_ctrl" >&5 +$as_echo "$ac_cv_search_EVP_CIPHER_CTX_ctrl" >&6; } +ac_res=$ac_cv_search_EVP_CIPHER_CTX_ctrl +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define HAVE_EVP_CIPHER_CTX_CTRL 1" >>confdefs.h + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if EVP_DigestUpdate returns an int" >&5 +$as_echo_n "checking if EVP_DigestUpdate returns an int... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + +int +main () +{ + + if(EVP_DigestUpdate(NULL, NULL,0)) + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define OPENSSL_EVP_DIGESTUPDATE_VOID 1" >>confdefs.h + + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, + # because the system crypt() is more featureful. + if test "x$check_for_libcrypt_before" = "x1"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 +$as_echo_n "checking for crypt in -lcrypt... " >&6; } +if ${ac_cv_lib_crypt_crypt+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypt $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char crypt (); +int +main () +{ +return crypt (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_crypt_crypt=yes +else + ac_cv_lib_crypt_crypt=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 +$as_echo "$ac_cv_lib_crypt_crypt" >&6; } +if test "x$ac_cv_lib_crypt_crypt" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBCRYPT 1 +_ACEOF + + LIBS="-lcrypt $LIBS" + +fi + + fi + + # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the + # version in OpenSSL. + if test "x$check_for_libcrypt_later" = "x1"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 +$as_echo_n "checking for crypt in -lcrypt... " >&6; } +if ${ac_cv_lib_crypt_crypt+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypt $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char crypt (); +int +main () +{ +return crypt (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_crypt_crypt=yes +else + ac_cv_lib_crypt_crypt=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 +$as_echo "$ac_cv_lib_crypt_crypt" >&6; } +if test "x$ac_cv_lib_crypt_crypt" = xyes; then : + LIBS="$LIBS -lcrypt" +fi + + fi + for ac_func in crypt DES_crypt +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + + # Search for SHA256 support in libc and/or OpenSSL + for ac_func in SHA256_Update EVP_sha256 +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +else + unsupported_algorithms="$unsupported_algorithms \ + hmac-sha2-256 hmac-sha2-512 \ + diffie-hellman-group-exchange-sha256 \ + hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" + + +fi +done + + # Search for RIPE-MD support in OpenSSL + for ac_func in EVP_ripemd160 +do : + ac_fn_c_check_func "$LINENO" "EVP_ripemd160" "ac_cv_func_EVP_ripemd160" +if test "x$ac_cv_func_EVP_ripemd160" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_EVP_RIPEMD160 1 +_ACEOF + +else + unsupported_algorithms="$unsupported_algorithms \ + hmac-ripemd160 + hmac-ripemd160@openssh.com + hmac-ripemd160-etm@openssh.com" + + +fi +done + + + # Check complete ECC support in OpenSSL + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_X9_62_prime256v1" >&5 +$as_echo_n "checking whether OpenSSL has NID_X9_62_prime256v1... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ + # error "OpenSSL < 0.9.8g has unreliable ECC code" + #endif + +int +main () +{ + + EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + const EVP_MD *m = EVP_sha256(); /* We need this too */ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + enable_nistp256=1 +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp384r1" >&5 +$as_echo_n "checking whether OpenSSL has NID_secp384r1... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ + # error "OpenSSL < 0.9.8g has unreliable ECC code" + #endif + +int +main () +{ + + EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); + const EVP_MD *m = EVP_sha384(); /* We need this too */ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + enable_nistp384=1 +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp521r1" >&5 +$as_echo_n "checking whether OpenSSL has NID_secp521r1... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ + # error "OpenSSL < 0.9.8g has unreliable ECC code" + #endif + +int +main () +{ + + EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); + const EVP_MD *m = EVP_sha512(); /* We need this too */ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if OpenSSL's NID_secp521r1 is functional" >&5 +$as_echo_n "checking if OpenSSL's NID_secp521r1 is functional... " >&6; } + if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compiling: assuming yes" >&5 +$as_echo "$as_me: WARNING: cross-compiling: assuming yes" >&2;} + enable_nistp521=1 + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + +int +main () +{ + + EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); + const EVP_MD *m = EVP_sha512(); /* We need this too */ + exit(e == NULL || m == NULL); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + enable_nistp521=1 +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + COMMENT_OUT_ECC="#no ecc#" + TEST_SSH_ECC=no + + if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ + test x$enable_nistp521 = x1; then + +$as_echo "#define OPENSSL_HAS_ECC 1" >>confdefs.h + + fi + if test x$enable_nistp256 = x1; then + +$as_echo "#define OPENSSL_HAS_NISTP256 1" >>confdefs.h + + TEST_SSH_ECC=yes + COMMENT_OUT_ECC="" + else + unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ + ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" + fi + if test x$enable_nistp384 = x1; then + +$as_echo "#define OPENSSL_HAS_NISTP384 1" >>confdefs.h + + TEST_SSH_ECC=yes + COMMENT_OUT_ECC="" + else + unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ + ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" + fi + if test x$enable_nistp521 = x1; then + +$as_echo "#define OPENSSL_HAS_NISTP521 1" >>confdefs.h + + TEST_SSH_ECC=yes + COMMENT_OUT_ECC="" + else + unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ + ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" + fi + + + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 +$as_echo_n "checking for crypt in -lcrypt... " >&6; } +if ${ac_cv_lib_crypt_crypt+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypt $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char crypt (); +int +main () +{ +return crypt (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_crypt_crypt=yes +else + ac_cv_lib_crypt_crypt=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 +$as_echo "$ac_cv_lib_crypt_crypt" >&6; } +if test "x$ac_cv_lib_crypt_crypt" = xyes; then : + LIBS="$LIBS -lcrypt" +fi + + for ac_func in crypt +do : + ac_fn_c_check_func "$LINENO" "crypt" "ac_cv_func_crypt" +if test "x$ac_cv_func_crypt" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_CRYPT 1 +_ACEOF + +fi +done + +fi + +for ac_func in \ + arc4random \ + arc4random_buf \ + arc4random_stir \ + arc4random_uniform \ + +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +saved_LIBS="$LIBS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ia_openinfo in -liaf" >&5 +$as_echo_n "checking for ia_openinfo in -liaf... " >&6; } +if ${ac_cv_lib_iaf_ia_openinfo+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-liaf $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char ia_openinfo (); +int +main () +{ +return ia_openinfo (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_iaf_ia_openinfo=yes +else + ac_cv_lib_iaf_ia_openinfo=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iaf_ia_openinfo" >&5 +$as_echo "$ac_cv_lib_iaf_ia_openinfo" >&6; } +if test "x$ac_cv_lib_iaf_ia_openinfo" = xyes; then : + + LIBS="$LIBS -liaf" + for ac_func in set_id +do : + ac_fn_c_check_func "$LINENO" "set_id" "ac_cv_func_set_id" +if test "x$ac_cv_func_set_id" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SET_ID 1 +_ACEOF + SSHDLIBS="$SSHDLIBS -liaf" + +$as_echo "#define HAVE_LIBIAF 1" >>confdefs.h + + +fi +done + + +fi + +LIBS="$saved_LIBS" + +### Configure cryptographic random number support + +# Check wheter OpenSSL seeds itself +if test "x$openssl" = "xyes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's PRNG is internally seeded" >&5 +$as_echo_n "checking whether OpenSSL's PRNG is internally seeded... " >&6; } + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} + # This is safe, since we will fatal() at runtime if + # OpenSSL is not seeded correctly. + OPENSSL_SEEDS_ITSELF=yes + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + +int +main () +{ + + exit(RAND_status() == 1 ? 0 : 1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + OPENSSL_SEEDS_ITSELF=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +# PRNGD TCP socket + +# Check whether --with-prngd-port was given. +if test "${with_prngd_port+set}" = set; then : + withval=$with_prngd_port; + case "$withval" in + no) + withval="" + ;; + [0-9]*) + ;; + *) + as_fn_error $? "You must specify a numeric port number for --with-prngd-port" "$LINENO" 5 + ;; + esac + if test ! -z "$withval" ; then + PRNGD_PORT="$withval" + +cat >>confdefs.h <<_ACEOF +#define PRNGD_PORT $PRNGD_PORT +_ACEOF + + fi + + +fi + + +# PRNGD Unix domain socket + +# Check whether --with-prngd-socket was given. +if test "${with_prngd_socket+set}" = set; then : + withval=$with_prngd_socket; + case "$withval" in + yes) + withval="/var/run/egd-pool" + ;; + no) + withval="" + ;; + /*) + ;; + *) + as_fn_error $? "You must specify an absolute path to the entropy socket" "$LINENO" 5 + ;; + esac + + if test ! -z "$withval" ; then + if test ! -z "$PRNGD_PORT" ; then + as_fn_error $? "You may not specify both a PRNGD/EGD port and socket" "$LINENO" 5 + fi + if test ! -r "$withval" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Entropy socket is not readable" >&5 +$as_echo "$as_me: WARNING: Entropy socket is not readable" >&2;} + fi + PRNGD_SOCKET="$withval" + +cat >>confdefs.h <<_ACEOF +#define PRNGD_SOCKET "$PRNGD_SOCKET" +_ACEOF + + fi + +else + + # Check for existing socket only if we don't have a random device already + if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PRNGD/EGD socket" >&5 +$as_echo_n "checking for PRNGD/EGD socket... " >&6; } + # Insert other locations here + for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do + if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then + PRNGD_SOCKET="$sock" + cat >>confdefs.h <<_ACEOF +#define PRNGD_SOCKET "$PRNGD_SOCKET" +_ACEOF + + break; + fi + done + if test ! -z "$PRNGD_SOCKET" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PRNGD_SOCKET" >&5 +$as_echo "$PRNGD_SOCKET" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +$as_echo "not found" >&6; } + fi + fi + + +fi + + +# Which randomness source do we use? +if test ! -z "$PRNGD_PORT" ; then + RAND_MSG="PRNGd port $PRNGD_PORT" +elif test ! -z "$PRNGD_SOCKET" ; then + RAND_MSG="PRNGd socket $PRNGD_SOCKET" +elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then + +$as_echo "#define OPENSSL_PRNG_ONLY 1" >>confdefs.h + + RAND_MSG="OpenSSL internal ONLY" +elif test "x$openssl" = "xno" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&5 +$as_echo "$as_me: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&2;} +else + as_fn_error $? "OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options" "$LINENO" 5 +fi + +# Check for PAM libs +PAM_MSG="no" + +# Check whether --with-pam was given. +if test "${with_pam+set}" = set; then : + withval=$with_pam; + if test "x$withval" != "xno" ; then + if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ + test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then + as_fn_error $? "PAM headers not found" "$LINENO" 5 + fi + + saved_LIBS="$LIBS" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBDL 1 +_ACEOF + + LIBS="-ldl $LIBS" + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_set_item in -lpam" >&5 +$as_echo_n "checking for pam_set_item in -lpam... " >&6; } +if ${ac_cv_lib_pam_pam_set_item+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpam $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pam_set_item (); +int +main () +{ +return pam_set_item (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_pam_pam_set_item=yes +else + ac_cv_lib_pam_pam_set_item=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_set_item" >&5 +$as_echo "$ac_cv_lib_pam_pam_set_item" >&6; } +if test "x$ac_cv_lib_pam_pam_set_item" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBPAM 1 +_ACEOF + + LIBS="-lpam $LIBS" + +else + as_fn_error $? "*** libpam missing" "$LINENO" 5 +fi + + for ac_func in pam_getenvlist +do : + ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist" +if test "x$ac_cv_func_pam_getenvlist" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PAM_GETENVLIST 1 +_ACEOF + +fi +done + + for ac_func in pam_putenv +do : + ac_fn_c_check_func "$LINENO" "pam_putenv" "ac_cv_func_pam_putenv" +if test "x$ac_cv_func_pam_putenv" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PAM_PUTENV 1 +_ACEOF + +fi +done + + LIBS="$saved_LIBS" + + PAM_MSG="yes" + + SSHDLIBS="$SSHDLIBS -lpam" + +$as_echo "#define USE_PAM 1" >>confdefs.h + + + if test $ac_cv_lib_dl_dlopen = yes; then + case "$LIBS" in + *-ldl*) + # libdl already in LIBS + ;; + *) + SSHDLIBS="$SSHDLIBS -ldl" + ;; + esac + fi + fi + + +fi + + +# Check for older PAM +if test "x$PAM_MSG" = "xyes" ; then + # Check PAM strerror arguments (old PAM) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pam_strerror takes only one argument" >&5 +$as_echo_n "checking whether pam_strerror takes only one argument... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if defined(HAVE_SECURITY_PAM_APPL_H) +#include +#elif defined (HAVE_PAM_PAM_APPL_H) +#include +#endif + +int +main () +{ + +(void)pam_strerror((pam_handle_t *)NULL, -1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +else + + +$as_echo "#define HAVE_OLD_PAM 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + PAM_MSG="yes (old library)" + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +case "$host" in +*-*-cygwin*) + SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER + ;; +*) + SSH_PRIVSEP_USER=sshd + ;; +esac + +# Check whether --with-privsep-user was given. +if test "${with_privsep_user+set}" = set; then : + withval=$with_privsep_user; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + SSH_PRIVSEP_USER=$withval + fi + + +fi + +if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then + +cat >>confdefs.h <<_ACEOF +#define SSH_PRIVSEP_USER CYGWIN_SSH_PRIVSEP_USER +_ACEOF + +else + +cat >>confdefs.h <<_ACEOF +#define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER" +_ACEOF + +fi + + +if test "x$have_linux_no_new_privs" = "x1" ; then +ac_fn_c_check_decl "$LINENO" "SECCOMP_MODE_FILTER" "ac_cv_have_decl_SECCOMP_MODE_FILTER" " + #include + #include + +" +if test "x$ac_cv_have_decl_SECCOMP_MODE_FILTER" = xyes; then : + have_seccomp_filter=1 +fi + +fi +if test "x$have_seccomp_filter" = "x1" ; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel for seccomp_filter support" >&5 +$as_echo_n "checking kernel for seccomp_filter support... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + +int +main () +{ + int i = $seccomp_audit_arch; + errno = 0; + prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); + exit(errno == EFAULT ? 0 : 1); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + # Disable seccomp filter as a target + have_seccomp_filter=0 + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi + +# Decide which sandbox style to use +sandbox_arg="" + +# Check whether --with-sandbox was given. +if test "${with_sandbox+set}" = set; then : + withval=$with_sandbox; + if test "x$withval" = "xyes" ; then + sandbox_arg="" + else + sandbox_arg="$withval" + fi + + +fi + + +# Some platforms (seems to be the ones that have a kernel poll(2)-type +# function with which they implement select(2)) use an extra file descriptor +# when calling select(2), which means we can't use the rlimit sandbox. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if select works with descriptor rlimit" >&5 +$as_echo_n "checking if select works with descriptor rlimit... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#include +#ifdef HAVE_SYS_SELECT_H +# include +#endif +#include +#include +#include + +int +main () +{ + + struct rlimit rl_zero; + int fd, r; + fd_set fds; + struct timeval tv; + + fd = open("/dev/null", O_RDONLY); + FD_ZERO(&fds); + FD_SET(fd, &fds); + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + setrlimit(RLIMIT_FSIZE, &rl_zero); + setrlimit(RLIMIT_NOFILE, &rl_zero); + tv.tv_sec = 1; + tv.tv_usec = 0; + r = select(fd+1, &fds, NULL, NULL, &tv); + exit (r == -1 ? 1 : 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + select_works_with_rlimit=yes +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + select_works_with_rlimit=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit(RLIMIT_NOFILE,{0,0}) works" >&5 +$as_echo_n "checking if setrlimit(RLIMIT_NOFILE,{0,0}) works... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#include +#include +#include + +int +main () +{ + + struct rlimit rl_zero; + int fd, r; + fd_set fds; + + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + r = setrlimit(RLIMIT_NOFILE, &rl_zero); + exit (r == -1 ? 1 : 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + rlimit_nofile_zero_works=yes +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + rlimit_nofile_zero_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit RLIMIT_FSIZE works" >&5 +$as_echo_n "checking if setrlimit RLIMIT_FSIZE works... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main () +{ + + struct rlimit rl_zero; + + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define SANDBOX_SKIP_RLIMIT_FSIZE 1" >>confdefs.h + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +if test "x$sandbox_arg" = "xsystrace" || \ + ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then + test "x$have_systr_policy_kill" != "x1" && \ + as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5 + SANDBOX_STYLE="systrace" + +$as_echo "#define SANDBOX_SYSTRACE 1" >>confdefs.h + +elif test "x$sandbox_arg" = "xdarwin" || \ + ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ + test "x$ac_cv_header_sandbox_h" = "xyes") ; then + test "x$ac_cv_func_sandbox_init" != "xyes" -o \ + "x$ac_cv_header_sandbox_h" != "xyes" && \ + as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5 + SANDBOX_STYLE="darwin" + +$as_echo "#define SANDBOX_DARWIN 1" >>confdefs.h + +elif test "x$sandbox_arg" = "xseccomp_filter" || \ + ( test -z "$sandbox_arg" && \ + test "x$have_seccomp_filter" = "x1" && \ + test "x$ac_cv_header_elf_h" = "xyes" && \ + test "x$ac_cv_header_linux_audit_h" = "xyes" && \ + test "x$ac_cv_header_linux_filter_h" = "xyes" && \ + test "x$seccomp_audit_arch" != "x" && \ + test "x$have_linux_no_new_privs" = "x1" && \ + test "x$ac_cv_func_prctl" = "xyes" ) ; then + test "x$seccomp_audit_arch" = "x" && \ + as_fn_error $? "seccomp_filter sandbox not supported on $host" "$LINENO" 5 + test "x$have_linux_no_new_privs" != "x1" && \ + as_fn_error $? "seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS" "$LINENO" 5 + test "x$have_seccomp_filter" != "x1" && \ + as_fn_error $? "seccomp_filter sandbox requires seccomp headers" "$LINENO" 5 + test "x$ac_cv_func_prctl" != "xyes" && \ + as_fn_error $? "seccomp_filter sandbox requires prctl function" "$LINENO" 5 + SANDBOX_STYLE="seccomp_filter" + +$as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h + +elif test "x$sandbox_arg" = "xcapsicum" || \ + ( test -z "$sandbox_arg" && \ + test "x$ac_cv_header_sys_capability_h" = "xyes" && \ + test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then + test "x$ac_cv_header_sys_capability_h" != "xyes" && \ + as_fn_error $? "capsicum sandbox requires sys/capability.h header" "$LINENO" 5 + test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ + as_fn_error $? "capsicum sandbox requires cap_rights_limit function" "$LINENO" 5 + SANDBOX_STYLE="capsicum" + +$as_echo "#define SANDBOX_CAPSICUM 1" >>confdefs.h + +elif test "x$sandbox_arg" = "xrlimit" || \ + ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ + test "x$select_works_with_rlimit" = "xyes" && \ + test "x$rlimit_nofile_zero_works" = "xyes" ) ; then + test "x$ac_cv_func_setrlimit" != "xyes" && \ + as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5 + test "x$select_works_with_rlimit" != "xyes" && \ + as_fn_error $? "rlimit sandbox requires select to work with rlimit" "$LINENO" 5 + SANDBOX_STYLE="rlimit" + +$as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h + +elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ + test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then + SANDBOX_STYLE="none" + +$as_echo "#define SANDBOX_NULL 1" >>confdefs.h + +else + as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5 +fi + +# Cheap hack to ensure NEWS-OS libraries are arranged right. +if test ! -z "$SONY" ; then + LIBS="$LIBS -liberty"; +fi + +# Check for long long datatypes +ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default" +if test "x$ac_cv_type_long_long" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_LONG_LONG 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "unsigned long long" "ac_cv_type_unsigned_long_long" "$ac_includes_default" +if test "x$ac_cv_type_unsigned_long_long" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_UNSIGNED_LONG_LONG 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "long double" "ac_cv_type_long_double" "$ac_includes_default" +if test "x$ac_cv_type_long_double" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_LONG_DOUBLE 1 +_ACEOF + + +fi + + +# Check datatype sizes +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short int" >&5 +$as_echo_n "checking size of short int... " >&6; } +if ${ac_cv_sizeof_short_int+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short int))" "ac_cv_sizeof_short_int" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_short_int" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (short int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_short_int=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short_int" >&5 +$as_echo "$ac_cv_sizeof_short_int" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int +_ACEOF + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5 +$as_echo_n "checking size of int... " >&6; } +if ${ac_cv_sizeof_int+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_int" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_int=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5 +$as_echo "$ac_cv_sizeof_int" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_INT $ac_cv_sizeof_int +_ACEOF + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5 +$as_echo_n "checking size of long int... " >&6; } +if ${ac_cv_sizeof_long_int+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_long_int" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (long int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_long_int=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5 +$as_echo "$ac_cv_sizeof_long_int" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int +_ACEOF + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long long int" >&5 +$as_echo_n "checking size of long long int... " >&6; } +if ${ac_cv_sizeof_long_long_int+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long int))" "ac_cv_sizeof_long_long_int" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_long_long_int" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (long long int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_long_long_int=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long_int" >&5 +$as_echo "$ac_cv_sizeof_long_long_int" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int +_ACEOF + + + +# Sanity check long long for some platforms (AIX) +if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then + ac_cv_sizeof_long_long_int=0 +fi + +# compute LLONG_MIN and LLONG_MAX if we don't know them. +if test -z "$have_llong_max"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for max value of long long" >&5 +$as_echo_n "checking for max value of long long... " >&6; } + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 +$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +/* Why is this so damn hard? */ +#ifdef __GNUC__ +# undef __GNUC__ +#endif +#define __USE_ISOC99 +#include +#define DATA "conftest.llminmax" +#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) + +/* + * printf in libc on some platforms (eg old Tru64) does not understand %lld so + * we do this the hard way. + */ +static int +fprint_ll(FILE *f, long long n) +{ + unsigned int i; + int l[sizeof(long long) * 8]; + + if (n < 0) + if (fprintf(f, "-") < 0) + return -1; + for (i = 0; n != 0; i++) { + l[i] = my_abs(n % 10); + n /= 10; + } + do { + if (fprintf(f, "%d", l[--i]) < 0) + return -1; + } while (i != 0); + if (fprintf(f, " ") < 0) + return -1; + return 0; +} + +int +main () +{ + + FILE *f; + long long i, llmin, llmax = 0; + + if((f = fopen(DATA,"w")) == NULL) + exit(1); + +#if defined(LLONG_MIN) && defined(LLONG_MAX) + fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); + llmin = LLONG_MIN; + llmax = LLONG_MAX; +#else + fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); + /* This will work on one's complement and two's complement */ + for (i = 1; i > llmax; i <<= 1, i++) + llmax = i; + llmin = llmax + 1LL; /* wrap */ +#endif + + /* Sanity check */ + if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax + || llmax - 1 > llmax || llmin == llmax || llmin == 0 + || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { + fprintf(f, "unknown unknown\n"); + exit(2); + } + + if (fprint_ll(f, llmin) < 0) + exit(3); + if (fprint_ll(f, llmax) < 0) + exit(4); + if (fclose(f) < 0) + exit(5); + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + llong_min=`$AWK '{print $1}' conftest.llminmax` + llong_max=`$AWK '{print $2}' conftest.llminmax` + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_max" >&5 +$as_echo "$llong_max" >&6; } + +cat >>confdefs.h <<_ACEOF +#define LLONG_MAX ${llong_max}LL +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for min value of long long" >&5 +$as_echo_n "checking for min value of long long... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_min" >&5 +$as_echo "$llong_min" >&6; } + +cat >>confdefs.h <<_ACEOF +#define LLONG_MIN ${llong_min}LL +_ACEOF + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +$as_echo "not found" >&6; } + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + + +# More checks for data types +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int type" >&5 +$as_echo_n "checking for u_int type... " >&6; } +if ${ac_cv_have_u_int+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + u_int a; a = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_u_int="yes" +else + ac_cv_have_u_int="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int" >&5 +$as_echo "$ac_cv_have_u_int" >&6; } +if test "x$ac_cv_have_u_int" = "xyes" ; then + +$as_echo "#define HAVE_U_INT 1" >>confdefs.h + + have_u_int=1 +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types" >&5 +$as_echo_n "checking for intXX_t types... " >&6; } +if ${ac_cv_have_intxx_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + int8_t a; int16_t b; int32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_intxx_t="yes" +else + ac_cv_have_intxx_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_intxx_t" >&5 +$as_echo "$ac_cv_have_intxx_t" >&6; } +if test "x$ac_cv_have_intxx_t" = "xyes" ; then + +$as_echo "#define HAVE_INTXX_T 1" >>confdefs.h + + have_intxx_t=1 +fi + +if (test -z "$have_intxx_t" && \ + test "x$ac_cv_header_stdint_h" = "xyes") +then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types in stdint.h" >&5 +$as_echo_n "checking for intXX_t types in stdint.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + int8_t a; int16_t b; int32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for int64_t type" >&5 +$as_echo_n "checking for int64_t type... " >&6; } +if ${ac_cv_have_int64_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef HAVE_STDINT_H +# include +#endif +#include +#ifdef HAVE_SYS_BITYPES_H +# include +#endif + +int +main () +{ + +int64_t a; a = 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_int64_t="yes" +else + ac_cv_have_int64_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_int64_t" >&5 +$as_echo "$ac_cv_have_int64_t" >&6; } +if test "x$ac_cv_have_int64_t" = "xyes" ; then + +$as_echo "#define HAVE_INT64_T 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types" >&5 +$as_echo_n "checking for u_intXX_t types... " >&6; } +if ${ac_cv_have_u_intxx_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_u_intxx_t="yes" +else + ac_cv_have_u_intxx_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_intxx_t" >&5 +$as_echo "$ac_cv_have_u_intxx_t" >&6; } +if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then + +$as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h + + have_u_intxx_t=1 +fi + +if test -z "$have_u_intxx_t" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types in sys/socket.h" >&5 +$as_echo_n "checking for u_intXX_t types in sys/socket.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t types" >&5 +$as_echo_n "checking for u_int64_t types... " >&6; } +if ${ac_cv_have_u_int64_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + u_int64_t a; a = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_u_int64_t="yes" +else + ac_cv_have_u_int64_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int64_t" >&5 +$as_echo "$ac_cv_have_u_int64_t" >&6; } +if test "x$ac_cv_have_u_int64_t" = "xyes" ; then + +$as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h + + have_u_int64_t=1 +fi + +if (test -z "$have_u_int64_t" && \ + test "x$ac_cv_header_sys_bitypes_h" = "xyes") +then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t type in sys/bitypes.h" >&5 +$as_echo_n "checking for u_int64_t type in sys/bitypes.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + u_int64_t a; a = 1 + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +if test -z "$have_u_intxx_t" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types" >&5 +$as_echo_n "checking for uintXX_t types... " >&6; } +if ${ac_cv_have_uintxx_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main () +{ + + uint8_t a; + uint16_t b; + uint32_t c; + a = b = c = 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_uintxx_t="yes" +else + ac_cv_have_uintxx_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_uintxx_t" >&5 +$as_echo "$ac_cv_have_uintxx_t" >&6; } + if test "x$ac_cv_have_uintxx_t" = "xyes" ; then + +$as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h + + fi +fi + +if (test -z "$have_uintxx_t" && \ + test "x$ac_cv_header_stdint_h" = "xyes") +then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in stdint.h" >&5 +$as_echo_n "checking for uintXX_t types in stdint.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +if (test -z "$have_uintxx_t" && \ + test "x$ac_cv_header_inttypes_h" = "xyes") +then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in inttypes.h" >&5 +$as_echo_n "checking for uintXX_t types in inttypes.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ + test "x$ac_cv_header_sys_bitypes_h" = "xyes") +then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 +$as_echo_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main () +{ + + int8_t a; int16_t b; int32_t c; + u_int8_t e; u_int16_t f; u_int32_t g; + a = b = c = e = f = g = 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h + + $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_char" >&5 +$as_echo_n "checking for u_char... " >&6; } +if ${ac_cv_have_u_char+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + u_char foo; foo = 125; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_u_char="yes" +else + ac_cv_have_u_char="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_char" >&5 +$as_echo "$ac_cv_have_u_char" >&6; } +if test "x$ac_cv_have_u_char" = "xyes" ; then + +$as_echo "#define HAVE_U_CHAR 1" >>confdefs.h + +fi + +ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" " +#include +#include + +" +if test "x$ac_cv_type_intmax_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_INTMAX_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" " +#include +#include + +" +if test "x$ac_cv_type_uintmax_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_UINTMAX_T 1 +_ACEOF + + +fi + + + + ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include +#include +" +if test "x$ac_cv_type_socklen_t" = xyes; then : + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5 +$as_echo_n "checking for socklen_t equivalent... " >&6; } + if ${curl_cv_socklen_t_equiv+:} false; then : + $as_echo_n "(cached) " >&6 +else + + # Systems have either "struct sockaddr *" or + # "void *" as the second argument to getpeername + curl_cv_socklen_t_equiv= + for arg2 in "struct sockaddr" void; do + for t in int size_t unsigned long "unsigned long"; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + + int getpeername (int, $arg2 *, $t *); + +int +main () +{ + + $t len; + getpeername(0,0,&len); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + curl_cv_socklen_t_equiv="$t" + break + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done + done + + if test "x$curl_cv_socklen_t_equiv" = x; then + as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5 + fi + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_socklen_t_equiv" >&5 +$as_echo "$curl_cv_socklen_t_equiv" >&6; } + +cat >>confdefs.h <<_ACEOF +#define socklen_t $curl_cv_socklen_t_equiv +_ACEOF + +fi + + + +ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include +" +if test "x$ac_cv_type_sig_atomic_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_SIG_ATOMIC_T 1 +_ACEOF + + +fi + +ac_fn_c_check_type "$LINENO" "fsblkcnt_t" "ac_cv_type_fsblkcnt_t" " +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif + +" +if test "x$ac_cv_type_fsblkcnt_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_FSBLKCNT_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "fsfilcnt_t" "ac_cv_type_fsfilcnt_t" " +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif + +" +if test "x$ac_cv_type_fsfilcnt_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_FSFILCNT_T 1 +_ACEOF + + +fi + + +ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "#include +#include +" +if test "x$ac_cv_type_in_addr_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_IN_ADDR_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "#include +#include +" +if test "x$ac_cv_type_in_port_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_IN_PORT_T 1 +_ACEOF + + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5 +$as_echo_n "checking for size_t... " >&6; } +if ${ac_cv_have_size_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + size_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_size_t="yes" +else + ac_cv_have_size_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_size_t" >&5 +$as_echo "$ac_cv_have_size_t" >&6; } +if test "x$ac_cv_have_size_t" = "xyes" ; then + +$as_echo "#define HAVE_SIZE_T 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5 +$as_echo_n "checking for ssize_t... " >&6; } +if ${ac_cv_have_ssize_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + ssize_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_ssize_t="yes" +else + ac_cv_have_ssize_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ssize_t" >&5 +$as_echo "$ac_cv_have_ssize_t" >&6; } +if test "x$ac_cv_have_ssize_t" = "xyes" ; then + +$as_echo "#define HAVE_SSIZE_T 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_t" >&5 +$as_echo_n "checking for clock_t... " >&6; } +if ${ac_cv_have_clock_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + clock_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_clock_t="yes" +else + ac_cv_have_clock_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_clock_t" >&5 +$as_echo "$ac_cv_have_clock_t" >&6; } +if test "x$ac_cv_have_clock_t" = "xyes" ; then + +$as_echo "#define HAVE_CLOCK_T 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sa_family_t" >&5 +$as_echo_n "checking for sa_family_t... " >&6; } +if ${ac_cv_have_sa_family_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + sa_family_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_sa_family_t="yes" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main () +{ + sa_family_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_sa_family_t="yes" +else + ac_cv_have_sa_family_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_sa_family_t" >&5 +$as_echo "$ac_cv_have_sa_family_t" >&6; } +if test "x$ac_cv_have_sa_family_t" = "xyes" ; then + +$as_echo "#define HAVE_SA_FAMILY_T 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pid_t" >&5 +$as_echo_n "checking for pid_t... " >&6; } +if ${ac_cv_have_pid_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + pid_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_pid_t="yes" +else + ac_cv_have_pid_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pid_t" >&5 +$as_echo "$ac_cv_have_pid_t" >&6; } +if test "x$ac_cv_have_pid_t" = "xyes" ; then + +$as_echo "#define HAVE_PID_T 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for mode_t" >&5 +$as_echo_n "checking for mode_t... " >&6; } +if ${ac_cv_have_mode_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + mode_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_mode_t="yes" +else + ac_cv_have_mode_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_mode_t" >&5 +$as_echo "$ac_cv_have_mode_t" >&6; } +if test "x$ac_cv_have_mode_t" = "xyes" ; then + +$as_echo "#define HAVE_MODE_T 1" >>confdefs.h + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_storage" >&5 +$as_echo_n "checking for struct sockaddr_storage... " >&6; } +if ${ac_cv_have_struct_sockaddr_storage+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + struct sockaddr_storage s; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_struct_sockaddr_storage="yes" +else + ac_cv_have_struct_sockaddr_storage="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_storage" >&5 +$as_echo "$ac_cv_have_struct_sockaddr_storage" >&6; } +if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then + +$as_echo "#define HAVE_STRUCT_SOCKADDR_STORAGE 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_in6" >&5 +$as_echo_n "checking for struct sockaddr_in6... " >&6; } +if ${ac_cv_have_struct_sockaddr_in6+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + struct sockaddr_in6 s; s.sin6_family = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_struct_sockaddr_in6="yes" +else + ac_cv_have_struct_sockaddr_in6="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_in6" >&5 +$as_echo "$ac_cv_have_struct_sockaddr_in6" >&6; } +if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then + +$as_echo "#define HAVE_STRUCT_SOCKADDR_IN6 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct in6_addr" >&5 +$as_echo_n "checking for struct in6_addr... " >&6; } +if ${ac_cv_have_struct_in6_addr+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + struct in6_addr s; s.s6_addr[0] = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_struct_in6_addr="yes" +else + ac_cv_have_struct_in6_addr="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_in6_addr" >&5 +$as_echo "$ac_cv_have_struct_in6_addr" >&6; } +if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then + +$as_echo "#define HAVE_STRUCT_IN6_ADDR 1" >>confdefs.h + + + ac_fn_c_check_member "$LINENO" "struct sockaddr_in6" "sin6_scope_id" "ac_cv_member_struct_sockaddr_in6_sin6_scope_id" " +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#include + +" +if test "x$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1 +_ACEOF + + +fi + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct addrinfo" >&5 +$as_echo_n "checking for struct addrinfo... " >&6; } +if ${ac_cv_have_struct_addrinfo+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main () +{ + struct addrinfo s; s.ai_flags = AI_PASSIVE; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_struct_addrinfo="yes" +else + ac_cv_have_struct_addrinfo="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_addrinfo" >&5 +$as_echo "$ac_cv_have_struct_addrinfo" >&6; } +if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then + +$as_echo "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5 +$as_echo_n "checking for struct timeval... " >&6; } +if ${ac_cv_have_struct_timeval+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + struct timeval tv; tv.tv_sec = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_struct_timeval="yes" +else + ac_cv_have_struct_timeval="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_timeval" >&5 +$as_echo "$ac_cv_have_struct_timeval" >&6; } +if test "x$ac_cv_have_struct_timeval" = "xyes" ; then + +$as_echo "#define HAVE_STRUCT_TIMEVAL 1" >>confdefs.h + + have_struct_timeval=1 +fi + +ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "$ac_includes_default" +if test "x$ac_cv_type_struct_timespec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_TIMESPEC 1 +_ACEOF + + +fi + + +# We need int64_t or else certian parts of the compile will fail. +if test "x$ac_cv_have_int64_t" = "xno" && \ + test "x$ac_cv_sizeof_long_int" != "x8" && \ + test "x$ac_cv_sizeof_long_long_int" = "x0" ; then + echo "OpenSSH requires int64_t support. Contact your vendor or install" + echo "an alternative compiler (I.E., GCC) before continuing." + echo "" + exit 1; +else + if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 +$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_SNPRINTF +main() +{ + char buf[50]; + char expected_out[50]; + int mazsize = 50 ; +#if (SIZEOF_LONG_INT == 8) + long int num = 0x7fffffffffffffff; +#else + long long num = 0x7fffffffffffffffll; +#endif + strcpy(expected_out, "9223372036854775807"); + snprintf(buf, mazsize, "%lld", num); + if(strcmp(buf, expected_out) != 0) + exit(1); + exit(0); +} +#else +main() { exit(0); } +#endif + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + true +else + $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + + +# look for field 'ut_host' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmp.h" >&5 +$as_echo_n "checking for ut_host field in utmp.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_host" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_HOST_IN_UTMP 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_host' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmpx.h" >&5 +$as_echo_n "checking for ut_host field in utmpx.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_host" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_HOST_IN_UTMPX 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'syslen' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"syslen + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslen field in utmpx.h" >&5 +$as_echo_n "checking for syslen field in utmpx.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "syslen" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_SYSLEN_IN_UTMPX 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_pid' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_pid field in utmp.h" >&5 +$as_echo_n "checking for ut_pid field in utmp.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_pid" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_PID_IN_UTMP 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_type' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmp.h" >&5 +$as_echo_n "checking for ut_type field in utmp.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_type" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_TYPE_IN_UTMP 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_type' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmpx.h" >&5 +$as_echo_n "checking for ut_type field in utmpx.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_type" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_TYPE_IN_UTMPX 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_tv' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmp.h" >&5 +$as_echo_n "checking for ut_tv field in utmp.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_tv" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_TV_IN_UTMP 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_id' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmp.h" >&5 +$as_echo_n "checking for ut_id field in utmp.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_id" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_ID_IN_UTMP 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_id' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmpx.h" >&5 +$as_echo_n "checking for ut_id field in utmpx.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_id" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_ID_IN_UTMPX 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_addr' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmp.h" >&5 +$as_echo_n "checking for ut_addr field in utmp.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_addr" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_ADDR_IN_UTMP 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_addr' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmpx.h" >&5 +$as_echo_n "checking for ut_addr field in utmpx.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_addr" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_ADDR_IN_UTMPX 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_addr_v6' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmp.h" >&5 +$as_echo_n "checking for ut_addr_v6 field in utmp.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_addr_v6" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_ADDR_V6_IN_UTMP 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_addr_v6' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmpx.h" >&5 +$as_echo_n "checking for ut_addr_v6 field in utmpx.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_addr_v6" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_ADDR_V6_IN_UTMPX 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_exit' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_exit field in utmp.h" >&5 +$as_echo_n "checking for ut_exit field in utmp.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_exit" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_EXIT_IN_UTMP 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_time' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmp.h" >&5 +$as_echo_n "checking for ut_time field in utmp.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_time" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_TIME_IN_UTMP 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_time' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmpx.h" >&5 +$as_echo_n "checking for ut_time field in utmpx.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_time" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_TIME_IN_UTMPX 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +# look for field 'ut_tv' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmpx.h" >&5 +$as_echo_n "checking for ut_tv field in utmpx.h... " >&6; } + if eval \${$ossh_varname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_tv" >/dev/null 2>&1; then : + eval "$ossh_varname=yes" +else + eval "$ossh_varname=no" +fi +rm -f conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +$as_echo "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +$as_echo "#define HAVE_TV_IN_UTMPX 1" >>confdefs.h + + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + +ac_fn_c_check_member "$LINENO" "struct stat" "st_blksize" "ac_cv_member_struct_stat_st_blksize" "$ac_includes_default" +if test "x$ac_cv_member_struct_stat_st_blksize" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_BLKSIZE 1 +_ACEOF + + +fi + +ac_fn_c_check_member "$LINENO" "struct passwd" "pw_gecos" "ac_cv_member_struct_passwd_pw_gecos" " +#include +#include + +" +if test "x$ac_cv_member_struct_passwd_pw_gecos" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_PASSWD_PW_GECOS 1 +_ACEOF + + +fi +ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" " +#include +#include + +" +if test "x$ac_cv_member_struct_passwd_pw_class" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_PASSWD_PW_CLASS 1 +_ACEOF + + +fi +ac_fn_c_check_member "$LINENO" "struct passwd" "pw_change" "ac_cv_member_struct_passwd_pw_change" " +#include +#include + +" +if test "x$ac_cv_member_struct_passwd_pw_change" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_PASSWD_PW_CHANGE 1 +_ACEOF + + +fi +ac_fn_c_check_member "$LINENO" "struct passwd" "pw_expire" "ac_cv_member_struct_passwd_pw_expire" " +#include +#include + +" +if test "x$ac_cv_member_struct_passwd_pw_expire" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_PASSWD_PW_EXPIRE 1 +_ACEOF + + +fi + + +ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" " +#include +#if HAVE_SYS_TYPES_H +# include +#endif +#include +#include +#include + +" +if test "x$ac_cv_member_struct___res_state_retrans" = xyes; then : + +else + +$as_echo "#define __res_state state" >>confdefs.h + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ss_family field in struct sockaddr_storage" >&5 +$as_echo_n "checking for ss_family field in struct sockaddr_storage... " >&6; } +if ${ac_cv_have_ss_family_in_struct_ss+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + struct sockaddr_storage s; s.ss_family = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_ss_family_in_struct_ss="yes" +else + ac_cv_have_ss_family_in_struct_ss="no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ss_family_in_struct_ss" >&5 +$as_echo "$ac_cv_have_ss_family_in_struct_ss" >&6; } +if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then + +$as_echo "#define HAVE_SS_FAMILY_IN_SS 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __ss_family field in struct sockaddr_storage" >&5 +$as_echo_n "checking for __ss_family field in struct sockaddr_storage... " >&6; } +if ${ac_cv_have___ss_family_in_struct_ss+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + struct sockaddr_storage s; s.__ss_family = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have___ss_family_in_struct_ss="yes" +else + ac_cv_have___ss_family_in_struct_ss="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___ss_family_in_struct_ss" >&5 +$as_echo "$ac_cv_have___ss_family_in_struct_ss" >&6; } +if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then + +$as_echo "#define HAVE___SS_FAMILY_IN_SS 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5 +$as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; } +if ${ac_cv_have_accrights_in_msghdr+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main () +{ + +#ifdef msg_accrights +#error "msg_accrights is a macro" +exit(1); +#endif +struct msghdr m; +m.msg_accrights = 0; +exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_accrights_in_msghdr="yes" +else + ac_cv_have_accrights_in_msghdr="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_accrights_in_msghdr" >&5 +$as_echo "$ac_cv_have_accrights_in_msghdr" >&6; } +if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then + +$as_echo "#define HAVE_ACCRIGHTS_IN_MSGHDR 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct statvfs.f_fsid is integral type" >&5 +$as_echo_n "checking if struct statvfs.f_fsid is integral type... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#ifdef HAVE_SYS_MOUNT_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif + +int +main () +{ + struct statvfs s; s.f_fsid = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fsid_t has member val" >&5 +$as_echo_n "checking if fsid_t has member val... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + fsid_t t; t.val[0] = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define FSID_HAS_VAL 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if f_fsid has member __val" >&5 +$as_echo_n "checking if f_fsid has member __val... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + fsid_t t; t.__val[0] = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define FSID_HAS___VAL 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_control field in struct msghdr" >&5 +$as_echo_n "checking for msg_control field in struct msghdr... " >&6; } +if ${ac_cv_have_control_in_msghdr+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main () +{ + +#ifdef msg_control +#error "msg_control is a macro" +exit(1); +#endif +struct msghdr m; +m.msg_control = 0; +exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_have_control_in_msghdr="yes" +else + ac_cv_have_control_in_msghdr="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_control_in_msghdr" >&5 +$as_echo "$ac_cv_have_control_in_msghdr" >&6; } +if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then + +$as_echo "#define HAVE_CONTROL_IN_MSGHDR 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines __progname" >&5 +$as_echo_n "checking if libc defines __progname... " >&6; } +if ${ac_cv_libc_defines___progname+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + extern char *__progname; printf("%s", __progname); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_libc_defines___progname="yes" +else + ac_cv_libc_defines___progname="no" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines___progname" >&5 +$as_echo "$ac_cv_libc_defines___progname" >&6; } +if test "x$ac_cv_libc_defines___progname" = "xyes" ; then + +$as_echo "#define HAVE___PROGNAME 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __FUNCTION__" >&5 +$as_echo_n "checking whether $CC implements __FUNCTION__... " >&6; } +if ${ac_cv_cc_implements___FUNCTION__+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + printf("%s", __FUNCTION__); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_cc_implements___FUNCTION__="yes" +else + ac_cv_cc_implements___FUNCTION__="no" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___FUNCTION__" >&5 +$as_echo "$ac_cv_cc_implements___FUNCTION__" >&6; } +if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then + +$as_echo "#define HAVE___FUNCTION__ 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __func__" >&5 +$as_echo_n "checking whether $CC implements __func__... " >&6; } +if ${ac_cv_cc_implements___func__+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + printf("%s", __func__); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_cc_implements___func__="yes" +else + ac_cv_cc_implements___func__="no" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___func__" >&5 +$as_echo "$ac_cv_cc_implements___func__" >&6; } +if test "x$ac_cv_cc_implements___func__" = "xyes" ; then + +$as_echo "#define HAVE___func__ 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether va_copy exists" >&5 +$as_echo_n "checking whether va_copy exists... " >&6; } +if ${ac_cv_have_va_copy+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +va_list x,y; + +int +main () +{ + va_copy(x,y); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_have_va_copy="yes" +else + ac_cv_have_va_copy="no" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_va_copy" >&5 +$as_echo "$ac_cv_have_va_copy" >&6; } +if test "x$ac_cv_have_va_copy" = "xyes" ; then + +$as_echo "#define HAVE_VA_COPY 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __va_copy exists" >&5 +$as_echo_n "checking whether __va_copy exists... " >&6; } +if ${ac_cv_have___va_copy+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +va_list x,y; + +int +main () +{ + __va_copy(x,y); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_have___va_copy="yes" +else + ac_cv_have___va_copy="no" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___va_copy" >&5 +$as_echo "$ac_cv_have___va_copy" >&6; } +if test "x$ac_cv_have___va_copy" = "xyes" ; then + +$as_echo "#define HAVE___VA_COPY 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getopt has optreset support" >&5 +$as_echo_n "checking whether getopt has optreset support... " >&6; } +if ${ac_cv_have_getopt_optreset+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + extern int optreset; optreset = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_have_getopt_optreset="yes" +else + ac_cv_have_getopt_optreset="no" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_getopt_optreset" >&5 +$as_echo "$ac_cv_have_getopt_optreset" >&6; } +if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then + +$as_echo "#define HAVE_GETOPT_OPTRESET 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_errlist" >&5 +$as_echo_n "checking if libc defines sys_errlist... " >&6; } +if ${ac_cv_libc_defines_sys_errlist+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_libc_defines_sys_errlist="yes" +else + ac_cv_libc_defines_sys_errlist="no" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_errlist" >&5 +$as_echo "$ac_cv_libc_defines_sys_errlist" >&6; } +if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then + +$as_echo "#define HAVE_SYS_ERRLIST 1" >>confdefs.h + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_nerr" >&5 +$as_echo_n "checking if libc defines sys_nerr... " >&6; } +if ${ac_cv_libc_defines_sys_nerr+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + extern int sys_nerr; printf("%i", sys_nerr); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_libc_defines_sys_nerr="yes" +else + ac_cv_libc_defines_sys_nerr="no" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_nerr" >&5 +$as_echo "$ac_cv_libc_defines_sys_nerr" >&6; } +if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then + +$as_echo "#define HAVE_SYS_NERR 1" >>confdefs.h + +fi + +# Check libraries needed by DNS fingerprint support +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getrrsetbyname" >&5 +$as_echo_n "checking for library containing getrrsetbyname... " >&6; } +if ${ac_cv_search_getrrsetbyname+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char getrrsetbyname (); +int +main () +{ +return getrrsetbyname (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_getrrsetbyname=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_getrrsetbyname+:} false; then : + break +fi +done +if ${ac_cv_search_getrrsetbyname+:} false; then : + +else + ac_cv_search_getrrsetbyname=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getrrsetbyname" >&5 +$as_echo "$ac_cv_search_getrrsetbyname" >&6; } +ac_res=$ac_cv_search_getrrsetbyname +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define HAVE_GETRRSETBYNAME 1" >>confdefs.h + +else + + # Needed by our getrrsetbyname() + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_query" >&5 +$as_echo_n "checking for library containing res_query... " >&6; } +if ${ac_cv_search_res_query+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char res_query (); +int +main () +{ +return res_query (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_res_query=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_res_query+:} false; then : + break +fi +done +if ${ac_cv_search_res_query+:} false; then : + +else + ac_cv_search_res_query=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_query" >&5 +$as_echo "$ac_cv_search_res_query" >&6; } +ac_res=$ac_cv_search_res_query +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5 +$as_echo_n "checking for library containing dn_expand... " >&6; } +if ${ac_cv_search_dn_expand+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dn_expand (); +int +main () +{ +return dn_expand (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_dn_expand=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_dn_expand+:} false; then : + break +fi +done +if ${ac_cv_search_dn_expand+:} false; then : + +else + ac_cv_search_dn_expand=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5 +$as_echo "$ac_cv_search_dn_expand" >&6; } +ac_res=$ac_cv_search_dn_expand +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if res_query will link" >&5 +$as_echo_n "checking if res_query will link... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include + +int +main () +{ + + res_query (0, 0, 0, 0, 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + saved_LIBS="$LIBS" + LIBS="$LIBS -lresolv" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5 +$as_echo_n "checking for res_query in -lresolv... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include + +int +main () +{ + + res_query (0, 0, 0, 0, 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + LIBS="$saved_LIBS" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + for ac_func in _getshort _getlong +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + ac_fn_c_check_decl "$LINENO" "_getshort" "ac_cv_have_decl__getshort" "#include + #include +" +if test "x$ac_cv_have_decl__getshort" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL__GETSHORT $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "_getlong" "ac_cv_have_decl__getlong" "#include + #include +" +if test "x$ac_cv_have_decl__getlong" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL__GETLONG $ac_have_decl +_ACEOF + + ac_fn_c_check_member "$LINENO" "HEADER" "ad" "ac_cv_member_HEADER_ad" "#include +" +if test "x$ac_cv_member_HEADER_ad" = xyes; then : + +$as_echo "#define HAVE_HEADER_AD 1" >>confdefs.h + +fi + + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct __res_state _res is an extern" >&5 +$as_echo_n "checking if struct __res_state _res is an extern... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if HAVE_SYS_TYPES_H +# include +#endif +#include +#include +#include +extern struct __res_state _res; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE__RES_EXTERN 1" >>confdefs.h + + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +# Check whether user wants SELinux support +SELINUX_MSG="no" +LIBSELINUX="" + +# Check whether --with-selinux was given. +if test "${with_selinux+set}" = set; then : + withval=$with_selinux; if test "x$withval" != "xno" ; then + save_LIBS="$LIBS" + +$as_echo "#define WITH_SELINUX 1" >>confdefs.h + + SELINUX_MSG="yes" + ac_fn_c_check_header_mongrel "$LINENO" "selinux/selinux.h" "ac_cv_header_selinux_selinux_h" "$ac_includes_default" +if test "x$ac_cv_header_selinux_selinux_h" = xyes; then : + +else + as_fn_error $? "SELinux support requires selinux.h header" "$LINENO" 5 +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setexeccon in -lselinux" >&5 +$as_echo_n "checking for setexeccon in -lselinux... " >&6; } +if ${ac_cv_lib_selinux_setexeccon+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lselinux $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char setexeccon (); +int +main () +{ +return setexeccon (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_selinux_setexeccon=yes +else + ac_cv_lib_selinux_setexeccon=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setexeccon" >&5 +$as_echo "$ac_cv_lib_selinux_setexeccon" >&6; } +if test "x$ac_cv_lib_selinux_setexeccon" = xyes; then : + LIBSELINUX="-lselinux" + LIBS="$LIBS -lselinux" + +else + as_fn_error $? "SELinux support requires libselinux library" "$LINENO" 5 +fi + + SSHLIBS="$SSHLIBS $LIBSELINUX" + SSHDLIBS="$SSHDLIBS $LIBSELINUX" + for ac_func in getseuserbyname get_default_context_with_level +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + LIBS="$save_LIBS" + fi + +fi + + + + +# Check whether user wants Kerberos 5 support +KRB5_MSG="no" + +# Check whether --with-kerberos5 was given. +if test "${with_kerberos5+set}" = set; then : + withval=$with_kerberos5; if test "x$withval" != "xno" ; then + if test "x$withval" = "xyes" ; then + KRB5ROOT="/usr/local" + else + KRB5ROOT=${withval} + fi + + +$as_echo "#define KRB5 1" >>confdefs.h + + KRB5_MSG="yes" + + # Extract the first word of "krb5-config", so it can be a program name with args. +set dummy krb5-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_KRB5CONF+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $KRB5CONF in + [\\/]* | ?:[\\/]*) + ac_cv_path_KRB5CONF="$KRB5CONF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$KRB5ROOT/bin:$PATH" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_KRB5CONF="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_KRB5CONF" && ac_cv_path_KRB5CONF="$KRB5ROOT/bin/krb5-config" + ;; +esac +fi +KRB5CONF=$ac_cv_path_KRB5CONF +if test -n "$KRB5CONF"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONF" >&5 +$as_echo "$KRB5CONF" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test -x $KRB5CONF ; then + K5CFLAGS="`$KRB5CONF --cflags`" + K5LIBS="`$KRB5CONF --libs`" + CPPFLAGS="$CPPFLAGS $K5CFLAGS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi support" >&5 +$as_echo_n "checking for gssapi support... " >&6; } + if $KRB5CONF | grep gssapi >/dev/null ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define GSSAPI 1" >>confdefs.h + + GSSCFLAGS="`$KRB5CONF --cflags gssapi`" + GSSLIBS="`$KRB5CONF --libs gssapi`" + CPPFLAGS="$CPPFLAGS $GSSCFLAGS" + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 +$as_echo_n "checking whether we are using Heimdal... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include + +int +main () +{ + char *tmp = heimdal_version; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HEIMDAL 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + else + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" + LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 +$as_echo_n "checking whether we are using Heimdal... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include + +int +main () +{ + char *tmp = heimdal_version; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + $as_echo "#define HEIMDAL 1" >>confdefs.h + + K5LIBS="-lkrb5" + K5LIBS="$K5LIBS -lcom_err -lasn1" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for net_write in -lroken" >&5 +$as_echo_n "checking for net_write in -lroken... " >&6; } +if ${ac_cv_lib_roken_net_write+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lroken $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char net_write (); +int +main () +{ +return net_write (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_roken_net_write=yes +else + ac_cv_lib_roken_net_write=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_net_write" >&5 +$as_echo "$ac_cv_lib_roken_net_write" >&6; } +if test "x$ac_cv_lib_roken_net_write" = xyes; then : + K5LIBS="$K5LIBS -lroken" +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5 +$as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; } +if ${ac_cv_lib_des_des_cbc_encrypt+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldes $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char des_cbc_encrypt (); +int +main () +{ +return des_cbc_encrypt (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_des_des_cbc_encrypt=yes +else + ac_cv_lib_des_des_cbc_encrypt=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5 +$as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; } +if test "x$ac_cv_lib_des_des_cbc_encrypt" = xyes; then : + K5LIBS="$K5LIBS -ldes" +fi + + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + K5LIBS="-lkrb5 -lk5crypto -lcom_err" + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5 +$as_echo_n "checking for library containing dn_expand... " >&6; } +if ${ac_cv_search_dn_expand+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dn_expand (); +int +main () +{ +return dn_expand (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_dn_expand=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_dn_expand+:} false; then : + break +fi +done +if ${ac_cv_search_dn_expand+:} false; then : + +else + ac_cv_search_dn_expand=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5 +$as_echo "$ac_cv_search_dn_expand" >&6; } +ac_res=$ac_cv_search_dn_expand +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi_krb5" >&5 +$as_echo_n "checking for gss_init_sec_context in -lgssapi_krb5... " >&6; } +if ${ac_cv_lib_gssapi_krb5_gss_init_sec_context+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgssapi_krb5 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gss_init_sec_context (); +int +main () +{ +return gss_init_sec_context (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes +else + ac_cv_lib_gssapi_krb5_gss_init_sec_context=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5 +$as_echo "$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; } +if test "x$ac_cv_lib_gssapi_krb5_gss_init_sec_context" = xyes; then : + $as_echo "#define GSSAPI 1" >>confdefs.h + + GSSLIBS="-lgssapi_krb5" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi" >&5 +$as_echo_n "checking for gss_init_sec_context in -lgssapi... " >&6; } +if ${ac_cv_lib_gssapi_gss_init_sec_context+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgssapi $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gss_init_sec_context (); +int +main () +{ +return gss_init_sec_context (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_gssapi_gss_init_sec_context=yes +else + ac_cv_lib_gssapi_gss_init_sec_context=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5 +$as_echo "$ac_cv_lib_gssapi_gss_init_sec_context" >&6; } +if test "x$ac_cv_lib_gssapi_gss_init_sec_context" = xyes; then : + $as_echo "#define GSSAPI 1" >>confdefs.h + + GSSLIBS="-lgssapi" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgss" >&5 +$as_echo_n "checking for gss_init_sec_context in -lgss... " >&6; } +if ${ac_cv_lib_gss_gss_init_sec_context+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgss $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gss_init_sec_context (); +int +main () +{ +return gss_init_sec_context (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_gss_gss_init_sec_context=yes +else + ac_cv_lib_gss_gss_init_sec_context=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_init_sec_context" >&5 +$as_echo "$ac_cv_lib_gss_gss_init_sec_context" >&6; } +if test "x$ac_cv_lib_gss_gss_init_sec_context" = xyes; then : + $as_echo "#define GSSAPI 1" >>confdefs.h + + GSSLIBS="-lgss" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api library - build may fail" >&5 +$as_echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;} +fi + + +fi + + +fi + + + ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_h" = xyes; then : + +else + unset ac_cv_header_gssapi_h + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" + for ac_header in gssapi.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GSSAPI_H 1 +_ACEOF + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api header - build may fail" >&5 +$as_echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;} + +fi + +done + + + +fi + + + + oldCPP="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" + ac_fn_c_check_header_mongrel "$LINENO" "gssapi_krb5.h" "ac_cv_header_gssapi_krb5_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_krb5_h" = xyes; then : + +else + CPPFLAGS="$oldCPP" +fi + + + + fi + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:${KRB5ROOT}/lib" + fi + + for ac_header in gssapi.h gssapi/gssapi.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + for ac_header in gssapi_generic.h gssapi/gssapi_generic.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing k_hasafs" >&5 +$as_echo_n "checking for library containing k_hasafs... " >&6; } +if ${ac_cv_search_k_hasafs+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char k_hasafs (); +int +main () +{ +return k_hasafs (); + ; + return 0; +} +_ACEOF +for ac_lib in '' kafs; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_k_hasafs=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_k_hasafs+:} false; then : + break +fi +done +if ${ac_cv_search_k_hasafs+:} false; then : + +else + ac_cv_search_k_hasafs=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_k_hasafs" >&5 +$as_echo "$ac_cv_search_k_hasafs" >&6; } +ac_res=$ac_cv_search_k_hasafs +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define USE_AFS 1" >>confdefs.h + +fi + + + ac_fn_c_check_decl "$LINENO" "GSS_C_NT_HOSTBASED_SERVICE" "ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" " +#ifdef HAVE_GSSAPI_H +# include +#elif defined(HAVE_GSSAPI_GSSAPI_H) +# include +#endif + +#ifdef HAVE_GSSAPI_GENERIC_H +# include +#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) +# include +#endif + +" +if test "x$ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl +_ACEOF + + saved_LIBS="$LIBS" + LIBS="$LIBS $K5LIBS" + for ac_func in krb5_cc_new_unique krb5_get_error_message krb5_free_error_message +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + LIBS="$saved_LIBS" + + fi + + +fi + + + + +# Looking for programs, paths and files + +PRIVSEP_PATH=/var/empty + +# Check whether --with-privsep-path was given. +if test "${with_privsep_path+set}" = set; then : + withval=$with_privsep_path; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + PRIVSEP_PATH=$withval + fi + + +fi + + + + +# Check whether --with-xauth was given. +if test "${with_xauth+set}" = set; then : + withval=$with_xauth; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + xauth_path=$withval + fi + +else + + TestPath="$PATH" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" + # Extract the first word of "xauth", so it can be a program name with args. +set dummy xauth; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_xauth_path+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $xauth_path in + [\\/]* | ?:[\\/]*) + ac_cv_path_xauth_path="$xauth_path" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $TestPath +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_xauth_path="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +xauth_path=$ac_cv_path_xauth_path +if test -n "$xauth_path"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xauth_path" >&5 +$as_echo "$xauth_path" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then + xauth_path="/usr/openwin/bin/xauth" + fi + + +fi + + +STRIP_OPT=-s +# Check whether --enable-strip was given. +if test "${enable_strip+set}" = set; then : + enableval=$enable_strip; + if test "x$enableval" = "xno" ; then + STRIP_OPT= + fi + + +fi + + + +if test -z "$xauth_path" ; then + XAUTH_PATH="undefined" + +else + +cat >>confdefs.h <<_ACEOF +#define XAUTH_PATH "$xauth_path" +_ACEOF + + XAUTH_PATH=$xauth_path + +fi + +# Check for mail directory + +# Check whether --with-maildir was given. +if test "${with_maildir+set}" = set; then : + withval=$with_maildir; + if test "X$withval" != X && test "x$withval" != xno && \ + test "x${withval}" != xyes; then + +cat >>confdefs.h <<_ACEOF +#define MAIL_DIRECTORY "$withval" +_ACEOF + + fi + +else + + if test "X$maildir" != "X"; then + cat >>confdefs.h <<_ACEOF +#define MAIL_DIRECTORY "$maildir" +_ACEOF + + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking Discovering system mail directory" >&5 +$as_echo_n "checking Discovering system mail directory... " >&6; } + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&5 +$as_echo "$as_me: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&2;} + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_PATHS_H +#include +#endif +#ifdef HAVE_MAILLOCK_H +#include +#endif +#define DATA "conftest.maildir" + +int +main () +{ + + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + +#if defined (_PATH_MAILDIR) + if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) + exit(1); +#elif defined (MAILDIR) + if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) + exit(1); +#elif defined (_PATH_MAIL) + if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) + exit(1); +#else + exit (2); +#endif + + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + + maildir_what=`awk -F: '{print $1}' conftest.maildir` + maildir=`awk -F: '{print $2}' conftest.maildir \ + | sed 's|/$||'` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: $maildir from $maildir_what" >&5 +$as_echo "Using: $maildir from $maildir_what" >&6; } + if test "x$maildir_what" != "x_PATH_MAILDIR"; then + cat >>confdefs.h <<_ACEOF +#define MAIL_DIRECTORY "$maildir" +_ACEOF + + fi + +else + + if test "X$ac_status" = "X2";then +# our test program didn't find it. Default to /var/spool/mail + { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: default value of /var/spool/mail" >&5 +$as_echo "Using: default value of /var/spool/mail" >&6; } + cat >>confdefs.h <<_ACEOF +#define MAIL_DIRECTORY "/var/spool/mail" +_ACEOF + + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** not found ***" >&5 +$as_echo "*** not found ***" >&6; } + fi + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi + + +fi + # maildir + +if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptmx test" >&5 +$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptmx test" >&2;} + disable_ptmx_check=yes +fi +if test -z "$no_dev_ptmx" ; then + if test "x$disable_ptmx_check" != "xyes" ; then + as_ac_File=`$as_echo "ac_cv_file_"/dev/ptmx"" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5 +$as_echo_n "checking for \"/dev/ptmx\"... " >&6; } +if eval \${$as_ac_File+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r ""/dev/ptmx""; then + eval "$as_ac_File=yes" +else + eval "$as_ac_File=no" +fi +fi +eval ac_res=\$$as_ac_File + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes"; then : + + +cat >>confdefs.h <<_ACEOF +#define HAVE_DEV_PTMX 1 +_ACEOF + + have_dev_ptmx=1 + + +fi + + fi +fi + +if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then + as_ac_File=`$as_echo "ac_cv_file_"/dev/ptc"" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5 +$as_echo_n "checking for \"/dev/ptc\"... " >&6; } +if eval \${$as_ac_File+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r ""/dev/ptc""; then + eval "$as_ac_File=yes" +else + eval "$as_ac_File=no" +fi +fi +eval ac_res=\$$as_ac_File + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes"; then : + + +cat >>confdefs.h <<_ACEOF +#define HAVE_DEV_PTS_AND_PTC 1 +_ACEOF + + have_dev_ptc=1 + + +fi + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptc test" >&5 +$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptc test" >&2;} +fi + +# Options from here on. Some of these are preset by platform above + +# Check whether --with-mantype was given. +if test "${with_mantype+set}" = set; then : + withval=$with_mantype; + case "$withval" in + man|cat|doc) + MANTYPE=$withval + ;; + *) + as_fn_error $? "invalid man type: $withval" "$LINENO" 5 + ;; + esac + + +fi + +if test -z "$MANTYPE"; then + TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" + for ac_prog in nroff awf +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_NROFF+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $NROFF in + [\\/]* | ?:[\\/]*) + ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $TestPath +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +NROFF=$ac_cv_path_NROFF +if test -n "$NROFF"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5 +$as_echo "$NROFF" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$NROFF" && break +done +test -n "$NROFF" || NROFF="/bin/false" + + if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then + MANTYPE=doc + elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then + MANTYPE=man + else + MANTYPE=cat + fi +fi + +if test "$MANTYPE" = "doc"; then + mansubdir=man; +else + mansubdir=$MANTYPE; +fi + + +# Check whether to enable MD5 passwords +MD5_MSG="no" + +# Check whether --with-md5-passwords was given. +if test "${with_md5_passwords+set}" = set; then : + withval=$with_md5_passwords; + if test "x$withval" != "xno" ; then + +$as_echo "#define HAVE_MD5_PASSWORDS 1" >>confdefs.h + + MD5_MSG="yes" + fi + + +fi + + +# Whether to disable shadow password support + +# Check whether --with-shadow was given. +if test "${with_shadow+set}" = set; then : + withval=$with_shadow; + if test "x$withval" = "xno" ; then + $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h + + disable_shadow=yes + fi + + +fi + + +if test -z "$disable_shadow" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the systems has expire shadow information" >&5 +$as_echo_n "checking if the systems has expire shadow information... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +struct spwd sp; + +int +main () +{ + sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + sp_expire_available=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + if test "x$sp_expire_available" = "xyes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAS_SHADOW_EXPIRE 1" >>confdefs.h + + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi +fi + +# Use ip address instead of hostname in $DISPLAY +if test ! -z "$IPADDR_IN_DISPLAY" ; then + DISPLAY_HACK_MSG="yes" + +$as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h + +else + DISPLAY_HACK_MSG="no" + +# Check whether --with-ipaddr-display was given. +if test "${with_ipaddr_display+set}" = set; then : + withval=$with_ipaddr_display; + if test "x$withval" != "xno" ; then + $as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h + + DISPLAY_HACK_MSG="yes" + fi + + +fi + +fi + +# check for /etc/default/login and use it if present. +# Check whether --enable-etc-default-login was given. +if test "${enable_etc_default_login+set}" = set; then : + enableval=$enable_etc_default_login; if test "x$enableval" = "xno"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: /etc/default/login handling disabled" >&5 +$as_echo "$as_me: /etc/default/login handling disabled" >&6;} + etc_default_login=no + else + etc_default_login=yes + fi +else + if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; + then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking /etc/default/login" >&5 +$as_echo "$as_me: WARNING: cross compiling: not checking /etc/default/login" >&2;} + etc_default_login=no + else + etc_default_login=yes + fi + +fi + + +if test "x$etc_default_login" != "xno"; then + as_ac_File=`$as_echo "ac_cv_file_"/etc/default/login"" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/etc/default/login\"" >&5 +$as_echo_n "checking for \"/etc/default/login\"... " >&6; } +if eval \${$as_ac_File+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r ""/etc/default/login""; then + eval "$as_ac_File=yes" +else + eval "$as_ac_File=no" +fi +fi +eval ac_res=\$$as_ac_File + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes"; then : + external_path_file=/etc/default/login +fi + + if test "x$external_path_file" = "x/etc/default/login"; then + +$as_echo "#define HAVE_ETC_DEFAULT_LOGIN 1" >>confdefs.h + + fi +fi + +if test $ac_cv_func_login_getcapbool = "yes" && \ + test $ac_cv_header_login_cap_h = "yes" ; then + external_path_file=/etc/login.conf +fi + +# Whether to mess with the default path +SERVER_PATH_MSG="(default)" + +# Check whether --with-default-path was given. +if test "${with_default_path+set}" = set; then : + withval=$with_default_path; + if test "x$external_path_file" = "x/etc/login.conf" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +--with-default-path=PATH has no effect on this system. +Edit /etc/login.conf instead." >&5 +$as_echo "$as_me: WARNING: +--with-default-path=PATH has no effect on this system. +Edit /etc/login.conf instead." >&2;} + elif test "x$withval" != "xno" ; then + if test ! -z "$external_path_file" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +--with-default-path=PATH will only be used if PATH is not defined in +$external_path_file ." >&5 +$as_echo "$as_me: WARNING: +--with-default-path=PATH will only be used if PATH is not defined in +$external_path_file ." >&2;} + fi + user_path="$withval" + SERVER_PATH_MSG="$withval" + fi + +else + if test "x$external_path_file" = "x/etc/login.conf" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Make sure the path to scp is in /etc/login.conf" >&5 +$as_echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;} + else + if test ! -z "$external_path_file" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +If PATH is defined in $external_path_file, ensure the path to scp is included, +otherwise scp will not work." >&5 +$as_echo "$as_me: WARNING: +If PATH is defined in $external_path_file, ensure the path to scp is included, +otherwise scp will not work." >&2;} + fi + if test "$cross_compiling" = yes; then : + user_path="/usr/bin:/bin:/usr/sbin:/sbin" + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* find out what STDPATH is */ +#include +#ifdef HAVE_PATHS_H +# include +#endif +#ifndef _PATH_STDPATH +# ifdef _PATH_USERPATH /* Irix */ +# define _PATH_STDPATH _PATH_USERPATH +# else +# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" +# endif +#endif +#include +#include +#include +#define DATA "conftest.stdpath" + +int +main () +{ + + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) + exit(1); + + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + user_path=`cat conftest.stdpath` +else + user_path="/usr/bin:/bin:/usr/sbin:/sbin" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +# make sure $bindir is in USER_PATH so scp will work + t_bindir="${bindir}" + while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do + t_bindir=`eval echo ${t_bindir}` + case $t_bindir in + NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; + esac + case $t_bindir in + NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; + esac + done + echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 + if test $? -ne 0 ; then + echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 + if test $? -ne 0 ; then + user_path=$user_path:$t_bindir + { $as_echo "$as_me:${as_lineno-$LINENO}: result: Adding $t_bindir to USER_PATH so scp will work" >&5 +$as_echo "Adding $t_bindir to USER_PATH so scp will work" >&6; } + fi + fi + fi + +fi + +if test "x$external_path_file" != "x/etc/login.conf" ; then + +cat >>confdefs.h <<_ACEOF +#define USER_PATH "$user_path" +_ACEOF + + +fi + +# Set superuser path separately to user path + +# Check whether --with-superuser-path was given. +if test "${with_superuser_path+set}" = set; then : + withval=$with_superuser_path; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + +cat >>confdefs.h <<_ACEOF +#define SUPERUSER_PATH "$withval" +_ACEOF + + superuser_path=$withval + fi + + +fi + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5 +$as_echo_n "checking if we need to convert IPv4 in IPv6-mapped addresses... " >&6; } +IPV4_IN6_HACK_MSG="no" + +# Check whether --with-4in6 was given. +if test "${with_4in6+set}" = set; then : + withval=$with_4in6; + if test "x$withval" != "xno" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h + + IPV4_IN6_HACK_MSG="yes" + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + +else + + if test "x$inet6_default_4in6" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (default)" >&5 +$as_echo "yes (default)" >&6; } + $as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h + + IPV4_IN6_HACK_MSG="yes" + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (default)" >&5 +$as_echo "no (default)" >&6; } + fi + + +fi + + +# Whether to enable BSD auth support +BSD_AUTH_MSG=no + +# Check whether --with-bsd-auth was given. +if test "${with_bsd_auth+set}" = set; then : + withval=$with_bsd_auth; + if test "x$withval" != "xno" ; then + +$as_echo "#define BSD_AUTH 1" >>confdefs.h + + BSD_AUTH_MSG=yes + fi + + +fi + + +# Where to place sshd.pid +piddir=/var/run +# make sure the directory exists +if test ! -d $piddir ; then + piddir=`eval echo ${sysconfdir}` + case $piddir in + NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; + esac +fi + + +# Check whether --with-pid-dir was given. +if test "${with_pid_dir+set}" = set; then : + withval=$with_pid_dir; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + piddir=$withval + if test ! -d $piddir ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** no $piddir directory on this system **" >&5 +$as_echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;} + fi + fi + + +fi + + + +cat >>confdefs.h <<_ACEOF +#define _PATH_SSH_PIDDIR "$piddir" +_ACEOF + + + +# Check whether --enable-lastlog was given. +if test "${enable_lastlog+set}" = set; then : + enableval=$enable_lastlog; + if test "x$enableval" = "xno" ; then + $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-utmp was given. +if test "${enable_utmp+set}" = set; then : + enableval=$enable_utmp; + if test "x$enableval" = "xno" ; then + $as_echo "#define DISABLE_UTMP 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-utmpx was given. +if test "${enable_utmpx+set}" = set; then : + enableval=$enable_utmpx; + if test "x$enableval" = "xno" ; then + +$as_echo "#define DISABLE_UTMPX 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-wtmp was given. +if test "${enable_wtmp+set}" = set; then : + enableval=$enable_wtmp; + if test "x$enableval" = "xno" ; then + $as_echo "#define DISABLE_WTMP 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-wtmpx was given. +if test "${enable_wtmpx+set}" = set; then : + enableval=$enable_wtmpx; + if test "x$enableval" = "xno" ; then + +$as_echo "#define DISABLE_WTMPX 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-libutil was given. +if test "${enable_libutil+set}" = set; then : + enableval=$enable_libutil; + if test "x$enableval" = "xno" ; then + $as_echo "#define DISABLE_LOGIN 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-pututline was given. +if test "${enable_pututline+set}" = set; then : + enableval=$enable_pututline; + if test "x$enableval" = "xno" ; then + +$as_echo "#define DISABLE_PUTUTLINE 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-pututxline was given. +if test "${enable_pututxline+set}" = set; then : + enableval=$enable_pututxline; + if test "x$enableval" = "xno" ; then + +$as_echo "#define DISABLE_PUTUTXLINE 1" >>confdefs.h + + fi + + +fi + + +# Check whether --with-lastlog was given. +if test "${with_lastlog+set}" = set; then : + withval=$with_lastlog; + if test "x$withval" = "xno" ; then + $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h + + elif test -n "$withval" && test "x${withval}" != "xyes"; then + conf_lastlog_location=$withval + fi + + +fi + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines LASTLOG_FILE" >&5 +$as_echo_n "checking if your system defines LASTLOG_FILE... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_LASTLOG_H +# include +#endif +#ifdef HAVE_PATHS_H +# include +#endif +#ifdef HAVE_LOGIN_H +# include +#endif + +int +main () +{ + char *lastlog = LASTLOG_FILE; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines _PATH_LASTLOG" >&5 +$as_echo_n "checking if your system defines _PATH_LASTLOG... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_LASTLOG_H +# include +#endif +#ifdef HAVE_PATHS_H +# include +#endif + +int +main () +{ + char *lastlog = _PATH_LASTLOG; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + system_lastlog_path=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test -z "$conf_lastlog_location"; then + if test x"$system_lastlog_path" = x"no" ; then + for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do + if (test -d "$f" || test -f "$f") ; then + conf_lastlog_location=$f + fi + done + if test -z "$conf_lastlog_location"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** Cannot find lastlog **" >&5 +$as_echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;} + fi + fi +fi + +if test -n "$conf_lastlog_location"; then + +cat >>confdefs.h <<_ACEOF +#define CONF_LASTLOG_FILE "$conf_lastlog_location" +_ACEOF + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines UTMP_FILE" >&5 +$as_echo_n "checking if your system defines UTMP_FILE... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_PATHS_H +# include +#endif + +int +main () +{ + char *utmp = UTMP_FILE; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + system_utmp_path=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +if test -z "$conf_utmp_location"; then + if test x"$system_utmp_path" = x"no" ; then + for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do + if test -f $f ; then + conf_utmp_location=$f + fi + done + if test -z "$conf_utmp_location"; then + $as_echo "#define DISABLE_UTMP 1" >>confdefs.h + + fi + fi +fi +if test -n "$conf_utmp_location"; then + +cat >>confdefs.h <<_ACEOF +#define CONF_UTMP_FILE "$conf_utmp_location" +_ACEOF + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMP_FILE" >&5 +$as_echo_n "checking if your system defines WTMP_FILE... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_PATHS_H +# include +#endif + +int +main () +{ + char *wtmp = WTMP_FILE; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + system_wtmp_path=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +if test -z "$conf_wtmp_location"; then + if test x"$system_wtmp_path" = x"no" ; then + for f in /usr/adm/wtmp /var/log/wtmp; do + if test -f $f ; then + conf_wtmp_location=$f + fi + done + if test -z "$conf_wtmp_location"; then + $as_echo "#define DISABLE_WTMP 1" >>confdefs.h + + fi + fi +fi +if test -n "$conf_wtmp_location"; then + +cat >>confdefs.h <<_ACEOF +#define CONF_WTMP_FILE "$conf_wtmp_location" +_ACEOF + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMPX_FILE" >&5 +$as_echo_n "checking if your system defines WTMPX_FILE... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_UTMPX_H +#include +#endif +#ifdef HAVE_PATHS_H +# include +#endif + +int +main () +{ + char *wtmpx = WTMPX_FILE; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + system_wtmpx_path=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +if test -z "$conf_wtmpx_location"; then + if test x"$system_wtmpx_path" = x"no" ; then + $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h + + fi +else + +cat >>confdefs.h <<_ACEOF +#define CONF_WTMPX_FILE "$conf_wtmpx_location" +_ACEOF + +fi + + +if test ! -z "$blibpath" ; then + LDFLAGS="$LDFLAGS $blibflags$blibpath" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 +$as_echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} +fi + +ac_fn_c_check_member "$LINENO" "struct lastlog" "ll_line" "ac_cv_member_struct_lastlog_ll_line" " +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_UTMP_H +#include +#endif +#ifdef HAVE_UTMPX_H +#include +#endif +#ifdef HAVE_LASTLOG_H +#include +#endif + +" +if test "x$ac_cv_member_struct_lastlog_ll_line" = xyes; then : + +else + + if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then + $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h + + fi + +fi + + +ac_fn_c_check_member "$LINENO" "struct utmp" "ut_line" "ac_cv_member_struct_utmp_ut_line" " +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_UTMP_H +#include +#endif +#ifdef HAVE_UTMPX_H +#include +#endif +#ifdef HAVE_LASTLOG_H +#include +#endif + +" +if test "x$ac_cv_member_struct_utmp_ut_line" = xyes; then : + +else + + $as_echo "#define DISABLE_UTMP 1" >>confdefs.h + + $as_echo "#define DISABLE_WTMP 1" >>confdefs.h + + +fi + + +CFLAGS="$CFLAGS $werror_flags" + +if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then + TEST_SSH_IPV6=no +else + TEST_SSH_IPV6=yes +fi +ac_fn_c_check_decl "$LINENO" "BROKEN_GETADDRINFO" "ac_cv_have_decl_BROKEN_GETADDRINFO" "$ac_includes_default" +if test "x$ac_cv_have_decl_BROKEN_GETADDRINFO" = xyes; then : + TEST_SSH_IPV6=no +fi + +TEST_SSH_IPV6=$TEST_SSH_IPV6 + +TEST_MALLOC_OPTIONS=$TEST_MALLOC_OPTIONS + +UNSUPPORTED_ALGORITHMS=$unsupported_algorithms + + + +ac_config_files="$ac_config_files Makefile buildpkg.sh" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by OpenSSH $as_me Portable, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" +config_headers="$ac_config_headers" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Report bugs to ." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +OpenSSH config.status Portable +configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +AWK='$AWK' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "buildpkg.sh") CONFIG_FILES="$CONFIG_FILES buildpkg.sh" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi + ;; + + + esac + +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + +# Print summary of options + +# Someone please show me a better way :) +#A=`eval echo ${prefix}` ; A=`eval echo ${A}` +#B=`eval echo ${bindir}` ; B=`eval echo ${B}` +#C=`eval echo ${sbindir}` ; C=`eval echo ${C}` +#D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` +#E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` +#F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` +#G=`eval echo ${piddir}` ; G=`eval echo ${G}` +#H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` +#I=`eval echo ${user_path}` ; I=`eval echo ${I}` +#J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` +# +#echo "" +#echo "OpenSSH has been configured with the following options:" +#echo " User binaries: $B" +#echo " System binaries: $C" +#echo " Configuration files: $D" +#echo " Askpass program: $E" +#echo " Manual pages: $F" +#echo " PID file: $G" +#echo " Privilege separation chroot path: $H" +#if test "x$external_path_file" = "x/etc/login.conf" ; then +#echo " At runtime, sshd will use the path defined in $external_path_file" +#echo " Make sure the path to scp is present, otherwise scp will not work" +#else +#echo " sshd default user PATH: $I" +# if test ! -z "$external_path_file"; then +#echo " (If PATH is set in $external_path_file it will be used instead. If" +#echo " used, ensure the path to scp is present, otherwise scp will not work.)" +# fi +#fi +#if test ! -z "$superuser_path" ; then +#echo " sshd superuser user PATH: $J" +#fi +#echo " Manpage format: $MANTYPE" +#echo " PAM support: $PAM_MSG" +#echo " OSF SIA support: $SIA_MSG" +#echo " KerberosV support: $KRB5_MSG" +#echo " SELinux support: $SELINUX_MSG" +#echo " Smartcard support: $SCARD_MSG" +#echo " S/KEY support: $SKEY_MSG" +#echo " MD5 password support: $MD5_MSG" +#echo " libedit support: $LIBEDIT_MSG" +#echo " Solaris process contract support: $SPC_MSG" +#echo " Solaris project support: $SP_MSG" +#echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" +#echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" +#echo " BSD Auth support: $BSD_AUTH_MSG" +#echo " Random number source: $RAND_MSG" +#echo " Privsep sandbox style: $SANDBOX_STYLE" +# +#echo "" +# +#echo " Host: ${host}" +#echo " Compiler: ${CC}" +#echo " Compiler flags: ${CFLAGS}" +#echo "Preprocessor flags: ${CPPFLAGS}" +#echo " Linker flags: ${LDFLAGS}" +#echo " Libraries: ${LIBS}" +#if test ! -z "${SSHDLIBS}"; then +#echo " +for sshd: ${SSHDLIBS}" +#fi +#if test ! -z "${SSHLIBS}"; then +#echo " +for ssh: ${SSHLIBS}" +#fi +# +#echo "" +# +#if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then +# echo "SVR4 style packages are supported with \"make package\"" +# echo "" +#fi +# +#if test "x$PAM_MSG" = "xyes" ; then +# echo "PAM is enabled. You may need to install a PAM control file " +# echo "for sshd, otherwise password authentication may fail. " +# echo "Example PAM control files can be found in the contrib/ " +# echo "subdirectory" +# echo "" +#fi +# +#if test ! -z "$NO_PEERCHECK" ; then +# echo "WARNING: the operating system that you are using does not" +# echo "appear to support getpeereid(), getpeerucred() or the" +# echo "SO_PEERCRED getsockopt() option. These facilities are used to" +# echo "enforce security checks to prevent unauthorised connections to" +# echo "ssh-agent. Their absence increases the risk that a malicious" +# echo "user can connect to your agent." +# echo "" +#fi +# +#if test "$AUDIT_MODULE" = "bsm" ; then +# echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." +# echo "See the Solaris section in README.platform for details." +#fi diff --git a/include/DomainExec/opensshlib/configure.ac b/include/DomainExec/opensshlib/configure.ac new file mode 100644 index 00000000..3961df48 --- /dev/null +++ b/include/DomainExec/opensshlib/configure.ac @@ -0,0 +1,4989 @@ +# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ +# +# Copyright (c) 1999-2004 Damien Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) +AC_REVISION($Revision: 1.583 $) +AC_CONFIG_SRCDIR([ssh.c]) +AC_LANG([C]) + +AC_CONFIG_HEADER([config.h]) +AC_PROG_CC +AC_CANONICAL_HOST +AC_C_BIGENDIAN + +# Checks for programs. +AC_PROG_AWK +AC_PROG_CPP +AC_PROG_RANLIB +AC_PROG_INSTALL +AC_PROG_EGREP +AC_CHECK_TOOLS([AR], [ar]) +AC_PATH_PROG([CAT], [cat]) +AC_PATH_PROG([KILL], [kill]) +AC_PATH_PROGS([PERL], [perl5 perl]) +AC_PATH_PROG([SED], [sed]) +AC_SUBST([PERL]) +AC_PATH_PROG([ENT], [ent]) +AC_SUBST([ENT]) +AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) +AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) +AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) +AC_PATH_PROG([SH], [sh]) +AC_PATH_PROG([GROFF], [groff]) +AC_PATH_PROG([NROFF], [nroff]) +AC_PATH_PROG([MANDOC], [mandoc]) +AC_SUBST([TEST_SHELL], [sh]) + +dnl select manpage formatter +if test "x$MANDOC" != "x" ; then + MANFMT="$MANDOC" +elif test "x$NROFF" != "x" ; then + MANFMT="$NROFF -mandoc" +elif test "x$GROFF" != "x" ; then + MANFMT="$GROFF -mandoc -Tascii" +else + AC_MSG_WARN([no manpage formatted found]) + MANFMT="false" +fi +AC_SUBST([MANFMT]) + +dnl for buildpkg.sh +AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], + [/usr/sbin${PATH_SEPARATOR}/etc]) +AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], + [/usr/sbin${PATH_SEPARATOR}/etc]) +AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) +if test -x /sbin/sh; then + AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) +else + AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) +fi + +# System features +AC_SYS_LARGEFILE + +if test -z "$AR" ; then + AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) +fi + +# Use LOGIN_PROGRAM from environment if possible +if test ! -z "$LOGIN_PROGRAM" ; then + AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], + [If your header files don't define LOGIN_PROGRAM, + then use this (detected) from environment and PATH]) +else + # Search for login + AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) + if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then + AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) + fi +fi + +AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) +if test ! -z "$PATH_PASSWD_PROG" ; then + AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], + [Full path of your "passwd" program]) +fi + +if test -z "$LD" ; then + LD=$CC +fi +AC_SUBST([LD]) + +AC_C_INLINE + +AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include ]) +AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ + #include + #include + #include +]) +AC_CHECK_DECL([RLIMIT_NPROC], + [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ + #include + #include +]) +AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ + #include + #include +]) + +openssl=yes +ssh1=no +AC_ARG_WITH([openssl], + [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], + [ if test "x$withval" = "xno" ; then + openssl=no + ssh1=no + fi + ] +) +AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) +if test "x$openssl" = "xyes" ; then + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) +else + AC_MSG_RESULT([no]) +fi + +AC_ARG_WITH([ssh1], + [ --without-ssh1 Enable support for SSH protocol 1], + [ + if test "x$withval" = "xyes" ; then + if test "x$openssl" = "xno" ; then + AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) + fi + ssh1=yes + elif test "x$withval" = "xno" ; then + ssh1=no + else + AC_MSG_ERROR([unknown --with-ssh1 argument]) + fi + ] +) +AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) +if test "x$ssh1" = "xyes" ; then + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) +else + AC_MSG_RESULT([no]) +fi + +use_stack_protector=1 +use_toolchain_hardening=1 +AC_ARG_WITH([stackprotect], + [ --without-stackprotect Don't use compiler's stack protection], [ + if test "x$withval" = "xno"; then + use_stack_protector=0 + fi ]) +AC_ARG_WITH([hardening], + [ --without-hardening Don't use toolchain hardening flags], [ + if test "x$withval" = "xno"; then + use_toolchain_hardening=0 + fi ]) + +# We use -Werror for the tests only so that we catch warnings like "this is +# on by default" for things like -fPIE. +AC_MSG_CHECKING([if $CC supports -Werror]) +saved_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Werror" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], + [ AC_MSG_RESULT([yes]) + WERROR="-Werror"], + [ AC_MSG_RESULT([no]) + WERROR="" ] +) +CFLAGS="$saved_CFLAGS" + +if test "$GCC" = "yes" || test "$GCC" = "egcs"; then + OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) + OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) + OSSH_CHECK_CFLAG_COMPILE([-Wall]) + OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) + OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) + OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) + OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) + OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) + OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) + OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) + OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) + OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) + if test "x$use_toolchain_hardening" = "x1"; then + OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) + OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) + OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) + # NB. -ftrapv expects certain support functions to be present in + # the compiler library (libgcc or similar) to detect integer operations + # that can overflow. We must check that the result of enabling it + # actually links. The test program compiled/linked includes a number + # of integer operations that should exercise this. + OSSH_CHECK_CFLAG_LINK([-ftrapv]) + fi + AC_MSG_CHECKING([gcc version]) + GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` + case $GCC_VER in + 1.*) no_attrib_nonnull=1 ;; + 2.8* | 2.9*) + no_attrib_nonnull=1 + ;; + 2.*) no_attrib_nonnull=1 ;; + *) ;; + esac + AC_MSG_RESULT([$GCC_VER]) + + AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fno-builtin-memset" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ char b[10]; memset(b, 0, sizeof(b)); ]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" ] + ) + + # -fstack-protector-all doesn't always work for some GCC versions + # and/or platforms, so we test if we can. If it's not supported + # on a given platform gcc will emit a warning so we use -Werror. + if test "x$use_stack_protector" = "x1"; then + for t in -fstack-protector-strong -fstack-protector-all \ + -fstack-protector; do + AC_MSG_CHECKING([if $CC supports $t]) + saved_CFLAGS="$CFLAGS" + saved_LDFLAGS="$LDFLAGS" + CFLAGS="$CFLAGS $t -Werror" + LDFLAGS="$LDFLAGS $t -Werror" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ #include ]], + [[ + char x[256]; + snprintf(x, sizeof(x), "XXX"); + ]])], + [ AC_MSG_RESULT([yes]) + CFLAGS="$saved_CFLAGS $t" + LDFLAGS="$saved_LDFLAGS $t" + AC_MSG_CHECKING([if $t works]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ #include ]], + [[ + char x[256]; + snprintf(x, sizeof(x), "XXX"); + ]])], + [ AC_MSG_RESULT([yes]) + break ], + [ AC_MSG_RESULT([no]) ], + [ AC_MSG_WARN([cross compiling: cannot test]) + break ] + ) + ], + [ AC_MSG_RESULT([no]) ] + ) + CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" + done + fi + + if test -z "$have_llong_max"; then + # retry LLONG_MAX with -std=gnu99, needed on some Linuxes + unset ac_cv_have_decl_LLONG_MAX + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -std=gnu99" + AC_CHECK_DECL([LLONG_MAX], + [have_llong_max=1], + [CFLAGS="$saved_CFLAGS"], + [#include ] + ) + fi +fi + +AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[ +#include +__attribute__((__unused__)) static void foo(void){return;}]], + [[ exit(0); ]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, + [compiler does not accept __attribute__ on return types]) ] +) + +if test "x$no_attrib_nonnull" != "x1" ; then + AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) +fi + +AC_ARG_WITH([rpath], + [ --without-rpath Disable auto-added -R linker paths], + [ + if test "x$withval" = "xno" ; then + need_dash_r="" + fi + if test "x$withval" = "xyes" ; then + need_dash_r=1 + fi + ] +) + +# Allow user to specify flags +AC_ARG_WITH([cflags], + [ --with-cflags Specify additional flags to pass to compiler], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CFLAGS="$CFLAGS $withval" + fi + ] +) +AC_ARG_WITH([cppflags], + [ --with-cppflags Specify additional flags to pass to preprocessor] , + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CPPFLAGS="$CPPFLAGS $withval" + fi + ] +) +AC_ARG_WITH([ldflags], + [ --with-ldflags Specify additional flags to pass to linker], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LDFLAGS="$LDFLAGS $withval" + fi + ] +) +AC_ARG_WITH([libs], + [ --with-libs Specify additional libraries to link with], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LIBS="$LIBS $withval" + fi + ] +) +AC_ARG_WITH([Werror], + [ --with-Werror Build main code with -Werror], + [ + if test -n "$withval" && test "x$withval" != "xno"; then + werror_flags="-Werror" + if test "x${withval}" != "xyes"; then + werror_flags="$withval" + fi + fi + ] +) + +AC_CHECK_HEADERS([ \ + blf.h \ + bstring.h \ + crypt.h \ + crypto/sha2.h \ + dirent.h \ + endian.h \ + elf.h \ + features.h \ + fcntl.h \ + floatingpoint.h \ + getopt.h \ + glob.h \ + ia.h \ + iaf.h \ + inttypes.h \ + limits.h \ + locale.h \ + login.h \ + maillock.h \ + ndir.h \ + net/if_tun.h \ + netdb.h \ + netgroup.h \ + pam/pam_appl.h \ + paths.h \ + poll.h \ + pty.h \ + readpassphrase.h \ + rpc/types.h \ + security/pam_appl.h \ + sha2.h \ + shadow.h \ + stddef.h \ + stdint.h \ + string.h \ + strings.h \ + sys/audit.h \ + sys/bitypes.h \ + sys/bsdtty.h \ + sys/capability.h \ + sys/cdefs.h \ + sys/dir.h \ + sys/mman.h \ + sys/ndir.h \ + sys/poll.h \ + sys/prctl.h \ + sys/pstat.h \ + sys/select.h \ + sys/stat.h \ + sys/stream.h \ + sys/stropts.h \ + sys/strtio.h \ + sys/statvfs.h \ + sys/sysmacros.h \ + sys/time.h \ + sys/timers.h \ + time.h \ + tmpdir.h \ + ttyent.h \ + ucred.h \ + unistd.h \ + usersec.h \ + util.h \ + utime.h \ + utmp.h \ + utmpx.h \ + vis.h \ +]) + +# lastlog.h requires sys/time.h to be included first on Solaris +AC_CHECK_HEADERS([lastlog.h], [], [], [ +#ifdef HAVE_SYS_TIME_H +# include +#endif +]) + +# sys/ptms.h requires sys/stream.h to be included first on Solaris +AC_CHECK_HEADERS([sys/ptms.h], [], [], [ +#ifdef HAVE_SYS_STREAM_H +# include +#endif +]) + +# login_cap.h requires sys/types.h on NetBSD +AC_CHECK_HEADERS([login_cap.h], [], [], [ +#include +]) + +# older BSDs need sys/param.h before sys/mount.h +AC_CHECK_HEADERS([sys/mount.h], [], [], [ +#include +]) + +# Android requires sys/socket.h to be included before sys/un.h +AC_CHECK_HEADERS([sys/un.h], [], [], [ +#include +#include +]) + +# Messages for features tested for in target-specific section +SIA_MSG="no" +SPC_MSG="no" +SP_MSG="no" + +# Check for some target-specific stuff +case "$host" in +*-*-aix*) + # Some versions of VAC won't allow macro redefinitions at + # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that + # particularly with older versions of vac or xlc. + # It also throws errors about null macro argments, but these are + # not fatal. + AC_MSG_CHECKING([if compiler allows macro redefinitions]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[ +#define testmacro foo +#define testmacro bar]], + [[ exit(0); ]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" + LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" + CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" + CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" + ] + ) + + AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) + if (test -z "$blibpath"); then + blibpath="/usr/lib:/lib" + fi + saved_LDFLAGS="$LDFLAGS" + if test "$GCC" = "yes"; then + flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" + else + flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," + fi + for tryflags in $flags ;do + if (test -z "$blibflags"); then + LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], + [blibflags=$tryflags], []) + fi + done + if (test -z "$blibflags"); then + AC_MSG_RESULT([not found]) + AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) + else + AC_MSG_RESULT([$blibflags]) + fi + LDFLAGS="$saved_LDFLAGS" + dnl Check for authenticate. Might be in libs.a on older AIXes + AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], + [Define if you want to enable AIX4's authenticate function])], + [AC_CHECK_LIB([s], [authenticate], + [ AC_DEFINE([WITH_AIXAUTHENTICATE]) + LIBS="$LIBS -ls" + ]) + ]) + dnl Check for various auth function declarations in headers. + AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, + passwdexpired, setauthdb], , , [#include ]) + dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) + AC_CHECK_DECLS([loginfailed], + [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ (void)loginfailed("user","host","tty",0); ]])], + [AC_MSG_RESULT([yes]) + AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], + [Define if your AIX loginfailed() function + takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) + ])], + [], + [#include ] + ) + AC_CHECK_FUNCS([getgrset setauthdb]) + AC_CHECK_DECL([F_CLOSEM], + AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), + [], + [ #include + #include ] + ) + check_for_aix_broken_getaddrinfo=1 + AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) + AC_DEFINE([SETEUID_BREAKS_SETUID], [1], + [Define if your platform breaks doing a seteuid before a setuid]) + AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) + AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) + dnl AIX handles lastlog as part of its login message + AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) + AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], + [Some systems need a utmpx entry for /bin/login to work]) + AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], + [Define to a Set Process Title type if your system is + supported by bsd-setproctitle.c]) + AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], + [AIX 5.2 and 5.3 (and presumably newer) require this]) + AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) + AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) + ;; +*-*-android*) + AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) + AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) + ;; +*-*-cygwin*) + check_for_libcrypt_later=1 + LIBS="$LIBS /usr/lib/textreadmode.o" + AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) + AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) + AC_DEFINE([DISABLE_SHADOW], [1], + [Define if you want to disable shadow passwords]) + AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], + [Define if X11 doesn't support AF_UNIX sockets on that system]) + AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], + [Define if the concept of ports only accessible to + superusers isn't known]) + AC_DEFINE([DISABLE_FD_PASSING], [1], + [Define if your platform needs to skip post auth + file descriptor passing]) + AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) + AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) + # Cygwin defines optargs, optargs as declspec(dllimport) for historical + # reasons which cause compile warnings, so we disable those warnings. + OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) + ;; +*-*-dgux*) + AC_DEFINE([IP_TOS_IS_BROKEN], [1], + [Define if your system choked on IP TOS setting]) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + ;; +*-*-darwin*) + use_pie=auto + AC_MSG_CHECKING([if we have working getaddrinfo]) + AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include +main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) + exit(0); + else + exit(1); +} + ]])], + [AC_MSG_RESULT([working])], + [AC_MSG_RESULT([buggy]) + AC_DEFINE([BROKEN_GETADDRINFO], [1], + [getaddrinfo is broken (if present)]) + ], + [AC_MSG_RESULT([assume it is working])]) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) + AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], + [Define if your resolver libs need this for getrrsetbyname]) + AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) + AC_DEFINE([SSH_TUN_COMPAT_AF], [1], + [Use tunnel device compatibility to OpenBSD]) + AC_DEFINE([SSH_TUN_PREPEND_AF], [1], + [Prepend the address family to IP tunnel traffic]) + m4_pattern_allow([AU_IPv]) + AC_CHECK_DECL([AU_IPv4], [], + AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) + [#include ] + AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], + [Define if pututxline updates lastlog too]) + ) + AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], + [Define to a Set Process Title type if your system is + supported by bsd-setproctitle.c]) + AC_CHECK_FUNCS([sandbox_init]) + AC_CHECK_HEADERS([sandbox.h]) + ;; +*-*-dragonfly*) + SSHDLIBS="$SSHDLIBS -lcrypt" + TEST_MALLOC_OPTIONS="AFGJPRX" + ;; +*-*-haiku*) + LIBS="$LIBS -lbsd " + AC_CHECK_LIB([network], [socket]) + AC_DEFINE([HAVE_U_INT64_T]) + MANTYPE=man + ;; +*-*-hpux*) + # first we define all of the options common to all HP-UX releases + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" + IPADDR_IN_DISPLAY=yes + AC_DEFINE([USE_PIPES]) + AC_DEFINE([LOGIN_NO_ENDOPT], [1], + [Define if your login program cannot handle end of options ("--")]) + AC_DEFINE([LOGIN_NEEDS_UTMPX]) + AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], + [String used in /etc/passwd to denote locked account]) + AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) + AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) + maildir="/var/mail" + LIBS="$LIBS -lsec" + AC_CHECK_LIB([xnet], [t_error], , + [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) + + # next, we define all of the options specific to major releases + case "$host" in + *-*-hpux10*) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -Ae" + fi + ;; + *-*-hpux11*) + AC_DEFINE([PAM_SUN_CODEBASE], [1], + [Define if you are using Solaris-derived PAM which + passes pam_messages to the conversation function + with an extra level of indirection]) + AC_DEFINE([DISABLE_UTMP], [1], + [Define if you don't want to use utmp]) + AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) + check_for_hpux_broken_getaddrinfo=1 + check_for_conflicting_getspnam=1 + ;; + esac + + # lastly, we define options specific to minor releases + case "$host" in + *-*-hpux10.26) + AC_DEFINE([HAVE_SECUREWARE], [1], + [Define if you have SecureWare-based + protected password database]) + disable_ptmx_check=yes + LIBS="$LIBS -lsecpw" + ;; + esac + ;; +*-*-irix5*) + PATH="$PATH:/usr/etc" + AC_DEFINE([BROKEN_INET_NTOA], [1], + [Define if you system's inet_ntoa is busted + (e.g. Irix gcc issue)]) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + AC_DEFINE([WITH_ABBREV_NO_TTY], [1], + [Define if you shouldn't strip 'tty' from your + ttyname in [uw]tmp]) + AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) + ;; +*-*-irix6*) + PATH="$PATH:/usr/etc" + AC_DEFINE([WITH_IRIX_ARRAY], [1], + [Define if you have/want arrays + (cluster-wide session managment, not C arrays)]) + AC_DEFINE([WITH_IRIX_PROJECT], [1], + [Define if you want IRIX project management]) + AC_DEFINE([WITH_IRIX_AUDIT], [1], + [Define if you want IRIX audit trails]) + AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], + [Define if you want IRIX kernel jobs])]) + AC_DEFINE([BROKEN_INET_NTOA]) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) + AC_DEFINE([WITH_ABBREV_NO_TTY]) + AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) + ;; +*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) + check_for_libcrypt_later=1 + AC_DEFINE([PAM_TTY_KLUDGE]) + AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) + AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) + AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) + AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) + ;; +*-*-linux*) + no_dev_ptmx=1 + use_pie=auto + check_for_libcrypt_later=1 + check_for_openpty_ctty_bug=1 + AC_DEFINE([PAM_TTY_KLUDGE], [1], + [Work around problematic Linux PAM modules handling of PAM_TTY]) + AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], + [String used in /etc/passwd to denote locked account]) + AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) + AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], + [Define to whatever link() returns for "not supported" + if it doesn't return EOPNOTSUPP.]) + AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) + AC_DEFINE([USE_BTMP]) + AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) + inet6_default_4in6=yes + case `uname -r` in + 1.*|2.0.*) + AC_DEFINE([BROKEN_CMSG_TYPE], [1], + [Define if cmsg_type is not passed correctly]) + ;; + esac + # tun(4) forwarding compat code + AC_CHECK_HEADERS([linux/if_tun.h]) + if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then + AC_DEFINE([SSH_TUN_LINUX], [1], + [Open tunnel devices the Linux tun/tap way]) + AC_DEFINE([SSH_TUN_COMPAT_AF], [1], + [Use tunnel device compatibility to OpenBSD]) + AC_DEFINE([SSH_TUN_PREPEND_AF], [1], + [Prepend the address family to IP tunnel traffic]) + fi + AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], + [], [#include ]) + AC_CHECK_FUNCS([prctl]) + AC_MSG_CHECKING([for seccomp architecture]) + seccomp_audit_arch= + case "$host" in + x86_64-*) + seccomp_audit_arch=AUDIT_ARCH_X86_64 + ;; + i*86-*) + seccomp_audit_arch=AUDIT_ARCH_I386 + ;; + arm*-*) + seccomp_audit_arch=AUDIT_ARCH_ARM + ;; + aarch64*-*) + seccomp_audit_arch=AUDIT_ARCH_AARCH64 + ;; + esac + if test "x$seccomp_audit_arch" != "x" ; then + AC_MSG_RESULT(["$seccomp_audit_arch"]) + AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], + [Specify the system call convention in use]) + else + AC_MSG_RESULT([architecture not supported]) + fi + ;; +mips-sony-bsd|mips-sony-newsos4) + AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) + SONY=1 + ;; +*-*-netbsd*) + check_for_libcrypt_before=1 + if test "x$withval" != "xno" ; then + need_dash_r=1 + fi + AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) + AC_CHECK_HEADER([net/if_tap.h], , + AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) + AC_DEFINE([SSH_TUN_PREPEND_AF], [1], + [Prepend the address family to IP tunnel traffic]) + TEST_MALLOC_OPTIONS="AJRX" + AC_DEFINE([BROKEN_STRNVIS], [1], + [NetBSD strnvis argument order is swapped compared to OpenBSD]) + AC_DEFINE([BROKEN_READ_COMPARISON], [1], + [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) + ;; +*-*-freebsd*) + check_for_libcrypt_later=1 + AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) + AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) + AC_CHECK_HEADER([net/if_tap.h], , + AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) + AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) + AC_DEFINE([BROKEN_STRNVIS], [1], + [FreeBSD strnvis argument order is swapped compared to OpenBSD]) + TEST_MALLOC_OPTIONS="AJRX" + # Preauth crypto occasionally uses file descriptors for crypto offload + # and will crash if they cannot be opened. + AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], + [define if setrlimit RLIMIT_NOFILE breaks things]) + ;; +*-*-bsdi*) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + ;; +*-next-*) + conf_lastlog_location="/usr/adm/lastlog" + conf_utmp_location=/etc/utmp + conf_wtmp_location=/usr/adm/wtmp + maildir=/usr/spool/mail + AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) + AC_DEFINE([BROKEN_REALPATH]) + AC_DEFINE([USE_PIPES]) + AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) + ;; +*-*-openbsd*) + use_pie=auto + AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) + AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) + AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) + AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], + [syslog_r function is safe to use in in a signal handler]) + TEST_MALLOC_OPTIONS="AFGJPRX" + ;; +*-*-solaris*) + if test "x$withval" != "xno" ; then + need_dash_r=1 + fi + AC_DEFINE([PAM_SUN_CODEBASE]) + AC_DEFINE([LOGIN_NEEDS_UTMPX]) + AC_DEFINE([LOGIN_NEEDS_TERM], [1], + [Some versions of /bin/login need the TERM supplied + on the commandline]) + AC_DEFINE([PAM_TTY_KLUDGE]) + AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], + [Define if pam_chauthtok wants real uid set + to the unpriv'ed user]) + AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) + # Pushing STREAMS modules will cause sshd to acquire a controlling tty. + AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], + [Define if sshd somehow reacquires a controlling TTY + after setsid()]) + AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd + in case the name is longer than 8 chars]) + AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) + external_path_file=/etc/default/login + # hardwire lastlog location (can't detect it on some versions) + conf_lastlog_location="/var/adm/lastlog" + AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) + sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` + if test "$sol2ver" -ge 8; then + AC_MSG_RESULT([yes]) + AC_DEFINE([DISABLE_UTMP]) + AC_DEFINE([DISABLE_WTMP], [1], + [Define if you don't want to use wtmp]) + else + AC_MSG_RESULT([no]) + fi + AC_ARG_WITH([solaris-contracts], + [ --with-solaris-contracts Enable Solaris process contracts (experimental)], + [ + AC_CHECK_LIB([contract], [ct_tmpl_activate], + [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], + [Define if you have Solaris process contracts]) + SSHDLIBS="$SSHDLIBS -lcontract" + SPC_MSG="yes" ], ) + ], + ) + AC_ARG_WITH([solaris-projects], + [ --with-solaris-projects Enable Solaris projects (experimental)], + [ + AC_CHECK_LIB([project], [setproject], + [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], + [Define if you have Solaris projects]) + SSHDLIBS="$SSHDLIBS -lproject" + SP_MSG="yes" ], ) + ], + ) + TEST_SHELL=$SHELL # let configure find us a capable shell + ;; +*-*-sunos4*) + CPPFLAGS="$CPPFLAGS -DSUNOS4" + AC_CHECK_FUNCS([getpwanam]) + AC_DEFINE([PAM_SUN_CODEBASE]) + conf_utmp_location=/etc/utmp + conf_wtmp_location=/var/adm/wtmp + conf_lastlog_location=/var/adm/lastlog + AC_DEFINE([USE_PIPES]) + ;; +*-ncr-sysv*) + LIBS="$LIBS -lc89" + AC_DEFINE([USE_PIPES]) + AC_DEFINE([SSHD_ACQUIRES_CTTY]) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + ;; +*-sni-sysv*) + # /usr/ucblib MUST NOT be searched on ReliantUNIX + AC_CHECK_LIB([dl], [dlsym], ,) + # -lresolv needs to be at the end of LIBS or DNS lookups break + AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) + IPADDR_IN_DISPLAY=yes + AC_DEFINE([USE_PIPES]) + AC_DEFINE([IP_TOS_IS_BROKEN]) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + AC_DEFINE([SSHD_ACQUIRES_CTTY]) + external_path_file=/etc/default/login + # /usr/ucblib/libucb.a no longer needed on ReliantUNIX + # Attention: always take care to bind libsocket and libnsl before libc, + # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog + ;; +# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. +*-*-sysv4.2*) + AC_DEFINE([USE_PIPES]) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) + AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) + TEST_SHELL=$SHELL # let configure find us a capable shell + ;; +# UnixWare 7.x, OpenUNIX 8 +*-*-sysv5*) + CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" + AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) + AC_DEFINE([USE_PIPES]) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_GETADDRINFO]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + AC_DEFINE([PASSWD_NEEDS_USERNAME]) + TEST_SHELL=$SHELL # let configure find us a capable shell + case "$host" in + *-*-sysv5SCO_SV*) # SCO OpenServer 6.x + maildir=/var/spool/mail + AC_DEFINE([BROKEN_LIBIAF], [1], + [ia_uinfo routines not supported by OS yet]) + AC_DEFINE([BROKEN_UPDWTMPX]) + AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" + AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) + AC_DEFINE([HAVE_SECUREWARE]) + AC_DEFINE([DISABLE_SHADOW]) + ], , ) + ;; + *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) + check_for_libcrypt_later=1 + ;; + esac + ;; +*-*-sysv*) + ;; +# SCO UNIX and OEM versions of SCO UNIX +*-*-sco3.2v4*) + AC_MSG_ERROR("This Platform is no longer supported.") + ;; +# SCO OpenServer 5.x +*-*-sco3.2v5*) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -belf" + fi + LIBS="$LIBS -lprot -lx -ltinfo -lm" + no_dev_ptmx=1 + AC_DEFINE([USE_PIPES]) + AC_DEFINE([HAVE_SECUREWARE]) + AC_DEFINE([DISABLE_SHADOW]) + AC_DEFINE([DISABLE_FD_PASSING]) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_GETADDRINFO]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + AC_DEFINE([WITH_ABBREV_NO_TTY]) + AC_DEFINE([BROKEN_UPDWTMPX]) + AC_DEFINE([PASSWD_NEEDS_USERNAME]) + AC_CHECK_FUNCS([getluid setluid]) + MANTYPE=man + TEST_SHELL=$SHELL # let configure find us a capable shell + SKIP_DISABLE_LASTLOG_DEFINE=yes + ;; +*-*-unicosmk*) + AC_DEFINE([NO_SSH_LASTLOG], [1], + [Define if you don't want to use lastlog in session.c]) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + AC_DEFINE([USE_PIPES]) + AC_DEFINE([DISABLE_FD_PASSING]) + LDFLAGS="$LDFLAGS" + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" + MANTYPE=cat + ;; +*-*-unicosmp*) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + AC_DEFINE([WITH_ABBREV_NO_TTY]) + AC_DEFINE([USE_PIPES]) + AC_DEFINE([DISABLE_FD_PASSING]) + LDFLAGS="$LDFLAGS" + LIBS="$LIBS -lgen -lacid -ldb" + MANTYPE=cat + ;; +*-*-unicos*) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + AC_DEFINE([USE_PIPES]) + AC_DEFINE([DISABLE_FD_PASSING]) + AC_DEFINE([NO_SSH_LASTLOG]) + LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" + MANTYPE=cat + ;; +*-dec-osf*) + AC_MSG_CHECKING([for Digital Unix SIA]) + no_osfsia="" + AC_ARG_WITH([osfsia], + [ --with-osfsia Enable Digital Unix SIA], + [ + if test "x$withval" = "xno" ; then + AC_MSG_RESULT([disabled]) + no_osfsia=1 + fi + ], + ) + if test -z "$no_osfsia" ; then + if test -f /etc/sia/matrix.conf; then + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_OSF_SIA], [1], + [Define if you have Digital Unix Security + Integration Architecture]) + AC_DEFINE([DISABLE_LOGIN], [1], + [Define if you don't want to use your + system's login() call]) + AC_DEFINE([DISABLE_FD_PASSING]) + LIBS="$LIBS -lsecurity -ldb -lm -laud" + SIA_MSG="yes" + else + AC_MSG_RESULT([no]) + AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], + [String used in /etc/passwd to denote locked account]) + fi + fi + AC_DEFINE([BROKEN_GETADDRINFO]) + AC_DEFINE([SETEUID_BREAKS_SETUID]) + AC_DEFINE([BROKEN_SETREUID]) + AC_DEFINE([BROKEN_SETREGID]) + AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) + ;; + +*-*-nto-qnx*) + AC_DEFINE([USE_PIPES]) + AC_DEFINE([NO_X11_UNIX_SOCKETS]) + AC_DEFINE([DISABLE_LASTLOG]) + AC_DEFINE([SSHD_ACQUIRES_CTTY]) + AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) + enable_etc_default_login=no # has incompatible /etc/default/login + case "$host" in + *-*-nto-qnx6*) + AC_DEFINE([DISABLE_FD_PASSING]) + ;; + esac + ;; + +*-*-ultrix*) + AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) + AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) + AC_DEFINE([NEED_SETPGRP]) + AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) + ;; + +*-*-lynxos) + CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" + AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) + ;; +esac + +AC_MSG_CHECKING([compiler and flags for sanity]) +AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ exit(0); ]])], + [ AC_MSG_RESULT([yes]) ], + [ + AC_MSG_RESULT([no]) + AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) + ], + [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] +) + +dnl Checks for header files. +# Checks for libraries. +AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) +AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) + +dnl IRIX and Solaris 2.5.1 have dirname() in libgen +AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ + AC_CHECK_LIB([gen], [dirname], [ + AC_CACHE_CHECK([for broken dirname], + ac_cv_have_broken_dirname, [ + save_LIBS="$LIBS" + LIBS="$LIBS -lgen" + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ +#include +#include + +int main(int argc, char **argv) { + char *s, buf[32]; + + strncpy(buf,"/etc", 32); + s = dirname(buf); + if (!s || strncmp(s, "/", 32) != 0) { + exit(1); + } else { + exit(0); + } +} + ]])], + [ ac_cv_have_broken_dirname="no" ], + [ ac_cv_have_broken_dirname="yes" ], + [ ac_cv_have_broken_dirname="no" ], + ) + LIBS="$save_LIBS" + ]) + if test "x$ac_cv_have_broken_dirname" = "xno" ; then + LIBS="$LIBS -lgen" + AC_DEFINE([HAVE_DIRNAME]) + AC_CHECK_HEADERS([libgen.h]) + fi + ]) +]) + +AC_CHECK_FUNC([getspnam], , + [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) +AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], + [Define if you have the basename function.])]) + +dnl zlib is required +AC_ARG_WITH([zlib], + [ --with-zlib=PATH Use zlib in PATH], + [ if test "x$withval" = "xno" ; then + AC_MSG_ERROR([*** zlib is required ***]) + elif test "x$withval" != "xyes"; then + if test -d "$withval/lib"; then + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + else + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" + else + LDFLAGS="-L${withval} ${LDFLAGS}" + fi + fi + if test -d "$withval/include"; then + CPPFLAGS="-I${withval}/include ${CPPFLAGS}" + else + CPPFLAGS="-I${withval} ${CPPFLAGS}" + fi + fi ] +) + +AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) +AC_CHECK_LIB([z], [deflate], , + [ + saved_CPPFLAGS="$CPPFLAGS" + saved_LDFLAGS="$LDFLAGS" + save_LIBS="$LIBS" + dnl Check default zlib install dir + if test -n "${need_dash_r}"; then + LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" + else + LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" + fi + CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" + LIBS="$LIBS -lz" + AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], + [ + AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) + ] + ) + ] +) + +AC_ARG_WITH([zlib-version-check], + [ --without-zlib-version-check Disable zlib version check], + [ if test "x$withval" = "xno" ; then + zlib_check_nonfatal=1 + fi + ] +) + +AC_MSG_CHECKING([for possibly buggy zlib]) +AC_RUN_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#include + ]], + [[ + int a=0, b=0, c=0, d=0, n, v; + n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); + if (n != 3 && n != 4) + exit(1); + v = a*1000000 + b*10000 + c*100 + d; + fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); + + /* 1.1.4 is OK */ + if (a == 1 && b == 1 && c >= 4) + exit(0); + + /* 1.2.3 and up are OK */ + if (v >= 1020300) + exit(0); + + exit(2); + ]])], + AC_MSG_RESULT([no]), + [ AC_MSG_RESULT([yes]) + if test -z "$zlib_check_nonfatal" ; then + AC_MSG_ERROR([*** zlib too old - check config.log *** +Your reported zlib version has known security problems. It's possible your +vendor has fixed these problems without changing the version number. If you +are sure this is the case, you can disable the check by running +"./configure --without-zlib-version-check". +If you are in doubt, upgrade zlib to version 1.2.3 or greater. +See http://www.gzip.org/zlib/ for details.]) + else + AC_MSG_WARN([zlib version may have security problems]) + fi + ], + [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] +) + +dnl UnixWare 2.x +AC_CHECK_FUNC([strcasecmp], + [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] +) +AC_CHECK_FUNCS([utimes], + [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) + LIBS="$LIBS -lc89"]) ] +) + +dnl Checks for libutil functions +AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) +AC_SEARCH_LIBS([fmt_scaled], [util bsd]) +AC_SEARCH_LIBS([scan_scaled], [util bsd]) +AC_SEARCH_LIBS([login], [util bsd]) +AC_SEARCH_LIBS([logout], [util bsd]) +AC_SEARCH_LIBS([logwtmp], [util bsd]) +AC_SEARCH_LIBS([openpty], [util bsd]) +AC_SEARCH_LIBS([updwtmp], [util bsd]) +AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) + +# On some platforms, inet_ntop may be found in libresolv or libnsl. +AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) + +AC_FUNC_STRFTIME + +# Check for ALTDIRFUNC glob() extension +AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) +AC_EGREP_CPP([FOUNDIT], + [ + #include + #ifdef GLOB_ALTDIRFUNC + FOUNDIT + #endif + ], + [ + AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], + [Define if your system glob() function has + the GLOB_ALTDIRFUNC extension]) + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + ] +) + +# Check for g.gl_matchc glob() extension +AC_MSG_CHECKING([for gl_matchc field in glob_t]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ glob_t g; g.gl_matchc = 1; ]])], + [ + AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], + [Define if your system glob() function has + gl_matchc options in glob_t]) + AC_MSG_RESULT([yes]) + ], [ + AC_MSG_RESULT([no]) +]) + +# Check for g.gl_statv glob() extension +AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ +#ifndef GLOB_KEEPSTAT +#error "glob does not support GLOB_KEEPSTAT extension" +#endif +glob_t g; +g.gl_statv = NULL; +]])], + [ + AC_DEFINE([GLOB_HAS_GL_STATV], [1], + [Define if your system glob() function has + gl_statv options in glob_t]) + AC_MSG_RESULT([yes]) + ], [ + AC_MSG_RESULT([no]) + +]) + +AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include ]) + +AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) +AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include ]], + [[ + struct dirent d; + exit(sizeof(d.d_name)<=sizeof(char)); + ]])], + [AC_MSG_RESULT([yes])], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], + [Define if your struct dirent expects you to + allocate extra space for d_name]) + ], + [ + AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) + AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) + ] +) + +AC_MSG_CHECKING([for /proc/pid/fd directory]) +if test -d "/proc/$$/fd" ; then + AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) + AC_MSG_RESULT([yes]) +else + AC_MSG_RESULT([no]) +fi + +# Check whether user wants S/Key support +SKEY_MSG="no" +AC_ARG_WITH([skey], + [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], + [ + if test "x$withval" != "xno" ; then + + if test "x$withval" != "xyes" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + fi + + AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) + LIBS="-lskey $LIBS" + SKEY_MSG="yes" + + AC_MSG_CHECKING([for s/key support]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include + ]], [[ + char *ff = skey_keyinfo(""); ff=""; + exit(0); + ]])], + [AC_MSG_RESULT([yes])], + [ + AC_MSG_RESULT([no]) + AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) + ]) + AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include + ]], [[ + (void)skeychallenge(NULL,"name","",0); + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([SKEYCHALLENGE_4ARG], [1], + [Define if your skeychallenge() + function takes 4 arguments (NetBSD)])], + [ + AC_MSG_RESULT([no]) + ]) + fi + ] +) + +# Check whether user wants to use ldns +LDNS_MSG="no" +AC_ARG_WITH(ldns, + [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], + [ + if test "x$withval" != "xno" ; then + + if test "x$withval" != "xyes" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + fi + + AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) + LIBS="-lldns $LIBS" + LDNS_MSG="yes" + + AC_MSG_CHECKING([for ldns support]) + AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ +#include +#include +#include +#include +int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } + ]]) + ], + [AC_MSG_RESULT(yes)], + [ + AC_MSG_RESULT(no) + AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) + ]) + fi + ] +) + +# Check whether user wants libedit support +LIBEDIT_MSG="no" +AC_ARG_WITH([libedit], + [ --with-libedit[[=PATH]] Enable libedit support for sftp], + [ if test "x$withval" != "xno" ; then + if test "x$withval" = "xyes" ; then + AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) + if test "x$PKGCONFIG" != "xno"; then + AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) + if "$PKGCONFIG" libedit; then + AC_MSG_RESULT([yes]) + use_pkgconfig_for_libedit=yes + else + AC_MSG_RESULT([no]) + fi + fi + else + CPPFLAGS="$CPPFLAGS -I${withval}/include" + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + fi + if test "x$use_pkgconfig_for_libedit" = "xyes"; then + LIBEDIT=`$PKGCONFIG --libs libedit` + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" + else + LIBEDIT="-ledit -lcurses" + fi + OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` + AC_CHECK_LIB([edit], [el_init], + [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) + LIBEDIT_MSG="yes" + AC_SUBST([LIBEDIT]) + ], + [ AC_MSG_ERROR([libedit not found]) ], + [ $OTHERLIBS ] + ) + AC_MSG_CHECKING([if libedit version is compatible]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[ #include ]], + [[ + int i = H_SETSIZE; + el_init("", NULL, NULL, NULL); + exit(0); + ]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + AC_MSG_ERROR([libedit version is not compatible]) ] + ) + fi ] +) + +AUDIT_MODULE=none +AC_ARG_WITH([audit], + [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], + [ + AC_MSG_CHECKING([for supported audit module]) + case "$withval" in + bsm) + AC_MSG_RESULT([bsm]) + AUDIT_MODULE=bsm + dnl Checks for headers, libs and functions + AC_CHECK_HEADERS([bsm/audit.h], [], + [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], + [ +#ifdef HAVE_TIME_H +# include +#endif + ] +) + AC_CHECK_LIB([bsm], [getaudit], [], + [AC_MSG_ERROR([BSM enabled and required library not found])]) + AC_CHECK_FUNCS([getaudit], [], + [AC_MSG_ERROR([BSM enabled and required function not found])]) + # These are optional + AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) + AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) + if test "$sol2ver" -ge 11; then + SSHDLIBS="$SSHDLIBS -lscf" + AC_DEFINE([BROKEN_BSM_API], [1], + [The system has incomplete BSM API]) + fi + ;; + linux) + AC_MSG_RESULT([linux]) + AUDIT_MODULE=linux + dnl Checks for headers, libs and functions + AC_CHECK_HEADERS([libaudit.h]) + SSHDLIBS="$SSHDLIBS -laudit" + AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) + ;; + debug) + AUDIT_MODULE=debug + AC_MSG_RESULT([debug]) + AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) + ;; + no) + AC_MSG_RESULT([no]) + ;; + *) + AC_MSG_ERROR([Unknown audit module $withval]) + ;; + esac ] +) + +AC_ARG_WITH([pie], + [ --with-pie Build Position Independent Executables if possible], [ + if test "x$withval" = "xno"; then + use_pie=no + fi + if test "x$withval" = "xyes"; then + use_pie=yes + fi + ] +) +if test "x$use_pie" = "x"; then + use_pie=no +fi +if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then + # Turn off automatic PIE when toolchain hardening is off. + use_pie=no +fi +if test "x$use_pie" = "xauto"; then + # Automatic PIE requires gcc >= 4.x + AC_MSG_CHECKING([for gcc >= 4.x]) + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ +#if !defined(__GNUC__) || __GNUC__ < 4 +#error gcc is too old +#endif +]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + use_pie=no ] +) +fi +if test "x$use_pie" != "xno"; then + SAVED_CFLAGS="$CFLAGS" + SAVED_LDFLAGS="$LDFLAGS" + OSSH_CHECK_CFLAG_COMPILE([-fPIE]) + OSSH_CHECK_LDFLAG_LINK([-pie]) + # We use both -fPIE and -pie or neither. + AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) + if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ + echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + CFLAGS="$SAVED_CFLAGS" + LDFLAGS="$SAVED_LDFLAGS" + fi +fi + +dnl Checks for library functions. Please keep in alphabetical order +AC_CHECK_FUNCS([ \ + Blowfish_initstate \ + Blowfish_expandstate \ + Blowfish_expand0state \ + Blowfish_stream2word \ + asprintf \ + b64_ntop \ + __b64_ntop \ + b64_pton \ + __b64_pton \ + bcopy \ + bcrypt_pbkdf \ + bindresvport_sa \ + blf_enc \ + cap_rights_limit \ + clock \ + closefrom \ + dirfd \ + endgrent \ + explicit_bzero \ + fchmod \ + fchown \ + freeaddrinfo \ + fstatfs \ + fstatvfs \ + futimes \ + getaddrinfo \ + getcwd \ + getgrouplist \ + getnameinfo \ + getopt \ + getpeereid \ + getpeerucred \ + getpgid \ + getpgrp \ + _getpty \ + getrlimit \ + getttyent \ + glob \ + group_from_gid \ + inet_aton \ + inet_ntoa \ + inet_ntop \ + innetgr \ + login_getcapbool \ + mblen \ + md5_crypt \ + memmove \ + memset_s \ + mkdtemp \ + mmap \ + ngetaddrinfo \ + nsleep \ + ogetaddrinfo \ + openlog_r \ + poll \ + prctl \ + pstat \ + readpassphrase \ + reallocarray \ + recvmsg \ + rresvport_af \ + sendmsg \ + setdtablesize \ + setegid \ + setenv \ + seteuid \ + setgroupent \ + setgroups \ + setlinebuf \ + setlogin \ + setpassent\ + setpcred \ + setproctitle \ + setregid \ + setreuid \ + setrlimit \ + setsid \ + setvbuf \ + sigaction \ + sigvec \ + snprintf \ + socketpair \ + statfs \ + statvfs \ + strdup \ + strerror \ + strlcat \ + strlcpy \ + strmode \ + strnlen \ + strnvis \ + strptime \ + strtonum \ + strtoll \ + strtoul \ + strtoull \ + swap32 \ + sysconf \ + tcgetpgrp \ + timingsafe_bcmp \ + truncate \ + unsetenv \ + updwtmpx \ + user_from_uid \ + usleep \ + vasprintf \ + vsnprintf \ + waitpid \ +]) + +AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[ #include ]], + [[ return (isblank('a')); ]])], + [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) +]) + +# PKCS11 depends on OpenSSL. +if test "x$openssl" = "xyes" ; then + # PKCS#11 support requires dlopen() and co + AC_SEARCH_LIBS([dlopen], [dl], + [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] + ) +fi + +# IRIX has a const char return value for gai_strerror() +AC_CHECK_FUNCS([gai_strerror], [ + AC_DEFINE([HAVE_GAI_STRERROR]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#include + +const char *gai_strerror(int); + ]], [[ + char *str; + str = gai_strerror(0); + ]])], [ + AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], + [Define if gai_strerror() returns const char *])], [])]) + +AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], + [Some systems put nanosleep outside of libc])]) + +AC_SEARCH_LIBS([clock_gettime], [rt], + [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) + +dnl Make sure prototypes are defined for these before using them. +AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) +AC_CHECK_DECL([strsep], + [AC_CHECK_FUNCS([strsep])], + [], + [ +#ifdef HAVE_STRING_H +# include +#endif + ]) + +dnl tcsendbreak might be a macro +AC_CHECK_DECL([tcsendbreak], + [AC_DEFINE([HAVE_TCSENDBREAK])], + [AC_CHECK_FUNCS([tcsendbreak])], + [#include ] +) + +AC_CHECK_DECLS([h_errno], , ,[#include ]) + +AC_CHECK_DECLS([SHUT_RD], , , + [ +#include +#include + ]) + +AC_CHECK_DECLS([O_NONBLOCK], , , + [ +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef HAVE_FCNTL_H +# include +#endif + ]) + +AC_CHECK_DECLS([writev], , , [ +#include +#include +#include + ]) + +AC_CHECK_DECLS([MAXSYMLINKS], , , [ +#include + ]) + +AC_CHECK_DECLS([offsetof], , , [ +#include + ]) + +# extra bits for select(2) +AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ +#include +#include +#ifdef HAVE_SYS_SYSMACROS_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + ]]) +AC_CHECK_TYPES([fd_mask], [], [], [[ +#include +#include +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + ]]) + +AC_CHECK_FUNCS([setresuid], [ + dnl Some platorms have setresuid that isn't implemented, test for this + AC_MSG_CHECKING([if setresuid seems to work]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include + ]], [[ + errno=0; + setresuid(0,0,0); + if (errno==ENOSYS) + exit(1); + else + exit(0); + ]])], + [AC_MSG_RESULT([yes])], + [AC_DEFINE([BROKEN_SETRESUID], [1], + [Define if your setresuid() is broken]) + AC_MSG_RESULT([not implemented])], + [AC_MSG_WARN([cross compiling: not checking setresuid])] + ) +]) + +AC_CHECK_FUNCS([setresgid], [ + dnl Some platorms have setresgid that isn't implemented, test for this + AC_MSG_CHECKING([if setresgid seems to work]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include + ]], [[ + errno=0; + setresgid(0,0,0); + if (errno==ENOSYS) + exit(1); + else + exit(0); + ]])], + [AC_MSG_RESULT([yes])], + [AC_DEFINE([BROKEN_SETRESGID], [1], + [Define if your setresgid() is broken]) + AC_MSG_RESULT([not implemented])], + [AC_MSG_WARN([cross compiling: not checking setresuid])] + ) +]) + +AC_CHECK_FUNCS([realpath], [ + dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given + dnl path name", however some implementations of realpath (and some + dnl versions of the POSIX spec) do not work on non-existent files, + dnl so we use the OpenBSD implementation on those platforms. + AC_MSG_CHECKING([if realpath works with non-existent files]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include +#include + ]], [[ + char buf[PATH_MAX]; + if (realpath("/opensshnonexistentfilename1234", buf) == NULL) + if (errno == ENOENT) + exit(1); + exit(0); + ]])], + [AC_MSG_RESULT([yes])], + [AC_DEFINE([BROKEN_REALPATH], [1], + [realpath does not work with nonexistent files]) + AC_MSG_RESULT([no])], + [AC_MSG_WARN([cross compiling: assuming working])] + ) +]) + +dnl Checks for time functions +AC_CHECK_FUNCS([gettimeofday time]) +dnl Checks for utmp functions +AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) +AC_CHECK_FUNCS([utmpname]) +dnl Checks for utmpx functions +AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) +AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) +dnl Checks for lastlog functions +AC_CHECK_FUNCS([getlastlogxbyname]) + +AC_CHECK_FUNC([daemon], + [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], + [AC_CHECK_LIB([bsd], [daemon], + [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] +) + +AC_CHECK_FUNC([getpagesize], + [AC_DEFINE([HAVE_GETPAGESIZE], [1], + [Define if your libraries define getpagesize()])], + [AC_CHECK_LIB([ucb], [getpagesize], + [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] +) + +# Check for broken snprintf +if test "x$ac_cv_func_snprintf" = "xyes" ; then + AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ #include ]], + [[ + char b[5]; + snprintf(b,5,"123456789"); + exit(b[4]!='\0'); + ]])], + [AC_MSG_RESULT([yes])], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([BROKEN_SNPRINTF], [1], + [Define if your snprintf is busted]) + AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) + ], + [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] + ) +fi + +# We depend on vsnprintf returning the right thing on overflow: the +# number of characters it tried to create (as per SUSv3) +if test "x$ac_cv_func_vsnprintf" = "xyes" ; then + AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include +#include + +int x_snprintf(char *str, size_t count, const char *fmt, ...) +{ + size_t ret; + va_list ap; + + va_start(ap, fmt); + ret = vsnprintf(str, count, fmt, ap); + va_end(ap); + return ret; +} + ]], [[ +char x[1]; +if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) + return 1; +if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) + return 1; +return 0; + ]])], + [AC_MSG_RESULT([yes])], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([BROKEN_SNPRINTF], [1], + [Define if your snprintf is busted]) + AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) + ], + [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] + ) +fi + +# On systems where [v]snprintf is broken, but is declared in stdio, +# check that the fmt argument is const char * or just char *. +# This is only useful for when BROKEN_SNPRINTF +AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +int snprintf(char *a, size_t b, const char *c, ...) { return 0; } + ]], [[ + snprintf(0, 0, 0); + ]])], + [AC_MSG_RESULT([yes]) + AC_DEFINE([SNPRINTF_CONST], [const], + [Define as const if snprintf() can declare const char *fmt])], + [AC_MSG_RESULT([no]) + AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) + +# Check for missing getpeereid (or equiv) support +NO_PEERCHECK="" +if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then + AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include ]], [[int i = SO_PEERCRED;]])], + [ AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) + ], [AC_MSG_RESULT([no]) + NO_PEERCHECK=1 + ]) +fi + +dnl see whether mkstemp() requires XXXXXX +if test "x$ac_cv_func_mkdtemp" = "xyes" ; then +AC_MSG_CHECKING([for (overly) strict mkstemp]) +AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include + ]], [[ + char template[]="conftest.mkstemp-test"; + if (mkstemp(template) == -1) + exit(1); + unlink(template); + exit(0); + ]])], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_STRICT_MKSTEMP]) + ] +) +fi + +dnl make sure that openpty does not reacquire controlling terminal +if test ! -z "$check_for_openpty_ctty_bug"; then + AC_MSG_CHECKING([if openpty correctly handles controlling tty]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include +#include +#include + ]], [[ + pid_t pid; + int fd, ptyfd, ttyfd, status; + + pid = fork(); + if (pid < 0) { /* failed */ + exit(1); + } else if (pid > 0) { /* parent */ + waitpid(pid, &status, 0); + if (WIFEXITED(status)) + exit(WEXITSTATUS(status)); + else + exit(2); + } else { /* child */ + close(0); close(1); close(2); + setsid(); + openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); + fd = open("/dev/tty", O_RDWR | O_NOCTTY); + if (fd >= 0) + exit(3); /* Acquired ctty: broken */ + else + exit(0); /* Did not acquire ctty: OK */ + } + ]])], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([SSHD_ACQUIRES_CTTY]) + ], + [ + AC_MSG_RESULT([cross-compiling, assuming yes]) + ] + ) +fi + +if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ + test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then + AC_MSG_CHECKING([if getaddrinfo seems to work]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include +#include +#include +#include + +#define TEST_PORT "2222" + ]], [[ + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (err != 0) { + if (err == EAI_SYSTEM) + perror("getnameinfo EAI_SYSTEM"); + else + fprintf(stderr, "getnameinfo failed: %s\n", + gai_strerror(err)); + exit(2); + } + + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + if (sock < 0) + perror("socket"); + if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (errno == EBADF) + exit(3); + } + } + exit(0); + ]])], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([BROKEN_GETADDRINFO]) + ], + [ + AC_MSG_RESULT([cross-compiling, assuming yes]) + ] + ) +fi + +if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ + test "x$check_for_aix_broken_getaddrinfo" = "x1"; then + AC_MSG_CHECKING([if getaddrinfo seems to work]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include +#include +#include +#include + +#define TEST_PORT "2222" + ]], [[ + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (ai->ai_family == AF_INET && err != 0) { + perror("getnameinfo"); + exit(2); + } + } + exit(0); + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], + [Define if you have a getaddrinfo that fails + for the all-zeros IPv6 address]) + ], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([BROKEN_GETADDRINFO]) + ], + [ + AC_MSG_RESULT([cross-compiling, assuming no]) + ] + ) +fi + +if test "x$ac_cv_func_getaddrinfo" = "xyes"; then + AC_CHECK_DECLS(AI_NUMERICSERV, , , + [#include + #include + #include ]) +fi + +if test "x$check_for_conflicting_getspnam" = "x1"; then + AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ exit(0); ]])], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], + [Conflicting defs for getspnam]) + ] + ) +fi + +AC_FUNC_GETPGRP + +# Search for OpenSSL +saved_CPPFLAGS="$CPPFLAGS" +saved_LDFLAGS="$LDFLAGS" +AC_ARG_WITH([ssl-dir], + [ --with-openssl=PATH Specify path to OpenSSL installation ], + [ + if test "x$openssl" = "xno" ; then + AC_MSG_ERROR([cannot use --with-openssl when OpenSSL disabled]) + fi + if test "x$withval" != "xno" ; then + case "$withval" in + # Relative paths + ./*|../*) withval="`pwd`/$withval" + esac + if test -d "$withval/lib"; then + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + elif test -d "$withval/lib64"; then + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" + fi + else + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" + else + LDFLAGS="-L${withval} ${LDFLAGS}" + fi + fi + if test -d "$withval/include"; then + CPPFLAGS="-I${withval}/include ${CPPFLAGS}" + else + CPPFLAGS="-I${withval} ${CPPFLAGS}" + fi + fi + ] +) + +AC_ARG_WITH([openssl-header-check], + [ --without-openssl-header-check Disable OpenSSL version consistency check], + [ + if test "x$withval" = "xno" ; then + openssl_check_nonfatal=1 + fi + ] +) + +openssl_engine=no +AC_ARG_WITH([ssl-engine], + [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], + [ + if test "x$openssl" = "xno" ; then + AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) + fi + if test "x$withval" != "xno" ; then + openssl_engine=yes + fi + ] +) + +if test "x$openssl" = "xyes" ; then + LIBS="-lcrypto $LIBS" + AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], + [Define if your ssl headers are included + with #include ])], + [ + dnl Check default openssl install dir + if test -n "${need_dash_r}"; then + LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" + else + LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" + fi + CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" + AC_CHECK_HEADER([openssl/opensslv.h], , + [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) + AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], + [ + AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) + ] + ) + ] + ) + + # Determine OpenSSL header version + AC_MSG_CHECKING([OpenSSL header version]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #include + #include + #define DATA "conftest.sslincver" + ]], [[ + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) + exit(1); + + exit(0); + ]])], + [ + ssl_header_ver=`cat conftest.sslincver` + AC_MSG_RESULT([$ssl_header_ver]) + ], + [ + AC_MSG_RESULT([not found]) + AC_MSG_ERROR([OpenSSL version header not found.]) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) + ] + ) + + # Determine OpenSSL library version + AC_MSG_CHECKING([OpenSSL library version]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #include + #define OPENSSL_API_COMPAT 0x10000000L + #include + #include + #define DATA "conftest.ssllibver" + ]], [[ + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), + SSLeay_version(SSLEAY_VERSION))) <0) + exit(1); + + exit(0); + ]])], + [ + ssl_library_ver=`cat conftest.ssllibver` + # Check version is supported. + case "$ssl_library_ver" in + 0090[[0-7]]*|009080[[0-5]]*) + AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")]) + ;; + *) ;; + esac + AC_MSG_RESULT([$ssl_library_ver]) + ], + [ + AC_MSG_RESULT([not found]) + AC_MSG_ERROR([OpenSSL library not found.]) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) + ] + ) + + # Sanity check OpenSSL headers + AC_MSG_CHECKING([whether OpenSSL's headers match the library]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #define OPENSSL_API_COMPAT 0x10000000L + #include + #include + ]], [[ + exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); + ]])], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + if test "x$openssl_check_nonfatal" = "x"; then + AC_MSG_ERROR([Your OpenSSL headers do not match your + library. Check config.log for details. + If you are sure your installation is consistent, you can disable the check + by running "./configure --without-openssl-header-check". + Also see contrib/findssl.sh for help identifying header/library mismatches. + ]) + else + AC_MSG_WARN([Your OpenSSL headers do not match your + library. Check config.log for details. + Also see contrib/findssl.sh for help identifying header/library mismatches.]) + fi + ], + [ + AC_MSG_WARN([cross compiling: not checking]) + ] + ) + + AC_MSG_CHECKING([if programs using OpenSSL functions will link]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ + #define OPENSSL_API_COMPAT 0x10000000L + #include + ]], + [[ SSLeay_add_all_algorithms(); ]])], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + saved_LIBS="$LIBS" + LIBS="$LIBS -ldl" + AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ #include ]], + [[ SSLeay_add_all_algorithms(); ]])], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + LIBS="$saved_LIBS" + ] + ) + ] + ) + + AC_CHECK_FUNCS([ \ + BN_is_prime_ex \ + DSA_generate_parameters_ex \ + EVP_DigestInit_ex \ + EVP_DigestFinal_ex \ + EVP_MD_CTX_init \ + EVP_MD_CTX_cleanup \ + EVP_MD_CTX_copy_ex \ + HMAC_CTX_init \ + RSA_generate_key_ex \ + RSA_get_default_method \ + ]) + + if test "x$openssl_engine" = "xyes" ; then + AC_MSG_CHECKING([for OpenSSL ENGINE support]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + #include + ]], [[ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + ]])], + [ AC_MSG_RESULT([yes]) + AC_DEFINE([USE_OPENSSL_ENGINE], [1], + [Enable OpenSSL engine support]) + ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) + ]) + fi + + # Check for OpenSSL without EVP_aes_{192,256}_cbc + AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #include + ]], [[ + exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); + ]])], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], + [libcrypto is missing AES 192 and 256 bit functions]) + ] + ) + + # Check for OpenSSL with EVP_aes_*ctr + AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #include + ]], [[ + exit(EVP_aes_128_ctr() == NULL || + EVP_aes_192_cbc() == NULL || + EVP_aes_256_cbc() == NULL); + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], + [libcrypto has EVP AES CTR]) + ], + [ + AC_MSG_RESULT([no]) + ] + ) + + # Check for OpenSSL with EVP_aes_*gcm + AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #include + ]], [[ + exit(EVP_aes_128_gcm() == NULL || + EVP_aes_256_gcm() == NULL || + EVP_CTRL_GCM_SET_IV_FIXED == 0 || + EVP_CTRL_GCM_IV_GEN == 0 || + EVP_CTRL_GCM_SET_TAG == 0 || + EVP_CTRL_GCM_GET_TAG == 0 || + EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], + [libcrypto has EVP AES GCM]) + ], + [ + AC_MSG_RESULT([no]) + unsupported_algorithms="$unsupported_cipers \ + aes128-gcm@openssh.com aes256-gcm@openssh.com" + ] + ) + + AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], + [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], + [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) + + AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #include + ]], [[ + if(EVP_DigestUpdate(NULL, NULL,0)) + exit(0); + ]])], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], + [Define if EVP_DigestUpdate returns void]) + ] + ) + + # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, + # because the system crypt() is more featureful. + if test "x$check_for_libcrypt_before" = "x1"; then + AC_CHECK_LIB([crypt], [crypt]) + fi + + # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the + # version in OpenSSL. + if test "x$check_for_libcrypt_later" = "x1"; then + AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) + fi + AC_CHECK_FUNCS([crypt DES_crypt]) + + # Search for SHA256 support in libc and/or OpenSSL + AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , + [unsupported_algorithms="$unsupported_algorithms \ + hmac-sha2-256 hmac-sha2-512 \ + diffie-hellman-group-exchange-sha256 \ + hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" + ] + ) + # Search for RIPE-MD support in OpenSSL + AC_CHECK_FUNCS([EVP_ripemd160], , + [unsupported_algorithms="$unsupported_algorithms \ + hmac-ripemd160 + hmac-ripemd160@openssh.com + hmac-ripemd160-etm@openssh.com" + ] + ) + + # Check complete ECC support in OpenSSL + AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #include + #include + #include + #include + #include + #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ + # error "OpenSSL < 0.9.8g has unreliable ECC code" + #endif + ]], [[ + EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + const EVP_MD *m = EVP_sha256(); /* We need this too */ + ]])], + [ AC_MSG_RESULT([yes]) + enable_nistp256=1 ], + [ AC_MSG_RESULT([no]) ] + ) + + AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #include + #include + #include + #include + #include + #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ + # error "OpenSSL < 0.9.8g has unreliable ECC code" + #endif + ]], [[ + EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); + const EVP_MD *m = EVP_sha384(); /* We need this too */ + ]])], + [ AC_MSG_RESULT([yes]) + enable_nistp384=1 ], + [ AC_MSG_RESULT([no]) ] + ) + + AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #include + #include + #include + #include + #include + #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ + # error "OpenSSL < 0.9.8g has unreliable ECC code" + #endif + ]], [[ + EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); + const EVP_MD *m = EVP_sha512(); /* We need this too */ + ]])], + [ AC_MSG_RESULT([yes]) + AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #include + #include + #include + #include + #include + ]],[[ + EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); + const EVP_MD *m = EVP_sha512(); /* We need this too */ + exit(e == NULL || m == NULL); + ]])], + [ AC_MSG_RESULT([yes]) + enable_nistp521=1 ], + [ AC_MSG_RESULT([no]) ], + [ AC_MSG_WARN([cross-compiling: assuming yes]) + enable_nistp521=1 ] + )], + AC_MSG_RESULT([no]) + ) + + COMMENT_OUT_ECC="#no ecc#" + TEST_SSH_ECC=no + + if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ + test x$enable_nistp521 = x1; then + AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) + fi + if test x$enable_nistp256 = x1; then + AC_DEFINE([OPENSSL_HAS_NISTP256], [1], + [libcrypto has NID_X9_62_prime256v1]) + TEST_SSH_ECC=yes + COMMENT_OUT_ECC="" + else + unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ + ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" + fi + if test x$enable_nistp384 = x1; then + AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) + TEST_SSH_ECC=yes + COMMENT_OUT_ECC="" + else + unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ + ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" + fi + if test x$enable_nistp521 = x1; then + AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) + TEST_SSH_ECC=yes + COMMENT_OUT_ECC="" + else + unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ + ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" + fi + + AC_SUBST([TEST_SSH_ECC]) + AC_SUBST([COMMENT_OUT_ECC]) +else + AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) + AC_CHECK_FUNCS([crypt]) +fi + +AC_CHECK_FUNCS([ \ + arc4random \ + arc4random_buf \ + arc4random_stir \ + arc4random_uniform \ +]) + +saved_LIBS="$LIBS" +AC_CHECK_LIB([iaf], [ia_openinfo], [ + LIBS="$LIBS -liaf" + AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" + AC_DEFINE([HAVE_LIBIAF], [1], + [Define if system has libiaf that supports set_id]) + ]) +]) +LIBS="$saved_LIBS" + +### Configure cryptographic random number support + +# Check wheter OpenSSL seeds itself +if test "x$openssl" = "xyes" ; then + AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ + #include + #include + ]], [[ + exit(RAND_status() == 1 ? 0 : 1); + ]])], + [ + OPENSSL_SEEDS_ITSELF=yes + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_WARN([cross compiling: assuming yes]) + # This is safe, since we will fatal() at runtime if + # OpenSSL is not seeded correctly. + OPENSSL_SEEDS_ITSELF=yes + ] + ) +fi + +# PRNGD TCP socket +AC_ARG_WITH([prngd-port], + [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], + [ + case "$withval" in + no) + withval="" + ;; + [[0-9]]*) + ;; + *) + AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) + ;; + esac + if test ! -z "$withval" ; then + PRNGD_PORT="$withval" + AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], + [Port number of PRNGD/EGD random number socket]) + fi + ] +) + +# PRNGD Unix domain socket +AC_ARG_WITH([prngd-socket], + [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], + [ + case "$withval" in + yes) + withval="/var/run/egd-pool" + ;; + no) + withval="" + ;; + /*) + ;; + *) + AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) + ;; + esac + + if test ! -z "$withval" ; then + if test ! -z "$PRNGD_PORT" ; then + AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) + fi + if test ! -r "$withval" ; then + AC_MSG_WARN([Entropy socket is not readable]) + fi + PRNGD_SOCKET="$withval" + AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], + [Location of PRNGD/EGD random number socket]) + fi + ], + [ + # Check for existing socket only if we don't have a random device already + if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then + AC_MSG_CHECKING([for PRNGD/EGD socket]) + # Insert other locations here + for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do + if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then + PRNGD_SOCKET="$sock" + AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) + break; + fi + done + if test ! -z "$PRNGD_SOCKET" ; then + AC_MSG_RESULT([$PRNGD_SOCKET]) + else + AC_MSG_RESULT([not found]) + fi + fi + ] +) + +# Which randomness source do we use? +if test ! -z "$PRNGD_PORT" ; then + RAND_MSG="PRNGd port $PRNGD_PORT" +elif test ! -z "$PRNGD_SOCKET" ; then + RAND_MSG="PRNGd socket $PRNGD_SOCKET" +elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then + AC_DEFINE([OPENSSL_PRNG_ONLY], [1], + [Define if you want the OpenSSL internally seeded PRNG only]) + RAND_MSG="OpenSSL internal ONLY" +elif test "x$openssl" = "xno" ; then + AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) +else + AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) +fi + +# Check for PAM libs +PAM_MSG="no" +AC_ARG_WITH([pam], + [ --with-pam Enable PAM support ], + [ + if test "x$withval" != "xno" ; then + if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ + test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then + AC_MSG_ERROR([PAM headers not found]) + fi + + saved_LIBS="$LIBS" + AC_CHECK_LIB([dl], [dlopen], , ) + AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) + AC_CHECK_FUNCS([pam_getenvlist]) + AC_CHECK_FUNCS([pam_putenv]) + LIBS="$saved_LIBS" + + PAM_MSG="yes" + + SSHDLIBS="$SSHDLIBS -lpam" + AC_DEFINE([USE_PAM], [1], + [Define if you want to enable PAM support]) + + if test $ac_cv_lib_dl_dlopen = yes; then + case "$LIBS" in + *-ldl*) + # libdl already in LIBS + ;; + *) + SSHDLIBS="$SSHDLIBS -ldl" + ;; + esac + fi + fi + ] +) + +# Check for older PAM +if test "x$PAM_MSG" = "xyes" ; then + # Check PAM strerror arguments (old PAM) + AC_MSG_CHECKING([whether pam_strerror takes only one argument]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#if defined(HAVE_SECURITY_PAM_APPL_H) +#include +#elif defined (HAVE_PAM_PAM_APPL_H) +#include +#endif + ]], [[ +(void)pam_strerror((pam_handle_t *)NULL, -1); + ]])], [AC_MSG_RESULT([no])], [ + AC_DEFINE([HAVE_OLD_PAM], [1], + [Define if you have an old version of PAM + which takes only one argument to pam_strerror]) + AC_MSG_RESULT([yes]) + PAM_MSG="yes (old library)" + + ]) +fi + +case "$host" in +*-*-cygwin*) + SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER + ;; +*) + SSH_PRIVSEP_USER=sshd + ;; +esac +AC_ARG_WITH([privsep-user], + [ --with-privsep-user=user Specify non-privileged user for privilege separation], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + SSH_PRIVSEP_USER=$withval + fi + ] +) +if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then + AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], + [Cygwin function to fetch non-privileged user for privilege separation]) +else + AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], + [non-privileged user for privilege separation]) +fi +AC_SUBST([SSH_PRIVSEP_USER]) + +if test "x$have_linux_no_new_privs" = "x1" ; then +AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ + #include + #include +]) +fi +if test "x$have_seccomp_filter" = "x1" ; then +AC_MSG_CHECKING([kernel for seccomp_filter support]) +AC_LINK_IFELSE([AC_LANG_PROGRAM([[ + #include + #include + #include + #include + #include + #include + ]], + [[ int i = $seccomp_audit_arch; + errno = 0; + prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); + exit(errno == EFAULT ? 0 : 1); ]])], + [ AC_MSG_RESULT([yes]) ], [ + AC_MSG_RESULT([no]) + # Disable seccomp filter as a target + have_seccomp_filter=0 + ] +) +fi + +# Decide which sandbox style to use +sandbox_arg="" +AC_ARG_WITH([sandbox], + [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], + [ + if test "x$withval" = "xyes" ; then + sandbox_arg="" + else + sandbox_arg="$withval" + fi + ] +) + +# Some platforms (seems to be the ones that have a kernel poll(2)-type +# function with which they implement select(2)) use an extra file descriptor +# when calling select(2), which means we can't use the rlimit sandbox. +AC_MSG_CHECKING([if select works with descriptor rlimit]) +AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#include +#ifdef HAVE_SYS_SELECT_H +# include +#endif +#include +#include +#include + ]],[[ + struct rlimit rl_zero; + int fd, r; + fd_set fds; + struct timeval tv; + + fd = open("/dev/null", O_RDONLY); + FD_ZERO(&fds); + FD_SET(fd, &fds); + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + setrlimit(RLIMIT_FSIZE, &rl_zero); + setrlimit(RLIMIT_NOFILE, &rl_zero); + tv.tv_sec = 1; + tv.tv_usec = 0; + r = select(fd+1, &fds, NULL, NULL, &tv); + exit (r == -1 ? 1 : 0); + ]])], + [AC_MSG_RESULT([yes]) + select_works_with_rlimit=yes], + [AC_MSG_RESULT([no]) + select_works_with_rlimit=no], + [AC_MSG_WARN([cross compiling: assuming yes])] +) + +AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) +AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#include +#include +#include + ]],[[ + struct rlimit rl_zero; + int fd, r; + fd_set fds; + + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + r = setrlimit(RLIMIT_NOFILE, &rl_zero); + exit (r == -1 ? 1 : 0); + ]])], + [AC_MSG_RESULT([yes]) + rlimit_nofile_zero_works=yes], + [AC_MSG_RESULT([no]) + rlimit_nofile_zero_works=no], + [AC_MSG_WARN([cross compiling: assuming yes])] +) + +AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) +AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include +#include + ]],[[ + struct rlimit rl_zero; + + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); + ]])], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, + [setrlimit RLIMIT_FSIZE works])], + [AC_MSG_WARN([cross compiling: assuming yes])] +) + +if test "x$sandbox_arg" = "xsystrace" || \ + ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then + test "x$have_systr_policy_kill" != "x1" && \ + AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) + SANDBOX_STYLE="systrace" + AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) +elif test "x$sandbox_arg" = "xdarwin" || \ + ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ + test "x$ac_cv_header_sandbox_h" = "xyes") ; then + test "x$ac_cv_func_sandbox_init" != "xyes" -o \ + "x$ac_cv_header_sandbox_h" != "xyes" && \ + AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) + SANDBOX_STYLE="darwin" + AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) +elif test "x$sandbox_arg" = "xseccomp_filter" || \ + ( test -z "$sandbox_arg" && \ + test "x$have_seccomp_filter" = "x1" && \ + test "x$ac_cv_header_elf_h" = "xyes" && \ + test "x$ac_cv_header_linux_audit_h" = "xyes" && \ + test "x$ac_cv_header_linux_filter_h" = "xyes" && \ + test "x$seccomp_audit_arch" != "x" && \ + test "x$have_linux_no_new_privs" = "x1" && \ + test "x$ac_cv_func_prctl" = "xyes" ) ; then + test "x$seccomp_audit_arch" = "x" && \ + AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) + test "x$have_linux_no_new_privs" != "x1" && \ + AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) + test "x$have_seccomp_filter" != "x1" && \ + AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) + test "x$ac_cv_func_prctl" != "xyes" && \ + AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) + SANDBOX_STYLE="seccomp_filter" + AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) +elif test "x$sandbox_arg" = "xcapsicum" || \ + ( test -z "$sandbox_arg" && \ + test "x$ac_cv_header_sys_capability_h" = "xyes" && \ + test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then + test "x$ac_cv_header_sys_capability_h" != "xyes" && \ + AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header]) + test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ + AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) + SANDBOX_STYLE="capsicum" + AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) +elif test "x$sandbox_arg" = "xrlimit" || \ + ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ + test "x$select_works_with_rlimit" = "xyes" && \ + test "x$rlimit_nofile_zero_works" = "xyes" ) ; then + test "x$ac_cv_func_setrlimit" != "xyes" && \ + AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) + test "x$select_works_with_rlimit" != "xyes" && \ + AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) + SANDBOX_STYLE="rlimit" + AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) +elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ + test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then + SANDBOX_STYLE="none" + AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) +else + AC_MSG_ERROR([unsupported --with-sandbox]) +fi + +# Cheap hack to ensure NEWS-OS libraries are arranged right. +if test ! -z "$SONY" ; then + LIBS="$LIBS -liberty"; +fi + +# Check for long long datatypes +AC_CHECK_TYPES([long long, unsigned long long, long double]) + +# Check datatype sizes +AC_CHECK_SIZEOF([short int], [2]) +AC_CHECK_SIZEOF([int], [4]) +AC_CHECK_SIZEOF([long int], [4]) +AC_CHECK_SIZEOF([long long int], [8]) + +# Sanity check long long for some platforms (AIX) +if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then + ac_cv_sizeof_long_long_int=0 +fi + +# compute LLONG_MIN and LLONG_MAX if we don't know them. +if test -z "$have_llong_max"; then + AC_MSG_CHECKING([for max value of long long]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +/* Why is this so damn hard? */ +#ifdef __GNUC__ +# undef __GNUC__ +#endif +#define __USE_ISOC99 +#include +#define DATA "conftest.llminmax" +#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) + +/* + * printf in libc on some platforms (eg old Tru64) does not understand %lld so + * we do this the hard way. + */ +static int +fprint_ll(FILE *f, long long n) +{ + unsigned int i; + int l[sizeof(long long) * 8]; + + if (n < 0) + if (fprintf(f, "-") < 0) + return -1; + for (i = 0; n != 0; i++) { + l[i] = my_abs(n % 10); + n /= 10; + } + do { + if (fprintf(f, "%d", l[--i]) < 0) + return -1; + } while (i != 0); + if (fprintf(f, " ") < 0) + return -1; + return 0; +} + ]], [[ + FILE *f; + long long i, llmin, llmax = 0; + + if((f = fopen(DATA,"w")) == NULL) + exit(1); + +#if defined(LLONG_MIN) && defined(LLONG_MAX) + fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); + llmin = LLONG_MIN; + llmax = LLONG_MAX; +#else + fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); + /* This will work on one's complement and two's complement */ + for (i = 1; i > llmax; i <<= 1, i++) + llmax = i; + llmin = llmax + 1LL; /* wrap */ +#endif + + /* Sanity check */ + if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax + || llmax - 1 > llmax || llmin == llmax || llmin == 0 + || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { + fprintf(f, "unknown unknown\n"); + exit(2); + } + + if (fprint_ll(f, llmin) < 0) + exit(3); + if (fprint_ll(f, llmax) < 0) + exit(4); + if (fclose(f) < 0) + exit(5); + exit(0); + ]])], + [ + llong_min=`$AWK '{print $1}' conftest.llminmax` + llong_max=`$AWK '{print $2}' conftest.llminmax` + + AC_MSG_RESULT([$llong_max]) + AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], + [max value of long long calculated by configure]) + AC_MSG_CHECKING([for min value of long long]) + AC_MSG_RESULT([$llong_min]) + AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], + [min value of long long calculated by configure]) + ], + [ + AC_MSG_RESULT([not found]) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) + ] + ) +fi + + +# More checks for data types +AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ u_int a; a = 1;]])], + [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" + ]) +]) +if test "x$ac_cv_have_u_int" = "xyes" ; then + AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) + have_u_int=1 +fi + +AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], + [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" + ]) +]) +if test "x$ac_cv_have_intxx_t" = "xyes" ; then + AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) + have_intxx_t=1 +fi + +if (test -z "$have_intxx_t" && \ + test "x$ac_cv_header_stdint_h" = "xyes") +then + AC_MSG_CHECKING([for intXX_t types in stdint.h]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], + [ + AC_DEFINE([HAVE_INTXX_T]) + AC_MSG_RESULT([yes]) + ], [ AC_MSG_RESULT([no]) + ]) +fi + +AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#ifdef HAVE_STDINT_H +# include +#endif +#include +#ifdef HAVE_SYS_BITYPES_H +# include +#endif + ]], [[ +int64_t a; a = 1; + ]])], + [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" + ]) +]) +if test "x$ac_cv_have_int64_t" = "xyes" ; then + AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) +fi + +AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], + [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" + ]) +]) +if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then + AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) + have_u_intxx_t=1 +fi + +if test -z "$have_u_intxx_t" ; then + AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], + [ + AC_DEFINE([HAVE_U_INTXX_T]) + AC_MSG_RESULT([yes]) + ], [ AC_MSG_RESULT([no]) + ]) +fi + +AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ u_int64_t a; a = 1;]])], + [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" + ]) +]) +if test "x$ac_cv_have_u_int64_t" = "xyes" ; then + AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) + have_u_int64_t=1 +fi + +if (test -z "$have_u_int64_t" && \ + test "x$ac_cv_header_sys_bitypes_h" = "xyes") +then + AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ u_int64_t a; a = 1]])], + [ + AC_DEFINE([HAVE_U_INT64_T]) + AC_MSG_RESULT([yes]) + ], [ AC_MSG_RESULT([no]) + ]) +fi + +if test -z "$have_u_intxx_t" ; then + AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include + ]], [[ + uint8_t a; + uint16_t b; + uint32_t c; + a = b = c = 1; + ]])], + [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" + ]) + ]) + if test "x$ac_cv_have_uintxx_t" = "xyes" ; then + AC_DEFINE([HAVE_UINTXX_T], [1], + [define if you have uintxx_t data type]) + fi +fi + +if (test -z "$have_uintxx_t" && \ + test "x$ac_cv_header_stdint_h" = "xyes") +then + AC_MSG_CHECKING([for uintXX_t types in stdint.h]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], + [ + AC_DEFINE([HAVE_UINTXX_T]) + AC_MSG_RESULT([yes]) + ], [ AC_MSG_RESULT([no]) + ]) +fi + +if (test -z "$have_uintxx_t" && \ + test "x$ac_cv_header_inttypes_h" = "xyes") +then + AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], + [ + AC_DEFINE([HAVE_UINTXX_T]) + AC_MSG_RESULT([yes]) + ], [ AC_MSG_RESULT([no]) + ]) +fi + +if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ + test "x$ac_cv_header_sys_bitypes_h" = "xyes") +then + AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include + ]], [[ + int8_t a; int16_t b; int32_t c; + u_int8_t e; u_int16_t f; u_int32_t g; + a = b = c = e = f = g = 1; + ]])], + [ + AC_DEFINE([HAVE_U_INTXX_T]) + AC_DEFINE([HAVE_INTXX_T]) + AC_MSG_RESULT([yes]) + ], [AC_MSG_RESULT([no]) + ]) +fi + + +AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ u_char foo; foo = 125; ]])], + [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" + ]) +]) +if test "x$ac_cv_have_u_char" = "xyes" ; then + AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) +fi + +AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ +#include +#include +]) + +TYPE_SOCKLEN_T + +AC_CHECK_TYPES([sig_atomic_t], , , [#include ]) +AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif +]) + +AC_CHECK_TYPES([in_addr_t, in_port_t], , , +[#include +#include ]) + +AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ size_t foo; foo = 1235; ]])], + [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" + ]) +]) +if test "x$ac_cv_have_size_t" = "xyes" ; then + AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) +fi + +AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ ssize_t foo; foo = 1235; ]])], + [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" + ]) +]) +if test "x$ac_cv_have_ssize_t" = "xyes" ; then + AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) +fi + +AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ clock_t foo; foo = 1235; ]])], + [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" + ]) +]) +if test "x$ac_cv_have_clock_t" = "xyes" ; then + AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) +fi + +AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include + ]], [[ sa_family_t foo; foo = 1235; ]])], + [ ac_cv_have_sa_family_t="yes" ], + [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#include + ]], [[ sa_family_t foo; foo = 1235; ]])], + [ ac_cv_have_sa_family_t="yes" ], + [ ac_cv_have_sa_family_t="no" ] + ) + ]) +]) +if test "x$ac_cv_have_sa_family_t" = "xyes" ; then + AC_DEFINE([HAVE_SA_FAMILY_T], [1], + [define if you have sa_family_t data type]) +fi + +AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ pid_t foo; foo = 1235; ]])], + [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" + ]) +]) +if test "x$ac_cv_have_pid_t" = "xyes" ; then + AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) +fi + +AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ mode_t foo; foo = 1235; ]])], + [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" + ]) +]) +if test "x$ac_cv_have_mode_t" = "xyes" ; then + AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) +fi + + +AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include + ]], [[ struct sockaddr_storage s; ]])], + [ ac_cv_have_struct_sockaddr_storage="yes" ], + [ ac_cv_have_struct_sockaddr_storage="no" + ]) +]) +if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then + AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], + [define if you have struct sockaddr_storage data type]) +fi + +AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include + ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], + [ ac_cv_have_struct_sockaddr_in6="yes" ], + [ ac_cv_have_struct_sockaddr_in6="no" + ]) +]) +if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then + AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], + [define if you have struct sockaddr_in6 data type]) +fi + +AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include + ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], + [ ac_cv_have_struct_in6_addr="yes" ], + [ ac_cv_have_struct_in6_addr="no" + ]) +]) +if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then + AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], + [define if you have struct in6_addr data type]) + +dnl Now check for sin6_scope_id + AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , + [ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#include + ]) +fi + +AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#include + ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], + [ ac_cv_have_struct_addrinfo="yes" ], + [ ac_cv_have_struct_addrinfo="no" + ]) +]) +if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then + AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], + [define if you have struct addrinfo data type]) +fi + +AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ struct timeval tv; tv.tv_sec = 1;]])], + [ ac_cv_have_struct_timeval="yes" ], + [ ac_cv_have_struct_timeval="no" + ]) +]) +if test "x$ac_cv_have_struct_timeval" = "xyes" ; then + AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) + have_struct_timeval=1 +fi + +AC_CHECK_TYPES([struct timespec]) + +# We need int64_t or else certian parts of the compile will fail. +if test "x$ac_cv_have_int64_t" = "xno" && \ + test "x$ac_cv_sizeof_long_int" != "x8" && \ + test "x$ac_cv_sizeof_long_long_int" = "x0" ; then + echo "OpenSSH requires int64_t support. Contact your vendor or install" + echo "an alternative compiler (I.E., GCC) before continuing." + echo "" + exit 1; +else +dnl test snprintf (broken on SCO w/gcc) + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ +#include +#include +#ifdef HAVE_SNPRINTF +main() +{ + char buf[50]; + char expected_out[50]; + int mazsize = 50 ; +#if (SIZEOF_LONG_INT == 8) + long int num = 0x7fffffffffffffff; +#else + long long num = 0x7fffffffffffffffll; +#endif + strcpy(expected_out, "9223372036854775807"); + snprintf(buf, mazsize, "%lld", num); + if(strcmp(buf, expected_out) != 0) + exit(1); + exit(0); +} +#else +main() { exit(0); } +#endif + ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], + AC_MSG_WARN([cross compiling: Assuming working snprintf()]) + ) +fi + +dnl Checks for structure members +OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) +OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) +OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) + +AC_CHECK_MEMBERS([struct stat.st_blksize]) +AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, +struct passwd.pw_change, struct passwd.pw_expire], +[], [], [[ +#include +#include +]]) + +AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], + [Define if we don't have struct __res_state in resolv.h])], +[[ +#include +#if HAVE_SYS_TYPES_H +# include +#endif +#include +#include +#include +]]) + +AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], + ac_cv_have_ss_family_in_struct_ss, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include + ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], + [ ac_cv_have_ss_family_in_struct_ss="yes" ], + [ ac_cv_have_ss_family_in_struct_ss="no" ]) +]) +if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then + AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) +fi + +AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], + ac_cv_have___ss_family_in_struct_ss, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include + ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], + [ ac_cv_have___ss_family_in_struct_ss="yes" ], + [ ac_cv_have___ss_family_in_struct_ss="no" + ]) +]) +if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then + AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], + [Fields in struct sockaddr_storage]) +fi + +dnl make sure we're using the real structure members and not defines +AC_CACHE_CHECK([for msg_accrights field in struct msghdr], + ac_cv_have_accrights_in_msghdr, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#include + ]], [[ +#ifdef msg_accrights +#error "msg_accrights is a macro" +exit(1); +#endif +struct msghdr m; +m.msg_accrights = 0; +exit(0); + ]])], + [ ac_cv_have_accrights_in_msghdr="yes" ], + [ ac_cv_have_accrights_in_msghdr="no" ] + ) +]) +if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then + AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], + [Define if your system uses access rights style + file descriptor passing]) +fi + +AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#ifdef HAVE_SYS_MOUNT_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif + ]], [[ struct statvfs s; s.f_fsid = 0; ]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + + AC_MSG_CHECKING([if fsid_t has member val]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include + ]], [[ fsid_t t; t.val[0] = 0; ]])], + [ AC_MSG_RESULT([yes]) + AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], + [ AC_MSG_RESULT([no]) ]) + + AC_MSG_CHECKING([if f_fsid has member __val]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include + ]], [[ fsid_t t; t.__val[0] = 0; ]])], + [ AC_MSG_RESULT([yes]) + AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], + [ AC_MSG_RESULT([no]) ]) +]) + +AC_CACHE_CHECK([for msg_control field in struct msghdr], + ac_cv_have_control_in_msghdr, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#include + ]], [[ +#ifdef msg_control +#error "msg_control is a macro" +exit(1); +#endif +struct msghdr m; +m.msg_control = 0; +exit(0); + ]])], + [ ac_cv_have_control_in_msghdr="yes" ], + [ ac_cv_have_control_in_msghdr="no" ] + ) +]) +if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then + AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], + [Define if your system uses ancillary data style + file descriptor passing]) +fi + +AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], + [[ extern char *__progname; printf("%s", __progname); ]])], + [ ac_cv_libc_defines___progname="yes" ], + [ ac_cv_libc_defines___progname="no" + ]) +]) +if test "x$ac_cv_libc_defines___progname" = "xyes" ; then + AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) +fi + +AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ printf("%s", __FUNCTION__); ]])], + [ ac_cv_cc_implements___FUNCTION__="yes" ], + [ ac_cv_cc_implements___FUNCTION__="no" + ]) +]) +if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then + AC_DEFINE([HAVE___FUNCTION__], [1], + [Define if compiler implements __FUNCTION__]) +fi + +AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ printf("%s", __func__); ]])], + [ ac_cv_cc_implements___func__="yes" ], + [ ac_cv_cc_implements___func__="no" + ]) +]) +if test "x$ac_cv_cc_implements___func__" = "xyes" ; then + AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) +fi + +AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include +va_list x,y; + ]], [[ va_copy(x,y); ]])], + [ ac_cv_have_va_copy="yes" ], + [ ac_cv_have_va_copy="no" + ]) +]) +if test "x$ac_cv_have_va_copy" = "xyes" ; then + AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) +fi + +AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include +va_list x,y; + ]], [[ __va_copy(x,y); ]])], + [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" + ]) +]) +if test "x$ac_cv_have___va_copy" = "xyes" ; then + AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) +fi + +AC_CACHE_CHECK([whether getopt has optreset support], + ac_cv_have_getopt_optreset, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include ]], + [[ extern int optreset; optreset = 0; ]])], + [ ac_cv_have_getopt_optreset="yes" ], + [ ac_cv_have_getopt_optreset="no" + ]) +]) +if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then + AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], + [Define if your getopt(3) defines and uses optreset]) +fi + +AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], + [ ac_cv_libc_defines_sys_errlist="yes" ], + [ ac_cv_libc_defines_sys_errlist="no" + ]) +]) +if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then + AC_DEFINE([HAVE_SYS_ERRLIST], [1], + [Define if your system defines sys_errlist[]]) +fi + + +AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +[[ extern int sys_nerr; printf("%i", sys_nerr);]])], + [ ac_cv_libc_defines_sys_nerr="yes" ], + [ ac_cv_libc_defines_sys_nerr="no" + ]) +]) +if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then + AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) +fi + +# Check libraries needed by DNS fingerprint support +AC_SEARCH_LIBS([getrrsetbyname], [resolv], + [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], + [Define if getrrsetbyname() exists])], + [ + # Needed by our getrrsetbyname() + AC_SEARCH_LIBS([res_query], [resolv]) + AC_SEARCH_LIBS([dn_expand], [resolv]) + AC_MSG_CHECKING([if res_query will link]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#include +#include +#include + ]], [[ + res_query (0, 0, 0, 0, 0); + ]])], + AC_MSG_RESULT([yes]), + [AC_MSG_RESULT([no]) + saved_LIBS="$LIBS" + LIBS="$LIBS -lresolv" + AC_MSG_CHECKING([for res_query in -lresolv]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#include +#include +#include + ]], [[ + res_query (0, 0, 0, 0, 0); + ]])], + [AC_MSG_RESULT([yes])], + [LIBS="$saved_LIBS" + AC_MSG_RESULT([no])]) + ]) + AC_CHECK_FUNCS([_getshort _getlong]) + AC_CHECK_DECLS([_getshort, _getlong], , , + [#include + #include ]) + AC_CHECK_MEMBER([HEADER.ad], + [AC_DEFINE([HAVE_HEADER_AD], [1], + [Define if HEADER.ad exists in arpa/nameser.h])], , + [#include ]) + ]) + +AC_MSG_CHECKING([if struct __res_state _res is an extern]) +AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include +#if HAVE_SYS_TYPES_H +# include +#endif +#include +#include +#include +extern struct __res_state _res; + ]], [[ ]])], + [AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE__RES_EXTERN], [1], + [Define if you have struct __res_state _res as an extern]) + ], + [ AC_MSG_RESULT([no]) ] +) + +# Check whether user wants SELinux support +SELINUX_MSG="no" +LIBSELINUX="" +AC_ARG_WITH([selinux], + [ --with-selinux Enable SELinux support], + [ if test "x$withval" != "xno" ; then + save_LIBS="$LIBS" + AC_DEFINE([WITH_SELINUX], [1], + [Define if you want SELinux support.]) + SELINUX_MSG="yes" + AC_CHECK_HEADER([selinux/selinux.h], , + AC_MSG_ERROR([SELinux support requires selinux.h header])) + AC_CHECK_LIB([selinux], [setexeccon], + [ LIBSELINUX="-lselinux" + LIBS="$LIBS -lselinux" + ], + AC_MSG_ERROR([SELinux support requires libselinux library])) + SSHLIBS="$SSHLIBS $LIBSELINUX" + SSHDLIBS="$SSHDLIBS $LIBSELINUX" + AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) + LIBS="$save_LIBS" + fi ] +) +AC_SUBST([SSHLIBS]) +AC_SUBST([SSHDLIBS]) + +# Check whether user wants Kerberos 5 support +KRB5_MSG="no" +AC_ARG_WITH([kerberos5], + [ --with-kerberos5=PATH Enable Kerberos 5 support], + [ if test "x$withval" != "xno" ; then + if test "x$withval" = "xyes" ; then + KRB5ROOT="/usr/local" + else + KRB5ROOT=${withval} + fi + + AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) + KRB5_MSG="yes" + + AC_PATH_PROG([KRB5CONF], [krb5-config], + [$KRB5ROOT/bin/krb5-config], + [$KRB5ROOT/bin:$PATH]) + if test -x $KRB5CONF ; then + K5CFLAGS="`$KRB5CONF --cflags`" + K5LIBS="`$KRB5CONF --libs`" + CPPFLAGS="$CPPFLAGS $K5CFLAGS" + + AC_MSG_CHECKING([for gssapi support]) + if $KRB5CONF | grep gssapi >/dev/null ; then + AC_MSG_RESULT([yes]) + AC_DEFINE([GSSAPI], [1], + [Define this if you want GSSAPI + support in the version 2 protocol]) + GSSCFLAGS="`$KRB5CONF --cflags gssapi`" + GSSLIBS="`$KRB5CONF --libs gssapi`" + CPPFLAGS="$CPPFLAGS $GSSCFLAGS" + else + AC_MSG_RESULT([no]) + fi + AC_MSG_CHECKING([whether we are using Heimdal]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include + ]], [[ char *tmp = heimdal_version; ]])], + [ AC_MSG_RESULT([yes]) + AC_DEFINE([HEIMDAL], [1], + [Define this if you are using the Heimdal + version of Kerberos V5]) ], + [AC_MSG_RESULT([no]) + ]) + else + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" + LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" + AC_MSG_CHECKING([whether we are using Heimdal]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include + ]], [[ char *tmp = heimdal_version; ]])], + [ AC_MSG_RESULT([yes]) + AC_DEFINE([HEIMDAL]) + K5LIBS="-lkrb5" + K5LIBS="$K5LIBS -lcom_err -lasn1" + AC_CHECK_LIB([roken], [net_write], + [K5LIBS="$K5LIBS -lroken"]) + AC_CHECK_LIB([des], [des_cbc_encrypt], + [K5LIBS="$K5LIBS -ldes"]) + ], [ AC_MSG_RESULT([no]) + K5LIBS="-lkrb5 -lk5crypto -lcom_err" + + ]) + AC_SEARCH_LIBS([dn_expand], [resolv]) + + AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], + [ AC_DEFINE([GSSAPI]) + GSSLIBS="-lgssapi_krb5" ], + [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], + [ AC_DEFINE([GSSAPI]) + GSSLIBS="-lgssapi" ], + [ AC_CHECK_LIB([gss], [gss_init_sec_context], + [ AC_DEFINE([GSSAPI]) + GSSLIBS="-lgss" ], + AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) + ]) + ]) + + AC_CHECK_HEADER([gssapi.h], , + [ unset ac_cv_header_gssapi_h + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" + AC_CHECK_HEADERS([gssapi.h], , + AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) + ) + ] + ) + + oldCPP="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" + AC_CHECK_HEADER([gssapi_krb5.h], , + [ CPPFLAGS="$oldCPP" ]) + + fi + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:${KRB5ROOT}/lib" + fi + + AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) + AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) + AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) + + AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], + [Define this if you want to use libkafs' AFS support])]) + + AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ +#ifdef HAVE_GSSAPI_H +# include +#elif defined(HAVE_GSSAPI_GSSAPI_H) +# include +#endif + +#ifdef HAVE_GSSAPI_GENERIC_H +# include +#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) +# include +#endif + ]]) + saved_LIBS="$LIBS" + LIBS="$LIBS $K5LIBS" + AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) + LIBS="$saved_LIBS" + + fi + ] +) +AC_SUBST([GSSLIBS]) +AC_SUBST([K5LIBS]) + +# Looking for programs, paths and files + +PRIVSEP_PATH=/var/empty +AC_ARG_WITH([privsep-path], + [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + PRIVSEP_PATH=$withval + fi + ] +) +AC_SUBST([PRIVSEP_PATH]) + +AC_ARG_WITH([xauth], + [ --with-xauth=PATH Specify path to xauth program ], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + xauth_path=$withval + fi + ], + [ + TestPath="$PATH" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" + AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) + if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then + xauth_path="/usr/openwin/bin/xauth" + fi + ] +) + +STRIP_OPT=-s +AC_ARG_ENABLE([strip], + [ --disable-strip Disable calling strip(1) on install], + [ + if test "x$enableval" = "xno" ; then + STRIP_OPT= + fi + ] +) +AC_SUBST([STRIP_OPT]) + +if test -z "$xauth_path" ; then + XAUTH_PATH="undefined" + AC_SUBST([XAUTH_PATH]) +else + AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], + [Define if xauth is found in your path]) + XAUTH_PATH=$xauth_path + AC_SUBST([XAUTH_PATH]) +fi + +dnl # --with-maildir=/path/to/mail gets top priority. +dnl # if maildir is set in the platform case statement above we use that. +dnl # Otherwise we run a program to get the dir from system headers. +dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL +dnl # If we find _PATH_MAILDIR we do nothing because that is what +dnl # session.c expects anyway. Otherwise we set to the value found +dnl # stripping any trailing slash. If for some strage reason our program +dnl # does not find what it needs, we default to /var/spool/mail. +# Check for mail directory +AC_ARG_WITH([maildir], + [ --with-maildir=/path/to/mail Specify your system mail directory], + [ + if test "X$withval" != X && test "x$withval" != xno && \ + test "x${withval}" != xyes; then + AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], + [Set this to your mail directory if you do not have _PATH_MAILDIR]) + fi + ],[ + if test "X$maildir" != "X"; then + AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) + else + AC_MSG_CHECKING([Discovering system mail directory]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include +#ifdef HAVE_PATHS_H +#include +#endif +#ifdef HAVE_MAILLOCK_H +#include +#endif +#define DATA "conftest.maildir" + ]], [[ + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + +#if defined (_PATH_MAILDIR) + if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) + exit(1); +#elif defined (MAILDIR) + if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) + exit(1); +#elif defined (_PATH_MAIL) + if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) + exit(1); +#else + exit (2); +#endif + + exit(0); + ]])], + [ + maildir_what=`awk -F: '{print $1}' conftest.maildir` + maildir=`awk -F: '{print $2}' conftest.maildir \ + | sed 's|/$||'` + AC_MSG_RESULT([Using: $maildir from $maildir_what]) + if test "x$maildir_what" != "x_PATH_MAILDIR"; then + AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) + fi + ], + [ + if test "X$ac_status" = "X2";then +# our test program didn't find it. Default to /var/spool/mail + AC_MSG_RESULT([Using: default value of /var/spool/mail]) + AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) + else + AC_MSG_RESULT([*** not found ***]) + fi + ], + [ + AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) + ] + ) + fi + ] +) # maildir + +if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then + AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) + disable_ptmx_check=yes +fi +if test -z "$no_dev_ptmx" ; then + if test "x$disable_ptmx_check" != "xyes" ; then + AC_CHECK_FILE(["/dev/ptmx"], + [ + AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], + [Define if you have /dev/ptmx]) + have_dev_ptmx=1 + ] + ) + fi +fi + +if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then + AC_CHECK_FILE(["/dev/ptc"], + [ + AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], + [Define if you have /dev/ptc]) + have_dev_ptc=1 + ] + ) +else + AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) +fi + +# Options from here on. Some of these are preset by platform above +AC_ARG_WITH([mantype], + [ --with-mantype=man|cat|doc Set man page type], + [ + case "$withval" in + man|cat|doc) + MANTYPE=$withval + ;; + *) + AC_MSG_ERROR([invalid man type: $withval]) + ;; + esac + ] +) +if test -z "$MANTYPE"; then + TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" + AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) + if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then + MANTYPE=doc + elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then + MANTYPE=man + else + MANTYPE=cat + fi +fi +AC_SUBST([MANTYPE]) +if test "$MANTYPE" = "doc"; then + mansubdir=man; +else + mansubdir=$MANTYPE; +fi +AC_SUBST([mansubdir]) + +# Check whether to enable MD5 passwords +MD5_MSG="no" +AC_ARG_WITH([md5-passwords], + [ --with-md5-passwords Enable use of MD5 passwords], + [ + if test "x$withval" != "xno" ; then + AC_DEFINE([HAVE_MD5_PASSWORDS], [1], + [Define if you want to allow MD5 passwords]) + MD5_MSG="yes" + fi + ] +) + +# Whether to disable shadow password support +AC_ARG_WITH([shadow], + [ --without-shadow Disable shadow password support], + [ + if test "x$withval" = "xno" ; then + AC_DEFINE([DISABLE_SHADOW]) + disable_shadow=yes + fi + ] +) + +if test -z "$disable_shadow" ; then + AC_MSG_CHECKING([if the systems has expire shadow information]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +struct spwd sp; + ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], + [ sp_expire_available=yes ], [ + ]) + + if test "x$sp_expire_available" = "xyes" ; then + AC_MSG_RESULT([yes]) + AC_DEFINE([HAS_SHADOW_EXPIRE], [1], + [Define if you want to use shadow password expire field]) + else + AC_MSG_RESULT([no]) + fi +fi + +# Use ip address instead of hostname in $DISPLAY +if test ! -z "$IPADDR_IN_DISPLAY" ; then + DISPLAY_HACK_MSG="yes" + AC_DEFINE([IPADDR_IN_DISPLAY], [1], + [Define if you need to use IP address + instead of hostname in $DISPLAY]) +else + DISPLAY_HACK_MSG="no" + AC_ARG_WITH([ipaddr-display], + [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], + [ + if test "x$withval" != "xno" ; then + AC_DEFINE([IPADDR_IN_DISPLAY]) + DISPLAY_HACK_MSG="yes" + fi + ] + ) +fi + +# check for /etc/default/login and use it if present. +AC_ARG_ENABLE([etc-default-login], + [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], + [ if test "x$enableval" = "xno"; then + AC_MSG_NOTICE([/etc/default/login handling disabled]) + etc_default_login=no + else + etc_default_login=yes + fi ], + [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; + then + AC_MSG_WARN([cross compiling: not checking /etc/default/login]) + etc_default_login=no + else + etc_default_login=yes + fi ] +) + +if test "x$etc_default_login" != "xno"; then + AC_CHECK_FILE(["/etc/default/login"], + [ external_path_file=/etc/default/login ]) + if test "x$external_path_file" = "x/etc/default/login"; then + AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], + [Define if your system has /etc/default/login]) + fi +fi + +dnl BSD systems use /etc/login.conf so --with-default-path= has no effect +if test $ac_cv_func_login_getcapbool = "yes" && \ + test $ac_cv_header_login_cap_h = "yes" ; then + external_path_file=/etc/login.conf +fi + +# Whether to mess with the default path +SERVER_PATH_MSG="(default)" +AC_ARG_WITH([default-path], + [ --with-default-path= Specify default $PATH environment for server], + [ + if test "x$external_path_file" = "x/etc/login.conf" ; then + AC_MSG_WARN([ +--with-default-path=PATH has no effect on this system. +Edit /etc/login.conf instead.]) + elif test "x$withval" != "xno" ; then + if test ! -z "$external_path_file" ; then + AC_MSG_WARN([ +--with-default-path=PATH will only be used if PATH is not defined in +$external_path_file .]) + fi + user_path="$withval" + SERVER_PATH_MSG="$withval" + fi + ], + [ if test "x$external_path_file" = "x/etc/login.conf" ; then + AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) + else + if test ! -z "$external_path_file" ; then + AC_MSG_WARN([ +If PATH is defined in $external_path_file, ensure the path to scp is included, +otherwise scp will not work.]) + fi + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +/* find out what STDPATH is */ +#include +#ifdef HAVE_PATHS_H +# include +#endif +#ifndef _PATH_STDPATH +# ifdef _PATH_USERPATH /* Irix */ +# define _PATH_STDPATH _PATH_USERPATH +# else +# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" +# endif +#endif +#include +#include +#include +#define DATA "conftest.stdpath" + ]], [[ + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) + exit(1); + + exit(0); + ]])], + [ user_path=`cat conftest.stdpath` ], + [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], + [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] + ) +# make sure $bindir is in USER_PATH so scp will work + t_bindir="${bindir}" + while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do + t_bindir=`eval echo ${t_bindir}` + case $t_bindir in + NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; + esac + case $t_bindir in + NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; + esac + done + echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 + if test $? -ne 0 ; then + echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 + if test $? -ne 0 ; then + user_path=$user_path:$t_bindir + AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) + fi + fi + fi ] +) +if test "x$external_path_file" != "x/etc/login.conf" ; then + AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) + AC_SUBST([user_path]) +fi + +# Set superuser path separately to user path +AC_ARG_WITH([superuser-path], + [ --with-superuser-path= Specify different path for super-user], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], + [Define if you want a different $PATH + for the superuser]) + superuser_path=$withval + fi + ] +) + + +AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) +IPV4_IN6_HACK_MSG="no" +AC_ARG_WITH(4in6, + [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], + [ + if test "x$withval" != "xno" ; then + AC_MSG_RESULT([yes]) + AC_DEFINE([IPV4_IN_IPV6], [1], + [Detect IPv4 in IPv6 mapped addresses + and treat as IPv4]) + IPV4_IN6_HACK_MSG="yes" + else + AC_MSG_RESULT([no]) + fi + ], [ + if test "x$inet6_default_4in6" = "xyes"; then + AC_MSG_RESULT([yes (default)]) + AC_DEFINE([IPV4_IN_IPV6]) + IPV4_IN6_HACK_MSG="yes" + else + AC_MSG_RESULT([no (default)]) + fi + ] +) + +# Whether to enable BSD auth support +BSD_AUTH_MSG=no +AC_ARG_WITH([bsd-auth], + [ --with-bsd-auth Enable BSD auth support], + [ + if test "x$withval" != "xno" ; then + AC_DEFINE([BSD_AUTH], [1], + [Define if you have BSD auth support]) + BSD_AUTH_MSG=yes + fi + ] +) + +# Where to place sshd.pid +piddir=/var/run +# make sure the directory exists +if test ! -d $piddir ; then + piddir=`eval echo ${sysconfdir}` + case $piddir in + NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; + esac +fi + +AC_ARG_WITH([pid-dir], + [ --with-pid-dir=PATH Specify location of ssh.pid file], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + piddir=$withval + if test ! -d $piddir ; then + AC_MSG_WARN([** no $piddir directory on this system **]) + fi + fi + ] +) + +AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], + [Specify location of ssh.pid]) +AC_SUBST([piddir]) + +dnl allow user to disable some login recording features +AC_ARG_ENABLE([lastlog], + [ --disable-lastlog disable use of lastlog even if detected [no]], + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE([DISABLE_LASTLOG]) + fi + ] +) +AC_ARG_ENABLE([utmp], + [ --disable-utmp disable use of utmp even if detected [no]], + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE([DISABLE_UTMP]) + fi + ] +) +AC_ARG_ENABLE([utmpx], + [ --disable-utmpx disable use of utmpx even if detected [no]], + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE([DISABLE_UTMPX], [1], + [Define if you don't want to use utmpx]) + fi + ] +) +AC_ARG_ENABLE([wtmp], + [ --disable-wtmp disable use of wtmp even if detected [no]], + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE([DISABLE_WTMP]) + fi + ] +) +AC_ARG_ENABLE([wtmpx], + [ --disable-wtmpx disable use of wtmpx even if detected [no]], + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE([DISABLE_WTMPX], [1], + [Define if you don't want to use wtmpx]) + fi + ] +) +AC_ARG_ENABLE([libutil], + [ --disable-libutil disable use of libutil (login() etc.) [no]], + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE([DISABLE_LOGIN]) + fi + ] +) +AC_ARG_ENABLE([pututline], + [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE([DISABLE_PUTUTLINE], [1], + [Define if you don't want to use pututline() + etc. to write [uw]tmp]) + fi + ] +) +AC_ARG_ENABLE([pututxline], + [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE([DISABLE_PUTUTXLINE], [1], + [Define if you don't want to use pututxline() + etc. to write [uw]tmpx]) + fi + ] +) +AC_ARG_WITH([lastlog], + [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], + [ + if test "x$withval" = "xno" ; then + AC_DEFINE([DISABLE_LASTLOG]) + elif test -n "$withval" && test "x${withval}" != "xyes"; then + conf_lastlog_location=$withval + fi + ] +) + +dnl lastlog, [uw]tmpx? detection +dnl NOTE: set the paths in the platform section to avoid the +dnl need for command-line parameters +dnl lastlog and [uw]tmp are subject to a file search if all else fails + +dnl lastlog detection +dnl NOTE: the code itself will detect if lastlog is a directory +AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#ifdef HAVE_LASTLOG_H +# include +#endif +#ifdef HAVE_PATHS_H +# include +#endif +#ifdef HAVE_LOGIN_H +# include +#endif + ]], [[ char *lastlog = LASTLOG_FILE; ]])], + [ AC_MSG_RESULT([yes]) ], + [ + AC_MSG_RESULT([no]) + AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#ifdef HAVE_LASTLOG_H +# include +#endif +#ifdef HAVE_PATHS_H +# include +#endif + ]], [[ char *lastlog = _PATH_LASTLOG; ]])], + [ AC_MSG_RESULT([yes]) ], + [ + AC_MSG_RESULT([no]) + system_lastlog_path=no + ]) +]) + +if test -z "$conf_lastlog_location"; then + if test x"$system_lastlog_path" = x"no" ; then + for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do + if (test -d "$f" || test -f "$f") ; then + conf_lastlog_location=$f + fi + done + if test -z "$conf_lastlog_location"; then + AC_MSG_WARN([** Cannot find lastlog **]) + dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx + fi + fi +fi + +if test -n "$conf_lastlog_location"; then + AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], + [Define if you want to specify the path to your lastlog file]) +fi + +dnl utmp detection +AC_MSG_CHECKING([if your system defines UTMP_FILE]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#ifdef HAVE_PATHS_H +# include +#endif + ]], [[ char *utmp = UTMP_FILE; ]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + system_utmp_path=no +]) +if test -z "$conf_utmp_location"; then + if test x"$system_utmp_path" = x"no" ; then + for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do + if test -f $f ; then + conf_utmp_location=$f + fi + done + if test -z "$conf_utmp_location"; then + AC_DEFINE([DISABLE_UTMP]) + fi + fi +fi +if test -n "$conf_utmp_location"; then + AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], + [Define if you want to specify the path to your utmp file]) +fi + +dnl wtmp detection +AC_MSG_CHECKING([if your system defines WTMP_FILE]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#ifdef HAVE_PATHS_H +# include +#endif + ]], [[ char *wtmp = WTMP_FILE; ]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + system_wtmp_path=no +]) +if test -z "$conf_wtmp_location"; then + if test x"$system_wtmp_path" = x"no" ; then + for f in /usr/adm/wtmp /var/log/wtmp; do + if test -f $f ; then + conf_wtmp_location=$f + fi + done + if test -z "$conf_wtmp_location"; then + AC_DEFINE([DISABLE_WTMP]) + fi + fi +fi +if test -n "$conf_wtmp_location"; then + AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], + [Define if you want to specify the path to your wtmp file]) +fi + +dnl wtmpx detection +AC_MSG_CHECKING([if your system defines WTMPX_FILE]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#ifdef HAVE_UTMPX_H +#include +#endif +#ifdef HAVE_PATHS_H +# include +#endif + ]], [[ char *wtmpx = WTMPX_FILE; ]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + system_wtmpx_path=no +]) +if test -z "$conf_wtmpx_location"; then + if test x"$system_wtmpx_path" = x"no" ; then + AC_DEFINE([DISABLE_WTMPX]) + fi +else + AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], + [Define if you want to specify the path to your wtmpx file]) +fi + + +if test ! -z "$blibpath" ; then + LDFLAGS="$LDFLAGS $blibflags$blibpath" + AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) +fi + +AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ + if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then + AC_DEFINE([DISABLE_LASTLOG]) + fi + ], [ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_UTMP_H +#include +#endif +#ifdef HAVE_UTMPX_H +#include +#endif +#ifdef HAVE_LASTLOG_H +#include +#endif + ]) + +AC_CHECK_MEMBER([struct utmp.ut_line], [], [ + AC_DEFINE([DISABLE_UTMP]) + AC_DEFINE([DISABLE_WTMP]) + ], [ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_UTMP_H +#include +#endif +#ifdef HAVE_UTMPX_H +#include +#endif +#ifdef HAVE_LASTLOG_H +#include +#endif + ]) + +dnl Adding -Werror to CFLAGS early prevents configure tests from running. +dnl Add now. +CFLAGS="$CFLAGS $werror_flags" + +if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then + TEST_SSH_IPV6=no +else + TEST_SSH_IPV6=yes +fi +AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) +AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) +AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) +AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) + +AC_EXEEXT +AC_CONFIG_FILES([Makefile buildpkg.sh]) +AC_OUTPUT + +# Print summary of options + +# Someone please show me a better way :) +#A=`eval echo ${prefix}` ; A=`eval echo ${A}` +#B=`eval echo ${bindir}` ; B=`eval echo ${B}` +#C=`eval echo ${sbindir}` ; C=`eval echo ${C}` +#D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` +#E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` +#F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` +#G=`eval echo ${piddir}` ; G=`eval echo ${G}` +#H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` +#I=`eval echo ${user_path}` ; I=`eval echo ${I}` +#J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` +# +#echo "" +#echo "OpenSSH has been configured with the following options:" +#echo " User binaries: $B" +#echo " System binaries: $C" +#echo " Configuration files: $D" +#echo " Askpass program: $E" +#echo " Manual pages: $F" +#echo " PID file: $G" +#echo " Privilege separation chroot path: $H" +#if test "x$external_path_file" = "x/etc/login.conf" ; then +#echo " At runtime, sshd will use the path defined in $external_path_file" +#echo " Make sure the path to scp is present, otherwise scp will not work" +#else +#echo " sshd default user PATH: $I" +# if test ! -z "$external_path_file"; then +#echo " (If PATH is set in $external_path_file it will be used instead. If" +#echo " used, ensure the path to scp is present, otherwise scp will not work.)" +# fi +#fi +#if test ! -z "$superuser_path" ; then +#echo " sshd superuser user PATH: $J" +#fi +#echo " Manpage format: $MANTYPE" +#echo " PAM support: $PAM_MSG" +#echo " OSF SIA support: $SIA_MSG" +#echo " KerberosV support: $KRB5_MSG" +#echo " SELinux support: $SELINUX_MSG" +#echo " Smartcard support: $SCARD_MSG" +#echo " S/KEY support: $SKEY_MSG" +#echo " MD5 password support: $MD5_MSG" +#echo " libedit support: $LIBEDIT_MSG" +#echo " Solaris process contract support: $SPC_MSG" +#echo " Solaris project support: $SP_MSG" +#echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" +#echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" +#echo " BSD Auth support: $BSD_AUTH_MSG" +#echo " Random number source: $RAND_MSG" +#echo " Privsep sandbox style: $SANDBOX_STYLE" +# +#echo "" +# +#echo " Host: ${host}" +#echo " Compiler: ${CC}" +#echo " Compiler flags: ${CFLAGS}" +#echo "Preprocessor flags: ${CPPFLAGS}" +#echo " Linker flags: ${LDFLAGS}" +#echo " Libraries: ${LIBS}" +#if test ! -z "${SSHDLIBS}"; then +#echo " +for sshd: ${SSHDLIBS}" +#fi +#if test ! -z "${SSHLIBS}"; then +#echo " +for ssh: ${SSHLIBS}" +#fi +# +#echo "" +# +#if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then +# echo "SVR4 style packages are supported with \"make package\"" +# echo "" +#fi +# +#if test "x$PAM_MSG" = "xyes" ; then +# echo "PAM is enabled. You may need to install a PAM control file " +# echo "for sshd, otherwise password authentication may fail. " +# echo "Example PAM control files can be found in the contrib/ " +# echo "subdirectory" +# echo "" +#fi +# +#if test ! -z "$NO_PEERCHECK" ; then +# echo "WARNING: the operating system that you are using does not" +# echo "appear to support getpeereid(), getpeerucred() or the" +# echo "SO_PEERCRED getsockopt() option. These facilities are used to" +# echo "enforce security checks to prevent unauthorised connections to" +# echo "ssh-agent. Their absence increases the risk that a malicious" +# echo "user can connect to your agent." +# echo "" +#fi +# +#if test "$AUDIT_MODULE" = "bsm" ; then +# echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." +# echo "See the Solaris section in README.platform for details." +#fi diff --git a/include/DomainExec/opensshlib/crc32.c b/include/DomainExec/opensshlib/crc32.c new file mode 100644 index 00000000..c192eb4d --- /dev/null +++ b/include/DomainExec/opensshlib/crc32.c @@ -0,0 +1,105 @@ +/* $OpenBSD: crc32.c,v 1.11 2006/04/22 18:29:33 stevesk Exp $ */ + +/* + * Copyright (c) 2003 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "includes.h" +#include "crc32.h" + +static const u_int32_t crc32tab[] = { + 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, + 0x076dc419L, 0x706af48fL, 0xe963a535L, 0x9e6495a3L, + 0x0edb8832L, 0x79dcb8a4L, 0xe0d5e91eL, 0x97d2d988L, + 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 0x90bf1d91L, + 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, + 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, + 0x136c9856L, 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, + 0x14015c4fL, 0x63066cd9L, 0xfa0f3d63L, 0x8d080df5L, + 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 0xa2677172L, + 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, + 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, + 0x32d86ce3L, 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, + 0x26d930acL, 0x51de003aL, 0xc8d75180L, 0xbfd06116L, + 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 0xb8bda50fL, + 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, + 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, + 0x76dc4190L, 0x01db7106L, 0x98d220bcL, 0xefd5102aL, + 0x71b18589L, 0x06b6b51fL, 0x9fbfe4a5L, 0xe8b8d433L, + 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 0xe10e9818L, + 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, + 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, + 0x6c0695edL, 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, + 0x65b0d9c6L, 0x12b7e950L, 0x8bbeb8eaL, 0xfcb9887cL, + 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 0xfbd44c65L, + 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, + 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, + 0x4369e96aL, 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, + 0x44042d73L, 0x33031de5L, 0xaa0a4c5fL, 0xdd0d7cc9L, + 0x5005713cL, 0x270241aaL, 0xbe0b1010L, 0xc90c2086L, + 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, + 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, + 0x59b33d17L, 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, + 0xedb88320L, 0x9abfb3b6L, 0x03b6e20cL, 0x74b1d29aL, + 0xead54739L, 0x9dd277afL, 0x04db2615L, 0x73dc1683L, + 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, + 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, + 0xf00f9344L, 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, + 0xf762575dL, 0x806567cbL, 0x196c3671L, 0x6e6b06e7L, + 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 0x67dd4accL, + 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, + 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, + 0xd1bb67f1L, 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, + 0xd80d2bdaL, 0xaf0a1b4cL, 0x36034af6L, 0x41047a60L, + 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 0x4669be79L, + 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, + 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, + 0xc5ba3bbeL, 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, + 0xc2d7ffa7L, 0xb5d0cf31L, 0x2cd99e8bL, 0x5bdeae1dL, + 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 0x026d930aL, + 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, + 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, + 0x92d28e9bL, 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, + 0x86d3d2d4L, 0xf1d4e242L, 0x68ddb3f8L, 0x1fda836eL, + 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 0x18b74777L, + 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, + 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, + 0xa00ae278L, 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, + 0xa7672661L, 0xd06016f7L, 0x4969474dL, 0x3e6e77dbL, + 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 0x37d83bf0L, + 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, + 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, + 0xbad03605L, 0xcdd70693L, 0x54de5729L, 0x23d967bfL, + 0xb3667a2eL, 0xc4614ab8L, 0x5d681b02L, 0x2a6f2b94L, + 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 0x2d02ef8dL +}; + +u_int32_t +ssh_crc32(const u_char *buf, u_int32_t size) +{ + u_int32_t i, crc; + + crc = 0; + for (i = 0; i < size; i++) + crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8); + return crc; +} diff --git a/include/DomainExec/opensshlib/crc32.h b/include/DomainExec/opensshlib/crc32.h new file mode 100644 index 00000000..5d7131af --- /dev/null +++ b/include/DomainExec/opensshlib/crc32.h @@ -0,0 +1,30 @@ +/* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */ + +/* + * Copyright (c) 2003 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef SSH_CRC32_H +#define SSH_CRC32_H +u_int32_t ssh_crc32(const u_char *, u_int32_t); +#endif diff --git a/include/DomainExec/opensshlib/crypto_api.h b/include/DomainExec/opensshlib/crypto_api.h new file mode 100644 index 00000000..5820ce8f --- /dev/null +++ b/include/DomainExec/opensshlib/crypto_api.h @@ -0,0 +1,44 @@ +/* $OpenBSD: crypto_api.h,v 1.3 2013/12/17 10:36:38 markus Exp $ */ + +/* + * Assembled from generated headers and source files by Markus Friedl. + * Placed in the public domain. + */ + +#ifndef crypto_api_h +#define crypto_api_h + +#ifdef HAVE_STDINT_H +# include +#endif +#include + +typedef int32_t crypto_int32; +typedef uint32_t crypto_uint32; + +#define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len)) + +#define crypto_hashblocks_sha512_STATEBYTES 64U +#define crypto_hashblocks_sha512_BLOCKBYTES 128U + +int crypto_hashblocks_sha512(unsigned char *, const unsigned char *, + unsigned long long); + +#define crypto_hash_sha512_BYTES 64U + +int crypto_hash_sha512(unsigned char *, const unsigned char *, + unsigned long long); + +int crypto_verify_32(const unsigned char *, const unsigned char *); + +#define crypto_sign_ed25519_SECRETKEYBYTES 64U +#define crypto_sign_ed25519_PUBLICKEYBYTES 32U +#define crypto_sign_ed25519_BYTES 64U + +int crypto_sign_ed25519(unsigned char *, unsigned long long *, + const unsigned char *, unsigned long long, const unsigned char *); +int crypto_sign_ed25519_open(unsigned char *, unsigned long long *, + const unsigned char *, unsigned long long, const unsigned char *); +int crypto_sign_ed25519_keypair(unsigned char *, unsigned char *); + +#endif /* crypto_api_h */ diff --git a/include/DomainExec/opensshlib/defines.h b/include/DomainExec/opensshlib/defines.h new file mode 100644 index 00000000..60c8dacd --- /dev/null +++ b/include/DomainExec/opensshlib/defines.h @@ -0,0 +1,860 @@ +/* + * Copyright (c) 1999-2003 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _DEFINES_H +#define _DEFINES_H + +/* $Id: defines.h,v 1.183 2014/09/02 19:33:26 djm Exp $ */ + + +/* Constants */ + +#if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0 +enum +{ + SHUT_RD = 0, /* No more receptions. */ + SHUT_WR, /* No more transmissions. */ + SHUT_RDWR /* No more receptions or transmissions. */ +}; +# define SHUT_RD SHUT_RD +# define SHUT_WR SHUT_WR +# define SHUT_RDWR SHUT_RDWR +#endif + +/* + * Definitions for IP type of service (ip_tos) + */ +#ifndef WIN32 +#include +#include +#endif + +#ifndef IPTOS_LOWDELAY +# define IPTOS_LOWDELAY 0x10 +# define IPTOS_THROUGHPUT 0x08 +# define IPTOS_RELIABILITY 0x04 +# define IPTOS_LOWCOST 0x02 +# define IPTOS_MINCOST IPTOS_LOWCOST +#endif /* IPTOS_LOWDELAY */ + +/* + * Definitions for DiffServ Codepoints as per RFC2474 + */ +#ifndef IPTOS_DSCP_AF11 +# define IPTOS_DSCP_AF11 0x28 +# define IPTOS_DSCP_AF12 0x30 +# define IPTOS_DSCP_AF13 0x38 +# define IPTOS_DSCP_AF21 0x48 +# define IPTOS_DSCP_AF22 0x50 +# define IPTOS_DSCP_AF23 0x58 +# define IPTOS_DSCP_AF31 0x68 +# define IPTOS_DSCP_AF32 0x70 +# define IPTOS_DSCP_AF33 0x78 +# define IPTOS_DSCP_AF41 0x88 +# define IPTOS_DSCP_AF42 0x90 +# define IPTOS_DSCP_AF43 0x98 +# define IPTOS_DSCP_EF 0xb8 +#endif /* IPTOS_DSCP_AF11 */ +#ifndef IPTOS_DSCP_CS0 +# define IPTOS_DSCP_CS0 0x00 +# define IPTOS_DSCP_CS1 0x20 +# define IPTOS_DSCP_CS2 0x40 +# define IPTOS_DSCP_CS3 0x60 +# define IPTOS_DSCP_CS4 0x80 +# define IPTOS_DSCP_CS5 0xa0 +# define IPTOS_DSCP_CS6 0xc0 +# define IPTOS_DSCP_CS7 0xe0 +#endif /* IPTOS_DSCP_CS0 */ +#ifndef IPTOS_DSCP_EF +# define IPTOS_DSCP_EF 0xb8 +#endif /* IPTOS_DSCP_EF */ + +#ifndef PATH_MAX +# ifdef _POSIX_PATH_MAX +# define PATH_MAX _POSIX_PATH_MAX +# endif +#endif + +#ifndef MAXPATHLEN +# ifdef PATH_MAX +# define MAXPATHLEN PATH_MAX +# else /* PATH_MAX */ +# define MAXPATHLEN 64 +/* realpath uses a fixed buffer of size MAXPATHLEN, so force use of ours */ +# ifndef BROKEN_REALPATH +# define BROKEN_REALPATH 1 +# endif /* BROKEN_REALPATH */ +# endif /* PATH_MAX */ +#endif /* MAXPATHLEN */ + +#ifndef HOST_NAME_MAX +#ifndef WIN32 +# include "netdb.h" /* for MAXHOSTNAMELEN */ +#endif +# if defined(_POSIX_HOST_NAME_MAX) +# define HOST_NAME_MAX _POSIX_HOST_NAME_MAX +# elif defined(MAXHOSTNAMELEN) +# define HOST_NAME_MAX MAXHOSTNAMELEN +# else +# define HOST_NAME_MAX 255 +# endif +#endif /* HOST_NAME_MAX */ + +#if defined(HAVE_DECL_MAXSYMLINKS) && HAVE_DECL_MAXSYMLINKS == 0 +# define MAXSYMLINKS 5 +#endif + +#ifndef STDIN_FILENO +# define STDIN_FILENO 0 +#endif +#ifndef STDOUT_FILENO +# define STDOUT_FILENO 1 +#endif +#ifndef STDERR_FILENO +# define STDERR_FILENO 2 +#endif + +#ifndef NGROUPS_MAX /* Disable groupaccess if NGROUP_MAX is not set */ +#ifdef NGROUPS +#define NGROUPS_MAX NGROUPS +#else +#define NGROUPS_MAX 0 +#endif +#endif + +#if defined(HAVE_DECL_O_NONBLOCK) && HAVE_DECL_O_NONBLOCK == 0 +# define O_NONBLOCK 00004 /* Non Blocking Open */ +#endif + +#ifndef S_IFSOCK +# define S_IFSOCK 0 +#endif /* S_IFSOCK */ + +#ifndef S_ISDIR +# define S_ISDIR(mode) (((mode) & (_S_IFMT)) == (_S_IFDIR)) +#endif /* S_ISDIR */ + +#ifndef S_ISREG +# define S_ISREG(mode) (((mode) & (_S_IFMT)) == (_S_IFREG)) +#endif /* S_ISREG */ + +#ifndef S_ISLNK +# define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) +#endif /* S_ISLNK */ + +#ifndef S_IXUSR +# define S_IXUSR 0000100 /* execute/search permission, */ +# define S_IXGRP 0000010 /* execute/search permission, */ +# define S_IXOTH 0000001 /* execute/search permission, */ +# define _S_IWUSR 0000200 /* write permission, */ +# define S_IWUSR _S_IWUSR /* write permission, owner */ +# define S_IWGRP 0000020 /* write permission, group */ +# define S_IWOTH 0000002 /* write permission, other */ +# define S_IRUSR 0000400 /* read permission, owner */ +# define S_IRGRP 0000040 /* read permission, group */ +# define S_IROTH 0000004 /* read permission, other */ +# define S_IRWXU 0000700 /* read, write, execute */ +# define S_IRWXG 0000070 /* read, write, execute */ +# define S_IRWXO 0000007 /* read, write, execute */ +#endif /* S_IXUSR */ + +#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) +#define MAP_ANON MAP_ANONYMOUS +#endif + +#ifndef MAP_FAILED +# define MAP_FAILED ((void *)-1) +#endif + +/* +SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but +including rpc/rpc.h breaks Solaris 6 +*/ +#ifndef INADDR_LOOPBACK +#define INADDR_LOOPBACK ((u_long)0x7f000001) +#endif + +/* Types */ + +/* If sys/types.h does not supply intXX_t, supply them ourselves */ +/* (or die trying) */ + +#ifndef HAVE_U_INT +typedef unsigned int u_int; +#endif + +#ifndef HAVE_INTXX_T +typedef signed char int8_t; +# if (SIZEOF_SHORT_INT == 2) +typedef short int int16_t; +# else +# ifdef _UNICOS +# if (SIZEOF_SHORT_INT == 4) +typedef short int16_t; +# else +typedef long int16_t; +# endif +# else +# error "16 bit int type not found." +# endif /* _UNICOS */ +# endif +# if (SIZEOF_INT == 4) +typedef int int32_t; +# else +# ifdef _UNICOS +typedef long int32_t; +# else +# error "32 bit int type not found." +# endif /* _UNICOS */ +# endif +#endif + +/* If sys/types.h does not supply u_intXX_t, supply them ourselves */ +#ifndef HAVE_U_INTXX_T +# ifdef HAVE_UINTXX_T +typedef uint8_t u_int8_t; +typedef uint16_t u_int16_t; +typedef uint32_t u_int32_t; +# define HAVE_U_INTXX_T 1 +# else +typedef unsigned char u_int8_t; +# if (SIZEOF_SHORT_INT == 2) +typedef unsigned short int u_int16_t; +# else +# ifdef _UNICOS +# if (SIZEOF_SHORT_INT == 4) +typedef unsigned short u_int16_t; +# else +typedef unsigned long u_int16_t; +# endif +# else +# error "16 bit int type not found." +# endif +# endif +# if (SIZEOF_INT == 4) +typedef unsigned int u_int32_t; +# else +# ifdef _UNICOS +typedef unsigned long u_int32_t; +# else +# error "32 bit int type not found." +# endif +# endif +# endif +#define __BIT_TYPES_DEFINED__ +#endif + +/* 64-bit types */ +#ifndef HAVE_INT64_T +# if (SIZEOF_LONG_INT == 8) +typedef long int int64_t; +# else +# if (SIZEOF_LONG_LONG_INT == 8) +typedef long long int int64_t; +# endif +# endif +#endif +#ifndef HAVE_U_INT64_T +# if (SIZEOF_LONG_INT == 8) +typedef unsigned long int u_int64_t; +# else +# if (SIZEOF_LONG_LONG_INT == 8) +typedef unsigned long long int u_int64_t; +# endif +# endif +#endif + +#ifndef HAVE_UINTXX_T +typedef u_int8_t uint8_t; +typedef u_int16_t uint16_t; +typedef u_int32_t uint32_t; +typedef u_int64_t uint64_t; +#endif + +#ifndef HAVE_INTMAX_T +typedef long long intmax_t; +#endif + +#ifndef HAVE_UINTMAX_T +typedef unsigned long long uintmax_t; +#endif + +#ifndef HAVE_U_CHAR +typedef unsigned char u_char; +# define HAVE_U_CHAR +#endif /* HAVE_U_CHAR */ + +#ifndef ULLONG_MAX +# define ULLONG_MAX ((unsigned long long)-1) +#endif + +#ifndef SIZE_T_MAX +#define SIZE_T_MAX ULONG_MAX +#endif /* SIZE_T_MAX */ + +#ifndef HAVE_SIZE_T +typedef unsigned int size_t; +# define HAVE_SIZE_T +# define SIZE_T_MAX UINT_MAX +#endif /* HAVE_SIZE_T */ + +#ifndef SIZE_MAX +#define SIZE_MAX SIZE_T_MAX +#endif + +#ifndef HAVE_SSIZE_T +typedef int ssize_t; +# define HAVE_SSIZE_T +#endif /* HAVE_SSIZE_T */ + +#ifndef HAVE_CLOCK_T +typedef long clock_t; +# define HAVE_CLOCK_T +#endif /* HAVE_CLOCK_T */ + +#ifndef HAVE_SA_FAMILY_T +typedef int sa_family_t; +# define HAVE_SA_FAMILY_T +#endif /* HAVE_SA_FAMILY_T */ + +#ifndef HAVE_PID_T +typedef int pid_t; +# define HAVE_PID_T +#endif /* HAVE_PID_T */ + +#ifndef HAVE_SIG_ATOMIC_T +typedef int sig_atomic_t; +# define HAVE_SIG_ATOMIC_T +#endif /* HAVE_SIG_ATOMIC_T */ + +#ifndef HAVE_MODE_T +typedef int mode_t; +# define HAVE_MODE_T +#endif /* HAVE_MODE_T */ + +#if !defined(HAVE_SS_FAMILY_IN_SS) && defined(HAVE___SS_FAMILY_IN_SS) +# define ss_family __ss_family +#endif /* !defined(HAVE_SS_FAMILY_IN_SS) && defined(HAVE_SA_FAMILY_IN_SS) */ + +#ifndef HAVE_SYS_UN_H +struct sockaddr_un { + short sun_family; /* AF_UNIX */ + char sun_path[108]; /* path name (gag) */ +}; +#endif /* HAVE_SYS_UN_H */ + +#ifndef HAVE_IN_ADDR_T +typedef u_int32_t in_addr_t; +#endif +#ifndef HAVE_IN_PORT_T +typedef u_int16_t in_port_t; +#endif + +#if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE) +#define _STRUCT_WINSIZE +struct winsize { + unsigned short ws_row; /* rows, in characters */ + unsigned short ws_col; /* columns, in character */ + unsigned short ws_xpixel; /* horizontal size, pixels */ + unsigned short ws_ypixel; /* vertical size, pixels */ +}; +#endif + +/* bits needed for select that may not be in the system headers */ +#ifndef HAVE_FD_MASK + typedef unsigned long int fd_mask; +#endif + +#if defined(HAVE_DECL_NFDBITS) && HAVE_DECL_NFDBITS == 0 +# define NFDBITS (8 * sizeof(unsigned long)) +#endif + +#if defined(HAVE_DECL_HOWMANY) && HAVE_DECL_HOWMANY == 0 +# define howmany(x,y) (((x)+((y)-1))/(y)) +#endif + +/* Paths */ + +#ifndef _PATH_BSHELL +# define _PATH_BSHELL "/bin/sh" +#endif + +#ifdef USER_PATH +# ifdef _PATH_STDPATH +# undef _PATH_STDPATH +# endif +# define _PATH_STDPATH USER_PATH +#endif + +#ifndef _PATH_STDPATH +# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" +#endif + +#ifndef SUPERUSER_PATH +# define SUPERUSER_PATH _PATH_STDPATH +#endif + +#ifndef _PATH_DEVNULL +# define _PATH_DEVNULL "/dev/null" +#endif + +/* user may have set a different path */ +#if defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY) +# undef _PATH_MAILDIR +#endif /* defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY) */ + +#ifdef MAIL_DIRECTORY +# define _PATH_MAILDIR MAIL_DIRECTORY +#endif + +#ifndef _PATH_NOLOGIN +# define _PATH_NOLOGIN "/etc/nologin" +#endif + +/* Define this to be the path of the xauth program. */ +#ifdef XAUTH_PATH +#define _PATH_XAUTH XAUTH_PATH +#endif /* XAUTH_PATH */ + +/* derived from XF4/xc/lib/dps/Xlibnet.h */ +#ifndef X_UNIX_PATH +# ifdef __hpux +# define X_UNIX_PATH "/var/spool/sockets/X11/%u" +# else +# define X_UNIX_PATH "/tmp/.X11-unix/X%u" +# endif +#endif /* X_UNIX_PATH */ +#define _PATH_UNIX_X X_UNIX_PATH + +#ifndef _PATH_TTY +# define _PATH_TTY "/dev/tty" +#endif + +/* Macros */ + +#if defined(HAVE_LOGIN_GETCAPBOOL) && defined(HAVE_LOGIN_CAP_H) +# define HAVE_LOGIN_CAP +#endif + +#ifndef MAX +# define MAX(a,b) (((a)>(b))?(a):(b)) +# define MIN(a,b) (((a)<(b))?(a):(b)) +#endif + +#ifndef roundup +# define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) +#endif + +#ifndef timersub +#define timersub(a, b, result) \ + do { \ + (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \ + (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \ + if ((result)->tv_usec < 0) { \ + --(result)->tv_sec; \ + (result)->tv_usec += 1000000; \ + } \ + } while (0) +#endif + +#ifndef TIMEVAL_TO_TIMESPEC +#define TIMEVAL_TO_TIMESPEC(tv, ts) { \ + (ts)->tv_sec = (tv)->tv_sec; \ + (ts)->tv_nsec = (tv)->tv_usec * 1000; \ +} +#endif + +#ifndef TIMESPEC_TO_TIMEVAL +#define TIMESPEC_TO_TIMEVAL(tv, ts) { \ + (tv)->tv_sec = (ts)->tv_sec; \ + (tv)->tv_usec = (ts)->tv_nsec / 1000; \ +} +#endif + +#ifndef __P +# define __P(x) x +#endif + +#if !defined(IN6_IS_ADDR_V4MAPPED) +# define IN6_IS_ADDR_V4MAPPED(a) \ + ((((u_int32_t *) (a))[0] == 0) && (((u_int32_t *) (a))[1] == 0) && \ + (((u_int32_t *) (a))[2] == htonl (0xffff))) +#endif /* !defined(IN6_IS_ADDR_V4MAPPED) */ + +#if !defined(__GNUC__) || (__GNUC__ < 2) +# define __attribute__(x) +#endif /* !defined(__GNUC__) || (__GNUC__ < 2) */ + +#if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__) +# define __sentinel__ +#endif + +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__) +# define __bounded__(x, y, z) +#endif + +#if !defined(HAVE_ATTRIBUTE__NONNULL__) && !defined(__nonnull__) +# define __nonnull__(x) +#endif + +#ifndef OSSH_ALIGNBYTES +#define OSSH_ALIGNBYTES (sizeof(int) - 1) +#endif +#ifndef __CMSG_ALIGN +#define __CMSG_ALIGN(p) (((u_int)(p) + OSSH_ALIGNBYTES) &~ OSSH_ALIGNBYTES) +#endif + +/* Length of the contents of a control message of length len */ +#ifndef CMSG_LEN +#define CMSG_LEN(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + (len)) +#endif + +/* Length of the space taken up by a padded control message of length len */ +#ifndef CMSG_SPACE +#define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len)) +#endif + +/* given pointer to struct cmsghdr, return pointer to data */ +#ifndef CMSG_DATA +#define CMSG_DATA(cmsg) ((u_char *)(cmsg) + __CMSG_ALIGN(sizeof(struct cmsghdr))) +#endif /* CMSG_DATA */ + +/* + * RFC 2292 requires to check msg_controllen, in case that the kernel returns + * an empty list for some reasons. + */ +#ifndef CMSG_FIRSTHDR +#define CMSG_FIRSTHDR(mhdr) \ + ((mhdr)->msg_controllen >= sizeof(struct cmsghdr) ? \ + (struct cmsghdr *)(mhdr)->msg_control : \ + (struct cmsghdr *)NULL) +#endif /* CMSG_FIRSTHDR */ + +#if defined(HAVE_DECL_OFFSETOF) && HAVE_DECL_OFFSETOF == 0 +# define offsetof(type, member) ((size_t) &((type *)0)->member) +#endif + +/* Set up BSD-style BYTE_ORDER definition if it isn't there already */ +/* XXX: doesn't try to cope with strange byte orders (PDP_ENDIAN) */ +#ifndef BYTE_ORDER +# ifndef LITTLE_ENDIAN +# define LITTLE_ENDIAN 1234 +# endif /* LITTLE_ENDIAN */ +# ifndef BIG_ENDIAN +# define BIG_ENDIAN 4321 +# endif /* BIG_ENDIAN */ +# ifdef WORDS_BIGENDIAN +# define BYTE_ORDER BIG_ENDIAN +# else /* WORDS_BIGENDIAN */ +# define BYTE_ORDER LITTLE_ENDIAN +# endif /* WORDS_BIGENDIAN */ +#endif /* BYTE_ORDER */ + +/* Function replacement / compatibility hacks */ + +#if !defined(HAVE_GETADDRINFO) && (defined(HAVE_OGETADDRINFO) || defined(HAVE_NGETADDRINFO)) +# define HAVE_GETADDRINFO +#endif + +#ifndef HAVE_GETOPT_OPTRESET +# undef getopt +# undef opterr +# undef optind +# undef optopt +# undef optreset +# undef optarg +# define getopt(ac, av, o) BSDgetopt(ac, av, o) +# define opterr BSDopterr +# define optind BSDoptind +# define optopt BSDoptopt +# define optreset BSDoptreset +# define optarg BSDoptarg +#endif + +#if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) +# undef HAVE_GETADDRINFO +#endif +#if defined(BROKEN_GETADDRINFO) && defined(HAVE_FREEADDRINFO) +# undef HAVE_FREEADDRINFO +#endif +#if defined(BROKEN_GETADDRINFO) && defined(HAVE_GAI_STRERROR) +# undef HAVE_GAI_STRERROR +#endif + +#if defined(HAVE_GETADDRINFO) +# if defined(HAVE_DECL_AI_NUMERICSERV) && HAVE_DECL_AI_NUMERICSERV == 0 +# define AI_NUMERICSERV 0 +# endif +#endif + +#if defined(BROKEN_UPDWTMPX) && defined(HAVE_UPDWTMPX) +# undef HAVE_UPDWTMPX +#endif + +#if defined(BROKEN_SHADOW_EXPIRE) && defined(HAS_SHADOW_EXPIRE) +# undef HAS_SHADOW_EXPIRE +#endif + +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) && \ + defined(SYSLOG_R_SAFE_IN_SIGHAND) +# define DO_LOG_SAFE_IN_SIGHAND +#endif + +#if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) +# define memmove(s1, s2, n) bcopy((s2), (s1), (n)) +#endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */ + +#ifndef GETPGRP_VOID +#ifndef WIN32 +# include +#endif +# define getpgrp() getpgrp(0) +#endif + +#ifdef USE_BSM_AUDIT +# define SSH_AUDIT_EVENTS +# define CUSTOM_SSH_AUDIT_EVENTS +#endif + +#ifdef USE_LINUX_AUDIT +# define SSH_AUDIT_EVENTS +# define CUSTOM_SSH_AUDIT_EVENTS +#endif + +#if !defined(HAVE___func__) && defined(HAVE___FUNCTION__) +# define __func__ __FUNCTION__ +#elif !defined(HAVE___func__) +# define __func__ "" +#endif + +#if defined(KRB5) && !defined(HEIMDAL) +# define krb5_get_err_text(context,code) error_message(code) +#endif + +#if defined(SKEYCHALLENGE_4ARG) +# define _compat_skeychallenge(a,b,c,d) skeychallenge(a,b,c,d) +#else +# define _compat_skeychallenge(a,b,c,d) skeychallenge(a,b,c) +#endif + +/* Maximum number of file descriptors available */ +#ifdef HAVE_SYSCONF +# define SSH_SYSFDMAX sysconf(_SC_OPEN_MAX) +#else +# define SSH_SYSFDMAX 10000 +#endif + +#ifdef FSID_HAS_VAL +/* encode f_fsid into a 64 bit value */ +#define FSID_TO_ULONG(f) \ + ((((u_int64_t)(f).val[0] & 0xffffffffUL) << 32) | \ + ((f).val[1] & 0xffffffffUL)) +#elif defined(FSID_HAS___VAL) +#define FSID_TO_ULONG(f) \ + ((((u_int64_t)(f).__val[0] & 0xffffffffUL) << 32) | \ + ((f).__val[1] & 0xffffffffUL)) +#else +# define FSID_TO_ULONG(f) ((f)) +#endif + +#if defined(__Lynx__) + /* + * LynxOS defines these in param.h which we do not want to include since + * it will also pull in a bunch of kernel definitions. + */ +# define ALIGNBYTES (sizeof(int) - 1) +# define ALIGN(p) (((unsigned)p + ALIGNBYTES) & ~ALIGNBYTES) + /* Missing prototypes on LynxOS */ + int snprintf (char *, size_t, const char *, ...); + int mkstemp (char *); + char *crypt (const char *, const char *); + int seteuid (uid_t); + int setegid (gid_t); + char *mkdtemp (char *); + int rresvport_af (int *, sa_family_t); + int innetgr (const char *, const char *, const char *, const char *); +#endif + +/* + * Define this to use pipes instead of socketpairs for communicating with the + * client program. Socketpairs do not seem to work on all systems. + * + * configure.ac sets this for a few OS's which are known to have problems + * but you may need to set it yourself + */ +/* #define USE_PIPES 1 */ + +/** + ** login recorder definitions + **/ + +/* FIXME: put default paths back in */ +#ifndef UTMP_FILE +# ifdef _PATH_UTMP +# define UTMP_FILE _PATH_UTMP +# else +# ifdef CONF_UTMP_FILE +# define UTMP_FILE CONF_UTMP_FILE +# endif +# endif +#endif +#ifndef WTMP_FILE +# ifdef _PATH_WTMP +# define WTMP_FILE _PATH_WTMP +# else +# ifdef CONF_WTMP_FILE +# define WTMP_FILE CONF_WTMP_FILE +# endif +# endif +#endif +/* pick up the user's location for lastlog if given */ +#ifndef LASTLOG_FILE +# ifdef _PATH_LASTLOG +# define LASTLOG_FILE _PATH_LASTLOG +# else +# ifdef CONF_LASTLOG_FILE +# define LASTLOG_FILE CONF_LASTLOG_FILE +# endif +# endif +#endif + +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +# define USE_SHADOW +#endif + +/* The login() library function in libutil is first choice */ +#if defined(HAVE_LOGIN) && !defined(DISABLE_LOGIN) +# define USE_LOGIN + +#else +/* Simply select your favourite login types. */ +/* Can't do if-else because some systems use several... */ +# if !defined(DISABLE_UTMPX) +# define USE_UTMPX +# endif +# if defined(UTMP_FILE) && !defined(DISABLE_UTMP) +# define USE_UTMP +# endif +# if defined(WTMPX_FILE) && !defined(DISABLE_WTMPX) +# define USE_WTMPX +# endif +# if defined(WTMP_FILE) && !defined(DISABLE_WTMP) +# define USE_WTMP +# endif + +#endif + +#ifndef UT_LINESIZE +# define UT_LINESIZE 8 +#endif + +/* I hope that the presence of LASTLOG_FILE is enough to detect this */ +#if defined(LASTLOG_FILE) && !defined(DISABLE_LASTLOG) +# define USE_LASTLOG +#endif + +#ifdef HAVE_OSF_SIA +# ifdef USE_SHADOW +# undef USE_SHADOW +# endif +# define CUSTOM_SYS_AUTH_PASSWD 1 +#endif + +#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID) && !defined(HAVE_SECUREWARE) +# define CUSTOM_SYS_AUTH_PASSWD 1 +#endif +#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID) && !defined(BROKEN_LIBIAF) +# define USE_LIBIAF +#endif + +/* HP-UX 11.11 */ +#ifdef BTMP_FILE +# define _PATH_BTMP BTMP_FILE +#endif + +#if defined(USE_BTMP) && defined(_PATH_BTMP) +# define CUSTOM_FAILED_LOGIN +#endif + +/** end of login recorder definitions */ + +#ifdef BROKEN_GETGROUPS +# define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b))) +#endif + +#if defined(HAVE_MMAP) && defined(BROKEN_MMAP) +# undef HAVE_MMAP +#endif + +#ifndef IOV_MAX +# if defined(_XOPEN_IOV_MAX) +# define IOV_MAX _XOPEN_IOV_MAX +# elif defined(DEF_IOV_MAX) +# define IOV_MAX DEF_IOV_MAX +# else +# define IOV_MAX 16 +# endif +#endif + +#ifndef EWOULDBLOCK +# define EWOULDBLOCK EAGAIN +#endif + +#ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */ +#define INET6_ADDRSTRLEN 46 +#endif + +#ifndef SSH_IOBUFSZ +# define SSH_IOBUFSZ 8192 +#endif + +/* + * Platforms that have arc4random_uniform() and not arc4random_stir() + * shouldn't need the latter. + */ +#if defined(HAVE_ARC4RANDOM) && defined(HAVE_ARC4RANDOM_UNIFORM) && \ + !defined(HAVE_ARC4RANDOM_STIR) +# define arc4random_stir() +#endif + +#ifndef HAVE_VA_COPY +# ifdef HAVE___VA_COPY +# define va_copy(dest, src) __va_copy(dest, src) +# else +# define va_copy(dest, src) (dest) = (src) +# endif +#endif + +#ifndef __predict_true +# if defined(__GNUC__) && \ + ((__GNUC__ > (2)) || (__GNUC__ == (2) && __GNUC_MINOR__ >= (96))) +# define __predict_true(exp) __builtin_expect(((exp) != 0), 1) +# define __predict_false(exp) __builtin_expect(((exp) != 0), 0) +# else +# define __predict_true(exp) ((exp) != 0) +# define __predict_false(exp) ((exp) != 0) +# endif /* gcc version */ +#endif /* __predict_true */ + +#endif /* _DEFINES_H */ diff --git a/include/DomainExec/opensshlib/dh.c b/include/DomainExec/opensshlib/dh.c new file mode 100644 index 00000000..22777dae --- /dev/null +++ b/include/DomainExec/opensshlib/dh.c @@ -0,0 +1,407 @@ +/* $OpenBSD: dh.c,v 1.57 2015/05/27 23:39:18 dtucker Exp $ */ +/* + * Copyright (c) 2000 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifndef WIN32 +#include /* MIN */ +#endif + +#include +#include + +#include +#include +#include +#include +#include + +#include "dh.h" +#include "pathnames.h" +#include "log.h" +#include "misc.h" +#include "ssherr.h" + +static int +parse_prime(int linenum, char *line, struct dhgroup *dhg) +{ + char *cp, *arg; + char *strsize, *gen, *prime; + const char *errstr = NULL; + long long n; + + dhg->p = dhg->g = NULL; + cp = line; + if ((arg = strdelim(&cp)) == NULL) + return 0; + /* Ignore leading whitespace */ + if (*arg == '\0') + arg = strdelim(&cp); + if (!arg || !*arg || *arg == '#') + return 0; + + /* time */ + if (cp == NULL || *arg == '\0') + goto truncated; + arg = strsep(&cp, " "); /* type */ + if (cp == NULL || *arg == '\0') + goto truncated; + /* Ensure this is a safe prime */ + n = strtonum(arg, 0, 5, &errstr); + if (errstr != NULL || n != MODULI_TYPE_SAFE) { + ssh_error("moduli:%d: type is not %d", linenum, MODULI_TYPE_SAFE); + goto fail; + } + arg = strsep(&cp, " "); /* tests */ + if (cp == NULL || *arg == '\0') + goto truncated; + /* Ensure prime has been tested and is not composite */ + n = strtonum(arg, 0, 0x1f, &errstr); + if (errstr != NULL || + (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE)) { + ssh_error("moduli:%d: invalid moduli tests flag", linenum); + goto fail; + } + arg = strsep(&cp, " "); /* tries */ + if (cp == NULL || *arg == '\0') + goto truncated; + n = strtonum(arg, 0, 1<<30, &errstr); + if (errstr != NULL || n == 0) { + ssh_error("moduli:%d: invalid primality trial count", linenum); + goto fail; + } + strsize = strsep(&cp, " "); /* size */ + if (cp == NULL || *strsize == '\0' || + (dhg->size = (int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 || + errstr) { + ssh_error("moduli:%d: invalid prime length", linenum); + goto fail; + } + /* The whole group is one bit larger */ + dhg->size++; + gen = strsep(&cp, " "); /* gen */ + if (cp == NULL || *gen == '\0') + goto truncated; + prime = strsep(&cp, " "); /* prime */ + if (cp != NULL || *prime == '\0') { + truncated: + ssh_error("moduli:%d: truncated", linenum); + goto fail; + } + + if ((dhg->g = BN_new()) == NULL || + (dhg->p = BN_new()) == NULL) { + ssh_error("parse_prime: BN_new failed"); + goto fail; + } + if (BN_hex2bn(&dhg->g, gen) == 0) { + ssh_error("moduli:%d: could not parse generator value", linenum); + goto fail; + } + if (BN_hex2bn(&dhg->p, prime) == 0) { + ssh_error("moduli:%d: could not parse prime value", linenum); + goto fail; + } + if (BN_num_bits(dhg->p) != dhg->size) { + ssh_error("moduli:%d: prime has wrong size: actual %d listed %d", + linenum, BN_num_bits(dhg->p), dhg->size - 1); + goto fail; + } + if (BN_cmp(dhg->g, BN_value_one()) <= 0) { + ssh_error("moduli:%d: generator is invalid", linenum); + goto fail; + } + return 1; + + fail: + if (dhg->g != NULL) + BN_clear_free(dhg->g); + if (dhg->p != NULL) + BN_clear_free(dhg->p); + dhg->g = dhg->p = NULL; + return 0; +} + +DH * +choose_dh(int min, int wantbits, int max) +{ + FILE *f; + char line[4096]; + int best, bestcount, which; + int linenum; + struct dhgroup dhg; + + if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL && + (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) { + logit("WARNING: %s does not exist, using fixed modulus", + _PATH_DH_MODULI); + return (dh_new_group_fallback(max)); + } + + linenum = 0; + best = bestcount = 0; + while (fgets(line, sizeof(line), f)) { + linenum++; + if (!parse_prime(linenum, line, &dhg)) + continue; + BN_clear_free(dhg.g); + BN_clear_free(dhg.p); + + if (dhg.size > max || dhg.size < min) + continue; + + if ((dhg.size > wantbits && dhg.size < best) || + (dhg.size > best && best < wantbits)) { + best = dhg.size; + bestcount = 0; + } + if (dhg.size == best) + bestcount++; + } + rewind(f); + + if (bestcount == 0) { + fclose(f); + logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES); + return (dh_new_group_fallback(max)); + } + + linenum = 0; + which = arc4random_uniform(bestcount); + while (fgets(line, sizeof(line), f)) { + if (!parse_prime(linenum, line, &dhg)) + continue; + if ((dhg.size > max || dhg.size < min) || + dhg.size != best || + linenum++ != which) { + BN_clear_free(dhg.g); + BN_clear_free(dhg.p); + continue; + } + break; + } + fclose(f); + if (linenum != which+1) { + logit("WARNING: line %d disappeared in %s, giving up", + which, _PATH_DH_PRIMES); + return (dh_new_group_fallback(max)); + } + + return (dh_new_group(dhg.g, dhg.p)); +} + +/* diffie-hellman-groupN-sha1 */ + +int +dh_pub_is_valid(DH *dh, const BIGNUM *dh_pub) +{ + int i; + int n = BN_num_bits(dh_pub); + int bits_set = 0; + BIGNUM *tmp; + const BIGNUM *dh_p; + + if (BN_is_negative(dh_pub)) { + logit("invalid public DH value: negative"); + return 0; + } + if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */ + logit("invalid public DH value: <= 1"); + return 0; + } + + if ((tmp = BN_new()) == NULL) { + ssh_error("%s: BN_new failed", __func__); + return 0; + } + + DH_get0_pqg(dh, &dh_p, NULL, NULL); + if (!BN_sub(tmp, dh_p, BN_value_one()) || + BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ + BN_clear_free(tmp); + logit("invalid public DH value: >= p-1"); + return 0; + } + BN_clear_free(tmp); + + for (i = 0; i <= n; i++) + if (BN_is_bit_set(dh_pub, i)) + bits_set++; + debug2("bits set: %d/%d", bits_set, BN_num_bits(dh_p)); + + /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ + if (bits_set > 1) + return 1; + + logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh_p)); + return 0; +} + +int +dh_gen_key(DH *dh, int need) +{ + int r, pbits; + const BIGNUM *dh_p, *dh_pub_key; + DH_get0_pqg(dh, &dh_p, NULL, NULL); + + if (need < 0 || dh_p == NULL || + (pbits = BN_num_bits(dh_p)) <= 0 || + need > INT_MAX / 2 || 2 * need > pbits) + return SSH_ERR_INVALID_ARGUMENT; + DH_set_length(dh, MIN(need * 2, pbits - 1)); + r = DH_generate_key(dh); + DH_get0_key(dh, &dh_pub_key, NULL); + if (r == 0 || + !dh_pub_is_valid(dh, dh_pub_key)) { + return SSH_ERR_LIBCRYPTO_ERROR; + } + return 0; +} + +DH * +dh_new_group_asc(const char *gen, const char *modulus) +{ + DH *dh; + const BIGNUM *dh_p, *dh_g; + + if ((dh = DH_new()) == NULL) + return NULL; + DH_get0_pqg(dh, &dh_p, NULL, &dh_g); + if (BN_hex2bn((BIGNUM**)&dh_p, modulus) == 0 || + BN_hex2bn((BIGNUM**)&dh_g, gen) == 0) { + DH_free(dh); + return NULL; + } + return (dh); +} + +/* + * This just returns the group, we still need to generate the exchange + * value. + */ + +DH * +dh_new_group(BIGNUM *gen, BIGNUM *modulus) +{ + DH *dh; + + if ((dh = DH_new()) == NULL) + return NULL; + DH_set0_pqg(dh, modulus, NULL, gen); + + return (dh); +} + +DH * +dh_new_group1(void) +{ + static char *gen = "2", *group1 = + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381" + "FFFFFFFF" "FFFFFFFF"; + + return (dh_new_group_asc(gen, group1)); +} + +DH * +dh_new_group14(void) +{ + static char *gen = "2", *group14 = + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" + "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" + "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" + "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" + "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" + "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" + "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF"; + + return (dh_new_group_asc(gen, group14)); +} + +/* + * 4k bit fallback group used by DH-GEX if moduli file cannot be read. + * Source: MODP group 16 from RFC3526. + */ +DH * +dh_new_group_fallback(int max) +{ + static char *gen = "2", *group16 = + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" + "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" + "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" + "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" + "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" + "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" + "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64" + "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7" + "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B" + "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C" + "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31" + "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7" + "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA" + "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6" + "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED" + "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9" + "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199" + "FFFFFFFF" "FFFFFFFF"; + + if (max < 4096) { + debug3("requested max size %d, using 2k bit group 14", max); + return dh_new_group14(); + } + debug3("using 4k bit group 16"); + return (dh_new_group_asc(gen, group16)); +} + +/* + * Estimates the group order for a Diffie-Hellman group that has an + * attack complexity approximately the same as O(2**bits). + * Values from NIST Special Publication 800-57: Recommendation for Key + * Management Part 1 (rev 3) limited by the recommended maximum value + * from RFC4419 section 3. + */ + +u_int +dh_estimate(int bits) +{ + if (bits <= 112) + return 2048; + if (bits <= 128) + return 3072; + if (bits <= 192) + return 7680; + return 8192; +} diff --git a/include/DomainExec/opensshlib/dh.h b/include/DomainExec/opensshlib/dh.h new file mode 100644 index 00000000..8533cc69 --- /dev/null +++ b/include/DomainExec/opensshlib/dh.h @@ -0,0 +1,75 @@ +/* $OpenBSD: dh.h,v 1.13 2015/05/27 23:39:18 dtucker Exp $ */ + +/* + * Copyright (c) 2000 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef DH_H +#define DH_H + +struct dhgroup { + int size; + BIGNUM *g; + BIGNUM *p; +}; + +DH *choose_dh(int, int, int); +DH *dh_new_group_asc(const char *, const char *); +DH *dh_new_group(BIGNUM *, BIGNUM *); +DH *dh_new_group1(void); +DH *dh_new_group14(void); +DH *dh_new_group_fallback(int); + +int dh_gen_key(DH *, int); +int dh_pub_is_valid(DH *, const BIGNUM *); + +u_int dh_estimate(int); + +/* Min and max values from RFC4419. */ +#define DH_GRP_MIN 1024 +#define DH_GRP_MAX 8192 + +/* + * Values for "type" field of moduli(5) + * Specifies the internal structure of the prime modulus. + */ +#define MODULI_TYPE_UNKNOWN (0) +#define MODULI_TYPE_UNSTRUCTURED (1) +#define MODULI_TYPE_SAFE (2) +#define MODULI_TYPE_SCHNORR (3) +#define MODULI_TYPE_SOPHIE_GERMAIN (4) +#define MODULI_TYPE_STRONG (5) + +/* + * Values for "tests" field of moduli(5) + * Specifies the methods used in checking for primality. + * Usually, more than one test is used. + */ +#define MODULI_TESTS_UNTESTED (0x00) +#define MODULI_TESTS_COMPOSITE (0x01) +#define MODULI_TESTS_SIEVE (0x02) +#define MODULI_TESTS_MILLER_RABIN (0x04) +#define MODULI_TESTS_JACOBI (0x08) +#define MODULI_TESTS_ELLIPTIC (0x10) + + +#endif diff --git a/include/DomainExec/opensshlib/digest-libc.c b/include/DomainExec/opensshlib/digest-libc.c new file mode 100644 index 00000000..c2b0b240 --- /dev/null +++ b/include/DomainExec/opensshlib/digest-libc.c @@ -0,0 +1,254 @@ +/* $OpenBSD: digest-libc.c,v 1.6 2017/05/08 22:57:38 djm Exp $ */ +/* + * Copyright (c) 2013 Damien Miller + * Copyright (c) 2014 Markus Friedl. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifndef WITH_OPENSSL + +#include +#include +#include +#include + +#if 0 +#include +#include +#include +#include +#endif + +#include "ssherr.h" +#include "sshbuf.h" +#include "digest.h" + +typedef void md_init_fn(void *mdctx); +typedef void md_update_fn(void *mdctx, const u_int8_t *m, size_t mlen); +typedef void md_final_fn(u_int8_t[], void *mdctx); + +struct ssh_digest_ctx { + int alg; + void *mdctx; +}; + +struct ssh_digest { + int id; + const char *name; + size_t block_len; + size_t digest_len; + size_t ctx_len; + md_init_fn *md_init; + md_update_fn *md_update; + md_final_fn *md_final; +}; + +/* NB. Indexed directly by algorithm number */ +const struct ssh_digest digests[SSH_DIGEST_MAX] = { + { + SSH_DIGEST_MD5, + "MD5", + MD5_BLOCK_LENGTH, + MD5_DIGEST_LENGTH, + sizeof(MD5_CTX), + (md_init_fn *) MD5Init, + (md_update_fn *) MD5Update, + (md_final_fn *) MD5Final + }, + { + SSH_DIGEST_SHA1, + "SHA1", + SHA1_BLOCK_LENGTH, + SHA1_DIGEST_LENGTH, + sizeof(SHA1_CTX), + (md_init_fn *) SHA1Init, + (md_update_fn *) SHA1Update, + (md_final_fn *) SHA1Final + }, + { + SSH_DIGEST_SHA256, + "SHA256", + SHA256_BLOCK_LENGTH, + SHA256_DIGEST_LENGTH, + sizeof(SHA256_CTX), + (md_init_fn *) SHA256_Init, + (md_update_fn *) SHA256_Update, + (md_final_fn *) SHA256_Final + }, + { + SSH_DIGEST_SHA384, + "SHA384", + SHA384_BLOCK_LENGTH, + SHA384_DIGEST_LENGTH, + sizeof(SHA384_CTX), + (md_init_fn *) SHA384_Init, + (md_update_fn *) SHA384_Update, + (md_final_fn *) SHA384_Final + }, + { + SSH_DIGEST_SHA512, + "SHA512", + SHA512_BLOCK_LENGTH, + SHA512_DIGEST_LENGTH, + sizeof(SHA512_CTX), + (md_init_fn *) SHA512_Init, + (md_update_fn *) SHA512_Update, + (md_final_fn *) SHA512_Final + } +}; + +static const struct ssh_digest * +ssh_digest_by_alg(int alg) +{ + if (alg < 0 || alg >= SSH_DIGEST_MAX) + return NULL; + if (digests[alg].id != alg) /* sanity */ + return NULL; + return &(digests[alg]); +} + +int +ssh_digest_alg_by_name(const char *name) +{ + int alg; + + for (alg = 0; alg < SSH_DIGEST_MAX; alg++) { + if (strcasecmp(name, digests[alg].name) == 0) + return digests[alg].id; + } + return -1; +} + +const char * +ssh_digest_alg_name(int alg) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + + return digest == NULL ? NULL : digest->name; +} + +size_t +ssh_digest_bytes(int alg) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + + return digest == NULL ? 0 : digest->digest_len; +} + +size_t +ssh_digest_blocksize(struct ssh_digest_ctx *ctx) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); + + return digest == NULL ? 0 : digest->block_len; +} + +struct ssh_digest_ctx * +ssh_digest_start(int alg) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + struct ssh_digest_ctx *ret; + + if (digest == NULL || (ret = calloc(1, sizeof(*ret))) == NULL) + return NULL; + if ((ret->mdctx = calloc(1, digest->ctx_len)) == NULL) { + free(ret); + return NULL; + } + ret->alg = alg; + digest->md_init(ret->mdctx); + return ret; +} + +int +ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(from->alg); + + if (digest == NULL || from->alg != to->alg) + return SSH_ERR_INVALID_ARGUMENT; + memcpy(to->mdctx, from->mdctx, digest->ctx_len); + return 0; +} + +int +ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); + + if (digest == NULL) + return SSH_ERR_INVALID_ARGUMENT; + digest->md_update(ctx->mdctx, m, mlen); + return 0; +} + +int +ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b) +{ + return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b)); +} + +int +ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); + + if (digest == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen > UINT_MAX) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen < digest->digest_len) /* No truncation allowed */ + return SSH_ERR_INVALID_ARGUMENT; + digest->md_final(d, ctx->mdctx); + return 0; +} + +void +ssh_digest_free(struct ssh_digest_ctx *ctx) +{ + const struct ssh_digest *digest; + + if (ctx != NULL) { + digest = ssh_digest_by_alg(ctx->alg); + if (digest) { + explicit_bzero(ctx->mdctx, digest->ctx_len); + free(ctx->mdctx); + explicit_bzero(ctx, sizeof(*ctx)); + free(ctx); + } + } +} + +int +ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen) +{ + struct ssh_digest_ctx *ctx = ssh_digest_start(alg); + + if (ctx == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (ssh_digest_update(ctx, m, mlen) != 0 || + ssh_digest_final(ctx, d, dlen) != 0) + return SSH_ERR_INVALID_ARGUMENT; + ssh_digest_free(ctx); + return 0; +} + +int +ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) +{ + return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen); +} +#endif /* !WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/digest-openssl.c b/include/DomainExec/opensshlib/digest-openssl.c new file mode 100644 index 00000000..add4ff9b --- /dev/null +++ b/include/DomainExec/opensshlib/digest-openssl.c @@ -0,0 +1,206 @@ +/* $OpenBSD: digest-openssl.c,v 1.7 2017/05/08 22:57:38 djm Exp $ */ +/* + * Copyright (c) 2013 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifdef WITH_OPENSSL + +#include +#include +#include +#include + +#include + +#include "openssl-compat.h" + +#include "sshbuf.h" +#include "digest.h" +#include "ssherr.h" + +#ifndef HAVE_EVP_RIPEMD160 +# define EVP_ripemd160 NULL +#endif /* HAVE_EVP_RIPEMD160 */ +#ifndef HAVE_EVP_SHA256 +# define EVP_sha256 NULL +# define EVP_sha384 NULL +# define EVP_sha512 NULL +#endif /* HAVE_EVP_SHA256 */ + +struct ssh_digest_ctx { + int alg; + EVP_MD_CTX *mdctx; +}; + +struct ssh_digest { + int id; + const char *name; + size_t digest_len; + const EVP_MD *(*mdfunc)(void); +}; + +/* NB. Indexed directly by algorithm number */ +const struct ssh_digest digests[] = { + { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, + { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, + { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 }, + { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 }, + { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 }, + { -1, NULL, 0, NULL }, +}; + +static const struct ssh_digest * +ssh_digest_by_alg(int alg) +{ + if (alg < 0 || alg >= SSH_DIGEST_MAX) + return NULL; + if (digests[alg].id != alg) /* sanity */ + return NULL; + if (digests[alg].mdfunc == NULL) + return NULL; + return &(digests[alg]); +} + +int +ssh_digest_alg_by_name(const char *name) +{ + int alg; + + for (alg = 0; digests[alg].id != -1; alg++) { + if (strcasecmp(name, digests[alg].name) == 0) + return digests[alg].id; + } + return -1; +} + +const char * +ssh_digest_alg_name(int alg) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + + return digest == NULL ? NULL : digest->name; +} + +size_t +ssh_digest_bytes(int alg) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + + return digest == NULL ? 0 : digest->digest_len; +} + +size_t +ssh_digest_blocksize(struct ssh_digest_ctx *ctx) +{ + return EVP_MD_CTX_block_size(ctx->mdctx); +} + +struct ssh_digest_ctx * +ssh_digest_start(int alg) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + struct ssh_digest_ctx *ret; + + if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL)) + return NULL; + ret->alg = alg; + if ((ret->mdctx = EVP_MD_CTX_new()) == NULL) { + free(ret); + return NULL; + } + if (EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) { + ssh_digest_free(ret); + return NULL; + } + return ret; +} + +int +ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) +{ + if (from->alg != to->alg) + return SSH_ERR_INVALID_ARGUMENT; + /* we have bcopy-style order while openssl has memcpy-style */ + if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx)) + return SSH_ERR_LIBCRYPTO_ERROR; + return 0; +} + +int +ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) +{ + if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1) + return SSH_ERR_LIBCRYPTO_ERROR; + return 0; +} + +int +ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b) +{ + return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b)); +} + +int +ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); + u_int l = dlen; + + if (digest == NULL || dlen > UINT_MAX) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen < digest->digest_len) /* No truncation allowed */ + return SSH_ERR_INVALID_ARGUMENT; + if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1) + return SSH_ERR_LIBCRYPTO_ERROR; + if (l != digest->digest_len) /* sanity */ + return SSH_ERR_INTERNAL_ERROR; + return 0; +} + +void +ssh_digest_free(struct ssh_digest_ctx *ctx) +{ + if (ctx == NULL) + return; + EVP_MD_CTX_free(ctx->mdctx); + freezero(ctx, sizeof(*ctx)); +} + +int +ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen) +{ + const struct ssh_digest *digest = ssh_digest_by_alg(alg); + u_int mdlen; + + if (digest == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen > UINT_MAX) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen < digest->digest_len) + return SSH_ERR_INVALID_ARGUMENT; + mdlen = dlen; + if (!EVP_Digest(m, mlen, d, &mdlen, digest->mdfunc(), NULL)) + return SSH_ERR_LIBCRYPTO_ERROR; + return 0; +} + +int +ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) +{ + return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen); +} +#endif /* WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/digest.h b/include/DomainExec/opensshlib/digest.h new file mode 100644 index 00000000..274574d0 --- /dev/null +++ b/include/DomainExec/opensshlib/digest.h @@ -0,0 +1,70 @@ +/* $OpenBSD: digest.h,v 1.8 2017/05/08 22:57:38 djm Exp $ */ +/* + * Copyright (c) 2013 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _DIGEST_H +#define _DIGEST_H + +/* Maximum digest output length */ +#define SSH_DIGEST_MAX_LENGTH 64 + +/* Digest algorithms */ +#define SSH_DIGEST_MD5 0 +#define SSH_DIGEST_SHA1 1 +#define SSH_DIGEST_SHA256 2 +#define SSH_DIGEST_SHA384 3 +#define SSH_DIGEST_SHA512 4 +#define SSH_DIGEST_MAX 5 + +struct sshbuf; +struct ssh_digest_ctx; + +/* Looks up a digest algorithm by name */ +int ssh_digest_alg_by_name(const char *name); + +/* Returns the algorithm name for a digest identifier */ +const char *ssh_digest_alg_name(int alg); + +/* Returns the algorithm's digest length in bytes or 0 for invalid algorithm */ +size_t ssh_digest_bytes(int alg); + +/* Returns the block size of the digest, e.g. for implementing HMAC */ +size_t ssh_digest_blocksize(struct ssh_digest_ctx *ctx); + +/* Copies internal state of digest of 'from' to 'to' */ +int ssh_digest_copy_state(struct ssh_digest_ctx *from, + struct ssh_digest_ctx *to); + +/* One-shot API */ +int ssh_digest_memory(int alg, const void *m, size_t mlen, + u_char *d, size_t dlen) + __attribute__((__bounded__(__buffer__, 2, 3))) + __attribute__((__bounded__(__buffer__, 4, 5))); +int ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) + __attribute__((__bounded__(__buffer__, 3, 4))); + +/* Update API */ +struct ssh_digest_ctx *ssh_digest_start(int alg); +int ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) + __attribute__((__bounded__(__buffer__, 2, 3))); +int ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, + const struct sshbuf *b); +int ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) + __attribute__((__bounded__(__buffer__, 2, 3))); +void ssh_digest_free(struct ssh_digest_ctx *ctx); + +#endif /* _DIGEST_H */ + diff --git a/include/DomainExec/opensshlib/dispatch.h b/include/DomainExec/opensshlib/dispatch.h new file mode 100644 index 00000000..59c32010 --- /dev/null +++ b/include/DomainExec/opensshlib/dispatch.h @@ -0,0 +1,62 @@ +/* $OpenBSD: dispatch.h,v 1.12 2015/01/19 20:07:45 markus Exp $ */ + +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef DISPATCH_H +#define DISPATCH_H + +#define DISPATCH_MAX 255 + +enum { + DISPATCH_BLOCK, + DISPATCH_NONBLOCK +}; + +struct ssh; + +#if 0 + +typedef int dispatch_fn(int, u_int32_t, void *); + +int dispatch_protocol_error(int, u_int32_t, void *); +int dispatch_protocol_ignore(int, u_int32_t, void *); +void ssh_dispatch_init(struct ssh *, dispatch_fn *); +void ssh_dispatch_set(struct ssh *, int, dispatch_fn *); +void ssh_dispatch_range(struct ssh *, u_int, u_int, dispatch_fn *); +int ssh_dispatch_run(struct ssh *, int, volatile sig_atomic_t *, void *); +void ssh_dispatch_run_fatal(struct ssh *, int, volatile sig_atomic_t *, void *); + +#define dispatch_init(dflt) \ + ssh_dispatch_init(active_state, (dflt)) +#define dispatch_range(from, to, fn) \ + ssh_dispatch_range(active_state, (from), (to), (fn)) +#define dispatch_set(type, fn) \ + ssh_dispatch_set(active_state, (type), (fn)) +#define dispatch_run(mode, done, ctxt) \ + ssh_dispatch_run_fatal(active_state, (mode), (done), (ctxt)) + +#endif + +#endif diff --git a/include/DomainExec/opensshlib/ed25519.c b/include/DomainExec/opensshlib/ed25519.c new file mode 100644 index 00000000..767ec24d --- /dev/null +++ b/include/DomainExec/opensshlib/ed25519.c @@ -0,0 +1,144 @@ +/* $OpenBSD: ed25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c + */ + +#include "includes.h" +#include "crypto_api.h" + +#include "ge25519.h" + +static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen) +{ + unsigned long long i; + + for (i = 0;i < 32;++i) playground[i] = sm[i]; + for (i = 32;i < 64;++i) playground[i] = pk[i-32]; + for (i = 64;i < smlen;++i) playground[i] = sm[i]; + + crypto_hash_sha512(hram,playground,smlen); +} + + +int crypto_sign_ed25519_keypair( + unsigned char *pk, + unsigned char *sk + ) +{ + sc25519 scsk; + ge25519 gepk; + unsigned char extsk[64]; + int i; + + randombytes(sk, 32); + crypto_hash_sha512(extsk, sk, 32); + extsk[0] &= 248; + extsk[31] &= 127; + extsk[31] |= 64; + + sc25519_from32bytes(&scsk,extsk); + + ge25519_scalarmult_base(&gepk, &scsk); + ge25519_pack(pk, &gepk); + for(i=0;i<32;i++) + sk[32 + i] = pk[i]; + return 0; +} + +int crypto_sign_ed25519( + unsigned char *sm,unsigned long long *smlen, + const unsigned char *m,unsigned long long mlen, + const unsigned char *sk + ) +{ + sc25519 sck, scs, scsk; + ge25519 ger; + unsigned char r[32]; + unsigned char s[32]; + unsigned char extsk[64]; + unsigned long long i; + unsigned char hmg[crypto_hash_sha512_BYTES]; + unsigned char hram[crypto_hash_sha512_BYTES]; + + crypto_hash_sha512(extsk, sk, 32); + extsk[0] &= 248; + extsk[31] &= 127; + extsk[31] |= 64; + + *smlen = mlen+64; + for(i=0;i +#if defined(HAVE_NETDB_H) +# include +#endif + +/* + * First, socket and INET6 related definitions + */ +#ifndef HAVE_STRUCT_SOCKADDR_STORAGE +# define _SS_MAXSIZE 128 /* Implementation specific max size */ +# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) +struct sockaddr_storage { + struct sockaddr ss_sa; + char __ss_pad2[_SS_PADSIZE]; +}; +# define ss_family ss_sa.sa_family +#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ + +#ifndef IN6_IS_ADDR_LOOPBACK +# define IN6_IS_ADDR_LOOPBACK(a) \ + (((u_int32_t *)(a))[0] == 0 && ((u_int32_t *)(a))[1] == 0 && \ + ((u_int32_t *)(a))[2] == 0 && ((u_int32_t *)(a))[3] == htonl(1)) +#endif /* !IN6_IS_ADDR_LOOPBACK */ + +#ifndef HAVE_STRUCT_IN6_ADDR +struct in6_addr { + u_int8_t s6_addr[16]; +}; +#endif /* !HAVE_STRUCT_IN6_ADDR */ + +#ifndef HAVE_STRUCT_SOCKADDR_IN6 +struct sockaddr_in6 { + unsigned short sin6_family; + u_int16_t sin6_port; + u_int32_t sin6_flowinfo; + struct in6_addr sin6_addr; + u_int32_t sin6_scope_id; +}; +#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */ + +#ifndef AF_INET6 +/* Define it to something that should never appear */ +#define AF_INET6 AF_MAX +#endif + +/* + * Next, RFC2553 name / address resolution API + */ + +#ifndef NI_NUMERICHOST +# define NI_NUMERICHOST (1) +#endif +#ifndef NI_NAMEREQD +# define NI_NAMEREQD (1<<1) +#endif +#ifndef NI_NUMERICSERV +# define NI_NUMERICSERV (1<<2) +#endif + +#ifndef AI_PASSIVE +# define AI_PASSIVE (1) +#endif +#ifndef AI_CANONNAME +# define AI_CANONNAME (1<<1) +#endif +#ifndef AI_NUMERICHOST +# define AI_NUMERICHOST (1<<2) +#endif +#ifndef AI_NUMERICSERV +# define AI_NUMERICSERV (1<<3) +#endif + +#ifndef NI_MAXSERV +# define NI_MAXSERV 32 +#endif /* !NI_MAXSERV */ +#ifndef NI_MAXHOST +# define NI_MAXHOST 1025 +#endif /* !NI_MAXHOST */ + +#ifndef EAI_NODATA +# define EAI_NODATA (INT_MAX - 1) +#endif +#ifndef EAI_MEMORY +# define EAI_MEMORY (INT_MAX - 2) +#endif +#ifndef EAI_NONAME +# define EAI_NONAME (INT_MAX - 3) +#endif +#ifndef EAI_SYSTEM +# define EAI_SYSTEM (INT_MAX - 4) +#endif +#ifndef EAI_FAMILY +# define EAI_FAMILY (INT_MAX - 5) +#endif + +#ifndef HAVE_STRUCT_ADDRINFO +struct addrinfo { + int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ + int ai_family; /* PF_xxx */ + int ai_socktype; /* SOCK_xxx */ + int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ + size_t ai_addrlen; /* length of ai_addr */ + char *ai_canonname; /* canonical name for hostname */ + struct sockaddr *ai_addr; /* binary address */ + struct addrinfo *ai_next; /* next structure in linked list */ +}; +#endif /* !HAVE_STRUCT_ADDRINFO */ + +#ifndef HAVE_GETADDRINFO +#ifdef getaddrinfo +# undef getaddrinfo +#endif +#define getaddrinfo(a,b,c,d) (ssh_getaddrinfo(a,b,c,d)) +int getaddrinfo(const char *, const char *, + const struct addrinfo *, struct addrinfo **); +#endif /* !HAVE_GETADDRINFO */ + +#if !defined(HAVE_GAI_STRERROR) && !defined(HAVE_CONST_GAI_STRERROR_PROTO) +#define gai_strerror(a) (_ssh_compat_gai_strerror(a)) +char *gai_strerror(int); +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +#define freeaddrinfo(a) (ssh_freeaddrinfo(a)) +void freeaddrinfo(struct addrinfo *); +#endif /* !HAVE_FREEADDRINFO */ + +#ifndef HAVE_GETNAMEINFO +#define getnameinfo(a,b,c,d,e,f,g) (ssh_getnameinfo(a,b,c,d,e,f,g)) +int getnameinfo(const struct sockaddr *, size_t, char *, size_t, + char *, size_t, int); +#endif /* !HAVE_GETNAMEINFO */ + +#endif /* !_FAKE_RFC2553_H */ + diff --git a/include/DomainExec/opensshlib/fatal.c b/include/DomainExec/opensshlib/fatal.c new file mode 100644 index 00000000..b6b038c4 --- /dev/null +++ b/include/DomainExec/opensshlib/fatal.c @@ -0,0 +1,45 @@ +/* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ +/* + * Copyright (c) 2002 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include +#include +#include + +#include "log.h" + +/* Fatal messages. This function never returns. */ + +void +fatal(const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + vfprintf(stderr, fmt, args); + va_end(args); + cleanup_exit(255); +} diff --git a/include/DomainExec/opensshlib/fe25519.c b/include/DomainExec/opensshlib/fe25519.c new file mode 100644 index 00000000..e54fd154 --- /dev/null +++ b/include/DomainExec/opensshlib/fe25519.c @@ -0,0 +1,337 @@ +/* $OpenBSD: fe25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c + */ + +#include "includes.h" + +#define WINDOWSIZE 1 /* Should be 1,2, or 4 */ +#define WINDOWMASK ((1<>= 31; /* 1: yes; 0: no */ + return x; +} + +static crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ +{ + unsigned int x = a; + x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */ + x >>= 31; /* 0: yes; 1: no */ + x ^= 1; /* 1: yes; 0: no */ + return x; +} + +static crypto_uint32 times19(crypto_uint32 a) +{ + return (a << 4) + (a << 1) + a; +} + +static crypto_uint32 times38(crypto_uint32 a) +{ + return (a << 5) + (a << 2) + (a << 1); +} + +static void reduce_add_sub(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<4;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t = times19(t); + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +static void reduce_mul(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<2;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t = times19(t); + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +/* reduction modulo 2^255-19 */ +void fe25519_freeze(fe25519 *r) +{ + int i; + crypto_uint32 m = equal(r->v[31],127); + for(i=30;i>0;i--) + m &= equal(r->v[i],255); + m &= ge(r->v[0],237); + + m = -m; + + r->v[31] -= m&127; + for(i=30;i>0;i--) + r->v[i] -= m&255; + r->v[0] -= m&237; +} + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x[i]; + r->v[31] &= 127; +} + +/* Assumes input x being reduced below 2^255 */ +void fe25519_pack(unsigned char r[32], const fe25519 *x) +{ + int i; + fe25519 y = *x; + fe25519_freeze(&y); + for(i=0;i<32;i++) + r[i] = y.v[i]; +} + +int fe25519_iszero(const fe25519 *x) +{ + int i; + int r; + fe25519 t = *x; + fe25519_freeze(&t); + r = equal(t.v[0],0); + for(i=1;i<32;i++) + r &= equal(t.v[i],0); + return r; +} + +int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y) +{ + int i; + fe25519 t1 = *x; + fe25519 t2 = *y; + fe25519_freeze(&t1); + fe25519_freeze(&t2); + for(i=0;i<32;i++) + if(t1.v[i] != t2.v[i]) return 0; + return 1; +} + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b) +{ + int i; + crypto_uint32 mask = b; + mask = -mask; + for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]); +} + +unsigned char fe25519_getparity(const fe25519 *x) +{ + fe25519 t = *x; + fe25519_freeze(&t); + return t.v[0] & 1; +} + +void fe25519_setone(fe25519 *r) +{ + int i; + r->v[0] = 1; + for(i=1;i<32;i++) r->v[i]=0; +} + +void fe25519_setzero(fe25519 *r) +{ + int i; + for(i=0;i<32;i++) r->v[i]=0; +} + +void fe25519_neg(fe25519 *r, const fe25519 *x) +{ + fe25519 t; + int i; + for(i=0;i<32;i++) t.v[i]=x->v[i]; + fe25519_setzero(r); + fe25519_sub(r, r, &t); +} + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + reduce_add_sub(r); +} + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + crypto_uint32 t[32]; + t[0] = x->v[0] + 0x1da; + t[31] = x->v[31] + 0xfe; + for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; + for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; + reduce_add_sub(r); +} + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i,j; + crypto_uint32 t[63]; + for(i=0;i<63;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + for(i=32;i<63;i++) + r->v[i-32] = t[i-32] + times38(t[i]); + r->v[31] = t[31]; /* result now in r[0]...r[31] */ + + reduce_mul(r); +} + +void fe25519_square(fe25519 *r, const fe25519 *x) +{ + fe25519_mul(r, x, x); +} + +void fe25519_invert(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t0; + fe25519 t1; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t1,&z2); + /* 8 */ fe25519_square(&t0,&t1); + /* 9 */ fe25519_mul(&z9,&t0,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t0,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0); + /* 2^7 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^8 - 2^3 */ fe25519_square(&t0,&t1); + /* 2^9 - 2^4 */ fe25519_square(&t1,&t0); + /* 2^10 - 2^5 */ fe25519_square(&t0,&t1); + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0); + /* 2^12 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0); + /* 2^22 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^42 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0); + /* 2^52 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0); + /* 2^102 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t0,&t1); + /* 2^202 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^252 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^253 - 2^3 */ fe25519_square(&t1,&t0); + /* 2^254 - 2^4 */ fe25519_square(&t0,&t1); + /* 2^255 - 2^5 */ fe25519_square(&t1,&t0); + /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11); +} + +void fe25519_pow2523(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t,&z2); + /* 8 */ fe25519_square(&t,&t); + /* 9 */ fe25519_mul(&z9,&t,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t,&z2_5_0); + /* 2^10 - 2^5 */ for (i = 1;i < 5;i++) { fe25519_square(&t,&t); } + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t,&z2_10_0); + /* 2^20 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t,&z2_20_0); + /* 2^40 - 2^20 */ for (i = 1;i < 20;i++) { fe25519_square(&t,&t); } + /* 2^40 - 2^0 */ fe25519_mul(&t,&t,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t,&t); + /* 2^50 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t,&z2_50_0); + /* 2^100 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t,&z2_100_0); + /* 2^200 - 2^100 */ for (i = 1;i < 100;i++) { fe25519_square(&t,&t); } + /* 2^200 - 2^0 */ fe25519_mul(&t,&t,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t,&t); + /* 2^250 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } + /* 2^250 - 2^0 */ fe25519_mul(&t,&t,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t,&t); + /* 2^252 - 2^2 */ fe25519_square(&t,&t); + /* 2^252 - 3 */ fe25519_mul(r,&t,x); +} diff --git a/include/DomainExec/opensshlib/fe25519.h b/include/DomainExec/opensshlib/fe25519.h new file mode 100644 index 00000000..41b3cbb4 --- /dev/null +++ b/include/DomainExec/opensshlib/fe25519.h @@ -0,0 +1,70 @@ +/* $OpenBSD: fe25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.h + */ + +#ifndef FE25519_H +#define FE25519_H + +#include "crypto_api.h" + +#define fe25519 crypto_sign_ed25519_ref_fe25519 +#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze +#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack +#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack +#define fe25519_iszero crypto_sign_ed25519_ref_fe25519_iszero +#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime +#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov +#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone +#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero +#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg +#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity +#define fe25519_add crypto_sign_ed25519_ref_fe25519_add +#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub +#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul +#define fe25519_square crypto_sign_ed25519_ref_fe25519_square +#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert +#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523 + +typedef struct +{ + crypto_uint32 v[32]; +} +fe25519; + +void fe25519_freeze(fe25519 *r); + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]); + +void fe25519_pack(unsigned char r[32], const fe25519 *x); + +int fe25519_iszero(const fe25519 *x); + +int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); + +void fe25519_setone(fe25519 *r); + +void fe25519_setzero(fe25519 *r); + +void fe25519_neg(fe25519 *r, const fe25519 *x); + +unsigned char fe25519_getparity(const fe25519 *x); + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_square(fe25519 *r, const fe25519 *x); + +void fe25519_invert(fe25519 *r, const fe25519 *x); + +void fe25519_pow2523(fe25519 *r, const fe25519 *x); + +#endif diff --git a/include/DomainExec/opensshlib/freezero.c b/include/DomainExec/opensshlib/freezero.c new file mode 100644 index 00000000..bad018ff --- /dev/null +++ b/include/DomainExec/opensshlib/freezero.c @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include + +#ifndef HAVE_FREEZERO + +void +freezero(void *ptr, size_t sz) +{ + if (ptr == NULL) + return; + explicit_bzero(ptr, sz); + free(ptr); +} + +#endif /* HAVE_FREEZERO */ + diff --git a/include/DomainExec/opensshlib/ge25519.c b/include/DomainExec/opensshlib/ge25519.c new file mode 100644 index 00000000..dfe3849b --- /dev/null +++ b/include/DomainExec/opensshlib/ge25519.c @@ -0,0 +1,321 @@ +/* $OpenBSD: ge25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c + */ + +#include "includes.h" + +#include "fe25519.h" +#include "sc25519.h" +#include "ge25519.h" + +/* + * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 + * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 + * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); + */ + +/* d */ +static const fe25519 ge25519_ecd = {{0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00, + 0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}}; +/* 2*d */ +static const fe25519 ge25519_ec2d = {{0x59, 0xF1, 0xB2, 0x26, 0x94, 0x9B, 0xD6, 0xEB, 0x56, 0xB1, 0x83, 0x82, 0x9A, 0x14, 0xE0, 0x00, + 0x30, 0xD1, 0xF3, 0xEE, 0xF2, 0x80, 0x8E, 0x19, 0xE7, 0xFC, 0xDF, 0x56, 0xDC, 0xD9, 0x06, 0x24}}; +/* sqrt(-1) */ +static const fe25519 ge25519_sqrtm1 = {{0xB0, 0xA0, 0x0E, 0x4A, 0x27, 0x1B, 0xEE, 0xC4, 0x78, 0xE4, 0x2F, 0xAD, 0x06, 0x18, 0x43, 0x2F, + 0xA7, 0xD7, 0xFB, 0x3D, 0x99, 0x00, 0x4D, 0x2B, 0x0B, 0xDF, 0xC1, 0x4F, 0x80, 0x24, 0x83, 0x2B}}; + +#define ge25519_p3 ge25519 + +typedef struct +{ + fe25519 x; + fe25519 z; + fe25519 y; + fe25519 t; +} ge25519_p1p1; + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; +} ge25519_p2; + +typedef struct +{ + fe25519 x; + fe25519 y; +} ge25519_aff; + + +/* Packed coordinates of the base point */ +const ge25519 ge25519_base = {{{0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69, + 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}}, + {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20, + 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}}}; + +/* Multiples of the base point in affine representation */ +static const ge25519_aff ge25519_base_multiples_affine[425] = { +#include "ge25519_base.data" +}; + +static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) +{ + fe25519_mul(&r->x, &p->x, &p->t); + fe25519_mul(&r->y, &p->y, &p->z); + fe25519_mul(&r->z, &p->z, &p->t); +} + +static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) +{ + p1p1_to_p2((ge25519_p2 *)r, p); + fe25519_mul(&r->t, &p->x, &p->y); +} + +static void ge25519_mixadd2(ge25519_p3 *r, const ge25519_aff *q) +{ + fe25519 a,b,t1,t2,c,d,e,f,g,h,qt; + fe25519_mul(&qt, &q->x, &q->y); + fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */ + fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */ + fe25519_sub(&t1, &q->y, &q->x); + fe25519_add(&t2, &q->y, &q->x); + fe25519_mul(&a, &a, &t1); + fe25519_mul(&b, &b, &t2); + fe25519_sub(&e, &b, &a); /* E = B-A */ + fe25519_add(&h, &b, &a); /* H = B+A */ + fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */ + fe25519_mul(&c, &c, &ge25519_ec2d); + fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */ + fe25519_sub(&f, &d, &c); /* F = D-C */ + fe25519_add(&g, &d, &c); /* G = D+C */ + fe25519_mul(&r->x, &e, &f); + fe25519_mul(&r->y, &h, &g); + fe25519_mul(&r->z, &g, &f); + fe25519_mul(&r->t, &e, &h); +} + +static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) +{ + fe25519 a, b, c, d, t; + + fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */ + fe25519_sub(&t, &q->y, &q->x); + fe25519_mul(&a, &a, &t); + fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */ + fe25519_add(&t, &q->x, &q->y); + fe25519_mul(&b, &b, &t); + fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */ + fe25519_mul(&c, &c, &ge25519_ec2d); + fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */ + fe25519_add(&d, &d, &d); + fe25519_sub(&r->x, &b, &a); /* E = B-A */ + fe25519_sub(&r->t, &d, &c); /* F = D-C */ + fe25519_add(&r->z, &d, &c); /* G = D+C */ + fe25519_add(&r->y, &b, &a); /* H = B+A */ +} + +/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */ +static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) +{ + fe25519 a,b,c,d; + fe25519_square(&a, &p->x); + fe25519_square(&b, &p->y); + fe25519_square(&c, &p->z); + fe25519_add(&c, &c, &c); + fe25519_neg(&d, &a); + + fe25519_add(&r->x, &p->x, &p->y); + fe25519_square(&r->x, &r->x); + fe25519_sub(&r->x, &r->x, &a); + fe25519_sub(&r->x, &r->x, &b); + fe25519_add(&r->z, &d, &b); + fe25519_sub(&r->t, &r->z, &c); + fe25519_sub(&r->y, &d, &b); +} + +/* Constant-time version of: if(b) r = p */ +static void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b) +{ + fe25519_cmov(&r->x, &p->x, b); + fe25519_cmov(&r->y, &p->y, b); +} + +static unsigned char equal(signed char b,signed char c) +{ + unsigned char ub = b; + unsigned char uc = c; + unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ + crypto_uint32 y = x; /* 0: yes; 1..255: no */ + y -= 1; /* 4294967295: yes; 0..254: no */ + y >>= 31; /* 1: yes; 0: no */ + return y; +} + +static unsigned char negative(signed char b) +{ + unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ + x >>= 63; /* 1: yes; 0: no */ + return x; +} + +static void choose_t(ge25519_aff *t, unsigned long long pos, signed char b) +{ + /* constant time */ + fe25519 v; + *t = ge25519_base_multiples_affine[5*pos+0]; + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4)); + fe25519_neg(&v, &t->x); + fe25519_cmov(&t->x, &v, negative(b)); +} + +static void setneutral(ge25519 *r) +{ + fe25519_setzero(&r->x); + fe25519_setone(&r->y); + fe25519_setone(&r->z); + fe25519_setzero(&r->t); +} + +/* ******************************************************************** + * EXPORTED FUNCTIONS + ******************************************************************** */ + +/* return 0 on success, -1 otherwise */ +int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32]) +{ + unsigned char par; + fe25519 t, chk, num, den, den2, den4, den6; + fe25519_setone(&r->z); + par = p[31] >> 7; + fe25519_unpack(&r->y, p); + fe25519_square(&num, &r->y); /* x = y^2 */ + fe25519_mul(&den, &num, &ge25519_ecd); /* den = dy^2 */ + fe25519_sub(&num, &num, &r->z); /* x = y^2-1 */ + fe25519_add(&den, &r->z, &den); /* den = dy^2+1 */ + + /* Computation of sqrt(num/den) */ + /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */ + fe25519_square(&den2, &den); + fe25519_square(&den4, &den2); + fe25519_mul(&den6, &den4, &den2); + fe25519_mul(&t, &den6, &num); + fe25519_mul(&t, &t, &den); + + fe25519_pow2523(&t, &t); + /* 2. computation of r->x = t * num * den^3 */ + fe25519_mul(&t, &t, &num); + fe25519_mul(&t, &t, &den); + fe25519_mul(&t, &t, &den); + fe25519_mul(&r->x, &t, &den); + + /* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */ + fe25519_square(&chk, &r->x); + fe25519_mul(&chk, &chk, &den); + if (!fe25519_iseq_vartime(&chk, &num)) + fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1); + + /* 4. Now we have one of the two square roots, except if input was not a square */ + fe25519_square(&chk, &r->x); + fe25519_mul(&chk, &chk, &den); + if (!fe25519_iseq_vartime(&chk, &num)) + return -1; + + /* 5. Choose the desired square root according to parity: */ + if(fe25519_getparity(&r->x) != (1-par)) + fe25519_neg(&r->x, &r->x); + + fe25519_mul(&r->t, &r->x, &r->y); + return 0; +} + +void ge25519_pack(unsigned char r[32], const ge25519_p3 *p) +{ + fe25519 tx, ty, zi; + fe25519_invert(&zi, &p->z); + fe25519_mul(&tx, &p->x, &zi); + fe25519_mul(&ty, &p->y, &zi); + fe25519_pack(r, &ty); + r[31] ^= fe25519_getparity(&tx) << 7; +} + +int ge25519_isneutral_vartime(const ge25519_p3 *p) +{ + int ret = 1; + if(!fe25519_iszero(&p->x)) ret = 0; + if(!fe25519_iseq_vartime(&p->y, &p->z)) ret = 0; + return ret; +} + +/* computes [s1]p1 + [s2]p2 */ +void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, const sc25519 *s1, const ge25519_p3 *p2, const sc25519 *s2) +{ + ge25519_p1p1 tp1p1; + ge25519_p3 pre[16]; + unsigned char b[127]; + int i; + + /* precomputation s2 s1 */ + setneutral(pre); /* 00 00 */ + pre[1] = *p1; /* 00 01 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */ + add_p1p1(&tp1p1,&pre[1], &pre[2]); p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */ + pre[4] = *p2; /* 01 00 */ + add_p1p1(&tp1p1,&pre[1], &pre[4]); p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */ + add_p1p1(&tp1p1,&pre[2], &pre[4]); p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */ + add_p1p1(&tp1p1,&pre[3], &pre[4]); p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */ + add_p1p1(&tp1p1,&pre[1], &pre[8]); p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */ + add_p1p1(&tp1p1,&pre[3], &pre[8]); p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */ + add_p1p1(&tp1p1,&pre[4], &pre[8]); p1p1_to_p3(&pre[12], &tp1p1); /* 11 00 */ + add_p1p1(&tp1p1,&pre[1],&pre[12]); p1p1_to_p3(&pre[13], &tp1p1); /* 11 01 */ + add_p1p1(&tp1p1,&pre[2],&pre[12]); p1p1_to_p3(&pre[14], &tp1p1); /* 11 10 */ + add_p1p1(&tp1p1,&pre[3],&pre[12]); p1p1_to_p3(&pre[15], &tp1p1); /* 11 11 */ + + sc25519_2interleave2(b,s1,s2); + + /* scalar multiplication */ + *r = pre[b[126]]; + for(i=125;i>=0;i--) + { + dbl_p1p1(&tp1p1, (ge25519_p2 *)r); + p1p1_to_p2((ge25519_p2 *) r, &tp1p1); + dbl_p1p1(&tp1p1, (ge25519_p2 *)r); + if(b[i]!=0) + { + p1p1_to_p3(r, &tp1p1); + add_p1p1(&tp1p1, r, &pre[b[i]]); + } + if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1); + else p1p1_to_p3(r, &tp1p1); + } +} + +void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s) +{ + signed char b[85]; + int i; + ge25519_aff t; + sc25519_window3(b,s); + + choose_t((ge25519_aff *)r, 0, b[0]); + fe25519_setone(&r->z); + fe25519_mul(&r->t, &r->x, &r->y); + for(i=1;i<85;i++) + { + choose_t(&t, (unsigned long long) i, b[i]); + ge25519_mixadd2(r, &t); + } +} diff --git a/include/DomainExec/opensshlib/ge25519.h b/include/DomainExec/opensshlib/ge25519.h new file mode 100644 index 00000000..a0976376 --- /dev/null +++ b/include/DomainExec/opensshlib/ge25519.h @@ -0,0 +1,43 @@ +/* $OpenBSD: ge25519.h,v 1.4 2015/02/16 18:26:26 miod Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.h + */ + +#ifndef GE25519_H +#define GE25519_H + +#include "fe25519.h" +#include "sc25519.h" + +#define ge25519 crypto_sign_ed25519_ref_ge25519 +#define ge25519_base crypto_sign_ed25519_ref_ge25519_base +#define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime +#define ge25519_pack crypto_sign_ed25519_ref_pack +#define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime +#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime +#define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; + fe25519 t; +} ge25519; + +extern const ge25519 ge25519_base; + +int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); + +void ge25519_pack(unsigned char r[32], const ge25519 *p); + +int ge25519_isneutral_vartime(const ge25519 *p); + +void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2); + +void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); + +#endif diff --git a/include/DomainExec/opensshlib/ge25519_base.data b/include/DomainExec/opensshlib/ge25519_base.data new file mode 100644 index 00000000..66fb1b61 --- /dev/null +++ b/include/DomainExec/opensshlib/ge25519_base.data @@ -0,0 +1,858 @@ +/* $OpenBSD: ge25519_base.data,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519_base.data + */ + +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21}} , + {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}}, +{{{0x0e, 0xce, 0x43, 0x28, 0x4e, 0xa1, 0xc5, 0x83, 0x5f, 0xa4, 0xd7, 0x15, 0x45, 0x8e, 0x0d, 0x08, 0xac, 0xe7, 0x33, 0x18, 0x7d, 0x3b, 0x04, 0x3d, 0x6c, 0x04, 0x5a, 0x9f, 0x4c, 0x38, 0xab, 0x36}} , + {{0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0x0e, 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22}}}, +{{{0x5c, 0xe2, 0xf8, 0xd3, 0x5f, 0x48, 0x62, 0xac, 0x86, 0x48, 0x62, 0x81, 0x19, 0x98, 0x43, 0x63, 0x3a, 0xc8, 0xda, 0x3e, 0x74, 0xae, 0xf4, 0x1f, 0x49, 0x8f, 0x92, 0x22, 0x4a, 0x9c, 0xae, 0x67}} , + {{0xd4, 0xb4, 0xf5, 0x78, 0x48, 0x68, 0xc3, 0x02, 0x04, 0x03, 0x24, 0x67, 0x17, 0xec, 0x16, 0x9f, 0xf7, 0x9e, 0x26, 0x60, 0x8e, 0xa1, 0x26, 0xa1, 0xab, 0x69, 0xee, 0x77, 0xd1, 0xb1, 0x67, 0x12}}}, +{{{0x70, 0xf8, 0xc9, 0xc4, 0x57, 0xa6, 0x3a, 0x49, 0x47, 0x15, 0xce, 0x93, 0xc1, 0x9e, 0x73, 0x1a, 0xf9, 0x20, 0x35, 0x7a, 0xb8, 0xd4, 0x25, 0x83, 0x46, 0xf1, 0xcf, 0x56, 0xdb, 0xa8, 0x3d, 0x20}} , + {{0x2f, 0x11, 0x32, 0xca, 0x61, 0xab, 0x38, 0xdf, 0xf0, 0x0f, 0x2f, 0xea, 0x32, 0x28, 0xf2, 0x4c, 0x6c, 0x71, 0xd5, 0x80, 0x85, 0xb8, 0x0e, 0x47, 0xe1, 0x95, 0x15, 0xcb, 0x27, 0xe8, 0xd0, 0x47}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc8, 0x84, 0xa5, 0x08, 0xbc, 0xfd, 0x87, 0x3b, 0x99, 0x8b, 0x69, 0x80, 0x7b, 0xc6, 0x3a, 0xeb, 0x93, 0xcf, 0x4e, 0xf8, 0x5c, 0x2d, 0x86, 0x42, 0xb6, 0x71, 0xd7, 0x97, 0x5f, 0xe1, 0x42, 0x67}} , + {{0xb4, 0xb9, 0x37, 0xfc, 0xa9, 0x5b, 0x2f, 0x1e, 0x93, 0xe4, 0x1e, 0x62, 0xfc, 0x3c, 0x78, 0x81, 0x8f, 0xf3, 0x8a, 0x66, 0x09, 0x6f, 0xad, 0x6e, 0x79, 0x73, 0xe5, 0xc9, 0x00, 0x06, 0xd3, 0x21}}}, +{{{0xf8, 0xf9, 0x28, 0x6c, 0x6d, 0x59, 0xb2, 0x59, 0x74, 0x23, 0xbf, 0xe7, 0x33, 0x8d, 0x57, 0x09, 0x91, 0x9c, 0x24, 0x08, 0x15, 0x2b, 0xe2, 0xb8, 0xee, 0x3a, 0xe5, 0x27, 0x06, 0x86, 0xa4, 0x23}} , + {{0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70}}}, +{{{0x81, 0x6b, 0x88, 0xe8, 0x1e, 0xc7, 0x77, 0x96, 0x0e, 0xa1, 0xa9, 0x52, 0xe0, 0xd8, 0x0e, 0x61, 0x9e, 0x79, 0x2d, 0x95, 0x9c, 0x8d, 0x96, 0xe0, 0x06, 0x40, 0x5d, 0x87, 0x28, 0x5f, 0x98, 0x70}} , + {{0xf1, 0x79, 0x7b, 0xed, 0x4f, 0x44, 0xb2, 0xe7, 0x08, 0x0d, 0xc2, 0x08, 0x12, 0xd2, 0x9f, 0xdf, 0xcd, 0x93, 0x20, 0x8a, 0xcf, 0x33, 0xca, 0x6d, 0x89, 0xb9, 0x77, 0xc8, 0x93, 0x1b, 0x4e, 0x60}}}, +{{{0x26, 0x4f, 0x7e, 0x97, 0xf6, 0x40, 0xdd, 0x4f, 0xfc, 0x52, 0x78, 0xf9, 0x90, 0x31, 0x03, 0xe6, 0x7d, 0x56, 0x39, 0x0b, 0x1d, 0x56, 0x82, 0x85, 0xf9, 0x1a, 0x42, 0x17, 0x69, 0x6c, 0xcf, 0x39}} , + {{0x69, 0xd2, 0x06, 0x3a, 0x4f, 0x39, 0x2d, 0xf9, 0x38, 0x40, 0x8c, 0x4c, 0xe7, 0x05, 0x12, 0xb4, 0x78, 0x8b, 0xf8, 0xc0, 0xec, 0x93, 0xde, 0x7a, 0x6b, 0xce, 0x2c, 0xe1, 0x0e, 0xa9, 0x34, 0x44}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0b, 0xa4, 0x3c, 0xb0, 0x0f, 0x7a, 0x51, 0xf1, 0x78, 0xd6, 0xd9, 0x6a, 0xfd, 0x46, 0xe8, 0xb8, 0xa8, 0x79, 0x1d, 0x87, 0xf9, 0x90, 0xf2, 0x9c, 0x13, 0x29, 0xf8, 0x0b, 0x20, 0x64, 0xfa, 0x05}} , + {{0x26, 0x09, 0xda, 0x17, 0xaf, 0x95, 0xd6, 0xfb, 0x6a, 0x19, 0x0d, 0x6e, 0x5e, 0x12, 0xf1, 0x99, 0x4c, 0xaa, 0xa8, 0x6f, 0x79, 0x86, 0xf4, 0x72, 0x28, 0x00, 0x26, 0xf9, 0xea, 0x9e, 0x19, 0x3d}}}, +{{{0x87, 0xdd, 0xcf, 0xf0, 0x5b, 0x49, 0xa2, 0x5d, 0x40, 0x7a, 0x23, 0x26, 0xa4, 0x7a, 0x83, 0x8a, 0xb7, 0x8b, 0xd2, 0x1a, 0xbf, 0xea, 0x02, 0x24, 0x08, 0x5f, 0x7b, 0xa9, 0xb1, 0xbe, 0x9d, 0x37}} , + {{0xfc, 0x86, 0x4b, 0x08, 0xee, 0xe7, 0xa0, 0xfd, 0x21, 0x45, 0x09, 0x34, 0xc1, 0x61, 0x32, 0x23, 0xfc, 0x9b, 0x55, 0x48, 0x53, 0x99, 0xf7, 0x63, 0xd0, 0x99, 0xce, 0x01, 0xe0, 0x9f, 0xeb, 0x28}}}, +{{{0x47, 0xfc, 0xab, 0x5a, 0x17, 0xf0, 0x85, 0x56, 0x3a, 0x30, 0x86, 0x20, 0x28, 0x4b, 0x8e, 0x44, 0x74, 0x3a, 0x6e, 0x02, 0xf1, 0x32, 0x8f, 0x9f, 0x3f, 0x08, 0x35, 0xe9, 0xca, 0x16, 0x5f, 0x6e}} , + {{0x1c, 0x59, 0x1c, 0x65, 0x5d, 0x34, 0xa4, 0x09, 0xcd, 0x13, 0x9c, 0x70, 0x7d, 0xb1, 0x2a, 0xc5, 0x88, 0xaf, 0x0b, 0x60, 0xc7, 0x9f, 0x34, 0x8d, 0xd6, 0xb7, 0x7f, 0xea, 0x78, 0x65, 0x8d, 0x77}}}, +{{{0x56, 0xa5, 0xc2, 0x0c, 0xdd, 0xbc, 0xb8, 0x20, 0x6d, 0x57, 0x61, 0xb5, 0xfb, 0x78, 0xb5, 0xd4, 0x49, 0x54, 0x90, 0x26, 0xc1, 0xcb, 0xe9, 0xe6, 0xbf, 0xec, 0x1d, 0x4e, 0xed, 0x07, 0x7e, 0x5e}} , + {{0xc7, 0xf6, 0x6c, 0x56, 0x31, 0x20, 0x14, 0x0e, 0xa8, 0xd9, 0x27, 0xc1, 0x9a, 0x3d, 0x1b, 0x7d, 0x0e, 0x26, 0xd3, 0x81, 0xaa, 0xeb, 0xf5, 0x6b, 0x79, 0x02, 0xf1, 0x51, 0x5c, 0x75, 0x55, 0x0f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0a, 0x34, 0xcd, 0x82, 0x3c, 0x33, 0x09, 0x54, 0xd2, 0x61, 0x39, 0x30, 0x9b, 0xfd, 0xef, 0x21, 0x26, 0xd4, 0x70, 0xfa, 0xee, 0xf9, 0x31, 0x33, 0x73, 0x84, 0xd0, 0xb3, 0x81, 0xbf, 0xec, 0x2e}} , + {{0xe8, 0x93, 0x8b, 0x00, 0x64, 0xf7, 0x9c, 0xb8, 0x74, 0xe0, 0xe6, 0x49, 0x48, 0x4d, 0x4d, 0x48, 0xb6, 0x19, 0xa1, 0x40, 0xb7, 0xd9, 0x32, 0x41, 0x7c, 0x82, 0x37, 0xa1, 0x2d, 0xdc, 0xd2, 0x54}}}, +{{{0x68, 0x2b, 0x4a, 0x5b, 0xd5, 0xc7, 0x51, 0x91, 0x1d, 0xe1, 0x2a, 0x4b, 0xc4, 0x47, 0xf1, 0xbc, 0x7a, 0xb3, 0xcb, 0xc8, 0xb6, 0x7c, 0xac, 0x90, 0x05, 0xfd, 0xf3, 0xf9, 0x52, 0x3a, 0x11, 0x6b}} , + {{0x3d, 0xc1, 0x27, 0xf3, 0x59, 0x43, 0x95, 0x90, 0xc5, 0x96, 0x79, 0xf5, 0xf4, 0x95, 0x65, 0x29, 0x06, 0x9c, 0x51, 0x05, 0x18, 0xda, 0xb8, 0x2e, 0x79, 0x7e, 0x69, 0x59, 0x71, 0x01, 0xeb, 0x1a}}}, +{{{0x15, 0x06, 0x49, 0xb6, 0x8a, 0x3c, 0xea, 0x2f, 0x34, 0x20, 0x14, 0xc3, 0xaa, 0xd6, 0xaf, 0x2c, 0x3e, 0xbd, 0x65, 0x20, 0xe2, 0x4d, 0x4b, 0x3b, 0xeb, 0x9f, 0x4a, 0xc3, 0xad, 0xa4, 0x3b, 0x60}} , + {{0xbc, 0x58, 0xe6, 0xc0, 0x95, 0x2a, 0x2a, 0x81, 0x9a, 0x7a, 0xf3, 0xd2, 0x06, 0xbe, 0x48, 0xbc, 0x0c, 0xc5, 0x46, 0xe0, 0x6a, 0xd4, 0xac, 0x0f, 0xd9, 0xcc, 0x82, 0x34, 0x2c, 0xaf, 0xdb, 0x1f}}}, +{{{0xf7, 0x17, 0x13, 0xbd, 0xfb, 0xbc, 0xd2, 0xec, 0x45, 0xb3, 0x15, 0x31, 0xe9, 0xaf, 0x82, 0x84, 0x3d, 0x28, 0xc6, 0xfc, 0x11, 0xf5, 0x41, 0xb5, 0x8b, 0xd3, 0x12, 0x76, 0x52, 0xe7, 0x1a, 0x3c}} , + {{0x4e, 0x36, 0x11, 0x07, 0xa2, 0x15, 0x20, 0x51, 0xc4, 0x2a, 0xc3, 0x62, 0x8b, 0x5e, 0x7f, 0xa6, 0x0f, 0xf9, 0x45, 0x85, 0x6c, 0x11, 0x86, 0xb7, 0x7e, 0xe5, 0xd7, 0xf9, 0xc3, 0x91, 0x1c, 0x05}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xea, 0xd6, 0xde, 0x29, 0x3a, 0x00, 0xb9, 0x02, 0x59, 0xcb, 0x26, 0xc4, 0xba, 0x99, 0xb1, 0x97, 0x2f, 0x8e, 0x00, 0x92, 0x26, 0x4f, 0x52, 0xeb, 0x47, 0x1b, 0x89, 0x8b, 0x24, 0xc0, 0x13, 0x7d}} , + {{0xd5, 0x20, 0x5b, 0x80, 0xa6, 0x80, 0x20, 0x95, 0xc3, 0xe9, 0x9f, 0x8e, 0x87, 0x9e, 0x1e, 0x9e, 0x7a, 0xc7, 0xcc, 0x75, 0x6c, 0xa5, 0xf1, 0x91, 0x1a, 0xa8, 0x01, 0x2c, 0xab, 0x76, 0xa9, 0x59}}}, +{{{0xde, 0xc9, 0xb1, 0x31, 0x10, 0x16, 0xaa, 0x35, 0x14, 0x6a, 0xd4, 0xb5, 0x34, 0x82, 0x71, 0xd2, 0x4a, 0x5d, 0x9a, 0x1f, 0x53, 0x26, 0x3c, 0xe5, 0x8e, 0x8d, 0x33, 0x7f, 0xff, 0xa9, 0xd5, 0x17}} , + {{0x89, 0xaf, 0xf6, 0xa4, 0x64, 0xd5, 0x10, 0xe0, 0x1d, 0xad, 0xef, 0x44, 0xbd, 0xda, 0x83, 0xac, 0x7a, 0xa8, 0xf0, 0x1c, 0x07, 0xf9, 0xc3, 0x43, 0x6c, 0x3f, 0xb7, 0xd3, 0x87, 0x22, 0x02, 0x73}}}, +{{{0x64, 0x1d, 0x49, 0x13, 0x2f, 0x71, 0xec, 0x69, 0x87, 0xd0, 0x42, 0xee, 0x13, 0xec, 0xe3, 0xed, 0x56, 0x7b, 0xbf, 0xbd, 0x8c, 0x2f, 0x7d, 0x7b, 0x9d, 0x28, 0xec, 0x8e, 0x76, 0x2f, 0x6f, 0x08}} , + {{0x22, 0xf5, 0x5f, 0x4d, 0x15, 0xef, 0xfc, 0x4e, 0x57, 0x03, 0x36, 0x89, 0xf0, 0xeb, 0x5b, 0x91, 0xd6, 0xe2, 0xca, 0x01, 0xa5, 0xee, 0x52, 0xec, 0xa0, 0x3c, 0x8f, 0x33, 0x90, 0x5a, 0x94, 0x72}}}, +{{{0x8a, 0x4b, 0xe7, 0x38, 0xbc, 0xda, 0xc2, 0xb0, 0x85, 0xe1, 0x4a, 0xfe, 0x2d, 0x44, 0x84, 0xcb, 0x20, 0x6b, 0x2d, 0xbf, 0x11, 0x9c, 0xd7, 0xbe, 0xd3, 0x3e, 0x5f, 0xbf, 0x68, 0xbc, 0xa8, 0x07}} , + {{0x01, 0x89, 0x28, 0x22, 0x6a, 0x78, 0xaa, 0x29, 0x03, 0xc8, 0x74, 0x95, 0x03, 0x3e, 0xdc, 0xbd, 0x07, 0x13, 0xa8, 0xa2, 0x20, 0x2d, 0xb3, 0x18, 0x70, 0x42, 0xfd, 0x7a, 0xc4, 0xd7, 0x49, 0x72}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x02, 0xff, 0x32, 0x2b, 0x5c, 0x93, 0x54, 0x32, 0xe8, 0x57, 0x54, 0x1a, 0x8b, 0x33, 0x60, 0x65, 0xd3, 0x67, 0xa4, 0xc1, 0x26, 0xc4, 0xa4, 0x34, 0x1f, 0x9b, 0xa7, 0xa9, 0xf4, 0xd9, 0x4f, 0x5b}} , + {{0x46, 0x8d, 0xb0, 0x33, 0x54, 0x26, 0x5b, 0x68, 0xdf, 0xbb, 0xc5, 0xec, 0xc2, 0xf9, 0x3c, 0x5a, 0x37, 0xc1, 0x8e, 0x27, 0x47, 0xaa, 0x49, 0x5a, 0xf8, 0xfb, 0x68, 0x04, 0x23, 0xd1, 0xeb, 0x40}}}, +{{{0x65, 0xa5, 0x11, 0x84, 0x8a, 0x67, 0x9d, 0x9e, 0xd1, 0x44, 0x68, 0x7a, 0x34, 0xe1, 0x9f, 0xa3, 0x54, 0xcd, 0x07, 0xca, 0x79, 0x1f, 0x54, 0x2f, 0x13, 0x70, 0x4e, 0xee, 0xa2, 0xfa, 0xe7, 0x5d}} , + {{0x36, 0xec, 0x54, 0xf8, 0xce, 0xe4, 0x85, 0xdf, 0xf6, 0x6f, 0x1d, 0x90, 0x08, 0xbc, 0xe8, 0xc0, 0x92, 0x2d, 0x43, 0x6b, 0x92, 0xa9, 0x8e, 0xab, 0x0a, 0x2e, 0x1c, 0x1e, 0x64, 0x23, 0x9f, 0x2c}}}, +{{{0xa7, 0xd6, 0x2e, 0xd5, 0xcc, 0xd4, 0xcb, 0x5a, 0x3b, 0xa7, 0xf9, 0x46, 0x03, 0x1d, 0xad, 0x2b, 0x34, 0x31, 0x90, 0x00, 0x46, 0x08, 0x82, 0x14, 0xc4, 0xe0, 0x9c, 0xf0, 0xe3, 0x55, 0x43, 0x31}} , + {{0x60, 0xd6, 0xdd, 0x78, 0xe6, 0xd4, 0x22, 0x42, 0x1f, 0x00, 0xf9, 0xb1, 0x6a, 0x63, 0xe2, 0x92, 0x59, 0xd1, 0x1a, 0xb7, 0x00, 0x54, 0x29, 0xc9, 0xc1, 0xf6, 0x6f, 0x7a, 0xc5, 0x3c, 0x5f, 0x65}}}, +{{{0x27, 0x4f, 0xd0, 0x72, 0xb1, 0x11, 0x14, 0x27, 0x15, 0x94, 0x48, 0x81, 0x7e, 0x74, 0xd8, 0x32, 0xd5, 0xd1, 0x11, 0x28, 0x60, 0x63, 0x36, 0x32, 0x37, 0xb5, 0x13, 0x1c, 0xa0, 0x37, 0xe3, 0x74}} , + {{0xf1, 0x25, 0x4e, 0x11, 0x96, 0x67, 0xe6, 0x1c, 0xc2, 0xb2, 0x53, 0xe2, 0xda, 0x85, 0xee, 0xb2, 0x9f, 0x59, 0xf3, 0xba, 0xbd, 0xfa, 0xcf, 0x6e, 0xf9, 0xda, 0xa4, 0xb3, 0x02, 0x8f, 0x64, 0x08}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x34, 0x94, 0xf2, 0x64, 0x54, 0x47, 0x37, 0x07, 0x40, 0x8a, 0x20, 0xba, 0x4a, 0x55, 0xd7, 0x3f, 0x47, 0xba, 0x25, 0x23, 0x14, 0xb0, 0x2c, 0xe8, 0x55, 0xa8, 0xa6, 0xef, 0x51, 0xbd, 0x6f, 0x6a}} , + {{0x71, 0xd6, 0x16, 0x76, 0xb2, 0x06, 0xea, 0x79, 0xf5, 0xc4, 0xc3, 0x52, 0x7e, 0x61, 0xd1, 0xe1, 0xad, 0x70, 0x78, 0x1d, 0x16, 0x11, 0xf8, 0x7c, 0x2b, 0xfc, 0x55, 0x9f, 0x52, 0xf8, 0xf5, 0x16}}}, +{{{0x34, 0x96, 0x9a, 0xf6, 0xc5, 0xe0, 0x14, 0x03, 0x24, 0x0e, 0x4c, 0xad, 0x9e, 0x9a, 0x70, 0x23, 0x96, 0xb2, 0xf1, 0x2e, 0x9d, 0xc3, 0x32, 0x9b, 0x54, 0xa5, 0x73, 0xde, 0x88, 0xb1, 0x3e, 0x24}} , + {{0xf6, 0xe2, 0x4c, 0x1f, 0x5b, 0xb2, 0xaf, 0x82, 0xa5, 0xcf, 0x81, 0x10, 0x04, 0xef, 0xdb, 0xa2, 0xcc, 0x24, 0xb2, 0x7e, 0x0b, 0x7a, 0xeb, 0x01, 0xd8, 0x52, 0xf4, 0x51, 0x89, 0x29, 0x79, 0x37}}}, +{{{0x74, 0xde, 0x12, 0xf3, 0x68, 0xb7, 0x66, 0xc3, 0xee, 0x68, 0xdc, 0x81, 0xb5, 0x55, 0x99, 0xab, 0xd9, 0x28, 0x63, 0x6d, 0x8b, 0x40, 0x69, 0x75, 0x6c, 0xcd, 0x5c, 0x2a, 0x7e, 0x32, 0x7b, 0x29}} , + {{0x02, 0xcc, 0x22, 0x74, 0x4d, 0x19, 0x07, 0xc0, 0xda, 0xb5, 0x76, 0x51, 0x2a, 0xaa, 0xa6, 0x0a, 0x5f, 0x26, 0xd4, 0xbc, 0xaf, 0x48, 0x88, 0x7f, 0x02, 0xbc, 0xf2, 0xe1, 0xcf, 0xe9, 0xdd, 0x15}}}, +{{{0xed, 0xb5, 0x9a, 0x8c, 0x9a, 0xdd, 0x27, 0xf4, 0x7f, 0x47, 0xd9, 0x52, 0xa7, 0xcd, 0x65, 0xa5, 0x31, 0x22, 0xed, 0xa6, 0x63, 0x5b, 0x80, 0x4a, 0xad, 0x4d, 0xed, 0xbf, 0xee, 0x49, 0xb3, 0x06}} , + {{0xf8, 0x64, 0x8b, 0x60, 0x90, 0xe9, 0xde, 0x44, 0x77, 0xb9, 0x07, 0x36, 0x32, 0xc2, 0x50, 0xf5, 0x65, 0xdf, 0x48, 0x4c, 0x37, 0xaa, 0x68, 0xab, 0x9a, 0x1f, 0x3e, 0xff, 0x89, 0x92, 0xa0, 0x07}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x7d, 0x4f, 0x9c, 0x19, 0xc0, 0x4a, 0x31, 0xec, 0xf9, 0xaa, 0xeb, 0xb2, 0x16, 0x9c, 0xa3, 0x66, 0x5f, 0xd1, 0xd4, 0xed, 0xb8, 0x92, 0x1c, 0xab, 0xda, 0xea, 0xd9, 0x57, 0xdf, 0x4c, 0x2a, 0x48}} , + {{0x4b, 0xb0, 0x4e, 0x6e, 0x11, 0x3b, 0x51, 0xbd, 0x6a, 0xfd, 0xe4, 0x25, 0xa5, 0x5f, 0x11, 0x3f, 0x98, 0x92, 0x51, 0x14, 0xc6, 0x5f, 0x3c, 0x0b, 0xa8, 0xf7, 0xc2, 0x81, 0x43, 0xde, 0x91, 0x73}}}, +{{{0x3c, 0x8f, 0x9f, 0x33, 0x2a, 0x1f, 0x43, 0x33, 0x8f, 0x68, 0xff, 0x1f, 0x3d, 0x73, 0x6b, 0xbf, 0x68, 0xcc, 0x7d, 0x13, 0x6c, 0x24, 0x4b, 0xcc, 0x4d, 0x24, 0x0d, 0xfe, 0xde, 0x86, 0xad, 0x3b}} , + {{0x79, 0x51, 0x81, 0x01, 0xdc, 0x73, 0x53, 0xe0, 0x6e, 0x9b, 0xea, 0x68, 0x3f, 0x5c, 0x14, 0x84, 0x53, 0x8d, 0x4b, 0xc0, 0x9f, 0x9f, 0x89, 0x2b, 0x8c, 0xba, 0x86, 0xfa, 0xf2, 0xcd, 0xe3, 0x2d}}}, +{{{0x06, 0xf9, 0x29, 0x5a, 0xdb, 0x3d, 0x84, 0x52, 0xab, 0xcc, 0x6b, 0x60, 0x9d, 0xb7, 0x4a, 0x0e, 0x36, 0x63, 0x91, 0xad, 0xa0, 0x95, 0xb0, 0x97, 0x89, 0x4e, 0xcf, 0x7d, 0x3c, 0xe5, 0x7c, 0x28}} , + {{0x2e, 0x69, 0x98, 0xfd, 0xc6, 0xbd, 0xcc, 0xca, 0xdf, 0x9a, 0x44, 0x7e, 0x9d, 0xca, 0x89, 0x6d, 0xbf, 0x27, 0xc2, 0xf8, 0xcd, 0x46, 0x00, 0x2b, 0xb5, 0x58, 0x4e, 0xb7, 0x89, 0x09, 0xe9, 0x2d}}}, +{{{0x54, 0xbe, 0x75, 0xcb, 0x05, 0xb0, 0x54, 0xb7, 0xe7, 0x26, 0x86, 0x4a, 0xfc, 0x19, 0xcf, 0x27, 0x46, 0xd4, 0x22, 0x96, 0x5a, 0x11, 0xe8, 0xd5, 0x1b, 0xed, 0x71, 0xc5, 0x5d, 0xc8, 0xaf, 0x45}} , + {{0x40, 0x7b, 0x77, 0x57, 0x49, 0x9e, 0x80, 0x39, 0x23, 0xee, 0x81, 0x0b, 0x22, 0xcf, 0xdb, 0x7a, 0x2f, 0x14, 0xb8, 0x57, 0x8f, 0xa1, 0x39, 0x1e, 0x77, 0xfc, 0x0b, 0xa6, 0xbf, 0x8a, 0x0c, 0x6c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x77, 0x3a, 0xd4, 0xd8, 0x27, 0xcf, 0xe8, 0xa1, 0x72, 0x9d, 0xca, 0xdd, 0x0d, 0x96, 0xda, 0x79, 0xed, 0x56, 0x42, 0x15, 0x60, 0xc7, 0x1c, 0x6b, 0x26, 0x30, 0xf6, 0x6a, 0x95, 0x67, 0xf3, 0x0a}} , + {{0xc5, 0x08, 0xa4, 0x2b, 0x2f, 0xbd, 0x31, 0x81, 0x2a, 0xa6, 0xb6, 0xe4, 0x00, 0x91, 0xda, 0x3d, 0xb2, 0xb0, 0x96, 0xce, 0x8a, 0xd2, 0x8d, 0x70, 0xb3, 0xd3, 0x34, 0x01, 0x90, 0x8d, 0x10, 0x21}}}, +{{{0x33, 0x0d, 0xe7, 0xba, 0x4f, 0x07, 0xdf, 0x8d, 0xea, 0x7d, 0xa0, 0xc5, 0xd6, 0xb1, 0xb0, 0xe5, 0x57, 0x1b, 0x5b, 0xf5, 0x45, 0x13, 0x14, 0x64, 0x5a, 0xeb, 0x5c, 0xfc, 0x54, 0x01, 0x76, 0x2b}} , + {{0x02, 0x0c, 0xc2, 0xaf, 0x96, 0x36, 0xfe, 0x4a, 0xe2, 0x54, 0x20, 0x6a, 0xeb, 0xb2, 0x9f, 0x62, 0xd7, 0xce, 0xa2, 0x3f, 0x20, 0x11, 0x34, 0x37, 0xe0, 0x42, 0xed, 0x6f, 0xf9, 0x1a, 0xc8, 0x7d}}}, +{{{0xd8, 0xb9, 0x11, 0xe8, 0x36, 0x3f, 0x42, 0xc1, 0xca, 0xdc, 0xd3, 0xf1, 0xc8, 0x23, 0x3d, 0x4f, 0x51, 0x7b, 0x9d, 0x8d, 0xd8, 0xe4, 0xa0, 0xaa, 0xf3, 0x04, 0xd6, 0x11, 0x93, 0xc8, 0x35, 0x45}} , + {{0x61, 0x36, 0xd6, 0x08, 0x90, 0xbf, 0xa7, 0x7a, 0x97, 0x6c, 0x0f, 0x84, 0xd5, 0x33, 0x2d, 0x37, 0xc9, 0x6a, 0x80, 0x90, 0x3d, 0x0a, 0xa2, 0xaa, 0xe1, 0xb8, 0x84, 0xba, 0x61, 0x36, 0xdd, 0x69}}}, +{{{0x6b, 0xdb, 0x5b, 0x9c, 0xc6, 0x92, 0xbc, 0x23, 0xaf, 0xc5, 0xb8, 0x75, 0xf8, 0x42, 0xfa, 0xd6, 0xb6, 0x84, 0x94, 0x63, 0x98, 0x93, 0x48, 0x78, 0x38, 0xcd, 0xbb, 0x18, 0x34, 0xc3, 0xdb, 0x67}} , + {{0x96, 0xf3, 0x3a, 0x09, 0x56, 0xb0, 0x6f, 0x7c, 0x51, 0x1e, 0x1b, 0x39, 0x48, 0xea, 0xc9, 0x0c, 0x25, 0xa2, 0x7a, 0xca, 0xe7, 0x92, 0xfc, 0x59, 0x30, 0xa3, 0x89, 0x85, 0xdf, 0x6f, 0x43, 0x38}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x79, 0x84, 0x44, 0x19, 0xbd, 0xe9, 0x54, 0xc4, 0xc0, 0x6e, 0x2a, 0xa8, 0xa8, 0x9b, 0x43, 0xd5, 0x71, 0x22, 0x5f, 0xdc, 0x01, 0xfa, 0xdf, 0xb3, 0xb8, 0x47, 0x4b, 0x0a, 0xa5, 0x44, 0xea, 0x29}} , + {{0x05, 0x90, 0x50, 0xaf, 0x63, 0x5f, 0x9d, 0x9e, 0xe1, 0x9d, 0x38, 0x97, 0x1f, 0x6c, 0xac, 0x30, 0x46, 0xb2, 0x6a, 0x19, 0xd1, 0x4b, 0xdb, 0xbb, 0x8c, 0xda, 0x2e, 0xab, 0xc8, 0x5a, 0x77, 0x6c}}}, +{{{0x2b, 0xbe, 0xaf, 0xa1, 0x6d, 0x2f, 0x0b, 0xb1, 0x8f, 0xe3, 0xe0, 0x38, 0xcd, 0x0b, 0x41, 0x1b, 0x4a, 0x15, 0x07, 0xf3, 0x6f, 0xdc, 0xb8, 0xe9, 0xde, 0xb2, 0xa3, 0x40, 0x01, 0xa6, 0x45, 0x1e}} , + {{0x76, 0x0a, 0xda, 0x8d, 0x2c, 0x07, 0x3f, 0x89, 0x7d, 0x04, 0xad, 0x43, 0x50, 0x6e, 0xd2, 0x47, 0xcb, 0x8a, 0xe6, 0x85, 0x1a, 0x24, 0xf3, 0xd2, 0x60, 0xfd, 0xdf, 0x73, 0xa4, 0x0d, 0x73, 0x0e}}}, +{{{0xfd, 0x67, 0x6b, 0x71, 0x9b, 0x81, 0x53, 0x39, 0x39, 0xf4, 0xb8, 0xd5, 0xc3, 0x30, 0x9b, 0x3b, 0x7c, 0xa3, 0xf0, 0xd0, 0x84, 0x21, 0xd6, 0xbf, 0xb7, 0x4c, 0x87, 0x13, 0x45, 0x2d, 0xa7, 0x55}} , + {{0x5d, 0x04, 0xb3, 0x40, 0x28, 0x95, 0x2d, 0x30, 0x83, 0xec, 0x5e, 0xe4, 0xff, 0x75, 0xfe, 0x79, 0x26, 0x9d, 0x1d, 0x36, 0xcd, 0x0a, 0x15, 0xd2, 0x24, 0x14, 0x77, 0x71, 0xd7, 0x8a, 0x1b, 0x04}}}, +{{{0x5d, 0x93, 0xc9, 0xbe, 0xaa, 0x90, 0xcd, 0x9b, 0xfb, 0x73, 0x7e, 0xb0, 0x64, 0x98, 0x57, 0x44, 0x42, 0x41, 0xb1, 0xaf, 0xea, 0xc1, 0xc3, 0x22, 0xff, 0x60, 0x46, 0xcb, 0x61, 0x81, 0x70, 0x61}} , + {{0x0d, 0x82, 0xb9, 0xfe, 0x21, 0xcd, 0xc4, 0xf5, 0x98, 0x0c, 0x4e, 0x72, 0xee, 0x87, 0x49, 0xf8, 0xa1, 0x95, 0xdf, 0x8f, 0x2d, 0xbd, 0x21, 0x06, 0x7c, 0x15, 0xe8, 0x12, 0x6d, 0x93, 0xd6, 0x38}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x91, 0xf7, 0x51, 0xd9, 0xef, 0x7d, 0x42, 0x01, 0x13, 0xe9, 0xb8, 0x7f, 0xa6, 0x49, 0x17, 0x64, 0x21, 0x80, 0x83, 0x2c, 0x63, 0x4c, 0x60, 0x09, 0x59, 0x91, 0x92, 0x77, 0x39, 0x51, 0xf4, 0x48}} , + {{0x60, 0xd5, 0x22, 0x83, 0x08, 0x2f, 0xff, 0x99, 0x3e, 0x69, 0x6d, 0x88, 0xda, 0xe7, 0x5b, 0x52, 0x26, 0x31, 0x2a, 0xe5, 0x89, 0xde, 0x68, 0x90, 0xb6, 0x22, 0x5a, 0xbd, 0xd3, 0x85, 0x53, 0x31}}}, +{{{0xd8, 0xce, 0xdc, 0xf9, 0x3c, 0x4b, 0xa2, 0x1d, 0x2c, 0x2f, 0x36, 0xbe, 0x7a, 0xfc, 0xcd, 0xbc, 0xdc, 0xf9, 0x30, 0xbd, 0xff, 0x05, 0xc7, 0xe4, 0x8e, 0x17, 0x62, 0xf8, 0x4d, 0xa0, 0x56, 0x79}} , + {{0x82, 0xe7, 0xf6, 0xba, 0x53, 0x84, 0x0a, 0xa3, 0x34, 0xff, 0x3c, 0xa3, 0x6a, 0xa1, 0x37, 0xea, 0xdd, 0xb6, 0x95, 0xb3, 0x78, 0x19, 0x76, 0x1e, 0x55, 0x2f, 0x77, 0x2e, 0x7f, 0xc1, 0xea, 0x5e}}}, +{{{0x83, 0xe1, 0x6e, 0xa9, 0x07, 0x33, 0x3e, 0x83, 0xff, 0xcb, 0x1c, 0x9f, 0xb1, 0xa3, 0xb4, 0xc9, 0xe1, 0x07, 0x97, 0xff, 0xf8, 0x23, 0x8f, 0xce, 0x40, 0xfd, 0x2e, 0x5e, 0xdb, 0x16, 0x43, 0x2d}} , + {{0xba, 0x38, 0x02, 0xf7, 0x81, 0x43, 0x83, 0xa3, 0x20, 0x4f, 0x01, 0x3b, 0x8a, 0x04, 0x38, 0x31, 0xc6, 0x0f, 0xc8, 0xdf, 0xd7, 0xfa, 0x2f, 0x88, 0x3f, 0xfc, 0x0c, 0x76, 0xc4, 0xa6, 0x45, 0x72}}}, +{{{0xbb, 0x0c, 0xbc, 0x6a, 0xa4, 0x97, 0x17, 0x93, 0x2d, 0x6f, 0xde, 0x72, 0x10, 0x1c, 0x08, 0x2c, 0x0f, 0x80, 0x32, 0x68, 0x27, 0xd4, 0xab, 0xdd, 0xc5, 0x58, 0x61, 0x13, 0x6d, 0x11, 0x1e, 0x4d}} , + {{0x1a, 0xb9, 0xc9, 0x10, 0xfb, 0x1e, 0x4e, 0xf4, 0x84, 0x4b, 0x8a, 0x5e, 0x7b, 0x4b, 0xe8, 0x43, 0x8c, 0x8f, 0x00, 0xb5, 0x54, 0x13, 0xc5, 0x5c, 0xb6, 0x35, 0x4e, 0x9d, 0xe4, 0x5b, 0x41, 0x6d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x15, 0x7d, 0x12, 0x48, 0x82, 0x14, 0x42, 0xcd, 0x32, 0xd4, 0x4b, 0xc1, 0x72, 0x61, 0x2a, 0x8c, 0xec, 0xe2, 0xf8, 0x24, 0x45, 0x94, 0xe3, 0xbe, 0xdd, 0x67, 0xa8, 0x77, 0x5a, 0xae, 0x5b, 0x4b}} , + {{0xcb, 0x77, 0x9a, 0x20, 0xde, 0xb8, 0x23, 0xd9, 0xa0, 0x0f, 0x8c, 0x7b, 0xa5, 0xcb, 0xae, 0xb6, 0xec, 0x42, 0x67, 0x0e, 0x58, 0xa4, 0x75, 0x98, 0x21, 0x71, 0x84, 0xb3, 0xe0, 0x76, 0x94, 0x73}}}, +{{{0xdf, 0xfc, 0x69, 0x28, 0x23, 0x3f, 0x5b, 0xf8, 0x3b, 0x24, 0x37, 0xf3, 0x1d, 0xd5, 0x22, 0x6b, 0xd0, 0x98, 0xa8, 0x6c, 0xcf, 0xff, 0x06, 0xe1, 0x13, 0xdf, 0xb9, 0xc1, 0x0c, 0xa9, 0xbf, 0x33}} , + {{0xd9, 0x81, 0xda, 0xb2, 0x4f, 0x82, 0x9d, 0x43, 0x81, 0x09, 0xf1, 0xd2, 0x01, 0xef, 0xac, 0xf4, 0x2d, 0x7d, 0x01, 0x09, 0xf1, 0xff, 0xa5, 0x9f, 0xe5, 0xca, 0x27, 0x63, 0xdb, 0x20, 0xb1, 0x53}}}, +{{{0x67, 0x02, 0xe8, 0xad, 0xa9, 0x34, 0xd4, 0xf0, 0x15, 0x81, 0xaa, 0xc7, 0x4d, 0x87, 0x94, 0xea, 0x75, 0xe7, 0x4c, 0x94, 0x04, 0x0e, 0x69, 0x87, 0xe7, 0x51, 0x91, 0x10, 0x03, 0xc7, 0xbe, 0x56}} , + {{0x32, 0xfb, 0x86, 0xec, 0x33, 0x6b, 0x2e, 0x51, 0x2b, 0xc8, 0xfa, 0x6c, 0x70, 0x47, 0x7e, 0xce, 0x05, 0x0c, 0x71, 0xf3, 0xb4, 0x56, 0xa6, 0xdc, 0xcc, 0x78, 0x07, 0x75, 0xd0, 0xdd, 0xb2, 0x6a}}}, +{{{0xc6, 0xef, 0xb9, 0xc0, 0x2b, 0x22, 0x08, 0x1e, 0x71, 0x70, 0xb3, 0x35, 0x9c, 0x7a, 0x01, 0x92, 0x44, 0x9a, 0xf6, 0xb0, 0x58, 0x95, 0xc1, 0x9b, 0x02, 0xed, 0x2d, 0x7c, 0x34, 0x29, 0x49, 0x44}} , + {{0x45, 0x62, 0x1d, 0x2e, 0xff, 0x2a, 0x1c, 0x21, 0xa4, 0x25, 0x7b, 0x0d, 0x8c, 0x15, 0x39, 0xfc, 0x8f, 0x7c, 0xa5, 0x7d, 0x1e, 0x25, 0xa3, 0x45, 0xd6, 0xab, 0xbd, 0xcb, 0xc5, 0x5e, 0x78, 0x77}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0xd3, 0x42, 0xed, 0x1d, 0x00, 0x3c, 0x15, 0x2c, 0x9c, 0x77, 0x81, 0xd2, 0x73, 0xd1, 0x06, 0xd5, 0xc4, 0x7f, 0x94, 0xbb, 0x92, 0x2d, 0x2c, 0x4b, 0x45, 0x4b, 0xe9, 0x2a, 0x89, 0x6b, 0x2b}} , + {{0xd2, 0x0c, 0x88, 0xc5, 0x48, 0x4d, 0xea, 0x0d, 0x4a, 0xc9, 0x52, 0x6a, 0x61, 0x79, 0xe9, 0x76, 0xf3, 0x85, 0x52, 0x5c, 0x1b, 0x2c, 0xe1, 0xd6, 0xc4, 0x0f, 0x18, 0x0e, 0x4e, 0xf6, 0x1c, 0x7f}}}, +{{{0xb4, 0x04, 0x2e, 0x42, 0xcb, 0x1f, 0x2b, 0x11, 0x51, 0x7b, 0x08, 0xac, 0xaa, 0x3e, 0x9e, 0x52, 0x60, 0xb7, 0xc2, 0x61, 0x57, 0x8c, 0x84, 0xd5, 0x18, 0xa6, 0x19, 0xfc, 0xb7, 0x75, 0x91, 0x1b}} , + {{0xe8, 0x68, 0xca, 0x44, 0xc8, 0x38, 0x38, 0xcc, 0x53, 0x0a, 0x32, 0x35, 0xcc, 0x52, 0xcb, 0x0e, 0xf7, 0xc5, 0xe7, 0xec, 0x3d, 0x85, 0xcc, 0x58, 0xe2, 0x17, 0x47, 0xff, 0x9f, 0xa5, 0x30, 0x17}}}, +{{{0xe3, 0xae, 0xc8, 0xc1, 0x71, 0x75, 0x31, 0x00, 0x37, 0x41, 0x5c, 0x0e, 0x39, 0xda, 0x73, 0xa0, 0xc7, 0x97, 0x36, 0x6c, 0x5b, 0xf2, 0xee, 0x64, 0x0a, 0x3d, 0x89, 0x1e, 0x1d, 0x49, 0x8c, 0x37}} , + {{0x4c, 0xe6, 0xb0, 0xc1, 0xa5, 0x2a, 0x82, 0x09, 0x08, 0xad, 0x79, 0x9c, 0x56, 0xf6, 0xf9, 0xc1, 0xd7, 0x7c, 0x39, 0x7f, 0x93, 0xca, 0x11, 0x55, 0xbf, 0x07, 0x1b, 0x82, 0x29, 0x69, 0x95, 0x5c}}}, +{{{0x87, 0xee, 0xa6, 0x56, 0x9e, 0xc2, 0x9a, 0x56, 0x24, 0x42, 0x85, 0x4d, 0x98, 0x31, 0x1e, 0x60, 0x4d, 0x87, 0x85, 0x04, 0xae, 0x46, 0x12, 0xf9, 0x8e, 0x7f, 0xe4, 0x7f, 0xf6, 0x1c, 0x37, 0x01}} , + {{0x73, 0x4c, 0xb6, 0xc5, 0xc4, 0xe9, 0x6c, 0x85, 0x48, 0x4a, 0x5a, 0xac, 0xd9, 0x1f, 0x43, 0xf8, 0x62, 0x5b, 0xee, 0x98, 0x2a, 0x33, 0x8e, 0x79, 0xce, 0x61, 0x06, 0x35, 0xd8, 0xd7, 0xca, 0x71}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x72, 0xd3, 0xae, 0xa6, 0xca, 0x8f, 0xcd, 0xcc, 0x78, 0x8e, 0x19, 0x4d, 0xa7, 0xd2, 0x27, 0xe9, 0xa4, 0x3c, 0x16, 0x5b, 0x84, 0x80, 0xf9, 0xd0, 0xcc, 0x6a, 0x1e, 0xca, 0x1e, 0x67, 0xbd, 0x63}} , + {{0x7b, 0x6e, 0x2a, 0xd2, 0x87, 0x48, 0xff, 0xa1, 0xca, 0xe9, 0x15, 0x85, 0xdc, 0xdb, 0x2c, 0x39, 0x12, 0x91, 0xa9, 0x20, 0xaa, 0x4f, 0x29, 0xf4, 0x15, 0x7a, 0xd2, 0xf5, 0x32, 0xcc, 0x60, 0x04}}}, +{{{0xe5, 0x10, 0x47, 0x3b, 0xfa, 0x90, 0xfc, 0x30, 0xb5, 0xea, 0x6f, 0x56, 0x8f, 0xfb, 0x0e, 0xa7, 0x3b, 0xc8, 0xb2, 0xff, 0x02, 0x7a, 0x33, 0x94, 0x93, 0x2a, 0x03, 0xe0, 0x96, 0x3a, 0x6c, 0x0f}} , + {{0x5a, 0x63, 0x67, 0xe1, 0x9b, 0x47, 0x78, 0x9f, 0x38, 0x79, 0xac, 0x97, 0x66, 0x1d, 0x5e, 0x51, 0xee, 0x24, 0x42, 0xe8, 0x58, 0x4b, 0x8a, 0x03, 0x75, 0x86, 0x37, 0x86, 0xe2, 0x97, 0x4e, 0x3d}}}, +{{{0x3f, 0x75, 0x8e, 0xb4, 0xff, 0xd8, 0xdd, 0xd6, 0x37, 0x57, 0x9d, 0x6d, 0x3b, 0xbd, 0xd5, 0x60, 0x88, 0x65, 0x9a, 0xb9, 0x4a, 0x68, 0x84, 0xa2, 0x67, 0xdd, 0x17, 0x25, 0x97, 0x04, 0x8b, 0x5e}} , + {{0xbb, 0x40, 0x5e, 0xbc, 0x16, 0x92, 0x05, 0xc4, 0xc0, 0x4e, 0x72, 0x90, 0x0e, 0xab, 0xcf, 0x8a, 0xed, 0xef, 0xb9, 0x2d, 0x3b, 0xf8, 0x43, 0x5b, 0xba, 0x2d, 0xeb, 0x2f, 0x52, 0xd2, 0xd1, 0x5a}}}, +{{{0x40, 0xb4, 0xab, 0xe6, 0xad, 0x9f, 0x46, 0x69, 0x4a, 0xb3, 0x8e, 0xaa, 0xea, 0x9c, 0x8a, 0x20, 0x16, 0x5d, 0x8c, 0x13, 0xbd, 0xf6, 0x1d, 0xc5, 0x24, 0xbd, 0x90, 0x2a, 0x1c, 0xc7, 0x13, 0x3b}} , + {{0x54, 0xdc, 0x16, 0x0d, 0x18, 0xbe, 0x35, 0x64, 0x61, 0x52, 0x02, 0x80, 0xaf, 0x05, 0xf7, 0xa6, 0x42, 0xd3, 0x8f, 0x2e, 0x79, 0x26, 0xa8, 0xbb, 0xb2, 0x17, 0x48, 0xb2, 0x7a, 0x0a, 0x89, 0x14}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x20, 0xa8, 0x88, 0xe3, 0x91, 0xc0, 0x6e, 0xbb, 0x8a, 0x27, 0x82, 0x51, 0x83, 0xb2, 0x28, 0xa9, 0x83, 0xeb, 0xa6, 0xa9, 0x4d, 0x17, 0x59, 0x22, 0x54, 0x00, 0x50, 0x45, 0xcb, 0x48, 0x4b, 0x18}} , + {{0x33, 0x7c, 0xe7, 0x26, 0xba, 0x4d, 0x32, 0xfe, 0x53, 0xf4, 0xfa, 0x83, 0xe3, 0xa5, 0x79, 0x66, 0x73, 0xef, 0x80, 0x23, 0x68, 0xc2, 0x60, 0xdd, 0xa9, 0x33, 0xdc, 0x03, 0x7a, 0xe0, 0xe0, 0x3e}}}, +{{{0x34, 0x5c, 0x13, 0xfb, 0xc0, 0xe3, 0x78, 0x2b, 0x54, 0x58, 0x22, 0x9b, 0x76, 0x81, 0x7f, 0x93, 0x9c, 0x25, 0x3c, 0xd2, 0xe9, 0x96, 0x21, 0x26, 0x08, 0xf5, 0xed, 0x95, 0x11, 0xae, 0x04, 0x5a}} , + {{0xb9, 0xe8, 0xc5, 0x12, 0x97, 0x1f, 0x83, 0xfe, 0x3e, 0x94, 0x99, 0xd4, 0x2d, 0xf9, 0x52, 0x59, 0x5c, 0x82, 0xa6, 0xf0, 0x75, 0x7e, 0xe8, 0xec, 0xcc, 0xac, 0x18, 0x21, 0x09, 0x67, 0x66, 0x67}}}, +{{{0xb3, 0x40, 0x29, 0xd1, 0xcb, 0x1b, 0x08, 0x9e, 0x9c, 0xb7, 0x53, 0xb9, 0x3b, 0x71, 0x08, 0x95, 0x12, 0x1a, 0x58, 0xaf, 0x7e, 0x82, 0x52, 0x43, 0x4f, 0x11, 0x39, 0xf4, 0x93, 0x1a, 0x26, 0x05}} , + {{0x6e, 0x44, 0xa3, 0xf9, 0x64, 0xaf, 0xe7, 0x6d, 0x7d, 0xdf, 0x1e, 0xac, 0x04, 0xea, 0x3b, 0x5f, 0x9b, 0xe8, 0x24, 0x9d, 0x0e, 0xe5, 0x2e, 0x3e, 0xdf, 0xa9, 0xf7, 0xd4, 0x50, 0x71, 0xf0, 0x78}}}, +{{{0x3e, 0xa8, 0x38, 0xc2, 0x57, 0x56, 0x42, 0x9a, 0xb1, 0xe2, 0xf8, 0x45, 0xaa, 0x11, 0x48, 0x5f, 0x17, 0xc4, 0x54, 0x27, 0xdc, 0x5d, 0xaa, 0xdd, 0x41, 0xbc, 0xdf, 0x81, 0xb9, 0x53, 0xee, 0x52}} , + {{0xc3, 0xf1, 0xa7, 0x6d, 0xb3, 0x5f, 0x92, 0x6f, 0xcc, 0x91, 0xb8, 0x95, 0x05, 0xdf, 0x3c, 0x64, 0x57, 0x39, 0x61, 0x51, 0xad, 0x8c, 0x38, 0x7b, 0xc8, 0xde, 0x00, 0x34, 0xbe, 0xa1, 0xb0, 0x7e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0x24, 0x1d, 0x8a, 0x67, 0x20, 0xee, 0x42, 0xeb, 0x38, 0xed, 0x0b, 0x8b, 0xcd, 0x46, 0x9d, 0x5e, 0x6b, 0x1e, 0x24, 0x9d, 0x12, 0x05, 0x1a, 0xcc, 0x05, 0x4e, 0x92, 0x38, 0xe1, 0x1f, 0x50}} , + {{0x4e, 0xee, 0x1c, 0x91, 0xe6, 0x11, 0xbd, 0x8e, 0x55, 0x1a, 0x18, 0x75, 0x66, 0xaf, 0x4d, 0x7b, 0x0f, 0xae, 0x6d, 0x85, 0xca, 0x82, 0x58, 0x21, 0x9c, 0x18, 0xe0, 0xed, 0xec, 0x22, 0x80, 0x2f}}}, +{{{0x68, 0x3b, 0x0a, 0x39, 0x1d, 0x6a, 0x15, 0x57, 0xfc, 0xf0, 0x63, 0x54, 0xdb, 0x39, 0xdb, 0xe8, 0x5c, 0x64, 0xff, 0xa0, 0x09, 0x4f, 0x3b, 0xb7, 0x32, 0x60, 0x99, 0x94, 0xfd, 0x94, 0x82, 0x2d}} , + {{0x24, 0xf6, 0x5a, 0x44, 0xf1, 0x55, 0x2c, 0xdb, 0xea, 0x7c, 0x84, 0x7c, 0x01, 0xac, 0xe3, 0xfd, 0xc9, 0x27, 0xc1, 0x5a, 0xb9, 0xde, 0x4f, 0x5a, 0x90, 0xdd, 0xc6, 0x67, 0xaa, 0x6f, 0x8a, 0x3a}}}, +{{{0x78, 0x52, 0x87, 0xc9, 0x97, 0x63, 0xb1, 0xdd, 0x54, 0x5f, 0xc1, 0xf8, 0xf1, 0x06, 0xa6, 0xa8, 0xa3, 0x88, 0x82, 0xd4, 0xcb, 0xa6, 0x19, 0xdd, 0xd1, 0x11, 0x87, 0x08, 0x17, 0x4c, 0x37, 0x2a}} , + {{0xa1, 0x0c, 0xf3, 0x08, 0x43, 0xd9, 0x24, 0x1e, 0x83, 0xa7, 0xdf, 0x91, 0xca, 0xbd, 0x69, 0x47, 0x8d, 0x1b, 0xe2, 0xb9, 0x4e, 0xb5, 0xe1, 0x76, 0xb3, 0x1c, 0x93, 0x03, 0xce, 0x5f, 0xb3, 0x5a}}}, +{{{0x1d, 0xda, 0xe4, 0x61, 0x03, 0x50, 0xa9, 0x8b, 0x68, 0x18, 0xef, 0xb2, 0x1c, 0x84, 0x3b, 0xa2, 0x44, 0x95, 0xa3, 0x04, 0x3b, 0xd6, 0x99, 0x00, 0xaf, 0x76, 0x42, 0x67, 0x02, 0x7d, 0x85, 0x56}} , + {{0xce, 0x72, 0x0e, 0x29, 0x84, 0xb2, 0x7d, 0xd2, 0x45, 0xbe, 0x57, 0x06, 0xed, 0x7f, 0xcf, 0xed, 0xcd, 0xef, 0x19, 0xd6, 0xbc, 0x15, 0x79, 0x64, 0xd2, 0x18, 0xe3, 0x20, 0x67, 0x3a, 0x54, 0x0b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x52, 0xfd, 0x04, 0xc5, 0xfb, 0x99, 0xe7, 0xe8, 0xfb, 0x8c, 0xe1, 0x42, 0x03, 0xef, 0x9d, 0xd9, 0x9e, 0x4d, 0xf7, 0x80, 0xcf, 0x2e, 0xcc, 0x9b, 0x45, 0xc9, 0x7b, 0x7a, 0xbc, 0x37, 0xa8, 0x52}} , + {{0x96, 0x11, 0x41, 0x8a, 0x47, 0x91, 0xfe, 0xb6, 0xda, 0x7a, 0x54, 0x63, 0xd1, 0x14, 0x35, 0x05, 0x86, 0x8c, 0xa9, 0x36, 0x3f, 0xf2, 0x85, 0x54, 0x4e, 0x92, 0xd8, 0x85, 0x01, 0x46, 0xd6, 0x50}}}, +{{{0x53, 0xcd, 0xf3, 0x86, 0x40, 0xe6, 0x39, 0x42, 0x95, 0xd6, 0xcb, 0x45, 0x1a, 0x20, 0xc8, 0x45, 0x4b, 0x32, 0x69, 0x04, 0xb1, 0xaf, 0x20, 0x46, 0xc7, 0x6b, 0x23, 0x5b, 0x69, 0xee, 0x30, 0x3f}} , + {{0x70, 0x83, 0x47, 0xc0, 0xdb, 0x55, 0x08, 0xa8, 0x7b, 0x18, 0x6d, 0xf5, 0x04, 0x5a, 0x20, 0x0c, 0x4a, 0x8c, 0x60, 0xae, 0xae, 0x0f, 0x64, 0x55, 0x55, 0x2e, 0xd5, 0x1d, 0x53, 0x31, 0x42, 0x41}}}, +{{{0xca, 0xfc, 0x88, 0x6b, 0x96, 0x78, 0x0a, 0x8b, 0x83, 0xdc, 0xbc, 0xaf, 0x40, 0xb6, 0x8d, 0x7f, 0xef, 0xb4, 0xd1, 0x3f, 0xcc, 0xa2, 0x74, 0xc9, 0xc2, 0x92, 0x55, 0x00, 0xab, 0xdb, 0xbf, 0x4f}} , + {{0x93, 0x1c, 0x06, 0x2d, 0x66, 0x65, 0x02, 0xa4, 0x97, 0x18, 0xfd, 0x00, 0xe7, 0xab, 0x03, 0xec, 0xce, 0xc1, 0xbf, 0x37, 0xf8, 0x13, 0x53, 0xa5, 0xe5, 0x0c, 0x3a, 0xa8, 0x55, 0xb9, 0xff, 0x68}}}, +{{{0xe4, 0xe6, 0x6d, 0x30, 0x7d, 0x30, 0x35, 0xc2, 0x78, 0x87, 0xf9, 0xfc, 0x6b, 0x5a, 0xc3, 0xb7, 0x65, 0xd8, 0x2e, 0xc7, 0xa5, 0x0c, 0xc6, 0xdc, 0x12, 0xaa, 0xd6, 0x4f, 0xc5, 0x38, 0xbc, 0x0e}} , + {{0xe2, 0x3c, 0x76, 0x86, 0x38, 0xf2, 0x7b, 0x2c, 0x16, 0x78, 0x8d, 0xf5, 0xa4, 0x15, 0xda, 0xdb, 0x26, 0x85, 0xa0, 0x56, 0xdd, 0x1d, 0xe3, 0xb3, 0xfd, 0x40, 0xef, 0xf2, 0xd9, 0xa1, 0xb3, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xdb, 0x49, 0x0e, 0xe6, 0x58, 0x10, 0x7a, 0x52, 0xda, 0xb5, 0x7d, 0x37, 0x6a, 0x3e, 0xa1, 0x78, 0xce, 0xc7, 0x1c, 0x24, 0x23, 0xdb, 0x7d, 0xfb, 0x8c, 0x8d, 0xdc, 0x30, 0x67, 0x69, 0x75, 0x3b}} , + {{0xa9, 0xea, 0x6d, 0x16, 0x16, 0x60, 0xf4, 0x60, 0x87, 0x19, 0x44, 0x8c, 0x4a, 0x8b, 0x3e, 0xfb, 0x16, 0x00, 0x00, 0x54, 0xa6, 0x9e, 0x9f, 0xef, 0xcf, 0xd9, 0xd2, 0x4c, 0x74, 0x31, 0xd0, 0x34}}}, +{{{0xa4, 0xeb, 0x04, 0xa4, 0x8c, 0x8f, 0x71, 0x27, 0x95, 0x85, 0x5d, 0x55, 0x4b, 0xb1, 0x26, 0x26, 0xc8, 0xae, 0x6a, 0x7d, 0xa2, 0x21, 0xca, 0xce, 0x38, 0xab, 0x0f, 0xd0, 0xd5, 0x2b, 0x6b, 0x00}} , + {{0xe5, 0x67, 0x0c, 0xf1, 0x3a, 0x9a, 0xea, 0x09, 0x39, 0xef, 0xd1, 0x30, 0xbc, 0x33, 0xba, 0xb1, 0x6a, 0xc5, 0x27, 0x08, 0x7f, 0x54, 0x80, 0x3d, 0xab, 0xf6, 0x15, 0x7a, 0xc2, 0x40, 0x73, 0x72}}}, +{{{0x84, 0x56, 0x82, 0xb6, 0x12, 0x70, 0x7f, 0xf7, 0xf0, 0xbd, 0x5b, 0xa9, 0xd5, 0xc5, 0x5f, 0x59, 0xbf, 0x7f, 0xb3, 0x55, 0x22, 0x02, 0xc9, 0x44, 0x55, 0x87, 0x8f, 0x96, 0x98, 0x64, 0x6d, 0x15}} , + {{0xb0, 0x8b, 0xaa, 0x1e, 0xec, 0xc7, 0xa5, 0x8f, 0x1f, 0x92, 0x04, 0xc6, 0x05, 0xf6, 0xdf, 0xa1, 0xcc, 0x1f, 0x81, 0xf5, 0x0e, 0x9c, 0x57, 0xdc, 0xe3, 0xbb, 0x06, 0x87, 0x1e, 0xfe, 0x23, 0x6c}}}, +{{{0xd8, 0x2b, 0x5b, 0x16, 0xea, 0x20, 0xf1, 0xd3, 0x68, 0x8f, 0xae, 0x5b, 0xd0, 0xa9, 0x1a, 0x19, 0xa8, 0x36, 0xfb, 0x2b, 0x57, 0x88, 0x7d, 0x90, 0xd5, 0xa6, 0xf3, 0xdc, 0x38, 0x89, 0x4e, 0x1f}} , + {{0xcc, 0x19, 0xda, 0x9b, 0x3b, 0x43, 0x48, 0x21, 0x2e, 0x23, 0x4d, 0x3d, 0xae, 0xf8, 0x8c, 0xfc, 0xdd, 0xa6, 0x74, 0x37, 0x65, 0xca, 0xee, 0x1a, 0x19, 0x8e, 0x9f, 0x64, 0x6f, 0x0c, 0x8b, 0x5a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0xb9, 0xc2, 0xf0, 0x72, 0xb8, 0x15, 0x16, 0xcc, 0x8d, 0x3c, 0x6f, 0x25, 0xed, 0xf4, 0x46, 0x2e, 0x0c, 0x60, 0x0f, 0xe2, 0x84, 0x34, 0x55, 0x89, 0x59, 0x34, 0x1b, 0xf5, 0x8d, 0xfe, 0x08}} , + {{0xf8, 0xab, 0x93, 0xbc, 0x44, 0xba, 0x1b, 0x75, 0x4b, 0x49, 0x6f, 0xd0, 0x54, 0x2e, 0x63, 0xba, 0xb5, 0xea, 0xed, 0x32, 0x14, 0xc9, 0x94, 0xd8, 0xc5, 0xce, 0xf4, 0x10, 0x68, 0xe0, 0x38, 0x27}}}, +{{{0x74, 0x1c, 0x14, 0x9b, 0xd4, 0x64, 0x61, 0x71, 0x5a, 0xb6, 0x21, 0x33, 0x4f, 0xf7, 0x8e, 0xba, 0xa5, 0x48, 0x9a, 0xc7, 0xfa, 0x9a, 0xf0, 0xb4, 0x62, 0xad, 0xf2, 0x5e, 0xcc, 0x03, 0x24, 0x1a}} , + {{0xf5, 0x76, 0xfd, 0xe4, 0xaf, 0xb9, 0x03, 0x59, 0xce, 0x63, 0xd2, 0x3b, 0x1f, 0xcd, 0x21, 0x0c, 0xad, 0x44, 0xa5, 0x97, 0xac, 0x80, 0x11, 0x02, 0x9b, 0x0c, 0xe5, 0x8b, 0xcd, 0xfb, 0x79, 0x77}}}, +{{{0x15, 0xbe, 0x9a, 0x0d, 0xba, 0x38, 0x72, 0x20, 0x8a, 0xf5, 0xbe, 0x59, 0x93, 0x79, 0xb7, 0xf6, 0x6a, 0x0c, 0x38, 0x27, 0x1a, 0x60, 0xf4, 0x86, 0x3b, 0xab, 0x5a, 0x00, 0xa0, 0xce, 0x21, 0x7d}} , + {{0x6c, 0xba, 0x14, 0xc5, 0xea, 0x12, 0x9e, 0x2e, 0x82, 0x63, 0xce, 0x9b, 0x4a, 0xe7, 0x1d, 0xec, 0xf1, 0x2e, 0x51, 0x1c, 0xf4, 0xd0, 0x69, 0x15, 0x42, 0x9d, 0xa3, 0x3f, 0x0e, 0xbf, 0xe9, 0x5c}}}, +{{{0xe4, 0x0d, 0xf4, 0xbd, 0xee, 0x31, 0x10, 0xed, 0xcb, 0x12, 0x86, 0xad, 0xd4, 0x2f, 0x90, 0x37, 0x32, 0xc3, 0x0b, 0x73, 0xec, 0x97, 0x85, 0xa4, 0x01, 0x1c, 0x76, 0x35, 0xfe, 0x75, 0xdd, 0x71}} , + {{0x11, 0xa4, 0x88, 0x9f, 0x3e, 0x53, 0x69, 0x3b, 0x1b, 0xe0, 0xf7, 0xba, 0x9b, 0xad, 0x4e, 0x81, 0x5f, 0xb5, 0x5c, 0xae, 0xbe, 0x67, 0x86, 0x37, 0x34, 0x8e, 0x07, 0x32, 0x45, 0x4a, 0x67, 0x39}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x90, 0x70, 0x58, 0x20, 0x03, 0x1e, 0x67, 0xb2, 0xc8, 0x9b, 0x58, 0xc5, 0xb1, 0xeb, 0x2d, 0x4a, 0xde, 0x82, 0x8c, 0xf2, 0xd2, 0x14, 0xb8, 0x70, 0x61, 0x4e, 0x73, 0xd6, 0x0b, 0x6b, 0x0d, 0x30}} , + {{0x81, 0xfc, 0x55, 0x5c, 0xbf, 0xa7, 0xc4, 0xbd, 0xe2, 0xf0, 0x4b, 0x8f, 0xe9, 0x7d, 0x99, 0xfa, 0xd3, 0xab, 0xbc, 0xc7, 0x83, 0x2b, 0x04, 0x7f, 0x0c, 0x19, 0x43, 0x03, 0x3d, 0x07, 0xca, 0x40}}}, +{{{0xf9, 0xc8, 0xbe, 0x8c, 0x16, 0x81, 0x39, 0x96, 0xf6, 0x17, 0x58, 0xc8, 0x30, 0x58, 0xfb, 0xc2, 0x03, 0x45, 0xd2, 0x52, 0x76, 0xe0, 0x6a, 0x26, 0x28, 0x5c, 0x88, 0x59, 0x6a, 0x5a, 0x54, 0x42}} , + {{0x07, 0xb5, 0x2e, 0x2c, 0x67, 0x15, 0x9b, 0xfb, 0x83, 0x69, 0x1e, 0x0f, 0xda, 0xd6, 0x29, 0xb1, 0x60, 0xe0, 0xb2, 0xba, 0x69, 0xa2, 0x9e, 0xbd, 0xbd, 0xe0, 0x1c, 0xbd, 0xcd, 0x06, 0x64, 0x70}}}, +{{{0x41, 0xfa, 0x8c, 0xe1, 0x89, 0x8f, 0x27, 0xc8, 0x25, 0x8f, 0x6f, 0x5f, 0x55, 0xf8, 0xde, 0x95, 0x6d, 0x2f, 0x75, 0x16, 0x2b, 0x4e, 0x44, 0xfd, 0x86, 0x6e, 0xe9, 0x70, 0x39, 0x76, 0x97, 0x7e}} , + {{0x17, 0x62, 0x6b, 0x14, 0xa1, 0x7c, 0xd0, 0x79, 0x6e, 0xd8, 0x8a, 0xa5, 0x6d, 0x8c, 0x93, 0xd2, 0x3f, 0xec, 0x44, 0x8d, 0x6e, 0x91, 0x01, 0x8c, 0x8f, 0xee, 0x01, 0x8f, 0xc0, 0xb4, 0x85, 0x0e}}}, +{{{0x02, 0x3a, 0x70, 0x41, 0xe4, 0x11, 0x57, 0x23, 0xac, 0xe6, 0xfc, 0x54, 0x7e, 0xcd, 0xd7, 0x22, 0xcb, 0x76, 0x9f, 0x20, 0xce, 0xa0, 0x73, 0x76, 0x51, 0x3b, 0xa4, 0xf8, 0xe3, 0x62, 0x12, 0x6c}} , + {{0x7f, 0x00, 0x9c, 0x26, 0x0d, 0x6f, 0x48, 0x7f, 0x3a, 0x01, 0xed, 0xc5, 0x96, 0xb0, 0x1f, 0x4f, 0xa8, 0x02, 0x62, 0x27, 0x8a, 0x50, 0x8d, 0x9a, 0x8b, 0x52, 0x0f, 0x1e, 0xcf, 0x41, 0x38, 0x19}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf5, 0x6c, 0xd4, 0x2f, 0x0f, 0x69, 0x0f, 0x87, 0x3f, 0x61, 0x65, 0x1e, 0x35, 0x34, 0x85, 0xba, 0x02, 0x30, 0xac, 0x25, 0x3d, 0xe2, 0x62, 0xf1, 0xcc, 0xe9, 0x1b, 0xc2, 0xef, 0x6a, 0x42, 0x57}} , + {{0x34, 0x1f, 0x2e, 0xac, 0xd1, 0xc7, 0x04, 0x52, 0x32, 0x66, 0xb2, 0x33, 0x73, 0x21, 0x34, 0x54, 0xf7, 0x71, 0xed, 0x06, 0xb0, 0xff, 0xa6, 0x59, 0x6f, 0x8a, 0x4e, 0xfb, 0x02, 0xb0, 0x45, 0x6b}}}, +{{{0xf5, 0x48, 0x0b, 0x03, 0xc5, 0x22, 0x7d, 0x80, 0x08, 0x53, 0xfe, 0x32, 0xb1, 0xa1, 0x8a, 0x74, 0x6f, 0xbd, 0x3f, 0x85, 0xf4, 0xcf, 0xf5, 0x60, 0xaf, 0x41, 0x7e, 0x3e, 0x46, 0xa3, 0x5a, 0x20}} , + {{0xaa, 0x35, 0x87, 0x44, 0x63, 0x66, 0x97, 0xf8, 0x6e, 0x55, 0x0c, 0x04, 0x3e, 0x35, 0x50, 0xbf, 0x93, 0x69, 0xd2, 0x8b, 0x05, 0x55, 0x99, 0xbe, 0xe2, 0x53, 0x61, 0xec, 0xe8, 0x08, 0x0b, 0x32}}}, +{{{0xb3, 0x10, 0x45, 0x02, 0x69, 0x59, 0x2e, 0x97, 0xd9, 0x64, 0xf8, 0xdb, 0x25, 0x80, 0xdc, 0xc4, 0xd5, 0x62, 0x3c, 0xed, 0x65, 0x91, 0xad, 0xd1, 0x57, 0x81, 0x94, 0xaa, 0xa1, 0x29, 0xfc, 0x68}} , + {{0xdd, 0xb5, 0x7d, 0xab, 0x5a, 0x21, 0x41, 0x53, 0xbb, 0x17, 0x79, 0x0d, 0xd1, 0xa8, 0x0c, 0x0c, 0x20, 0x88, 0x09, 0xe9, 0x84, 0xe8, 0x25, 0x11, 0x67, 0x7a, 0x8b, 0x1a, 0xe4, 0x5d, 0xe1, 0x5d}}}, +{{{0x37, 0xea, 0xfe, 0x65, 0x3b, 0x25, 0xe8, 0xe1, 0xc2, 0xc5, 0x02, 0xa4, 0xbe, 0x98, 0x0a, 0x2b, 0x61, 0xc1, 0x9b, 0xe2, 0xd5, 0x92, 0xe6, 0x9e, 0x7d, 0x1f, 0xca, 0x43, 0x88, 0x8b, 0x2c, 0x59}} , + {{0xe0, 0xb5, 0x00, 0x1d, 0x2a, 0x6f, 0xaf, 0x79, 0x86, 0x2f, 0xa6, 0x5a, 0x93, 0xd1, 0xfe, 0xae, 0x3a, 0xee, 0xdb, 0x7c, 0x61, 0xbe, 0x7c, 0x01, 0xf9, 0xfe, 0x52, 0xdc, 0xd8, 0x52, 0xa3, 0x42}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x22, 0xaf, 0x13, 0x37, 0xbd, 0x37, 0x71, 0xac, 0x04, 0x46, 0x63, 0xac, 0xa4, 0x77, 0xed, 0x25, 0x38, 0xe0, 0x15, 0xa8, 0x64, 0x00, 0x0d, 0xce, 0x51, 0x01, 0xa9, 0xbc, 0x0f, 0x03, 0x1c, 0x04}} , + {{0x89, 0xf9, 0x80, 0x07, 0xcf, 0x3f, 0xb3, 0xe9, 0xe7, 0x45, 0x44, 0x3d, 0x2a, 0x7c, 0xe9, 0xe4, 0x16, 0x5c, 0x5e, 0x65, 0x1c, 0xc7, 0x7d, 0xc6, 0x7a, 0xfb, 0x43, 0xee, 0x25, 0x76, 0x46, 0x72}}}, +{{{0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62}} , + {{0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03}}}, +{{{0x51, 0x16, 0x50, 0x7c, 0xd5, 0x5d, 0xf6, 0x99, 0xe8, 0x77, 0x72, 0x4e, 0xfa, 0x62, 0xcb, 0x76, 0x75, 0x0c, 0xe2, 0x71, 0x98, 0x92, 0xd5, 0xfa, 0x45, 0xdf, 0x5c, 0x6f, 0x1e, 0x9e, 0x28, 0x69}} , + {{0x0d, 0xac, 0x66, 0x6d, 0xc3, 0x8b, 0xba, 0x16, 0xb5, 0xe2, 0xa0, 0x0d, 0x0c, 0xbd, 0xa4, 0x8e, 0x18, 0x6c, 0xf2, 0xdc, 0xf9, 0xdc, 0x4a, 0x86, 0x25, 0x95, 0x14, 0xcb, 0xd8, 0x1a, 0x04, 0x0f}}}, +{{{0x97, 0xa5, 0xdb, 0x8b, 0x2d, 0xaa, 0x42, 0x11, 0x09, 0xf2, 0x93, 0xbb, 0xd9, 0x06, 0x84, 0x4e, 0x11, 0xa8, 0xa0, 0x25, 0x2b, 0xa6, 0x5f, 0xae, 0xc4, 0xb4, 0x4c, 0xc8, 0xab, 0xc7, 0x3b, 0x02}} , + {{0xee, 0xc9, 0x29, 0x0f, 0xdf, 0x11, 0x85, 0xed, 0xce, 0x0d, 0x62, 0x2c, 0x8f, 0x4b, 0xf9, 0x04, 0xe9, 0x06, 0x72, 0x1d, 0x37, 0x20, 0x50, 0xc9, 0x14, 0xeb, 0xec, 0x39, 0xa7, 0x97, 0x2b, 0x4d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x69, 0xd1, 0x39, 0xbd, 0xfb, 0x33, 0xbe, 0xc4, 0xf0, 0x5c, 0xef, 0xf0, 0x56, 0x68, 0xfc, 0x97, 0x47, 0xc8, 0x72, 0xb6, 0x53, 0xa4, 0x0a, 0x98, 0xa5, 0xb4, 0x37, 0x71, 0xcf, 0x66, 0x50, 0x6d}} , + {{0x17, 0xa4, 0x19, 0x52, 0x11, 0x47, 0xb3, 0x5c, 0x5b, 0xa9, 0x2e, 0x22, 0xb4, 0x00, 0x52, 0xf9, 0x57, 0x18, 0xb8, 0xbe, 0x5a, 0xe3, 0xab, 0x83, 0xc8, 0x87, 0x0a, 0x2a, 0xd8, 0x8c, 0xbb, 0x54}}}, +{{{0xa9, 0x62, 0x93, 0x85, 0xbe, 0xe8, 0x73, 0x4a, 0x0e, 0xb0, 0xb5, 0x2d, 0x94, 0x50, 0xaa, 0xd3, 0xb2, 0xea, 0x9d, 0x62, 0x76, 0x3b, 0x07, 0x34, 0x4e, 0x2d, 0x70, 0xc8, 0x9a, 0x15, 0x66, 0x6b}} , + {{0xc5, 0x96, 0xca, 0xc8, 0x22, 0x1a, 0xee, 0x5f, 0xe7, 0x31, 0x60, 0x22, 0x83, 0x08, 0x63, 0xce, 0xb9, 0x32, 0x44, 0x58, 0x5d, 0x3a, 0x9b, 0xe4, 0x04, 0xd5, 0xef, 0x38, 0xef, 0x4b, 0xdd, 0x19}}}, +{{{0x4d, 0xc2, 0x17, 0x75, 0xa1, 0x68, 0xcd, 0xc3, 0xc6, 0x03, 0x44, 0xe3, 0x78, 0x09, 0x91, 0x47, 0x3f, 0x0f, 0xe4, 0x92, 0x58, 0xfa, 0x7d, 0x1f, 0x20, 0x94, 0x58, 0x5e, 0xbc, 0x19, 0x02, 0x6f}} , + {{0x20, 0xd6, 0xd8, 0x91, 0x54, 0xa7, 0xf3, 0x20, 0x4b, 0x34, 0x06, 0xfa, 0x30, 0xc8, 0x6f, 0x14, 0x10, 0x65, 0x74, 0x13, 0x4e, 0xf0, 0x69, 0x26, 0xce, 0xcf, 0x90, 0xf4, 0xd0, 0xc5, 0xc8, 0x64}}}, +{{{0x26, 0xa2, 0x50, 0x02, 0x24, 0x72, 0xf1, 0xf0, 0x4e, 0x2d, 0x93, 0xd5, 0x08, 0xe7, 0xae, 0x38, 0xf7, 0x18, 0xa5, 0x32, 0x34, 0xc2, 0xf0, 0xa6, 0xec, 0xb9, 0x61, 0x7b, 0x64, 0x99, 0xac, 0x71}} , + {{0x25, 0xcf, 0x74, 0x55, 0x1b, 0xaa, 0xa9, 0x38, 0x41, 0x40, 0xd5, 0x95, 0x95, 0xab, 0x1c, 0x5e, 0xbc, 0x41, 0x7e, 0x14, 0x30, 0xbe, 0x13, 0x89, 0xf4, 0xe5, 0xeb, 0x28, 0xc0, 0xc2, 0x96, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2b, 0x77, 0x45, 0xec, 0x67, 0x76, 0x32, 0x4c, 0xb9, 0xdf, 0x25, 0x32, 0x6b, 0xcb, 0xe7, 0x14, 0x61, 0x43, 0xee, 0xba, 0x9b, 0x71, 0xef, 0xd2, 0x48, 0x65, 0xbb, 0x1b, 0x8a, 0x13, 0x1b, 0x22}} , + {{0x84, 0xad, 0x0c, 0x18, 0x38, 0x5a, 0xba, 0xd0, 0x98, 0x59, 0xbf, 0x37, 0xb0, 0x4f, 0x97, 0x60, 0x20, 0xb3, 0x9b, 0x97, 0xf6, 0x08, 0x6c, 0xa4, 0xff, 0xfb, 0xb7, 0xfa, 0x95, 0xb2, 0x51, 0x79}}}, +{{{0x28, 0x5c, 0x3f, 0xdb, 0x6b, 0x18, 0x3b, 0x5c, 0xd1, 0x04, 0x28, 0xde, 0x85, 0x52, 0x31, 0xb5, 0xbb, 0xf6, 0xa9, 0xed, 0xbe, 0x28, 0x4f, 0xb3, 0x7e, 0x05, 0x6a, 0xdb, 0x95, 0x0d, 0x1b, 0x1c}} , + {{0xd5, 0xc5, 0xc3, 0x9a, 0x0a, 0xd0, 0x31, 0x3e, 0x07, 0x36, 0x8e, 0xc0, 0x8a, 0x62, 0xb1, 0xca, 0xd6, 0x0e, 0x1e, 0x9d, 0xef, 0xab, 0x98, 0x4d, 0xbb, 0x6c, 0x05, 0xe0, 0xe4, 0x5d, 0xbd, 0x57}}}, +{{{0xcc, 0x21, 0x27, 0xce, 0xfd, 0xa9, 0x94, 0x8e, 0xe1, 0xab, 0x49, 0xe0, 0x46, 0x26, 0xa1, 0xa8, 0x8c, 0xa1, 0x99, 0x1d, 0xb4, 0x27, 0x6d, 0x2d, 0xc8, 0x39, 0x30, 0x5e, 0x37, 0x52, 0xc4, 0x6e}} , + {{0xa9, 0x85, 0xf4, 0xe7, 0xb0, 0x15, 0x33, 0x84, 0x1b, 0x14, 0x1a, 0x02, 0xd9, 0x3b, 0xad, 0x0f, 0x43, 0x6c, 0xea, 0x3e, 0x0f, 0x7e, 0xda, 0xdd, 0x6b, 0x4c, 0x7f, 0x6e, 0xd4, 0x6b, 0xbf, 0x0f}}}, +{{{0x47, 0x9f, 0x7c, 0x56, 0x7c, 0x43, 0x91, 0x1c, 0xbb, 0x4e, 0x72, 0x3e, 0x64, 0xab, 0xa0, 0xa0, 0xdf, 0xb4, 0xd8, 0x87, 0x3a, 0xbd, 0xa8, 0x48, 0xc9, 0xb8, 0xef, 0x2e, 0xad, 0x6f, 0x84, 0x4f}} , + {{0x2d, 0x2d, 0xf0, 0x1b, 0x7e, 0x2a, 0x6c, 0xf8, 0xa9, 0x6a, 0xe1, 0xf0, 0x99, 0xa1, 0x67, 0x9a, 0xd4, 0x13, 0xca, 0xca, 0xba, 0x27, 0x92, 0xaa, 0xa1, 0x5d, 0x50, 0xde, 0xcc, 0x40, 0x26, 0x0a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9f, 0x3e, 0xf2, 0xb2, 0x90, 0xce, 0xdb, 0x64, 0x3e, 0x03, 0xdd, 0x37, 0x36, 0x54, 0x70, 0x76, 0x24, 0xb5, 0x69, 0x03, 0xfc, 0xa0, 0x2b, 0x74, 0xb2, 0x05, 0x0e, 0xcc, 0xd8, 0x1f, 0x6a, 0x1f}} , + {{0x19, 0x5e, 0x60, 0x69, 0x58, 0x86, 0xa0, 0x31, 0xbd, 0x32, 0xe9, 0x2c, 0x5c, 0xd2, 0x85, 0xba, 0x40, 0x64, 0xa8, 0x74, 0xf8, 0x0e, 0x1c, 0xb3, 0xa9, 0x69, 0xe8, 0x1e, 0x40, 0x64, 0x99, 0x77}}}, +{{{0x6c, 0x32, 0x4f, 0xfd, 0xbb, 0x5c, 0xbb, 0x8d, 0x64, 0x66, 0x4a, 0x71, 0x1f, 0x79, 0xa3, 0xad, 0x8d, 0xf9, 0xd4, 0xec, 0xcf, 0x67, 0x70, 0xfa, 0x05, 0x4a, 0x0f, 0x6e, 0xaf, 0x87, 0x0a, 0x6f}} , + {{0xc6, 0x36, 0x6e, 0x6c, 0x8c, 0x24, 0x09, 0x60, 0xbe, 0x26, 0xd2, 0x4c, 0x5e, 0x17, 0xca, 0x5f, 0x1d, 0xcc, 0x87, 0xe8, 0x42, 0x6a, 0xcb, 0xcb, 0x7d, 0x92, 0x05, 0x35, 0x81, 0x13, 0x60, 0x6b}}}, +{{{0xf4, 0x15, 0xcd, 0x0f, 0x0a, 0xaf, 0x4e, 0x6b, 0x51, 0xfd, 0x14, 0xc4, 0x2e, 0x13, 0x86, 0x74, 0x44, 0xcb, 0x66, 0x6b, 0xb6, 0x9d, 0x74, 0x56, 0x32, 0xac, 0x8d, 0x8e, 0x8c, 0x8c, 0x8c, 0x39}} , + {{0xca, 0x59, 0x74, 0x1a, 0x11, 0xef, 0x6d, 0xf7, 0x39, 0x5c, 0x3b, 0x1f, 0xfa, 0xe3, 0x40, 0x41, 0x23, 0x9e, 0xf6, 0xd1, 0x21, 0xa2, 0xbf, 0xad, 0x65, 0x42, 0x6b, 0x59, 0x8a, 0xe8, 0xc5, 0x7f}}}, +{{{0x64, 0x05, 0x7a, 0x84, 0x4a, 0x13, 0xc3, 0xf6, 0xb0, 0x6e, 0x9a, 0x6b, 0x53, 0x6b, 0x32, 0xda, 0xd9, 0x74, 0x75, 0xc4, 0xba, 0x64, 0x3d, 0x3b, 0x08, 0xdd, 0x10, 0x46, 0xef, 0xc7, 0x90, 0x1f}} , + {{0x7b, 0x2f, 0x3a, 0xce, 0xc8, 0xa1, 0x79, 0x3c, 0x30, 0x12, 0x44, 0x28, 0xf6, 0xbc, 0xff, 0xfd, 0xf4, 0xc0, 0x97, 0xb0, 0xcc, 0xc3, 0x13, 0x7a, 0xb9, 0x9a, 0x16, 0xe4, 0xcb, 0x4c, 0x34, 0x63}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x07, 0x4e, 0xd3, 0x2d, 0x09, 0x33, 0x0e, 0xd2, 0x0d, 0xbe, 0x3e, 0xe7, 0xe4, 0xaa, 0xb7, 0x00, 0x8b, 0xe8, 0xad, 0xaa, 0x7a, 0x8d, 0x34, 0x28, 0xa9, 0x81, 0x94, 0xc5, 0xe7, 0x42, 0xac, 0x47}} , + {{0x24, 0x89, 0x7a, 0x8f, 0xb5, 0x9b, 0xf0, 0xc2, 0x03, 0x64, 0xd0, 0x1e, 0xf5, 0xa4, 0xb2, 0xf3, 0x74, 0xe9, 0x1a, 0x16, 0xfd, 0xcb, 0x15, 0xea, 0xeb, 0x10, 0x6c, 0x35, 0xd1, 0xc1, 0xa6, 0x28}}}, +{{{0xcc, 0xd5, 0x39, 0xfc, 0xa5, 0xa4, 0xad, 0x32, 0x15, 0xce, 0x19, 0xe8, 0x34, 0x2b, 0x1c, 0x60, 0x91, 0xfc, 0x05, 0xa9, 0xb3, 0xdc, 0x80, 0x29, 0xc4, 0x20, 0x79, 0x06, 0x39, 0xc0, 0xe2, 0x22}} , + {{0xbb, 0xa8, 0xe1, 0x89, 0x70, 0x57, 0x18, 0x54, 0x3c, 0xf6, 0x0d, 0x82, 0x12, 0x05, 0x87, 0x96, 0x06, 0x39, 0xe3, 0xf8, 0xb3, 0x95, 0xe5, 0xd7, 0x26, 0xbf, 0x09, 0x5a, 0x94, 0xf9, 0x1c, 0x63}}}, +{{{0x2b, 0x8c, 0x2d, 0x9a, 0x8b, 0x84, 0xf2, 0x56, 0xfb, 0xad, 0x2e, 0x7f, 0xb7, 0xfc, 0x30, 0xe1, 0x35, 0x89, 0xba, 0x4d, 0xa8, 0x6d, 0xce, 0x8c, 0x8b, 0x30, 0xe0, 0xda, 0x29, 0x18, 0x11, 0x17}} , + {{0x19, 0xa6, 0x5a, 0x65, 0x93, 0xc3, 0xb5, 0x31, 0x22, 0x4f, 0xf3, 0xf6, 0x0f, 0xeb, 0x28, 0xc3, 0x7c, 0xeb, 0xce, 0x86, 0xec, 0x67, 0x76, 0x6e, 0x35, 0x45, 0x7b, 0xd8, 0x6b, 0x92, 0x01, 0x65}}}, +{{{0x3d, 0xd5, 0x9a, 0x64, 0x73, 0x36, 0xb1, 0xd6, 0x86, 0x98, 0x42, 0x3f, 0x8a, 0xf1, 0xc7, 0xf5, 0x42, 0xa8, 0x9c, 0x52, 0xa8, 0xdc, 0xf9, 0x24, 0x3f, 0x4a, 0xa1, 0xa4, 0x5b, 0xe8, 0x62, 0x1a}} , + {{0xc5, 0xbd, 0xc8, 0x14, 0xd5, 0x0d, 0xeb, 0xe1, 0xa5, 0xe6, 0x83, 0x11, 0x09, 0x00, 0x1d, 0x55, 0x83, 0x51, 0x7e, 0x75, 0x00, 0x81, 0xb9, 0xcb, 0xd8, 0xc5, 0xe5, 0xa1, 0xd9, 0x17, 0x6d, 0x1f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xea, 0xf9, 0xe4, 0xe9, 0xe1, 0x52, 0x3f, 0x51, 0x19, 0x0d, 0xdd, 0xd9, 0x9d, 0x93, 0x31, 0x87, 0x23, 0x09, 0xd5, 0x83, 0xeb, 0x92, 0x09, 0x76, 0x6e, 0xe3, 0xf8, 0xc0, 0xa2, 0x66, 0xb5, 0x36}} , + {{0x3a, 0xbb, 0x39, 0xed, 0x32, 0x02, 0xe7, 0x43, 0x7a, 0x38, 0x14, 0x84, 0xe3, 0x44, 0xd2, 0x5e, 0x94, 0xdd, 0x78, 0x89, 0x55, 0x4c, 0x73, 0x9e, 0xe1, 0xe4, 0x3e, 0x43, 0xd0, 0x4a, 0xde, 0x1b}}}, +{{{0xb2, 0xe7, 0x8f, 0xe3, 0xa3, 0xc5, 0xcb, 0x72, 0xee, 0x79, 0x41, 0xf8, 0xdf, 0xee, 0x65, 0xc5, 0x45, 0x77, 0x27, 0x3c, 0xbd, 0x58, 0xd3, 0x75, 0xe2, 0x04, 0x4b, 0xbb, 0x65, 0xf3, 0xc8, 0x0f}} , + {{0x24, 0x7b, 0x93, 0x34, 0xb5, 0xe2, 0x74, 0x48, 0xcd, 0xa0, 0x0b, 0x92, 0x97, 0x66, 0x39, 0xf4, 0xb0, 0xe2, 0x5d, 0x39, 0x6a, 0x5b, 0x45, 0x17, 0x78, 0x1e, 0xdb, 0x91, 0x81, 0x1c, 0xf9, 0x16}}}, +{{{0x16, 0xdf, 0xd1, 0x5a, 0xd5, 0xe9, 0x4e, 0x58, 0x95, 0x93, 0x5f, 0x51, 0x09, 0xc3, 0x2a, 0xc9, 0xd4, 0x55, 0x48, 0x79, 0xa4, 0xa3, 0xb2, 0xc3, 0x62, 0xaa, 0x8c, 0xe8, 0xad, 0x47, 0x39, 0x1b}} , + {{0x46, 0xda, 0x9e, 0x51, 0x3a, 0xe6, 0xd1, 0xa6, 0xbb, 0x4d, 0x7b, 0x08, 0xbe, 0x8c, 0xd5, 0xf3, 0x3f, 0xfd, 0xf7, 0x44, 0x80, 0x2d, 0x53, 0x4b, 0xd0, 0x87, 0x68, 0xc1, 0xb5, 0xd8, 0xf7, 0x07}}}, +{{{0xf4, 0x10, 0x46, 0xbe, 0xb7, 0xd2, 0xd1, 0xce, 0x5e, 0x76, 0xa2, 0xd7, 0x03, 0xdc, 0xe4, 0x81, 0x5a, 0xf6, 0x3c, 0xde, 0xae, 0x7a, 0x9d, 0x21, 0x34, 0xa5, 0xf6, 0xa9, 0x73, 0xe2, 0x8d, 0x60}} , + {{0xfa, 0x44, 0x71, 0xf6, 0x41, 0xd8, 0xc6, 0x58, 0x13, 0x37, 0xeb, 0x84, 0x0f, 0x96, 0xc7, 0xdc, 0xc8, 0xa9, 0x7a, 0x83, 0xb2, 0x2f, 0x31, 0xb1, 0x1a, 0xd8, 0x98, 0x3f, 0x11, 0xd0, 0x31, 0x3b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x81, 0xd5, 0x34, 0x16, 0x01, 0xa3, 0x93, 0xea, 0x52, 0x94, 0xec, 0x93, 0xb7, 0x81, 0x11, 0x2d, 0x58, 0xf9, 0xb5, 0x0a, 0xaa, 0x4f, 0xf6, 0x2e, 0x3f, 0x36, 0xbf, 0x33, 0x5a, 0xe7, 0xd1, 0x08}} , + {{0x1a, 0xcf, 0x42, 0xae, 0xcc, 0xb5, 0x77, 0x39, 0xc4, 0x5b, 0x5b, 0xd0, 0x26, 0x59, 0x27, 0xd0, 0x55, 0x71, 0x12, 0x9d, 0x88, 0x3d, 0x9c, 0xea, 0x41, 0x6a, 0xf0, 0x50, 0x93, 0x93, 0xdd, 0x47}}}, +{{{0x6f, 0xc9, 0x51, 0x6d, 0x1c, 0xaa, 0xf5, 0xa5, 0x90, 0x3f, 0x14, 0xe2, 0x6e, 0x8e, 0x64, 0xfd, 0xac, 0xe0, 0x4e, 0x22, 0xe5, 0xc1, 0xbc, 0x29, 0x0a, 0x6a, 0x9e, 0xa1, 0x60, 0xcb, 0x2f, 0x0b}} , + {{0xdc, 0x39, 0x32, 0xf3, 0xa1, 0x44, 0xe9, 0xc5, 0xc3, 0x78, 0xfb, 0x95, 0x47, 0x34, 0x35, 0x34, 0xe8, 0x25, 0xde, 0x93, 0xc6, 0xb4, 0x76, 0x6d, 0x86, 0x13, 0xc6, 0xe9, 0x68, 0xb5, 0x01, 0x63}}}, +{{{0x1f, 0x9a, 0x52, 0x64, 0x97, 0xd9, 0x1c, 0x08, 0x51, 0x6f, 0x26, 0x9d, 0xaa, 0x93, 0x33, 0x43, 0xfa, 0x77, 0xe9, 0x62, 0x9b, 0x5d, 0x18, 0x75, 0xeb, 0x78, 0xf7, 0x87, 0x8f, 0x41, 0xb4, 0x4d}} , + {{0x13, 0xa8, 0x82, 0x3e, 0xe9, 0x13, 0xad, 0xeb, 0x01, 0xca, 0xcf, 0xda, 0xcd, 0xf7, 0x6c, 0xc7, 0x7a, 0xdc, 0x1e, 0x6e, 0xc8, 0x4e, 0x55, 0x62, 0x80, 0xea, 0x78, 0x0c, 0x86, 0xb9, 0x40, 0x51}}}, +{{{0x27, 0xae, 0xd3, 0x0d, 0x4c, 0x8f, 0x34, 0xea, 0x7d, 0x3c, 0xe5, 0x8a, 0xcf, 0x5b, 0x92, 0xd8, 0x30, 0x16, 0xb4, 0xa3, 0x75, 0xff, 0xeb, 0x27, 0xc8, 0x5c, 0x6c, 0xc2, 0xee, 0x6c, 0x21, 0x0b}} , + {{0xc3, 0xba, 0x12, 0x53, 0x2a, 0xaa, 0x77, 0xad, 0x19, 0x78, 0x55, 0x8a, 0x2e, 0x60, 0x87, 0xc2, 0x6e, 0x91, 0x38, 0x91, 0x3f, 0x7a, 0xc5, 0x24, 0x8f, 0x51, 0xc5, 0xde, 0xb0, 0x53, 0x30, 0x56}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x02, 0xfe, 0x54, 0x12, 0x18, 0xca, 0x7d, 0xa5, 0x68, 0x43, 0xa3, 0x6d, 0x14, 0x2a, 0x6a, 0xa5, 0x8e, 0x32, 0xe7, 0x63, 0x4f, 0xe3, 0xc6, 0x44, 0x3e, 0xab, 0x63, 0xca, 0x17, 0x86, 0x74, 0x3f}} , + {{0x1e, 0x64, 0xc1, 0x7d, 0x52, 0xdc, 0x13, 0x5a, 0xa1, 0x9c, 0x4e, 0xee, 0x99, 0x28, 0xbb, 0x4c, 0xee, 0xac, 0xa9, 0x1b, 0x89, 0xa2, 0x38, 0x39, 0x7b, 0xc4, 0x0f, 0x42, 0xe6, 0x89, 0xed, 0x0f}}}, +{{{0xf3, 0x3c, 0x8c, 0x80, 0x83, 0x10, 0x8a, 0x37, 0x50, 0x9c, 0xb4, 0xdf, 0x3f, 0x8c, 0xf7, 0x23, 0x07, 0xd6, 0xff, 0xa0, 0x82, 0x6c, 0x75, 0x3b, 0xe4, 0xb5, 0xbb, 0xe4, 0xe6, 0x50, 0xf0, 0x08}} , + {{0x62, 0xee, 0x75, 0x48, 0x92, 0x33, 0xf2, 0xf4, 0xad, 0x15, 0x7a, 0xa1, 0x01, 0x46, 0xa9, 0x32, 0x06, 0x88, 0xb6, 0x36, 0x47, 0x35, 0xb9, 0xb4, 0x42, 0x85, 0x76, 0xf0, 0x48, 0x00, 0x90, 0x38}}}, +{{{0x51, 0x15, 0x9d, 0xc3, 0x95, 0xd1, 0x39, 0xbb, 0x64, 0x9d, 0x15, 0x81, 0xc1, 0x68, 0xd0, 0xb6, 0xa4, 0x2c, 0x7d, 0x5e, 0x02, 0x39, 0x00, 0xe0, 0x3b, 0xa4, 0xcc, 0xca, 0x1d, 0x81, 0x24, 0x10}} , + {{0xe7, 0x29, 0xf9, 0x37, 0xd9, 0x46, 0x5a, 0xcd, 0x70, 0xfe, 0x4d, 0x5b, 0xbf, 0xa5, 0xcf, 0x91, 0xf4, 0xef, 0xee, 0x8a, 0x29, 0xd0, 0xe7, 0xc4, 0x25, 0x92, 0x8a, 0xff, 0x36, 0xfc, 0xe4, 0x49}}}, +{{{0xbd, 0x00, 0xb9, 0x04, 0x7d, 0x35, 0xfc, 0xeb, 0xd0, 0x0b, 0x05, 0x32, 0x52, 0x7a, 0x89, 0x24, 0x75, 0x50, 0xe1, 0x63, 0x02, 0x82, 0x8e, 0xe7, 0x85, 0x0c, 0xf2, 0x56, 0x44, 0x37, 0x83, 0x25}} , + {{0x8f, 0xa1, 0xce, 0xcb, 0x60, 0xda, 0x12, 0x02, 0x1e, 0x29, 0x39, 0x2a, 0x03, 0xb7, 0xeb, 0x77, 0x40, 0xea, 0xc9, 0x2b, 0x2c, 0xd5, 0x7d, 0x7e, 0x2c, 0xc7, 0x5a, 0xfd, 0xff, 0xc4, 0xd1, 0x62}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x1d, 0x88, 0x98, 0x5b, 0x4e, 0xfc, 0x41, 0x24, 0x05, 0xe6, 0x50, 0x2b, 0xae, 0x96, 0x51, 0xd9, 0x6b, 0x72, 0xb2, 0x33, 0x42, 0x98, 0x68, 0xbb, 0x10, 0x5a, 0x7a, 0x8c, 0x9d, 0x07, 0xb4, 0x05}} , + {{0x2f, 0x61, 0x9f, 0xd7, 0xa8, 0x3f, 0x83, 0x8c, 0x10, 0x69, 0x90, 0xe6, 0xcf, 0xd2, 0x63, 0xa3, 0xe4, 0x54, 0x7e, 0xe5, 0x69, 0x13, 0x1c, 0x90, 0x57, 0xaa, 0xe9, 0x53, 0x22, 0x43, 0x29, 0x23}}}, +{{{0xe5, 0x1c, 0xf8, 0x0a, 0xfd, 0x2d, 0x7e, 0xf5, 0xf5, 0x70, 0x7d, 0x41, 0x6b, 0x11, 0xfe, 0xbe, 0x99, 0xd1, 0x55, 0x29, 0x31, 0xbf, 0xc0, 0x97, 0x6c, 0xd5, 0x35, 0xcc, 0x5e, 0x8b, 0xd9, 0x69}} , + {{0x8e, 0x4e, 0x9f, 0x25, 0xf8, 0x81, 0x54, 0x2d, 0x0e, 0xd5, 0x54, 0x81, 0x9b, 0xa6, 0x92, 0xce, 0x4b, 0xe9, 0x8f, 0x24, 0x3b, 0xca, 0xe0, 0x44, 0xab, 0x36, 0xfe, 0xfb, 0x87, 0xd4, 0x26, 0x3e}}}, +{{{0x0f, 0x93, 0x9c, 0x11, 0xe7, 0xdb, 0xf1, 0xf0, 0x85, 0x43, 0x28, 0x15, 0x37, 0xdd, 0xde, 0x27, 0xdf, 0xad, 0x3e, 0x49, 0x4f, 0xe0, 0x5b, 0xf6, 0x80, 0x59, 0x15, 0x3c, 0x85, 0xb7, 0x3e, 0x12}} , + {{0xf5, 0xff, 0xcc, 0xf0, 0xb4, 0x12, 0x03, 0x5f, 0xc9, 0x84, 0xcb, 0x1d, 0x17, 0xe0, 0xbc, 0xcc, 0x03, 0x62, 0xa9, 0x8b, 0x94, 0xa6, 0xaa, 0x18, 0xcb, 0x27, 0x8d, 0x49, 0xa6, 0x17, 0x15, 0x07}}}, +{{{0xd9, 0xb6, 0xd4, 0x9d, 0xd4, 0x6a, 0xaf, 0x70, 0x07, 0x2c, 0x10, 0x9e, 0xbd, 0x11, 0xad, 0xe4, 0x26, 0x33, 0x70, 0x92, 0x78, 0x1c, 0x74, 0x9f, 0x75, 0x60, 0x56, 0xf4, 0x39, 0xa8, 0xa8, 0x62}} , + {{0x3b, 0xbf, 0x55, 0x35, 0x61, 0x8b, 0x44, 0x97, 0xe8, 0x3a, 0x55, 0xc1, 0xc8, 0x3b, 0xfd, 0x95, 0x29, 0x11, 0x60, 0x96, 0x1e, 0xcb, 0x11, 0x9d, 0xc2, 0x03, 0x8a, 0x1b, 0xc6, 0xd6, 0x45, 0x3d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x7e, 0x0e, 0x50, 0xb2, 0xcc, 0x0d, 0x6b, 0xa6, 0x71, 0x5b, 0x42, 0xed, 0xbd, 0xaf, 0xac, 0xf0, 0xfc, 0x12, 0xa2, 0x3f, 0x4e, 0xda, 0xe8, 0x11, 0xf3, 0x23, 0xe1, 0x04, 0x62, 0x03, 0x1c, 0x4e}} , + {{0xc8, 0xb1, 0x1b, 0x6f, 0x73, 0x61, 0x3d, 0x27, 0x0d, 0x7d, 0x7a, 0x25, 0x5f, 0x73, 0x0e, 0x2f, 0x93, 0xf6, 0x24, 0xd8, 0x4f, 0x90, 0xac, 0xa2, 0x62, 0x0a, 0xf0, 0x61, 0xd9, 0x08, 0x59, 0x6a}}}, +{{{0x6f, 0x2d, 0x55, 0xf8, 0x2f, 0x8e, 0xf0, 0x18, 0x3b, 0xea, 0xdd, 0x26, 0x72, 0xd1, 0xf5, 0xfe, 0xe5, 0xb8, 0xe6, 0xd3, 0x10, 0x48, 0x46, 0x49, 0x3a, 0x9f, 0x5e, 0x45, 0x6b, 0x90, 0xe8, 0x7f}} , + {{0xd3, 0x76, 0x69, 0x33, 0x7b, 0xb9, 0x40, 0x70, 0xee, 0xa6, 0x29, 0x6b, 0xdd, 0xd0, 0x5d, 0x8d, 0xc1, 0x3e, 0x4a, 0xea, 0x37, 0xb1, 0x03, 0x02, 0x03, 0x35, 0xf1, 0x28, 0x9d, 0xff, 0x00, 0x13}}}, +{{{0x7a, 0xdb, 0x12, 0xd2, 0x8a, 0x82, 0x03, 0x1b, 0x1e, 0xaf, 0xf9, 0x4b, 0x9c, 0xbe, 0xae, 0x7c, 0xe4, 0x94, 0x2a, 0x23, 0xb3, 0x62, 0x86, 0xe7, 0xfd, 0x23, 0xaa, 0x99, 0xbd, 0x2b, 0x11, 0x6c}} , + {{0x8d, 0xa6, 0xd5, 0xac, 0x9d, 0xcc, 0x68, 0x75, 0x7f, 0xc3, 0x4d, 0x4b, 0xdd, 0x6c, 0xbb, 0x11, 0x5a, 0x60, 0xe5, 0xbd, 0x7d, 0x27, 0x8b, 0xda, 0xb4, 0x95, 0xf6, 0x03, 0x27, 0xa4, 0x92, 0x3f}}}, +{{{0x22, 0xd6, 0xb5, 0x17, 0x84, 0xbf, 0x12, 0xcc, 0x23, 0x14, 0x4a, 0xdf, 0x14, 0x31, 0xbc, 0xa1, 0xac, 0x6e, 0xab, 0xfa, 0x57, 0x11, 0x53, 0xb3, 0x27, 0xe6, 0xf9, 0x47, 0x33, 0x44, 0x34, 0x1e}} , + {{0x79, 0xfc, 0xa6, 0xb4, 0x0b, 0x35, 0x20, 0xc9, 0x4d, 0x22, 0x84, 0xc4, 0xa9, 0x20, 0xec, 0x89, 0x94, 0xba, 0x66, 0x56, 0x48, 0xb9, 0x87, 0x7f, 0xca, 0x1e, 0x06, 0xed, 0xa5, 0x55, 0x59, 0x29}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x56, 0xe1, 0xf5, 0xf1, 0xd5, 0xab, 0xa8, 0x2b, 0xae, 0x89, 0xf3, 0xcf, 0x56, 0x9f, 0xf2, 0x4b, 0x31, 0xbc, 0x18, 0xa9, 0x06, 0x5b, 0xbe, 0xb4, 0x61, 0xf8, 0xb2, 0x06, 0x9c, 0x81, 0xab, 0x4c}} , + {{0x1f, 0x68, 0x76, 0x01, 0x16, 0x38, 0x2b, 0x0f, 0x77, 0x97, 0x92, 0x67, 0x4e, 0x86, 0x6a, 0x8b, 0xe5, 0xe8, 0x0c, 0xf7, 0x36, 0x39, 0xb5, 0x33, 0xe6, 0xcf, 0x5e, 0xbd, 0x18, 0xfb, 0x10, 0x1f}}}, +{{{0x83, 0xf0, 0x0d, 0x63, 0xef, 0x53, 0x6b, 0xb5, 0x6b, 0xf9, 0x83, 0xcf, 0xde, 0x04, 0x22, 0x9b, 0x2c, 0x0a, 0xe0, 0xa5, 0xd8, 0xc7, 0x9c, 0xa5, 0xa3, 0xf6, 0x6f, 0xcf, 0x90, 0x6b, 0x68, 0x7c}} , + {{0x33, 0x15, 0xd7, 0x7f, 0x1a, 0xd5, 0x21, 0x58, 0xc4, 0x18, 0xa5, 0xf0, 0xcc, 0x73, 0xa8, 0xfd, 0xfa, 0x18, 0xd1, 0x03, 0x91, 0x8d, 0x52, 0xd2, 0xa3, 0xa4, 0xd3, 0xb1, 0xea, 0x1d, 0x0f, 0x00}}}, +{{{0xcc, 0x48, 0x83, 0x90, 0xe5, 0xfd, 0x3f, 0x84, 0xaa, 0xf9, 0x8b, 0x82, 0x59, 0x24, 0x34, 0x68, 0x4f, 0x1c, 0x23, 0xd9, 0xcc, 0x71, 0xe1, 0x7f, 0x8c, 0xaf, 0xf1, 0xee, 0x00, 0xb6, 0xa0, 0x77}} , + {{0xf5, 0x1a, 0x61, 0xf7, 0x37, 0x9d, 0x00, 0xf4, 0xf2, 0x69, 0x6f, 0x4b, 0x01, 0x85, 0x19, 0x45, 0x4d, 0x7f, 0x02, 0x7c, 0x6a, 0x05, 0x47, 0x6c, 0x1f, 0x81, 0x20, 0xd4, 0xe8, 0x50, 0x27, 0x72}}}, +{{{0x2c, 0x3a, 0xe5, 0xad, 0xf4, 0xdd, 0x2d, 0xf7, 0x5c, 0x44, 0xb5, 0x5b, 0x21, 0xa3, 0x89, 0x5f, 0x96, 0x45, 0xca, 0x4d, 0xa4, 0x21, 0x99, 0x70, 0xda, 0xc4, 0xc4, 0xa0, 0xe5, 0xf4, 0xec, 0x0a}} , + {{0x07, 0x68, 0x21, 0x65, 0xe9, 0x08, 0xa0, 0x0b, 0x6a, 0x4a, 0xba, 0xb5, 0x80, 0xaf, 0xd0, 0x1b, 0xc5, 0xf5, 0x4b, 0x73, 0x50, 0x60, 0x2d, 0x71, 0x69, 0x61, 0x0e, 0xc0, 0x20, 0x40, 0x30, 0x19}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0x75, 0x57, 0x3b, 0xeb, 0x5c, 0x14, 0x56, 0x50, 0xc9, 0x4f, 0xb8, 0xb8, 0x1e, 0xa3, 0xf4, 0xab, 0xf5, 0xa9, 0x20, 0x15, 0x94, 0x82, 0xda, 0x96, 0x1c, 0x9b, 0x59, 0x8c, 0xff, 0xf4, 0x51}} , + {{0xc1, 0x3a, 0x86, 0xd7, 0xb0, 0x06, 0x84, 0x7f, 0x1b, 0xbd, 0xd4, 0x07, 0x78, 0x80, 0x2e, 0xb1, 0xb4, 0xee, 0x52, 0x38, 0xee, 0x9a, 0xf9, 0xf6, 0xf3, 0x41, 0x6e, 0xd4, 0x88, 0x95, 0xac, 0x35}}}, +{{{0x41, 0x97, 0xbf, 0x71, 0x6a, 0x9b, 0x72, 0xec, 0xf3, 0xf8, 0x6b, 0xe6, 0x0e, 0x6c, 0x69, 0xa5, 0x2f, 0x68, 0x52, 0xd8, 0x61, 0x81, 0xc0, 0x63, 0x3f, 0xa6, 0x3c, 0x13, 0x90, 0xe6, 0x8d, 0x56}} , + {{0xe8, 0x39, 0x30, 0x77, 0x23, 0xb1, 0xfd, 0x1b, 0x3d, 0x3e, 0x74, 0x4d, 0x7f, 0xae, 0x5b, 0x3a, 0xb4, 0x65, 0x0e, 0x3a, 0x43, 0xdc, 0xdc, 0x41, 0x47, 0xe6, 0xe8, 0x92, 0x09, 0x22, 0x48, 0x4c}}}, +{{{0x85, 0x57, 0x9f, 0xb5, 0xc8, 0x06, 0xb2, 0x9f, 0x47, 0x3f, 0xf0, 0xfa, 0xe6, 0xa9, 0xb1, 0x9b, 0x6f, 0x96, 0x7d, 0xf9, 0xa4, 0x65, 0x09, 0x75, 0x32, 0xa6, 0x6c, 0x7f, 0x47, 0x4b, 0x2f, 0x4f}} , + {{0x34, 0xe9, 0x59, 0x93, 0x9d, 0x26, 0x80, 0x54, 0xf2, 0xcc, 0x3c, 0xc2, 0x25, 0x85, 0xe3, 0x6a, 0xc1, 0x62, 0x04, 0xa7, 0x08, 0x32, 0x6d, 0xa1, 0x39, 0x84, 0x8a, 0x3b, 0x87, 0x5f, 0x11, 0x13}}}, +{{{0xda, 0x03, 0x34, 0x66, 0xc4, 0x0c, 0x73, 0x6e, 0xbc, 0x24, 0xb5, 0xf9, 0x70, 0x81, 0x52, 0xe9, 0xf4, 0x7c, 0x23, 0xdd, 0x9f, 0xb8, 0x46, 0xef, 0x1d, 0x22, 0x55, 0x7d, 0x71, 0xc4, 0x42, 0x33}} , + {{0xc5, 0x37, 0x69, 0x5b, 0xa8, 0xc6, 0x9d, 0xa4, 0xfc, 0x61, 0x6e, 0x68, 0x46, 0xea, 0xd7, 0x1c, 0x67, 0xd2, 0x7d, 0xfa, 0xf1, 0xcc, 0x54, 0x8d, 0x36, 0x35, 0xc9, 0x00, 0xdf, 0x6c, 0x67, 0x50}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9a, 0x4d, 0x42, 0x29, 0x5d, 0xa4, 0x6b, 0x6f, 0xa8, 0x8a, 0x4d, 0x91, 0x7b, 0xd2, 0xdf, 0x36, 0xef, 0x01, 0x22, 0xc5, 0xcc, 0x8d, 0xeb, 0x58, 0x3d, 0xb3, 0x50, 0xfc, 0x8b, 0x97, 0x96, 0x33}} , + {{0x93, 0x33, 0x07, 0xc8, 0x4a, 0xca, 0xd0, 0xb1, 0xab, 0xbd, 0xdd, 0xa7, 0x7c, 0xac, 0x3e, 0x45, 0xcb, 0xcc, 0x07, 0x91, 0xbf, 0x35, 0x9d, 0xcb, 0x7d, 0x12, 0x3c, 0x11, 0x59, 0x13, 0xcf, 0x5c}}}, +{{{0x45, 0xb8, 0x41, 0xd7, 0xab, 0x07, 0x15, 0x00, 0x8e, 0xce, 0xdf, 0xb2, 0x43, 0x5c, 0x01, 0xdc, 0xf4, 0x01, 0x51, 0x95, 0x10, 0x5a, 0xf6, 0x24, 0x24, 0xa0, 0x19, 0x3a, 0x09, 0x2a, 0xaa, 0x3f}} , + {{0xdc, 0x8e, 0xeb, 0xc6, 0xbf, 0xdd, 0x11, 0x7b, 0xe7, 0x47, 0xe6, 0xce, 0xe7, 0xb6, 0xc5, 0xe8, 0x8a, 0xdc, 0x4b, 0x57, 0x15, 0x3b, 0x66, 0xca, 0x89, 0xa3, 0xfd, 0xac, 0x0d, 0xe1, 0x1d, 0x7a}}}, +{{{0x89, 0xef, 0xbf, 0x03, 0x75, 0xd0, 0x29, 0x50, 0xcb, 0x7d, 0xd6, 0xbe, 0xad, 0x5f, 0x7b, 0x00, 0x32, 0xaa, 0x98, 0xed, 0x3f, 0x8f, 0x92, 0xcb, 0x81, 0x56, 0x01, 0x63, 0x64, 0xa3, 0x38, 0x39}} , + {{0x8b, 0xa4, 0xd6, 0x50, 0xb4, 0xaa, 0x5d, 0x64, 0x64, 0x76, 0x2e, 0xa1, 0xa6, 0xb3, 0xb8, 0x7c, 0x7a, 0x56, 0xf5, 0x5c, 0x4e, 0x84, 0x5c, 0xfb, 0xdd, 0xca, 0x48, 0x8b, 0x48, 0xb9, 0xba, 0x34}}}, +{{{0xc5, 0xe3, 0xe8, 0xae, 0x17, 0x27, 0xe3, 0x64, 0x60, 0x71, 0x47, 0x29, 0x02, 0x0f, 0x92, 0x5d, 0x10, 0x93, 0xc8, 0x0e, 0xa1, 0xed, 0xba, 0xa9, 0x96, 0x1c, 0xc5, 0x76, 0x30, 0xcd, 0xf9, 0x30}} , + {{0x95, 0xb0, 0xbd, 0x8c, 0xbc, 0xa7, 0x4f, 0x7e, 0xfd, 0x4e, 0x3a, 0xbf, 0x5f, 0x04, 0x79, 0x80, 0x2b, 0x5a, 0x9f, 0x4f, 0x68, 0x21, 0x19, 0x71, 0xc6, 0x20, 0x01, 0x42, 0xaa, 0xdf, 0xae, 0x2c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x90, 0x6e, 0x7e, 0x4b, 0x71, 0x93, 0xc0, 0x72, 0xed, 0xeb, 0x71, 0x24, 0x97, 0x26, 0x9c, 0xfe, 0xcb, 0x3e, 0x59, 0x19, 0xa8, 0x0f, 0x75, 0x7d, 0xbe, 0x18, 0xe6, 0x96, 0x1e, 0x95, 0x70, 0x60}} , + {{0x89, 0x66, 0x3e, 0x1d, 0x4c, 0x5f, 0xfe, 0xc0, 0x04, 0x43, 0xd6, 0x44, 0x19, 0xb5, 0xad, 0xc7, 0x22, 0xdc, 0x71, 0x28, 0x64, 0xde, 0x41, 0x38, 0x27, 0x8f, 0x2c, 0x6b, 0x08, 0xb8, 0xb8, 0x7b}}}, +{{{0x3d, 0x70, 0x27, 0x9d, 0xd9, 0xaf, 0xb1, 0x27, 0xaf, 0xe3, 0x5d, 0x1e, 0x3a, 0x30, 0x54, 0x61, 0x60, 0xe8, 0xc3, 0x26, 0x3a, 0xbc, 0x7e, 0xf5, 0x81, 0xdd, 0x64, 0x01, 0x04, 0xeb, 0xc0, 0x1e}} , + {{0xda, 0x2c, 0xa4, 0xd1, 0xa1, 0xc3, 0x5c, 0x6e, 0x32, 0x07, 0x1f, 0xb8, 0x0e, 0x19, 0x9e, 0x99, 0x29, 0x33, 0x9a, 0xae, 0x7a, 0xed, 0x68, 0x42, 0x69, 0x7c, 0x07, 0xb3, 0x38, 0x2c, 0xf6, 0x3d}}}, +{{{0x64, 0xaa, 0xb5, 0x88, 0x79, 0x65, 0x38, 0x8c, 0x94, 0xd6, 0x62, 0x37, 0x7d, 0x64, 0xcd, 0x3a, 0xeb, 0xff, 0xe8, 0x81, 0x09, 0xc7, 0x6a, 0x50, 0x09, 0x0d, 0x28, 0x03, 0x0d, 0x9a, 0x93, 0x0a}} , + {{0x42, 0xa3, 0xf1, 0xc5, 0xb4, 0x0f, 0xd8, 0xc8, 0x8d, 0x15, 0x31, 0xbd, 0xf8, 0x07, 0x8b, 0xcd, 0x08, 0x8a, 0xfb, 0x18, 0x07, 0xfe, 0x8e, 0x52, 0x86, 0xef, 0xbe, 0xec, 0x49, 0x52, 0x99, 0x08}}}, +{{{0x0f, 0xa9, 0xd5, 0x01, 0xaa, 0x48, 0x4f, 0x28, 0x66, 0x32, 0x1a, 0xba, 0x7c, 0xea, 0x11, 0x80, 0x17, 0x18, 0x9b, 0x56, 0x88, 0x25, 0x06, 0x69, 0x12, 0x2c, 0xea, 0x56, 0x69, 0x41, 0x24, 0x19}} , + {{0xde, 0x21, 0xf0, 0xda, 0x8a, 0xfb, 0xb1, 0xb8, 0xcd, 0xc8, 0x6a, 0x82, 0x19, 0x73, 0xdb, 0xc7, 0xcf, 0x88, 0xeb, 0x96, 0xee, 0x6f, 0xfb, 0x06, 0xd2, 0xcd, 0x7d, 0x7b, 0x12, 0x28, 0x8e, 0x0c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x93, 0x44, 0x97, 0xce, 0x28, 0xff, 0x3a, 0x40, 0xc4, 0xf5, 0xf6, 0x9b, 0xf4, 0x6b, 0x07, 0x84, 0xfb, 0x98, 0xd8, 0xec, 0x8c, 0x03, 0x57, 0xec, 0x49, 0xed, 0x63, 0xb6, 0xaa, 0xff, 0x98, 0x28}} , + {{0x3d, 0x16, 0x35, 0xf3, 0x46, 0xbc, 0xb3, 0xf4, 0xc6, 0xb6, 0x4f, 0xfa, 0xf4, 0xa0, 0x13, 0xe6, 0x57, 0x45, 0x93, 0xb9, 0xbc, 0xd6, 0x59, 0xe7, 0x77, 0x94, 0x6c, 0xab, 0x96, 0x3b, 0x4f, 0x09}}}, +{{{0x5a, 0xf7, 0x6b, 0x01, 0x12, 0x4f, 0x51, 0xc1, 0x70, 0x84, 0x94, 0x47, 0xb2, 0x01, 0x6c, 0x71, 0xd7, 0xcc, 0x17, 0x66, 0x0f, 0x59, 0x5d, 0x5d, 0x10, 0x01, 0x57, 0x11, 0xf5, 0xdd, 0xe2, 0x34}} , + {{0x26, 0xd9, 0x1f, 0x5c, 0x58, 0xac, 0x8b, 0x03, 0xd2, 0xc3, 0x85, 0x0f, 0x3a, 0xc3, 0x7f, 0x6d, 0x8e, 0x86, 0xcd, 0x52, 0x74, 0x8f, 0x55, 0x77, 0x17, 0xb7, 0x8e, 0xb7, 0x88, 0xea, 0xda, 0x1b}}}, +{{{0xb6, 0xea, 0x0e, 0x40, 0x93, 0x20, 0x79, 0x35, 0x6a, 0x61, 0x84, 0x5a, 0x07, 0x6d, 0xf9, 0x77, 0x6f, 0xed, 0x69, 0x1c, 0x0d, 0x25, 0x76, 0xcc, 0xf0, 0xdb, 0xbb, 0xc5, 0xad, 0xe2, 0x26, 0x57}} , + {{0xcf, 0xe8, 0x0e, 0x6b, 0x96, 0x7d, 0xed, 0x27, 0xd1, 0x3c, 0xa9, 0xd9, 0x50, 0xa9, 0x98, 0x84, 0x5e, 0x86, 0xef, 0xd6, 0xf0, 0xf8, 0x0e, 0x89, 0x05, 0x2f, 0xd9, 0x5f, 0x15, 0x5f, 0x73, 0x79}}}, +{{{0xc8, 0x5c, 0x16, 0xfe, 0xed, 0x9f, 0x26, 0x56, 0xf6, 0x4b, 0x9f, 0xa7, 0x0a, 0x85, 0xfe, 0xa5, 0x8c, 0x87, 0xdd, 0x98, 0xce, 0x4e, 0xc3, 0x58, 0x55, 0xb2, 0x7b, 0x3d, 0xd8, 0x6b, 0xb5, 0x4c}} , + {{0x65, 0x38, 0xa0, 0x15, 0xfa, 0xa7, 0xb4, 0x8f, 0xeb, 0xc4, 0x86, 0x9b, 0x30, 0xa5, 0x5e, 0x4d, 0xea, 0x8a, 0x9a, 0x9f, 0x1a, 0xd8, 0x5b, 0x53, 0x14, 0x19, 0x25, 0x63, 0xb4, 0x6f, 0x1f, 0x5d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xac, 0x8f, 0xbc, 0x1e, 0x7d, 0x8b, 0x5a, 0x0b, 0x8d, 0xaf, 0x76, 0x2e, 0x71, 0xe3, 0x3b, 0x6f, 0x53, 0x2f, 0x3e, 0x90, 0x95, 0xd4, 0x35, 0x14, 0x4f, 0x8c, 0x3c, 0xce, 0x57, 0x1c, 0x76, 0x49}} , + {{0xa8, 0x50, 0xe1, 0x61, 0x6b, 0x57, 0x35, 0xeb, 0x44, 0x0b, 0x0c, 0x6e, 0xf9, 0x25, 0x80, 0x74, 0xf2, 0x8f, 0x6f, 0x7a, 0x3e, 0x7f, 0x2d, 0xf3, 0x4e, 0x09, 0x65, 0x10, 0x5e, 0x03, 0x25, 0x32}}}, +{{{0xa9, 0x60, 0xdc, 0x0f, 0x64, 0xe5, 0x1d, 0xe2, 0x8d, 0x4f, 0x79, 0x2f, 0x0e, 0x24, 0x02, 0x00, 0x05, 0x77, 0x43, 0x25, 0x3d, 0x6a, 0xc7, 0xb7, 0xbf, 0x04, 0x08, 0x65, 0xf4, 0x39, 0x4b, 0x65}} , + {{0x96, 0x19, 0x12, 0x6b, 0x6a, 0xb7, 0xe3, 0xdc, 0x45, 0x9b, 0xdb, 0xb4, 0xa8, 0xae, 0xdc, 0xa8, 0x14, 0x44, 0x65, 0x62, 0xce, 0x34, 0x9a, 0x84, 0x18, 0x12, 0x01, 0xf1, 0xe2, 0x7b, 0xce, 0x50}}}, +{{{0x41, 0x21, 0x30, 0x53, 0x1b, 0x47, 0x01, 0xb7, 0x18, 0xd8, 0x82, 0x57, 0xbd, 0xa3, 0x60, 0xf0, 0x32, 0xf6, 0x5b, 0xf0, 0x30, 0x88, 0x91, 0x59, 0xfd, 0x90, 0xa2, 0xb9, 0x55, 0x93, 0x21, 0x34}} , + {{0x97, 0x67, 0x9e, 0xeb, 0x6a, 0xf9, 0x6e, 0xd6, 0x73, 0xe8, 0x6b, 0x29, 0xec, 0x63, 0x82, 0x00, 0xa8, 0x99, 0x1c, 0x1d, 0x30, 0xc8, 0x90, 0x52, 0x90, 0xb6, 0x6a, 0x80, 0x4e, 0xff, 0x4b, 0x51}}}, +{{{0x0f, 0x7d, 0x63, 0x8c, 0x6e, 0x5c, 0xde, 0x30, 0xdf, 0x65, 0xfa, 0x2e, 0xb0, 0xa3, 0x25, 0x05, 0x54, 0xbd, 0x25, 0xba, 0x06, 0xae, 0xdf, 0x8b, 0xd9, 0x1b, 0xea, 0x38, 0xb3, 0x05, 0x16, 0x09}} , + {{0xc7, 0x8c, 0xbf, 0x64, 0x28, 0xad, 0xf8, 0xa5, 0x5a, 0x6f, 0xc9, 0xba, 0xd5, 0x7f, 0xd5, 0xd6, 0xbd, 0x66, 0x2f, 0x3d, 0xaa, 0x54, 0xf6, 0xba, 0x32, 0x22, 0x9a, 0x1e, 0x52, 0x05, 0xf4, 0x1d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xaa, 0x1f, 0xbb, 0xeb, 0xfe, 0xe4, 0x87, 0xfc, 0xb1, 0x2c, 0xb7, 0x88, 0xf4, 0xc6, 0xb9, 0xf5, 0x24, 0x46, 0xf2, 0xa5, 0x9f, 0x8f, 0x8a, 0x93, 0x70, 0x69, 0xd4, 0x56, 0xec, 0xfd, 0x06, 0x46}} , + {{0x4e, 0x66, 0xcf, 0x4e, 0x34, 0xce, 0x0c, 0xd9, 0xa6, 0x50, 0xd6, 0x5e, 0x95, 0xaf, 0xe9, 0x58, 0xfa, 0xee, 0x9b, 0xb8, 0xa5, 0x0f, 0x35, 0xe0, 0x43, 0x82, 0x6d, 0x65, 0xe6, 0xd9, 0x00, 0x0f}}}, +{{{0x7b, 0x75, 0x3a, 0xfc, 0x64, 0xd3, 0x29, 0x7e, 0xdd, 0x49, 0x9a, 0x59, 0x53, 0xbf, 0xb4, 0xa7, 0x52, 0xb3, 0x05, 0xab, 0xc3, 0xaf, 0x16, 0x1a, 0x85, 0x42, 0x32, 0xa2, 0x86, 0xfa, 0x39, 0x43}} , + {{0x0e, 0x4b, 0xa3, 0x63, 0x8a, 0xfe, 0xa5, 0x58, 0xf1, 0x13, 0xbd, 0x9d, 0xaa, 0x7f, 0x76, 0x40, 0x70, 0x81, 0x10, 0x75, 0x99, 0xbb, 0xbe, 0x0b, 0x16, 0xe9, 0xba, 0x62, 0x34, 0xcc, 0x07, 0x6d}}}, +{{{0xc3, 0xf1, 0xc6, 0x93, 0x65, 0xee, 0x0b, 0xbc, 0xea, 0x14, 0xf0, 0xc1, 0xf8, 0x84, 0x89, 0xc2, 0xc9, 0xd7, 0xea, 0x34, 0xca, 0xa7, 0xc4, 0x99, 0xd5, 0x50, 0x69, 0xcb, 0xd6, 0x21, 0x63, 0x7c}} , + {{0x99, 0xeb, 0x7c, 0x31, 0x73, 0x64, 0x67, 0x7f, 0x0c, 0x66, 0xaa, 0x8c, 0x69, 0x91, 0xe2, 0x26, 0xd3, 0x23, 0xe2, 0x76, 0x5d, 0x32, 0x52, 0xdf, 0x5d, 0xc5, 0x8f, 0xb7, 0x7c, 0x84, 0xb3, 0x70}}}, +{{{0xeb, 0x01, 0xc7, 0x36, 0x97, 0x4e, 0xb6, 0xab, 0x5f, 0x0d, 0x2c, 0xba, 0x67, 0x64, 0x55, 0xde, 0xbc, 0xff, 0xa6, 0xec, 0x04, 0xd3, 0x8d, 0x39, 0x56, 0x5e, 0xee, 0xf8, 0xe4, 0x2e, 0x33, 0x62}} , + {{0x65, 0xef, 0xb8, 0x9f, 0xc8, 0x4b, 0xa7, 0xfd, 0x21, 0x49, 0x9b, 0x92, 0x35, 0x82, 0xd6, 0x0a, 0x9b, 0xf2, 0x79, 0xf1, 0x47, 0x2f, 0x6a, 0x7e, 0x9f, 0xcf, 0x18, 0x02, 0x3c, 0xfb, 0x1b, 0x3e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2f, 0x8b, 0xc8, 0x40, 0x51, 0xd1, 0xac, 0x1a, 0x0b, 0xe4, 0xa9, 0xa2, 0x42, 0x21, 0x19, 0x2f, 0x7b, 0x97, 0xbf, 0xf7, 0x57, 0x6d, 0x3f, 0x3d, 0x4f, 0x0f, 0xe2, 0xb2, 0x81, 0x00, 0x9e, 0x7b}} , + {{0x8c, 0x85, 0x2b, 0xc4, 0xfc, 0xf1, 0xab, 0xe8, 0x79, 0x22, 0xc4, 0x84, 0x17, 0x3a, 0xfa, 0x86, 0xa6, 0x7d, 0xf9, 0xf3, 0x6f, 0x03, 0x57, 0x20, 0x4d, 0x79, 0xf9, 0x6e, 0x71, 0x54, 0x38, 0x09}}}, +{{{0x40, 0x29, 0x74, 0xa8, 0x2f, 0x5e, 0xf9, 0x79, 0xa4, 0xf3, 0x3e, 0xb9, 0xfd, 0x33, 0x31, 0xac, 0x9a, 0x69, 0x88, 0x1e, 0x77, 0x21, 0x2d, 0xf3, 0x91, 0x52, 0x26, 0x15, 0xb2, 0xa6, 0xcf, 0x7e}} , + {{0xc6, 0x20, 0x47, 0x6c, 0xa4, 0x7d, 0xcb, 0x63, 0xea, 0x5b, 0x03, 0xdf, 0x3e, 0x88, 0x81, 0x6d, 0xce, 0x07, 0x42, 0x18, 0x60, 0x7e, 0x7b, 0x55, 0xfe, 0x6a, 0xf3, 0xda, 0x5c, 0x8b, 0x95, 0x10}}}, +{{{0x62, 0xe4, 0x0d, 0x03, 0xb4, 0xd7, 0xcd, 0xfa, 0xbd, 0x46, 0xdf, 0x93, 0x71, 0x10, 0x2c, 0xa8, 0x3b, 0xb6, 0x09, 0x05, 0x70, 0x84, 0x43, 0x29, 0xa8, 0x59, 0xf5, 0x8e, 0x10, 0xe4, 0xd7, 0x20}} , + {{0x57, 0x82, 0x1c, 0xab, 0xbf, 0x62, 0x70, 0xe8, 0xc4, 0xcf, 0xf0, 0x28, 0x6e, 0x16, 0x3c, 0x08, 0x78, 0x89, 0x85, 0x46, 0x0f, 0xf6, 0x7f, 0xcf, 0xcb, 0x7e, 0xb8, 0x25, 0xe9, 0x5a, 0xfa, 0x03}}}, +{{{0xfb, 0x95, 0x92, 0x63, 0x50, 0xfc, 0x62, 0xf0, 0xa4, 0x5e, 0x8c, 0x18, 0xc2, 0x17, 0x24, 0xb7, 0x78, 0xc2, 0xa9, 0xe7, 0x6a, 0x32, 0xd6, 0x29, 0x85, 0xaf, 0xcb, 0x8d, 0x91, 0x13, 0xda, 0x6b}} , + {{0x36, 0x0a, 0xc2, 0xb6, 0x4b, 0xa5, 0x5d, 0x07, 0x17, 0x41, 0x31, 0x5f, 0x62, 0x46, 0xf8, 0x92, 0xf9, 0x66, 0x48, 0x73, 0xa6, 0x97, 0x0d, 0x7d, 0x88, 0xee, 0x62, 0xb1, 0x03, 0xa8, 0x3f, 0x2c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x4a, 0xb1, 0x70, 0x8a, 0xa9, 0xe8, 0x63, 0x79, 0x00, 0xe2, 0x25, 0x16, 0xca, 0x4b, 0x0f, 0xa4, 0x66, 0xad, 0x19, 0x9f, 0x88, 0x67, 0x0c, 0x8b, 0xc2, 0x4a, 0x5b, 0x2b, 0x6d, 0x95, 0xaf, 0x19}} , + {{0x8b, 0x9d, 0xb6, 0xcc, 0x60, 0xb4, 0x72, 0x4f, 0x17, 0x69, 0x5a, 0x4a, 0x68, 0x34, 0xab, 0xa1, 0x45, 0x32, 0x3c, 0x83, 0x87, 0x72, 0x30, 0x54, 0x77, 0x68, 0xae, 0xfb, 0xb5, 0x8b, 0x22, 0x5e}}}, +{{{0xf1, 0xb9, 0x87, 0x35, 0xc5, 0xbb, 0xb9, 0xcf, 0xf5, 0xd6, 0xcd, 0xd5, 0x0c, 0x7c, 0x0e, 0xe6, 0x90, 0x34, 0xfb, 0x51, 0x42, 0x1e, 0x6d, 0xac, 0x9a, 0x46, 0xc4, 0x97, 0x29, 0x32, 0xbf, 0x45}} , + {{0x66, 0x9e, 0xc6, 0x24, 0xc0, 0xed, 0xa5, 0x5d, 0x88, 0xd4, 0xf0, 0x73, 0x97, 0x7b, 0xea, 0x7f, 0x42, 0xff, 0x21, 0xa0, 0x9b, 0x2f, 0x9a, 0xfd, 0x53, 0x57, 0x07, 0x84, 0x48, 0x88, 0x9d, 0x52}}}, +{{{0xc6, 0x96, 0x48, 0x34, 0x2a, 0x06, 0xaf, 0x94, 0x3d, 0xf4, 0x1a, 0xcf, 0xf2, 0xc0, 0x21, 0xc2, 0x42, 0x5e, 0xc8, 0x2f, 0x35, 0xa2, 0x3e, 0x29, 0xfa, 0x0c, 0x84, 0xe5, 0x89, 0x72, 0x7c, 0x06}} , + {{0x32, 0x65, 0x03, 0xe5, 0x89, 0xa6, 0x6e, 0xb3, 0x5b, 0x8e, 0xca, 0xeb, 0xfe, 0x22, 0x56, 0x8b, 0x5d, 0x14, 0x4b, 0x4d, 0xf9, 0xbe, 0xb5, 0xf5, 0xe6, 0x5c, 0x7b, 0x8b, 0xf4, 0x13, 0x11, 0x34}}}, +{{{0x07, 0xc6, 0x22, 0x15, 0xe2, 0x9c, 0x60, 0xa2, 0x19, 0xd9, 0x27, 0xae, 0x37, 0x4e, 0xa6, 0xc9, 0x80, 0xa6, 0x91, 0x8f, 0x12, 0x49, 0xe5, 0x00, 0x18, 0x47, 0xd1, 0xd7, 0x28, 0x22, 0x63, 0x39}} , + {{0xe8, 0xe2, 0x00, 0x7e, 0xf2, 0x9e, 0x1e, 0x99, 0x39, 0x95, 0x04, 0xbd, 0x1e, 0x67, 0x7b, 0xb2, 0x26, 0xac, 0xe6, 0xaa, 0xe2, 0x46, 0xd5, 0xe4, 0xe8, 0x86, 0xbd, 0xab, 0x7c, 0x55, 0x59, 0x6f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x24, 0x64, 0x6e, 0x9b, 0x35, 0x71, 0x78, 0xce, 0x33, 0x03, 0x21, 0x33, 0x36, 0xf1, 0x73, 0x9b, 0xb9, 0x15, 0x8b, 0x2c, 0x69, 0xcf, 0x4d, 0xed, 0x4f, 0x4d, 0x57, 0x14, 0x13, 0x82, 0xa4, 0x4d}} , + {{0x65, 0x6e, 0x0a, 0xa4, 0x59, 0x07, 0x17, 0xf2, 0x6b, 0x4a, 0x1f, 0x6e, 0xf6, 0xb5, 0xbc, 0x62, 0xe4, 0xb6, 0xda, 0xa2, 0x93, 0xbc, 0x29, 0x05, 0xd2, 0xd2, 0x73, 0x46, 0x03, 0x16, 0x40, 0x31}}}, +{{{0x4c, 0x73, 0x6d, 0x15, 0xbd, 0xa1, 0x4d, 0x5c, 0x13, 0x0b, 0x24, 0x06, 0x98, 0x78, 0x1c, 0x5b, 0xeb, 0x1f, 0x18, 0x54, 0x43, 0xd9, 0x55, 0x66, 0xda, 0x29, 0x21, 0xe8, 0xb8, 0x3c, 0x42, 0x22}} , + {{0xb4, 0xcd, 0x08, 0x6f, 0x15, 0x23, 0x1a, 0x0b, 0x22, 0xed, 0xd1, 0xf1, 0xa7, 0xc7, 0x73, 0x45, 0xf3, 0x9e, 0xce, 0x76, 0xb7, 0xf6, 0x39, 0xb6, 0x8e, 0x79, 0xbe, 0xe9, 0x9b, 0xcf, 0x7d, 0x62}}}, +{{{0x92, 0x5b, 0xfc, 0x72, 0xfd, 0xba, 0xf1, 0xfd, 0xa6, 0x7c, 0x95, 0xe3, 0x61, 0x3f, 0xe9, 0x03, 0xd4, 0x2b, 0xd4, 0x20, 0xd9, 0xdb, 0x4d, 0x32, 0x3e, 0xf5, 0x11, 0x64, 0xe3, 0xb4, 0xbe, 0x32}} , + {{0x86, 0x17, 0x90, 0xe7, 0xc9, 0x1f, 0x10, 0xa5, 0x6a, 0x2d, 0x39, 0xd0, 0x3b, 0xc4, 0xa6, 0xe9, 0x59, 0x13, 0xda, 0x1a, 0xe6, 0xa0, 0xb9, 0x3c, 0x50, 0xb8, 0x40, 0x7c, 0x15, 0x36, 0x5a, 0x42}}}, +{{{0xb4, 0x0b, 0x32, 0xab, 0xdc, 0x04, 0x51, 0x55, 0x21, 0x1e, 0x0b, 0x75, 0x99, 0x89, 0x73, 0x35, 0x3a, 0x91, 0x2b, 0xfe, 0xe7, 0x49, 0xea, 0x76, 0xc1, 0xf9, 0x46, 0xb9, 0x53, 0x02, 0x23, 0x04}} , + {{0xfc, 0x5a, 0x1e, 0x1d, 0x74, 0x58, 0x95, 0xa6, 0x8f, 0x7b, 0x97, 0x3e, 0x17, 0x3b, 0x79, 0x2d, 0xa6, 0x57, 0xef, 0x45, 0x02, 0x0b, 0x4d, 0x6e, 0x9e, 0x93, 0x8d, 0x2f, 0xd9, 0x9d, 0xdb, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc0, 0xd7, 0x56, 0x97, 0x58, 0x91, 0xde, 0x09, 0x4f, 0x9f, 0xbe, 0x63, 0xb0, 0x83, 0x86, 0x43, 0x5d, 0xbc, 0xe0, 0xf3, 0xc0, 0x75, 0xbf, 0x8b, 0x8e, 0xaa, 0xf7, 0x8b, 0x64, 0x6e, 0xb0, 0x63}} , + {{0x16, 0xae, 0x8b, 0xe0, 0x9b, 0x24, 0x68, 0x5c, 0x44, 0xc2, 0xd0, 0x08, 0xb7, 0x7b, 0x62, 0xfd, 0x7f, 0xd8, 0xd4, 0xb7, 0x50, 0xfd, 0x2c, 0x1b, 0xbf, 0x41, 0x95, 0xd9, 0x8e, 0xd8, 0x17, 0x1b}}}, +{{{0x86, 0x55, 0x37, 0x8e, 0xc3, 0x38, 0x48, 0x14, 0xb5, 0x97, 0xd2, 0xa7, 0x54, 0x45, 0xf1, 0x35, 0x44, 0x38, 0x9e, 0xf1, 0x1b, 0xb6, 0x34, 0x00, 0x3c, 0x96, 0xee, 0x29, 0x00, 0xea, 0x2c, 0x0b}} , + {{0xea, 0xda, 0x99, 0x9e, 0x19, 0x83, 0x66, 0x6d, 0xe9, 0x76, 0x87, 0x50, 0xd1, 0xfd, 0x3c, 0x60, 0x87, 0xc6, 0x41, 0xd9, 0x8e, 0xdb, 0x5e, 0xde, 0xaa, 0x9a, 0xd3, 0x28, 0xda, 0x95, 0xea, 0x47}}}, +{{{0xd0, 0x80, 0xba, 0x19, 0xae, 0x1d, 0xa9, 0x79, 0xf6, 0x3f, 0xac, 0x5d, 0x6f, 0x96, 0x1f, 0x2a, 0xce, 0x29, 0xb2, 0xff, 0x37, 0xf1, 0x94, 0x8f, 0x0c, 0xb5, 0x28, 0xba, 0x9a, 0x21, 0xf6, 0x66}} , + {{0x02, 0xfb, 0x54, 0xb8, 0x05, 0xf3, 0x81, 0x52, 0x69, 0x34, 0x46, 0x9d, 0x86, 0x76, 0x8f, 0xd7, 0xf8, 0x6a, 0x66, 0xff, 0xe6, 0xa7, 0x90, 0xf7, 0x5e, 0xcd, 0x6a, 0x9b, 0x55, 0xfc, 0x9d, 0x48}}}, +{{{0xbd, 0xaa, 0x13, 0xe6, 0xcd, 0x45, 0x4a, 0xa4, 0x59, 0x0a, 0x64, 0xb1, 0x98, 0xd6, 0x34, 0x13, 0x04, 0xe6, 0x97, 0x94, 0x06, 0xcb, 0xd4, 0x4e, 0xbb, 0x96, 0xcd, 0xd1, 0x57, 0xd1, 0xe3, 0x06}} , + {{0x7a, 0x6c, 0x45, 0x27, 0xc4, 0x93, 0x7f, 0x7d, 0x7c, 0x62, 0x50, 0x38, 0x3a, 0x6b, 0xb5, 0x88, 0xc6, 0xd9, 0xf1, 0x78, 0x19, 0xb9, 0x39, 0x93, 0x3d, 0xc9, 0xe0, 0x9c, 0x3c, 0xce, 0xf5, 0x72}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x24, 0xea, 0x23, 0x7d, 0x56, 0x2c, 0xe2, 0x59, 0x0e, 0x85, 0x60, 0x04, 0x88, 0x5a, 0x74, 0x1e, 0x4b, 0xef, 0x13, 0xda, 0x4c, 0xff, 0x83, 0x45, 0x85, 0x3f, 0x08, 0x95, 0x2c, 0x20, 0x13, 0x1f}} , + {{0x48, 0x5f, 0x27, 0x90, 0x5c, 0x02, 0x42, 0xad, 0x78, 0x47, 0x5c, 0xb5, 0x7e, 0x08, 0x85, 0x00, 0xfa, 0x7f, 0xfd, 0xfd, 0xe7, 0x09, 0x11, 0xf2, 0x7e, 0x1b, 0x38, 0x6c, 0x35, 0x6d, 0x33, 0x66}}}, +{{{0x93, 0x03, 0x36, 0x81, 0xac, 0xe4, 0x20, 0x09, 0x35, 0x4c, 0x45, 0xb2, 0x1e, 0x4c, 0x14, 0x21, 0xe6, 0xe9, 0x8a, 0x7b, 0x8d, 0xfe, 0x1e, 0xc6, 0x3e, 0xc1, 0x35, 0xfa, 0xe7, 0x70, 0x4e, 0x1d}} , + {{0x61, 0x2e, 0xc2, 0xdd, 0x95, 0x57, 0xd1, 0xab, 0x80, 0xe8, 0x63, 0x17, 0xb5, 0x48, 0xe4, 0x8a, 0x11, 0x9e, 0x72, 0xbe, 0x85, 0x8d, 0x51, 0x0a, 0xf2, 0x9f, 0xe0, 0x1c, 0xa9, 0x07, 0x28, 0x7b}}}, +{{{0xbb, 0x71, 0x14, 0x5e, 0x26, 0x8c, 0x3d, 0xc8, 0xe9, 0x7c, 0xd3, 0xd6, 0xd1, 0x2f, 0x07, 0x6d, 0xe6, 0xdf, 0xfb, 0x79, 0xd6, 0x99, 0x59, 0x96, 0x48, 0x40, 0x0f, 0x3a, 0x7b, 0xb2, 0xa0, 0x72}} , + {{0x4e, 0x3b, 0x69, 0xc8, 0x43, 0x75, 0x51, 0x6c, 0x79, 0x56, 0xe4, 0xcb, 0xf7, 0xa6, 0x51, 0xc2, 0x2c, 0x42, 0x0b, 0xd4, 0x82, 0x20, 0x1c, 0x01, 0x08, 0x66, 0xd7, 0xbf, 0x04, 0x56, 0xfc, 0x02}}}, +{{{0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c}} , + {{0x6b, 0xa6, 0xf5, 0x4b, 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 0xe6, 0x99, 0x2c, 0x5f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x85, 0xe0, 0x24, 0x32, 0xb4, 0xd1, 0xef, 0xfc, 0x69, 0xa2, 0xbf, 0x8f, 0x72, 0x2c, 0x95, 0xf6, 0xe4, 0x6e, 0x7d, 0x90, 0xf7, 0x57, 0x81, 0xa0, 0xf7, 0xda, 0xef, 0x33, 0x07, 0xe3, 0x6b, 0x78}} , + {{0x36, 0x27, 0x3e, 0xc6, 0x12, 0x07, 0xab, 0x4e, 0xbe, 0x69, 0x9d, 0xb3, 0xbe, 0x08, 0x7c, 0x2a, 0x47, 0x08, 0xfd, 0xd4, 0xcd, 0x0e, 0x27, 0x34, 0x5b, 0x98, 0x34, 0x2f, 0x77, 0x5f, 0x3a, 0x65}}}, +{{{0x13, 0xaa, 0x2e, 0x4c, 0xf0, 0x22, 0xb8, 0x6c, 0xb3, 0x19, 0x4d, 0xeb, 0x6b, 0xd0, 0xa4, 0xc6, 0x9c, 0xdd, 0xc8, 0x5b, 0x81, 0x57, 0x89, 0xdf, 0x33, 0xa9, 0x68, 0x49, 0x80, 0xe4, 0xfe, 0x21}} , + {{0x00, 0x17, 0x90, 0x30, 0xe9, 0xd3, 0x60, 0x30, 0x31, 0xc2, 0x72, 0x89, 0x7a, 0x36, 0xa5, 0xbd, 0x39, 0x83, 0x85, 0x50, 0xa1, 0x5d, 0x6c, 0x41, 0x1d, 0xb5, 0x2c, 0x07, 0x40, 0x77, 0x0b, 0x50}}}, +{{{0x64, 0x34, 0xec, 0xc0, 0x9e, 0x44, 0x41, 0xaf, 0xa0, 0x36, 0x05, 0x6d, 0xea, 0x30, 0x25, 0x46, 0x35, 0x24, 0x9d, 0x86, 0xbd, 0x95, 0xf1, 0x6a, 0x46, 0xd7, 0x94, 0x54, 0xf9, 0x3b, 0xbd, 0x5d}} , + {{0x77, 0x5b, 0xe2, 0x37, 0xc7, 0xe1, 0x7c, 0x13, 0x8c, 0x9f, 0x7b, 0x7b, 0x2a, 0xce, 0x42, 0xa3, 0xb9, 0x2a, 0x99, 0xa8, 0xc0, 0xd8, 0x3c, 0x86, 0xb0, 0xfb, 0xe9, 0x76, 0x77, 0xf7, 0xf5, 0x56}}}, +{{{0xdf, 0xb3, 0x46, 0x11, 0x6e, 0x13, 0xb7, 0x28, 0x4e, 0x56, 0xdd, 0xf1, 0xac, 0xad, 0x58, 0xc3, 0xf8, 0x88, 0x94, 0x5e, 0x06, 0x98, 0xa1, 0xe4, 0x6a, 0xfb, 0x0a, 0x49, 0x5d, 0x8a, 0xfe, 0x77}} , + {{0x46, 0x02, 0xf5, 0xa5, 0xaf, 0xc5, 0x75, 0x6d, 0xba, 0x45, 0x35, 0x0a, 0xfe, 0xc9, 0xac, 0x22, 0x91, 0x8d, 0x21, 0x95, 0x33, 0x03, 0xc0, 0x8a, 0x16, 0xf3, 0x39, 0xe0, 0x01, 0x0f, 0x53, 0x3c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x34, 0x75, 0x37, 0x1f, 0x34, 0x4e, 0xa9, 0x1d, 0x68, 0x67, 0xf8, 0x49, 0x98, 0x96, 0xfc, 0x4c, 0x65, 0x97, 0xf7, 0x02, 0x4a, 0x52, 0x6c, 0x01, 0xbd, 0x48, 0xbb, 0x1b, 0xed, 0xa4, 0xe2, 0x53}} , + {{0x59, 0xd5, 0x9b, 0x5a, 0xa2, 0x90, 0xd3, 0xb8, 0x37, 0x4c, 0x55, 0x82, 0x28, 0x08, 0x0f, 0x7f, 0xaa, 0x81, 0x65, 0xe0, 0x0c, 0x52, 0xc9, 0xa3, 0x32, 0x27, 0x64, 0xda, 0xfd, 0x34, 0x23, 0x5a}}}, +{{{0xb5, 0xb0, 0x0c, 0x4d, 0xb3, 0x7b, 0x23, 0xc8, 0x1f, 0x8a, 0x39, 0x66, 0xe6, 0xba, 0x4c, 0x10, 0x37, 0xca, 0x9c, 0x7c, 0x05, 0x9e, 0xff, 0xc0, 0xf8, 0x8e, 0xb1, 0x8f, 0x6f, 0x67, 0x18, 0x26}} , + {{0x4b, 0x41, 0x13, 0x54, 0x23, 0x1a, 0xa4, 0x4e, 0xa9, 0x8b, 0x1e, 0x4b, 0xfc, 0x15, 0x24, 0xbb, 0x7e, 0xcb, 0xb6, 0x1e, 0x1b, 0xf5, 0xf2, 0xc8, 0x56, 0xec, 0x32, 0xa2, 0x60, 0x5b, 0xa0, 0x2a}}}, +{{{0xa4, 0x29, 0x47, 0x86, 0x2e, 0x92, 0x4f, 0x11, 0x4f, 0xf3, 0xb2, 0x5c, 0xd5, 0x3e, 0xa6, 0xb9, 0xc8, 0xe2, 0x33, 0x11, 0x1f, 0x01, 0x8f, 0xb0, 0x9b, 0xc7, 0xa5, 0xff, 0x83, 0x0f, 0x1e, 0x28}} , + {{0x1d, 0x29, 0x7a, 0xa1, 0xec, 0x8e, 0xb5, 0xad, 0xea, 0x02, 0x68, 0x60, 0x74, 0x29, 0x1c, 0xa5, 0xcf, 0xc8, 0x3b, 0x7d, 0x8b, 0x2b, 0x7c, 0xad, 0xa4, 0x40, 0x17, 0x51, 0x59, 0x7c, 0x2e, 0x5d}}}, +{{{0x0a, 0x6c, 0x4f, 0xbc, 0x3e, 0x32, 0xe7, 0x4a, 0x1a, 0x13, 0xc1, 0x49, 0x38, 0xbf, 0xf7, 0xc2, 0xd3, 0x8f, 0x6b, 0xad, 0x52, 0xf7, 0xcf, 0xbc, 0x27, 0xcb, 0x40, 0x67, 0x76, 0xcd, 0x6d, 0x56}} , + {{0xe5, 0xb0, 0x27, 0xad, 0xbe, 0x9b, 0xf2, 0xb5, 0x63, 0xde, 0x3a, 0x23, 0x95, 0xb7, 0x0a, 0x7e, 0xf3, 0x9e, 0x45, 0x6f, 0x19, 0x39, 0x75, 0x8f, 0x39, 0x3d, 0x0f, 0xc0, 0x9f, 0xf1, 0xe9, 0x51}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x88, 0xaa, 0x14, 0x24, 0x86, 0x94, 0x11, 0x12, 0x3e, 0x1a, 0xb5, 0xcc, 0xbb, 0xe0, 0x9c, 0xd5, 0x9c, 0x6d, 0xba, 0x58, 0x72, 0x8d, 0xfb, 0x22, 0x7b, 0x9f, 0x7c, 0x94, 0x30, 0xb3, 0x51, 0x21}} , + {{0xf6, 0x74, 0x3d, 0xf2, 0xaf, 0xd0, 0x1e, 0x03, 0x7c, 0x23, 0x6b, 0xc9, 0xfc, 0x25, 0x70, 0x90, 0xdc, 0x9a, 0xa4, 0xfb, 0x49, 0xfc, 0x3d, 0x0a, 0x35, 0x38, 0x6f, 0xe4, 0x7e, 0x50, 0x01, 0x2a}}}, +{{{0xd6, 0xe3, 0x96, 0x61, 0x3a, 0xfd, 0xef, 0x9b, 0x1f, 0x90, 0xa4, 0x24, 0x14, 0x5b, 0xc8, 0xde, 0x50, 0xb1, 0x1d, 0xaf, 0xe8, 0x55, 0x8a, 0x87, 0x0d, 0xfe, 0xaa, 0x3b, 0x82, 0x2c, 0x8d, 0x7b}} , + {{0x85, 0x0c, 0xaf, 0xf8, 0x83, 0x44, 0x49, 0xd9, 0x45, 0xcf, 0xf7, 0x48, 0xd9, 0x53, 0xb4, 0xf1, 0x65, 0xa0, 0xe1, 0xc3, 0xb3, 0x15, 0xed, 0x89, 0x9b, 0x4f, 0x62, 0xb3, 0x57, 0xa5, 0x45, 0x1c}}}, +{{{0x8f, 0x12, 0xea, 0xaf, 0xd1, 0x1f, 0x79, 0x10, 0x0b, 0xf6, 0xa3, 0x7b, 0xea, 0xac, 0x8b, 0x57, 0x32, 0x62, 0xe7, 0x06, 0x12, 0x51, 0xa0, 0x3b, 0x43, 0x5e, 0xa4, 0x20, 0x78, 0x31, 0xce, 0x0d}} , + {{0x84, 0x7c, 0xc2, 0xa6, 0x91, 0x23, 0xce, 0xbd, 0xdc, 0xf9, 0xce, 0xd5, 0x75, 0x30, 0x22, 0xe6, 0xf9, 0x43, 0x62, 0x0d, 0xf7, 0x75, 0x9d, 0x7f, 0x8c, 0xff, 0x7d, 0xe4, 0x72, 0xac, 0x9f, 0x1c}}}, +{{{0x88, 0xc1, 0x99, 0xd0, 0x3c, 0x1c, 0x5d, 0xb4, 0xef, 0x13, 0x0f, 0x90, 0xb9, 0x36, 0x2f, 0x95, 0x95, 0xc6, 0xdc, 0xde, 0x0a, 0x51, 0xe2, 0x8d, 0xf3, 0xbc, 0x51, 0xec, 0xdf, 0xb1, 0xa2, 0x5f}} , + {{0x2e, 0x68, 0xa1, 0x23, 0x7d, 0x9b, 0x40, 0x69, 0x85, 0x7b, 0x42, 0xbf, 0x90, 0x4b, 0xd6, 0x40, 0x2f, 0xd7, 0x52, 0x52, 0xb2, 0x21, 0xde, 0x64, 0xbd, 0x88, 0xc3, 0x6d, 0xa5, 0xfa, 0x81, 0x3f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xfb, 0xfd, 0x47, 0x7b, 0x8a, 0x66, 0x9e, 0x79, 0x2e, 0x64, 0x82, 0xef, 0xf7, 0x21, 0xec, 0xf6, 0xd8, 0x86, 0x09, 0x31, 0x7c, 0xdd, 0x03, 0x6a, 0x58, 0xa0, 0x77, 0xb7, 0x9b, 0x8c, 0x87, 0x1f}} , + {{0x55, 0x47, 0xe4, 0xa8, 0x3d, 0x55, 0x21, 0x34, 0xab, 0x1d, 0xae, 0xe0, 0xf4, 0xea, 0xdb, 0xc5, 0xb9, 0x58, 0xbf, 0xc4, 0x2a, 0x89, 0x31, 0x1a, 0xf4, 0x2d, 0xe1, 0xca, 0x37, 0x99, 0x47, 0x59}}}, +{{{0xc7, 0xca, 0x63, 0xc1, 0x49, 0xa9, 0x35, 0x45, 0x55, 0x7e, 0xda, 0x64, 0x32, 0x07, 0x50, 0xf7, 0x32, 0xac, 0xde, 0x75, 0x58, 0x9b, 0x11, 0xb2, 0x3a, 0x1f, 0xf5, 0xf7, 0x79, 0x04, 0xe6, 0x08}} , + {{0x46, 0xfa, 0x22, 0x4b, 0xfa, 0xe1, 0xfe, 0x96, 0xfc, 0x67, 0xba, 0x67, 0x97, 0xc4, 0xe7, 0x1b, 0x86, 0x90, 0x5f, 0xee, 0xf4, 0x5b, 0x11, 0xb2, 0xcd, 0xad, 0xee, 0xc2, 0x48, 0x6c, 0x2b, 0x1b}}}, +{{{0xe3, 0x39, 0x62, 0xb4, 0x4f, 0x31, 0x04, 0xc9, 0xda, 0xd5, 0x73, 0x51, 0x57, 0xc5, 0xb8, 0xf3, 0xa3, 0x43, 0x70, 0xe4, 0x61, 0x81, 0x84, 0xe2, 0xbb, 0xbf, 0x4f, 0x9e, 0xa4, 0x5e, 0x74, 0x06}} , + {{0x29, 0xac, 0xff, 0x27, 0xe0, 0x59, 0xbe, 0x39, 0x9c, 0x0d, 0x83, 0xd7, 0x10, 0x0b, 0x15, 0xb7, 0xe1, 0xc2, 0x2c, 0x30, 0x73, 0x80, 0x3a, 0x7d, 0x5d, 0xab, 0x58, 0x6b, 0xc1, 0xf0, 0xf4, 0x22}}}, +{{{0xfe, 0x7f, 0xfb, 0x35, 0x7d, 0xc6, 0x01, 0x23, 0x28, 0xc4, 0x02, 0xac, 0x1f, 0x42, 0xb4, 0x9d, 0xfc, 0x00, 0x94, 0xa5, 0xee, 0xca, 0xda, 0x97, 0x09, 0x41, 0x77, 0x87, 0x5d, 0x7b, 0x87, 0x78}} , + {{0xf5, 0xfb, 0x90, 0x2d, 0x81, 0x19, 0x9e, 0x2f, 0x6d, 0x85, 0x88, 0x8c, 0x40, 0x5c, 0x77, 0x41, 0x4d, 0x01, 0x19, 0x76, 0x60, 0xe8, 0x4c, 0x48, 0xe4, 0x33, 0x83, 0x32, 0x6c, 0xb4, 0x41, 0x03}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xff, 0x10, 0xc2, 0x09, 0x4f, 0x6e, 0xf4, 0xd2, 0xdf, 0x7e, 0xca, 0x7b, 0x1c, 0x1d, 0xba, 0xa3, 0xb6, 0xda, 0x67, 0x33, 0xd4, 0x87, 0x36, 0x4b, 0x11, 0x20, 0x05, 0xa6, 0x29, 0xc1, 0x87, 0x17}} , + {{0xf6, 0x96, 0xca, 0x2f, 0xda, 0x38, 0xa7, 0x1b, 0xfc, 0xca, 0x7d, 0xfe, 0x08, 0x89, 0xe2, 0x47, 0x2b, 0x6a, 0x5d, 0x4b, 0xfa, 0xa1, 0xb4, 0xde, 0xb6, 0xc2, 0x31, 0x51, 0xf5, 0xe0, 0xa4, 0x0b}}}, +{{{0x5c, 0xe5, 0xc6, 0x04, 0x8e, 0x2b, 0x57, 0xbe, 0x38, 0x85, 0x23, 0xcb, 0xb7, 0xbe, 0x4f, 0xa9, 0xd3, 0x6e, 0x12, 0xaa, 0xd5, 0xb2, 0x2e, 0x93, 0x29, 0x9a, 0x4a, 0x88, 0x18, 0x43, 0xf5, 0x01}} , + {{0x50, 0xfc, 0xdb, 0xa2, 0x59, 0x21, 0x8d, 0xbd, 0x7e, 0x33, 0xae, 0x2f, 0x87, 0x1a, 0xd0, 0x97, 0xc7, 0x0d, 0x4d, 0x63, 0x01, 0xef, 0x05, 0x84, 0xec, 0x40, 0xdd, 0xa8, 0x0a, 0x4f, 0x70, 0x0b}}}, +{{{0x41, 0x69, 0x01, 0x67, 0x5c, 0xd3, 0x8a, 0xc5, 0xcf, 0x3f, 0xd1, 0x57, 0xd1, 0x67, 0x3e, 0x01, 0x39, 0xb5, 0xcb, 0x81, 0x56, 0x96, 0x26, 0xb6, 0xc2, 0xe7, 0x5c, 0xfb, 0x63, 0x97, 0x58, 0x06}} , + {{0x0c, 0x0e, 0xf3, 0xba, 0xf0, 0xe5, 0xba, 0xb2, 0x57, 0x77, 0xc6, 0x20, 0x9b, 0x89, 0x24, 0xbe, 0xf2, 0x9c, 0x8a, 0xba, 0x69, 0xc1, 0xf1, 0xb0, 0x4f, 0x2a, 0x05, 0x9a, 0xee, 0x10, 0x7e, 0x36}}}, +{{{0x3f, 0x26, 0xe9, 0x40, 0xe9, 0x03, 0xad, 0x06, 0x69, 0x91, 0xe0, 0xd1, 0x89, 0x60, 0x84, 0x79, 0xde, 0x27, 0x6d, 0xe6, 0x76, 0xbd, 0xea, 0xe6, 0xae, 0x48, 0xc3, 0x67, 0xc0, 0x57, 0xcd, 0x2f}} , + {{0x7f, 0xc1, 0xdc, 0xb9, 0xc7, 0xbc, 0x86, 0x3d, 0x55, 0x4b, 0x28, 0x7a, 0xfb, 0x4d, 0xc7, 0xf8, 0xbc, 0x67, 0x2a, 0x60, 0x4d, 0x8f, 0x07, 0x0b, 0x1a, 0x17, 0xbf, 0xfa, 0xac, 0xa7, 0x3d, 0x1a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x91, 0x3f, 0xed, 0x5e, 0x18, 0x78, 0x3f, 0x23, 0x2c, 0x0d, 0x8c, 0x44, 0x00, 0xe8, 0xfb, 0xe9, 0x8e, 0xd6, 0xd1, 0x36, 0x58, 0x57, 0x9e, 0xae, 0x4b, 0x5c, 0x0b, 0x07, 0xbc, 0x6b, 0x55, 0x2b}} , + {{0x6f, 0x4d, 0x17, 0xd7, 0xe1, 0x84, 0xd9, 0x78, 0xb1, 0x90, 0xfd, 0x2e, 0xb3, 0xb5, 0x19, 0x3f, 0x1b, 0xfa, 0xc0, 0x68, 0xb3, 0xdd, 0x00, 0x2e, 0x89, 0xbd, 0x7e, 0x80, 0x32, 0x13, 0xa0, 0x7b}}}, +{{{0x1a, 0x6f, 0x40, 0xaf, 0x44, 0x44, 0xb0, 0x43, 0x8f, 0x0d, 0xd0, 0x1e, 0xc4, 0x0b, 0x19, 0x5d, 0x8e, 0xfe, 0xc1, 0xf3, 0xc5, 0x5c, 0x91, 0xf8, 0x04, 0x4e, 0xbe, 0x90, 0xb4, 0x47, 0x5c, 0x3f}} , + {{0xb0, 0x3b, 0x2c, 0xf3, 0xfe, 0x32, 0x71, 0x07, 0x3f, 0xaa, 0xba, 0x45, 0x60, 0xa8, 0x8d, 0xea, 0x54, 0xcb, 0x39, 0x10, 0xb4, 0xf2, 0x8b, 0xd2, 0x14, 0x82, 0x42, 0x07, 0x8e, 0xe9, 0x7c, 0x53}}}, +{{{0xb0, 0xae, 0xc1, 0x8d, 0xc9, 0x8f, 0xb9, 0x7a, 0x77, 0xef, 0xba, 0x79, 0xa0, 0x3c, 0xa8, 0xf5, 0x6a, 0xe2, 0x3f, 0x5d, 0x00, 0xe3, 0x4b, 0x45, 0x24, 0x7b, 0x43, 0x78, 0x55, 0x1d, 0x2b, 0x1e}} , + {{0x01, 0xb8, 0xd6, 0x16, 0x67, 0xa0, 0x15, 0xb9, 0xe1, 0x58, 0xa4, 0xa7, 0x31, 0x37, 0x77, 0x2f, 0x8b, 0x12, 0x9f, 0xf4, 0x3f, 0xc7, 0x36, 0x66, 0xd2, 0xa8, 0x56, 0xf7, 0x7f, 0x74, 0xc6, 0x41}}}, +{{{0x5d, 0xf8, 0xb4, 0xa8, 0x30, 0xdd, 0xcc, 0x38, 0xa5, 0xd3, 0xca, 0xd8, 0xd1, 0xf8, 0xb2, 0x31, 0x91, 0xd4, 0x72, 0x05, 0x57, 0x4a, 0x3b, 0x82, 0x4a, 0xc6, 0x68, 0x20, 0xe2, 0x18, 0x41, 0x61}} , + {{0x19, 0xd4, 0x8d, 0x47, 0x29, 0x12, 0x65, 0xb0, 0x11, 0x78, 0x47, 0xb5, 0xcb, 0xa3, 0xa5, 0xfa, 0x05, 0x85, 0x54, 0xa9, 0x33, 0x97, 0x8d, 0x2b, 0xc2, 0xfe, 0x99, 0x35, 0x28, 0xe5, 0xeb, 0x63}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xb1, 0x3f, 0x3f, 0xef, 0xd8, 0xf4, 0xfc, 0xb3, 0xa0, 0x60, 0x50, 0x06, 0x2b, 0x29, 0x52, 0x70, 0x15, 0x0b, 0x24, 0x24, 0xf8, 0x5f, 0x79, 0x18, 0xcc, 0xff, 0x89, 0x99, 0x84, 0xa1, 0xae, 0x13}} , + {{0x44, 0x1f, 0xb8, 0xc2, 0x01, 0xc1, 0x30, 0x19, 0x55, 0x05, 0x60, 0x10, 0xa4, 0x6c, 0x2d, 0x67, 0x70, 0xe5, 0x25, 0x1b, 0xf2, 0xbf, 0xdd, 0xfb, 0x70, 0x2b, 0xa1, 0x8c, 0x9c, 0x94, 0x84, 0x08}}}, +{{{0xe7, 0xc4, 0x43, 0x4d, 0xc9, 0x2b, 0x69, 0x5d, 0x1d, 0x3c, 0xaf, 0xbb, 0x43, 0x38, 0x4e, 0x98, 0x3d, 0xed, 0x0d, 0x21, 0x03, 0xfd, 0xf0, 0x99, 0x47, 0x04, 0xb0, 0x98, 0x69, 0x55, 0x72, 0x0f}} , + {{0x5e, 0xdf, 0x15, 0x53, 0x3b, 0x86, 0x80, 0xb0, 0xf1, 0x70, 0x68, 0x8f, 0x66, 0x7c, 0x0e, 0x49, 0x1a, 0xd8, 0x6b, 0xfe, 0x4e, 0xef, 0xca, 0x47, 0xd4, 0x03, 0xc1, 0x37, 0x50, 0x9c, 0xc1, 0x16}}}, +{{{0xcd, 0x24, 0xc6, 0x3e, 0x0c, 0x82, 0x9b, 0x91, 0x2b, 0x61, 0x4a, 0xb2, 0x0f, 0x88, 0x55, 0x5f, 0x5a, 0x57, 0xff, 0xe5, 0x74, 0x0b, 0x13, 0x43, 0x00, 0xd8, 0x6b, 0xcf, 0xd2, 0x15, 0x03, 0x2c}} , + {{0xdc, 0xff, 0x15, 0x61, 0x2f, 0x4a, 0x2f, 0x62, 0xf2, 0x04, 0x2f, 0xb5, 0x0c, 0xb7, 0x1e, 0x3f, 0x74, 0x1a, 0x0f, 0xd7, 0xea, 0xcd, 0xd9, 0x7d, 0xf6, 0x12, 0x0e, 0x2f, 0xdb, 0x5a, 0x3b, 0x16}}}, +{{{0x1b, 0x37, 0x47, 0xe3, 0xf5, 0x9e, 0xea, 0x2c, 0x2a, 0xe7, 0x82, 0x36, 0xf4, 0x1f, 0x81, 0x47, 0x92, 0x4b, 0x69, 0x0e, 0x11, 0x8c, 0x5d, 0x53, 0x5b, 0x81, 0x27, 0x08, 0xbc, 0xa0, 0xae, 0x25}} , + {{0x69, 0x32, 0xa1, 0x05, 0x11, 0x42, 0x00, 0xd2, 0x59, 0xac, 0x4d, 0x62, 0x8b, 0x13, 0xe2, 0x50, 0x5d, 0xa0, 0x9d, 0x9b, 0xfd, 0xbb, 0x12, 0x41, 0x75, 0x41, 0x9e, 0xcc, 0xdc, 0xc7, 0xdc, 0x5d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd9, 0xe3, 0x38, 0x06, 0x46, 0x70, 0x82, 0x5e, 0x28, 0x49, 0x79, 0xff, 0x25, 0xd2, 0x4e, 0x29, 0x8d, 0x06, 0xb0, 0x23, 0xae, 0x9b, 0x66, 0xe4, 0x7d, 0xc0, 0x70, 0x91, 0xa3, 0xfc, 0xec, 0x4e}} , + {{0x62, 0x12, 0x37, 0x6a, 0x30, 0xf6, 0x1e, 0xfb, 0x14, 0x5c, 0x0d, 0x0e, 0xb7, 0x81, 0x6a, 0xe7, 0x08, 0x05, 0xac, 0xaa, 0x38, 0x46, 0xe2, 0x73, 0xea, 0x4b, 0x07, 0x81, 0x43, 0x7c, 0x9e, 0x5e}}}, +{{{0xfc, 0xf9, 0x21, 0x4f, 0x2e, 0x76, 0x9b, 0x1f, 0x28, 0x60, 0x77, 0x43, 0x32, 0x9d, 0xbe, 0x17, 0x30, 0x2a, 0xc6, 0x18, 0x92, 0x66, 0x62, 0x30, 0x98, 0x40, 0x11, 0xa6, 0x7f, 0x18, 0x84, 0x28}} , + {{0x3f, 0xab, 0xd3, 0xf4, 0x8a, 0x76, 0xa1, 0x3c, 0xca, 0x2d, 0x49, 0xc3, 0xea, 0x08, 0x0b, 0x85, 0x17, 0x2a, 0xc3, 0x6c, 0x08, 0xfd, 0x57, 0x9f, 0x3d, 0x5f, 0xdf, 0x67, 0x68, 0x42, 0x00, 0x32}}}, +{{{0x51, 0x60, 0x1b, 0x06, 0x4f, 0x8a, 0x21, 0xba, 0x38, 0xa8, 0xba, 0xd6, 0x40, 0xf6, 0xe9, 0x9b, 0x76, 0x4d, 0x56, 0x21, 0x5b, 0x0a, 0x9b, 0x2e, 0x4f, 0x3d, 0x81, 0x32, 0x08, 0x9f, 0x97, 0x5b}} , + {{0xe5, 0x44, 0xec, 0x06, 0x9d, 0x90, 0x79, 0x9f, 0xd3, 0xe0, 0x79, 0xaf, 0x8f, 0x10, 0xfd, 0xdd, 0x04, 0xae, 0x27, 0x97, 0x46, 0x33, 0x79, 0xea, 0xb8, 0x4e, 0xca, 0x5a, 0x59, 0x57, 0xe1, 0x0e}}}, +{{{0x1a, 0xda, 0xf3, 0xa5, 0x41, 0x43, 0x28, 0xfc, 0x7e, 0xe7, 0x71, 0xea, 0xc6, 0x3b, 0x59, 0xcc, 0x2e, 0xd3, 0x40, 0xec, 0xb3, 0x13, 0x6f, 0x44, 0xcd, 0x13, 0xb2, 0x37, 0xf2, 0x6e, 0xd9, 0x1c}} , + {{0xe3, 0xdb, 0x60, 0xcd, 0x5c, 0x4a, 0x18, 0x0f, 0xef, 0x73, 0x36, 0x71, 0x8c, 0xf6, 0x11, 0xb4, 0xd8, 0xce, 0x17, 0x5e, 0x4f, 0x26, 0x77, 0x97, 0x5f, 0xcb, 0xef, 0x91, 0xeb, 0x6a, 0x62, 0x7a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x18, 0x4a, 0xa2, 0x97, 0x08, 0x81, 0x2d, 0x83, 0xc4, 0xcc, 0xf0, 0x83, 0x7e, 0xec, 0x0d, 0x95, 0x4c, 0x5b, 0xfb, 0xfa, 0x98, 0x80, 0x4a, 0x66, 0x56, 0x0c, 0x51, 0xb3, 0xf2, 0x04, 0x5d, 0x27}} , + {{0x3b, 0xb9, 0xb8, 0x06, 0x5a, 0x2e, 0xfe, 0xc3, 0x82, 0x37, 0x9c, 0xa3, 0x11, 0x1f, 0x9c, 0xa6, 0xda, 0x63, 0x48, 0x9b, 0xad, 0xde, 0x2d, 0xa6, 0xbc, 0x6e, 0x32, 0xda, 0x27, 0x65, 0xdd, 0x57}}}, +{{{0x84, 0x4f, 0x37, 0x31, 0x7d, 0x2e, 0xbc, 0xad, 0x87, 0x07, 0x2a, 0x6b, 0x37, 0xfc, 0x5f, 0xeb, 0x4e, 0x75, 0x35, 0xa6, 0xde, 0xab, 0x0a, 0x19, 0x3a, 0xb7, 0xb1, 0xef, 0x92, 0x6a, 0x3b, 0x3c}} , + {{0x3b, 0xb2, 0x94, 0x6d, 0x39, 0x60, 0xac, 0xee, 0xe7, 0x81, 0x1a, 0x3b, 0x76, 0x87, 0x5c, 0x05, 0x94, 0x2a, 0x45, 0xb9, 0x80, 0xe9, 0x22, 0xb1, 0x07, 0xcb, 0x40, 0x9e, 0x70, 0x49, 0x6d, 0x12}}}, +{{{0xfd, 0x18, 0x78, 0x84, 0xa8, 0x4c, 0x7d, 0x6e, 0x59, 0xa6, 0xe5, 0x74, 0xf1, 0x19, 0xa6, 0x84, 0x2e, 0x51, 0xc1, 0x29, 0x13, 0xf2, 0x14, 0x6b, 0x5d, 0x53, 0x51, 0xf7, 0xef, 0xbf, 0x01, 0x22}} , + {{0xa4, 0x4b, 0x62, 0x4c, 0xe6, 0xfd, 0x72, 0x07, 0xf2, 0x81, 0xfc, 0xf2, 0xbd, 0x12, 0x7c, 0x68, 0x76, 0x2a, 0xba, 0xf5, 0x65, 0xb1, 0x1f, 0x17, 0x0a, 0x38, 0xb0, 0xbf, 0xc0, 0xf8, 0xf4, 0x2a}}}, +{{{0x55, 0x60, 0x55, 0x5b, 0xe4, 0x1d, 0x71, 0x4c, 0x9d, 0x5b, 0x9f, 0x70, 0xa6, 0x85, 0x9a, 0x2c, 0xa0, 0xe2, 0x32, 0x48, 0xce, 0x9e, 0x2a, 0xa5, 0x07, 0x3b, 0xc7, 0x6c, 0x86, 0x77, 0xde, 0x3c}} , + {{0xf7, 0x18, 0x7a, 0x96, 0x7e, 0x43, 0x57, 0xa9, 0x55, 0xfc, 0x4e, 0xb6, 0x72, 0x00, 0xf2, 0xe4, 0xd7, 0x52, 0xd3, 0xd3, 0xb6, 0x85, 0xf6, 0x71, 0xc7, 0x44, 0x3f, 0x7f, 0xd7, 0xb3, 0xf2, 0x79}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x46, 0xca, 0xa7, 0x55, 0x7b, 0x79, 0xf3, 0xca, 0x5a, 0x65, 0xf6, 0xed, 0x50, 0x14, 0x7b, 0xe4, 0xc4, 0x2a, 0x65, 0x9e, 0xe2, 0xf9, 0xca, 0xa7, 0x22, 0x26, 0x53, 0xcb, 0x21, 0x5b, 0xa7, 0x31}} , + {{0x90, 0xd7, 0xc5, 0x26, 0x08, 0xbd, 0xb0, 0x53, 0x63, 0x58, 0xc3, 0x31, 0x5e, 0x75, 0x46, 0x15, 0x91, 0xa6, 0xf8, 0x2f, 0x1a, 0x08, 0x65, 0x88, 0x2f, 0x98, 0x04, 0xf1, 0x7c, 0x6e, 0x00, 0x77}}}, +{{{0x81, 0x21, 0x61, 0x09, 0xf6, 0x4e, 0xf1, 0x92, 0xee, 0x63, 0x61, 0x73, 0x87, 0xc7, 0x54, 0x0e, 0x42, 0x4b, 0xc9, 0x47, 0xd1, 0xb8, 0x7e, 0x91, 0x75, 0x37, 0x99, 0x28, 0xb8, 0xdd, 0x7f, 0x50}} , + {{0x89, 0x8f, 0xc0, 0xbe, 0x5d, 0xd6, 0x9f, 0xa0, 0xf0, 0x9d, 0x81, 0xce, 0x3a, 0x7b, 0x98, 0x58, 0xbb, 0xd7, 0x78, 0xc8, 0x3f, 0x13, 0xf1, 0x74, 0x19, 0xdf, 0xf8, 0x98, 0x89, 0x5d, 0xfa, 0x5f}}}, +{{{0x9e, 0x35, 0x85, 0x94, 0x47, 0x1f, 0x90, 0x15, 0x26, 0xd0, 0x84, 0xed, 0x8a, 0x80, 0xf7, 0x63, 0x42, 0x86, 0x27, 0xd7, 0xf4, 0x75, 0x58, 0xdc, 0x9c, 0xc0, 0x22, 0x7e, 0x20, 0x35, 0xfd, 0x1f}} , + {{0x68, 0x0e, 0x6f, 0x97, 0xba, 0x70, 0xbb, 0xa3, 0x0e, 0xe5, 0x0b, 0x12, 0xf4, 0xa2, 0xdc, 0x47, 0xf8, 0xe6, 0xd0, 0x23, 0x6c, 0x33, 0xa8, 0x99, 0x46, 0x6e, 0x0f, 0x44, 0xba, 0x76, 0x48, 0x0f}}}, +{{{0xa3, 0x2a, 0x61, 0x37, 0xe2, 0x59, 0x12, 0x0e, 0x27, 0xba, 0x64, 0x43, 0xae, 0xc0, 0x42, 0x69, 0x79, 0xa4, 0x1e, 0x29, 0x8b, 0x15, 0xeb, 0xf8, 0xaf, 0xd4, 0xa2, 0x68, 0x33, 0xb5, 0x7a, 0x24}} , + {{0x2c, 0x19, 0x33, 0xdd, 0x1b, 0xab, 0xec, 0x01, 0xb0, 0x23, 0xf8, 0x42, 0x2b, 0x06, 0x88, 0xea, 0x3d, 0x2d, 0x00, 0x2a, 0x78, 0x45, 0x4d, 0x38, 0xed, 0x2e, 0x2e, 0x44, 0x49, 0xed, 0xcb, 0x33}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xa0, 0x68, 0xe8, 0x41, 0x8f, 0x91, 0xf8, 0x11, 0x13, 0x90, 0x2e, 0xa7, 0xab, 0x30, 0xef, 0xad, 0xa0, 0x61, 0x00, 0x88, 0xef, 0xdb, 0xce, 0x5b, 0x5c, 0xbb, 0x62, 0xc8, 0x56, 0xf9, 0x00, 0x73}} , + {{0x3f, 0x60, 0xc1, 0x82, 0x2d, 0xa3, 0x28, 0x58, 0x24, 0x9e, 0x9f, 0xe3, 0x70, 0xcc, 0x09, 0x4e, 0x1a, 0x3f, 0x11, 0x11, 0x15, 0x07, 0x3c, 0xa4, 0x41, 0xe0, 0x65, 0xa3, 0x0a, 0x41, 0x6d, 0x11}}}, +{{{0x31, 0x40, 0x01, 0x52, 0x56, 0x94, 0x5b, 0x28, 0x8a, 0xaa, 0x52, 0xee, 0xd8, 0x0a, 0x05, 0x8d, 0xcd, 0xb5, 0xaa, 0x2e, 0x38, 0xaa, 0xb7, 0x87, 0xf7, 0x2b, 0xfb, 0x04, 0xcb, 0x84, 0x3d, 0x54}} , + {{0x20, 0xef, 0x59, 0xde, 0xa4, 0x2b, 0x93, 0x6e, 0x2e, 0xec, 0x42, 0x9a, 0xd4, 0x2d, 0xf4, 0x46, 0x58, 0x27, 0x2b, 0x18, 0x8f, 0x83, 0x3d, 0x69, 0x9e, 0xd4, 0x3e, 0xb6, 0xc5, 0xfd, 0x58, 0x03}}}, +{{{0x33, 0x89, 0xc9, 0x63, 0x62, 0x1c, 0x17, 0xb4, 0x60, 0xc4, 0x26, 0x68, 0x09, 0xc3, 0x2e, 0x37, 0x0f, 0x7b, 0xb4, 0x9c, 0xb6, 0xf9, 0xfb, 0xd4, 0x51, 0x78, 0xc8, 0x63, 0xea, 0x77, 0x47, 0x07}} , + {{0x32, 0xb4, 0x18, 0x47, 0x79, 0xcb, 0xd4, 0x5a, 0x07, 0x14, 0x0f, 0xa0, 0xd5, 0xac, 0xd0, 0x41, 0x40, 0xab, 0x61, 0x23, 0xe5, 0x2a, 0x2a, 0x6f, 0xf7, 0xa8, 0xd4, 0x76, 0xef, 0xe7, 0x45, 0x6c}}}, +{{{0xa1, 0x5e, 0x60, 0x4f, 0xfb, 0xe1, 0x70, 0x6a, 0x1f, 0x55, 0x4f, 0x09, 0xb4, 0x95, 0x33, 0x36, 0xc6, 0x81, 0x01, 0x18, 0x06, 0x25, 0x27, 0xa4, 0xb4, 0x24, 0xa4, 0x86, 0x03, 0x4c, 0xac, 0x02}} , + {{0x77, 0x38, 0xde, 0xd7, 0x60, 0x48, 0x07, 0xf0, 0x74, 0xa8, 0xff, 0x54, 0xe5, 0x30, 0x43, 0xff, 0x77, 0xfb, 0x21, 0x07, 0xff, 0xb2, 0x07, 0x6b, 0xe4, 0xe5, 0x30, 0xfc, 0x19, 0x6c, 0xa3, 0x01}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x13, 0xc5, 0x2c, 0xac, 0xd3, 0x83, 0x82, 0x7c, 0x29, 0xf7, 0x05, 0xa5, 0x00, 0xb6, 0x1f, 0x86, 0x55, 0xf4, 0xd6, 0x2f, 0x0c, 0x99, 0xd0, 0x65, 0x9b, 0x6b, 0x46, 0x0d, 0x43, 0xf8, 0x16, 0x28}} , + {{0x1e, 0x7f, 0xb4, 0x74, 0x7e, 0xb1, 0x89, 0x4f, 0x18, 0x5a, 0xab, 0x64, 0x06, 0xdf, 0x45, 0x87, 0xe0, 0x6a, 0xc6, 0xf0, 0x0e, 0xc9, 0x24, 0x35, 0x38, 0xea, 0x30, 0x54, 0xb4, 0xc4, 0x52, 0x54}}}, +{{{0xe9, 0x9f, 0xdc, 0x3f, 0xc1, 0x89, 0x44, 0x74, 0x27, 0xe4, 0xc1, 0x90, 0xff, 0x4a, 0xa7, 0x3c, 0xee, 0xcd, 0xf4, 0x1d, 0x25, 0x94, 0x7f, 0x63, 0x16, 0x48, 0xbc, 0x64, 0xfe, 0x95, 0xc4, 0x0c}} , + {{0x8b, 0x19, 0x75, 0x6e, 0x03, 0x06, 0x5e, 0x6a, 0x6f, 0x1a, 0x8c, 0xe3, 0xd3, 0x28, 0xf2, 0xe0, 0xb9, 0x7a, 0x43, 0x69, 0xe6, 0xd3, 0xc0, 0xfe, 0x7e, 0x97, 0xab, 0x6c, 0x7b, 0x8e, 0x13, 0x42}}}, +{{{0xd4, 0xca, 0x70, 0x3d, 0xab, 0xfb, 0x5f, 0x5e, 0x00, 0x0c, 0xcc, 0x77, 0x22, 0xf8, 0x78, 0x55, 0xae, 0x62, 0x35, 0xfb, 0x9a, 0xc6, 0x03, 0xe4, 0x0c, 0xee, 0xab, 0xc7, 0xc0, 0x89, 0x87, 0x54}} , + {{0x32, 0xad, 0xae, 0x85, 0x58, 0x43, 0xb8, 0xb1, 0xe6, 0x3e, 0x00, 0x9c, 0x78, 0x88, 0x56, 0xdb, 0x9c, 0xfc, 0x79, 0xf6, 0xf9, 0x41, 0x5f, 0xb7, 0xbc, 0x11, 0xf9, 0x20, 0x36, 0x1c, 0x53, 0x2b}}}, +{{{0x5a, 0x20, 0x5b, 0xa1, 0xa5, 0x44, 0x91, 0x24, 0x02, 0x63, 0x12, 0x64, 0xb8, 0x55, 0xf6, 0xde, 0x2c, 0xdb, 0x47, 0xb8, 0xc6, 0x0a, 0xc3, 0x00, 0x78, 0x93, 0xd8, 0xf5, 0xf5, 0x18, 0x28, 0x0a}} , + {{0xd6, 0x1b, 0x9a, 0x6c, 0xe5, 0x46, 0xea, 0x70, 0x96, 0x8d, 0x4e, 0x2a, 0x52, 0x21, 0x26, 0x4b, 0xb1, 0xbb, 0x0f, 0x7c, 0xa9, 0x9b, 0x04, 0xbb, 0x51, 0x08, 0xf1, 0x9a, 0xa4, 0x76, 0x7c, 0x18}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xfa, 0x94, 0xf7, 0x40, 0xd0, 0xd7, 0xeb, 0xa9, 0x82, 0x36, 0xd5, 0x15, 0xb9, 0x33, 0x7a, 0xbf, 0x8a, 0xf2, 0x63, 0xaa, 0x37, 0xf5, 0x59, 0xac, 0xbd, 0xbb, 0x32, 0x36, 0xbe, 0x73, 0x99, 0x38}} , + {{0x2c, 0xb3, 0xda, 0x7a, 0xd8, 0x3d, 0x99, 0xca, 0xd2, 0xf4, 0xda, 0x99, 0x8e, 0x4f, 0x98, 0xb7, 0xf4, 0xae, 0x3e, 0x9f, 0x8e, 0x35, 0x60, 0xa4, 0x33, 0x75, 0xa4, 0x04, 0x93, 0xb1, 0x6b, 0x4d}}}, +{{{0x97, 0x9d, 0xa8, 0xcd, 0x97, 0x7b, 0x9d, 0xb9, 0xe7, 0xa5, 0xef, 0xfd, 0xa8, 0x42, 0x6b, 0xc3, 0x62, 0x64, 0x7d, 0xa5, 0x1b, 0xc9, 0x9e, 0xd2, 0x45, 0xb9, 0xee, 0x03, 0xb0, 0xbf, 0xc0, 0x68}} , + {{0xed, 0xb7, 0x84, 0x2c, 0xf6, 0xd3, 0xa1, 0x6b, 0x24, 0x6d, 0x87, 0x56, 0x97, 0x59, 0x79, 0x62, 0x9f, 0xac, 0xed, 0xf3, 0xc9, 0x89, 0x21, 0x2e, 0x04, 0xb3, 0xcc, 0x2f, 0xbe, 0xd6, 0x0a, 0x4b}}}, +{{{0x39, 0x61, 0x05, 0xed, 0x25, 0x89, 0x8b, 0x5d, 0x1b, 0xcb, 0x0c, 0x55, 0xf4, 0x6a, 0x00, 0x8a, 0x46, 0xe8, 0x1e, 0xc6, 0x83, 0xc8, 0x5a, 0x76, 0xdb, 0xcc, 0x19, 0x7a, 0xcc, 0x67, 0x46, 0x0b}} , + {{0x53, 0xcf, 0xc2, 0xa1, 0xad, 0x6a, 0xf3, 0xcd, 0x8f, 0xc9, 0xde, 0x1c, 0xf8, 0x6c, 0x8f, 0xf8, 0x76, 0x42, 0xe7, 0xfe, 0xb2, 0x72, 0x21, 0x0a, 0x66, 0x74, 0x8f, 0xb7, 0xeb, 0xe4, 0x6f, 0x01}}}, +{{{0x22, 0x8c, 0x6b, 0xbe, 0xfc, 0x4d, 0x70, 0x62, 0x6e, 0x52, 0x77, 0x99, 0x88, 0x7e, 0x7b, 0x57, 0x7a, 0x0d, 0xfe, 0xdc, 0x72, 0x92, 0xf1, 0x68, 0x1d, 0x97, 0xd7, 0x7c, 0x8d, 0x53, 0x10, 0x37}} , + {{0x53, 0x88, 0x77, 0x02, 0xca, 0x27, 0xa8, 0xe5, 0x45, 0xe2, 0xa8, 0x48, 0x2a, 0xab, 0x18, 0xca, 0xea, 0x2d, 0x2a, 0x54, 0x17, 0x37, 0x32, 0x09, 0xdc, 0xe0, 0x4a, 0xb7, 0x7d, 0x82, 0x10, 0x7d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x8a, 0x64, 0x1e, 0x14, 0x0a, 0x57, 0xd4, 0xda, 0x5c, 0x96, 0x9b, 0x01, 0x4c, 0x67, 0xbf, 0x8b, 0x30, 0xfe, 0x08, 0xdb, 0x0d, 0xd5, 0xa8, 0xd7, 0x09, 0x11, 0x85, 0xa2, 0xd3, 0x45, 0xfb, 0x7e}} , + {{0xda, 0x8c, 0xc2, 0xd0, 0xac, 0x18, 0xe8, 0x52, 0x36, 0xd4, 0x21, 0xa3, 0xdd, 0x57, 0x22, 0x79, 0xb7, 0xf8, 0x71, 0x9d, 0xc6, 0x91, 0x70, 0x86, 0x56, 0xbf, 0xa1, 0x11, 0x8b, 0x19, 0xe1, 0x0f}}}, +{{{0x18, 0x32, 0x98, 0x2c, 0x8f, 0x91, 0xae, 0x12, 0xf0, 0x8c, 0xea, 0xf3, 0x3c, 0xb9, 0x5d, 0xe4, 0x69, 0xed, 0xb2, 0x47, 0x18, 0xbd, 0xce, 0x16, 0x52, 0x5c, 0x23, 0xe2, 0xa5, 0x25, 0x52, 0x5d}} , + {{0xb9, 0xb1, 0xe7, 0x5d, 0x4e, 0xbc, 0xee, 0xbb, 0x40, 0x81, 0x77, 0x82, 0x19, 0xab, 0xb5, 0xc6, 0xee, 0xab, 0x5b, 0x6b, 0x63, 0x92, 0x8a, 0x34, 0x8d, 0xcd, 0xee, 0x4f, 0x49, 0xe5, 0xc9, 0x7e}}}, +{{{0x21, 0xac, 0x8b, 0x22, 0xcd, 0xc3, 0x9a, 0xe9, 0x5e, 0x78, 0xbd, 0xde, 0xba, 0xad, 0xab, 0xbf, 0x75, 0x41, 0x09, 0xc5, 0x58, 0xa4, 0x7d, 0x92, 0xb0, 0x7f, 0xf2, 0xa1, 0xd1, 0xc0, 0xb3, 0x6d}} , + {{0x62, 0x4f, 0xd0, 0x75, 0x77, 0xba, 0x76, 0x77, 0xd7, 0xb8, 0xd8, 0x92, 0x6f, 0x98, 0x34, 0x3d, 0xd6, 0x4e, 0x1c, 0x0f, 0xf0, 0x8f, 0x2e, 0xf1, 0xb3, 0xbd, 0xb1, 0xb9, 0xec, 0x99, 0xb4, 0x07}}}, +{{{0x60, 0x57, 0x2e, 0x9a, 0x72, 0x1d, 0x6b, 0x6e, 0x58, 0x33, 0x24, 0x8c, 0x48, 0x39, 0x46, 0x8e, 0x89, 0x6a, 0x88, 0x51, 0x23, 0x62, 0xb5, 0x32, 0x09, 0x36, 0xe3, 0x57, 0xf5, 0x98, 0xde, 0x6f}} , + {{0x8b, 0x2c, 0x00, 0x48, 0x4a, 0xf9, 0x5b, 0x87, 0x69, 0x52, 0xe5, 0x5b, 0xd1, 0xb1, 0xe5, 0x25, 0x25, 0xe0, 0x9c, 0xc2, 0x13, 0x44, 0xe8, 0xb9, 0x0a, 0x70, 0xad, 0xbd, 0x0f, 0x51, 0x94, 0x69}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xa2, 0xdc, 0xab, 0xa9, 0x25, 0x2d, 0xac, 0x5f, 0x03, 0x33, 0x08, 0xe7, 0x7e, 0xfe, 0x95, 0x36, 0x3c, 0x5b, 0x3a, 0xd3, 0x05, 0x82, 0x1c, 0x95, 0x2d, 0xd8, 0x77, 0x7e, 0x02, 0xd9, 0x5b, 0x70}} , + {{0xc2, 0xfe, 0x1b, 0x0c, 0x67, 0xcd, 0xd6, 0xe0, 0x51, 0x8e, 0x2c, 0xe0, 0x79, 0x88, 0xf0, 0xcf, 0x41, 0x4a, 0xad, 0x23, 0xd4, 0x46, 0xca, 0x94, 0xa1, 0xc3, 0xeb, 0x28, 0x06, 0xfa, 0x17, 0x14}}}, +{{{0x7b, 0xaa, 0x70, 0x0a, 0x4b, 0xfb, 0xf5, 0xbf, 0x80, 0xc5, 0xcf, 0x08, 0x7a, 0xdd, 0xa1, 0xf4, 0x9d, 0x54, 0x50, 0x53, 0x23, 0x77, 0x23, 0xf5, 0x34, 0xa5, 0x22, 0xd1, 0x0d, 0x96, 0x2e, 0x47}} , + {{0xcc, 0xb7, 0x32, 0x89, 0x57, 0xd0, 0x98, 0x75, 0xe4, 0x37, 0x99, 0xa9, 0xe8, 0xba, 0xed, 0xba, 0xeb, 0xc7, 0x4f, 0x15, 0x76, 0x07, 0x0c, 0x4c, 0xef, 0x9f, 0x52, 0xfc, 0x04, 0x5d, 0x58, 0x10}}}, +{{{0xce, 0x82, 0xf0, 0x8f, 0x79, 0x02, 0xa8, 0xd1, 0xda, 0x14, 0x09, 0x48, 0xee, 0x8a, 0x40, 0x98, 0x76, 0x60, 0x54, 0x5a, 0xde, 0x03, 0x24, 0xf5, 0xe6, 0x2f, 0xe1, 0x03, 0xbf, 0x68, 0x82, 0x7f}} , + {{0x64, 0xe9, 0x28, 0xc7, 0xa4, 0xcf, 0x2a, 0xf9, 0x90, 0x64, 0x72, 0x2c, 0x8b, 0xeb, 0xec, 0xa0, 0xf2, 0x7d, 0x35, 0xb5, 0x90, 0x4d, 0x7f, 0x5b, 0x4a, 0x49, 0xe4, 0xb8, 0x3b, 0xc8, 0xa1, 0x2f}}}, +{{{0x8b, 0xc5, 0xcc, 0x3d, 0x69, 0xa6, 0xa1, 0x18, 0x44, 0xbc, 0x4d, 0x77, 0x37, 0xc7, 0x86, 0xec, 0x0c, 0xc9, 0xd6, 0x44, 0xa9, 0x23, 0x27, 0xb9, 0x03, 0x34, 0xa7, 0x0a, 0xd5, 0xc7, 0x34, 0x37}} , + {{0xf9, 0x7e, 0x3e, 0x66, 0xee, 0xf9, 0x99, 0x28, 0xff, 0xad, 0x11, 0xd8, 0xe2, 0x66, 0xc5, 0xcd, 0x0f, 0x0d, 0x0b, 0x6a, 0xfc, 0x7c, 0x24, 0xa8, 0x4f, 0xa8, 0x5e, 0x80, 0x45, 0x8b, 0x6c, 0x41}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xef, 0x1e, 0xec, 0xf7, 0x8d, 0x77, 0xf2, 0xea, 0xdb, 0x60, 0x03, 0x21, 0xc0, 0xff, 0x5e, 0x67, 0xc3, 0x71, 0x0b, 0x21, 0xb4, 0x41, 0xa0, 0x68, 0x38, 0xc6, 0x01, 0xa3, 0xd3, 0x51, 0x3c, 0x3c}} , + {{0x92, 0xf8, 0xd6, 0x4b, 0xef, 0x42, 0x13, 0xb2, 0x4a, 0xc4, 0x2e, 0x72, 0x3f, 0xc9, 0x11, 0xbd, 0x74, 0x02, 0x0e, 0xf5, 0x13, 0x9d, 0x83, 0x1a, 0x1b, 0xd5, 0x54, 0xde, 0xc4, 0x1e, 0x16, 0x6c}}}, +{{{0x27, 0x52, 0xe4, 0x63, 0xaa, 0x94, 0xe6, 0xc3, 0x28, 0x9c, 0xc6, 0x56, 0xac, 0xfa, 0xb6, 0xbd, 0xe2, 0xcc, 0x76, 0xc6, 0x27, 0x27, 0xa2, 0x8e, 0x78, 0x2b, 0x84, 0x72, 0x10, 0xbd, 0x4e, 0x2a}} , + {{0xea, 0xa7, 0x23, 0xef, 0x04, 0x61, 0x80, 0x50, 0xc9, 0x6e, 0xa5, 0x96, 0xd1, 0xd1, 0xc8, 0xc3, 0x18, 0xd7, 0x2d, 0xfd, 0x26, 0xbd, 0xcb, 0x7b, 0x92, 0x51, 0x0e, 0x4a, 0x65, 0x57, 0xb8, 0x49}}}, +{{{0xab, 0x55, 0x36, 0xc3, 0xec, 0x63, 0x55, 0x11, 0x55, 0xf6, 0xa5, 0xc7, 0x01, 0x5f, 0xfe, 0x79, 0xd8, 0x0a, 0xf7, 0x03, 0xd8, 0x98, 0x99, 0xf5, 0xd0, 0x00, 0x54, 0x6b, 0x66, 0x28, 0xf5, 0x25}} , + {{0x7a, 0x8d, 0xa1, 0x5d, 0x70, 0x5d, 0x51, 0x27, 0xee, 0x30, 0x65, 0x56, 0x95, 0x46, 0xde, 0xbd, 0x03, 0x75, 0xb4, 0x57, 0x59, 0x89, 0xeb, 0x02, 0x9e, 0xcc, 0x89, 0x19, 0xa7, 0xcb, 0x17, 0x67}}}, +{{{0x6a, 0xeb, 0xfc, 0x9a, 0x9a, 0x10, 0xce, 0xdb, 0x3a, 0x1c, 0x3c, 0x6a, 0x9d, 0xea, 0x46, 0xbc, 0x45, 0x49, 0xac, 0xe3, 0x41, 0x12, 0x7c, 0xf0, 0xf7, 0x4f, 0xf9, 0xf7, 0xff, 0x2c, 0x89, 0x04}} , + {{0x30, 0x31, 0x54, 0x1a, 0x46, 0xca, 0xe6, 0xc6, 0xcb, 0xe2, 0xc3, 0xc1, 0x8b, 0x75, 0x81, 0xbe, 0xee, 0xf8, 0xa3, 0x11, 0x1c, 0x25, 0xa3, 0xa7, 0x35, 0x51, 0x55, 0xe2, 0x25, 0xaa, 0xe2, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xb4, 0x48, 0x10, 0x9f, 0x8a, 0x09, 0x76, 0xfa, 0xf0, 0x7a, 0xb0, 0x70, 0xf7, 0x83, 0x80, 0x52, 0x84, 0x2b, 0x26, 0xa2, 0xc4, 0x5d, 0x4f, 0xba, 0xb1, 0xc8, 0x40, 0x0d, 0x78, 0x97, 0xc4, 0x60}} , + {{0xd4, 0xb1, 0x6c, 0x08, 0xc7, 0x40, 0x38, 0x73, 0x5f, 0x0b, 0xf3, 0x76, 0x5d, 0xb2, 0xa5, 0x2f, 0x57, 0x57, 0x07, 0xed, 0x08, 0xa2, 0x6c, 0x4f, 0x08, 0x02, 0xb5, 0x0e, 0xee, 0x44, 0xfa, 0x22}}}, +{{{0x0f, 0x00, 0x3f, 0xa6, 0x04, 0x19, 0x56, 0x65, 0x31, 0x7f, 0x8b, 0xeb, 0x0d, 0xe1, 0x47, 0x89, 0x97, 0x16, 0x53, 0xfa, 0x81, 0xa7, 0xaa, 0xb2, 0xbf, 0x67, 0xeb, 0x72, 0x60, 0x81, 0x0d, 0x48}} , + {{0x7e, 0x13, 0x33, 0xcd, 0xa8, 0x84, 0x56, 0x1e, 0x67, 0xaf, 0x6b, 0x43, 0xac, 0x17, 0xaf, 0x16, 0xc0, 0x52, 0x99, 0x49, 0x5b, 0x87, 0x73, 0x7e, 0xb5, 0x43, 0xda, 0x6b, 0x1d, 0x0f, 0x2d, 0x55}}}, +{{{0xe9, 0x58, 0x1f, 0xff, 0x84, 0x3f, 0x93, 0x1c, 0xcb, 0xe1, 0x30, 0x69, 0xa5, 0x75, 0x19, 0x7e, 0x14, 0x5f, 0xf8, 0xfc, 0x09, 0xdd, 0xa8, 0x78, 0x9d, 0xca, 0x59, 0x8b, 0xd1, 0x30, 0x01, 0x13}} , + {{0xff, 0x76, 0x03, 0xc5, 0x4b, 0x89, 0x99, 0x70, 0x00, 0x59, 0x70, 0x9c, 0xd5, 0xd9, 0x11, 0x89, 0x5a, 0x46, 0xfe, 0xef, 0xdc, 0xd9, 0x55, 0x2b, 0x45, 0xa7, 0xb0, 0x2d, 0xfb, 0x24, 0xc2, 0x29}}}, +{{{0x38, 0x06, 0xf8, 0x0b, 0xac, 0x82, 0xc4, 0x97, 0x2b, 0x90, 0xe0, 0xf7, 0xa8, 0xab, 0x6c, 0x08, 0x80, 0x66, 0x90, 0x46, 0xf7, 0x26, 0x2d, 0xf8, 0xf1, 0xc4, 0x6b, 0x4a, 0x82, 0x98, 0x8e, 0x37}} , + {{0x8e, 0xb4, 0xee, 0xb8, 0xd4, 0x3f, 0xb2, 0x1b, 0xe0, 0x0a, 0x3d, 0x75, 0x34, 0x28, 0xa2, 0x8e, 0xc4, 0x92, 0x7b, 0xfe, 0x60, 0x6e, 0x6d, 0xb8, 0x31, 0x1d, 0x62, 0x0d, 0x78, 0x14, 0x42, 0x11}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x5e, 0xa8, 0xd8, 0x04, 0x9b, 0x73, 0xc9, 0xc9, 0xdc, 0x0d, 0x73, 0xbf, 0x0a, 0x0a, 0x73, 0xff, 0x18, 0x1f, 0x9c, 0x51, 0xaa, 0xc6, 0xf1, 0x83, 0x25, 0xfd, 0xab, 0xa3, 0x11, 0xd3, 0x01, 0x24}} , + {{0x4d, 0xe3, 0x7e, 0x38, 0x62, 0x5e, 0x64, 0xbb, 0x2b, 0x53, 0xb5, 0x03, 0x68, 0xc4, 0xf2, 0x2b, 0x5a, 0x03, 0x32, 0x99, 0x4a, 0x41, 0x9a, 0xe1, 0x1a, 0xae, 0x8c, 0x48, 0xf3, 0x24, 0x32, 0x65}}}, +{{{0xe8, 0xdd, 0xad, 0x3a, 0x8c, 0xea, 0xf4, 0xb3, 0xb2, 0xe5, 0x73, 0xf2, 0xed, 0x8b, 0xbf, 0xed, 0xb1, 0x0c, 0x0c, 0xfb, 0x2b, 0xf1, 0x01, 0x48, 0xe8, 0x26, 0x03, 0x8e, 0x27, 0x4d, 0x96, 0x72}} , + {{0xc8, 0x09, 0x3b, 0x60, 0xc9, 0x26, 0x4d, 0x7c, 0xf2, 0x9c, 0xd4, 0xa1, 0x3b, 0x26, 0xc2, 0x04, 0x33, 0x44, 0x76, 0x3c, 0x02, 0xbb, 0x11, 0x42, 0x0c, 0x22, 0xb7, 0xc6, 0xe1, 0xac, 0xb4, 0x0e}}}, +{{{0x6f, 0x85, 0xe7, 0xef, 0xde, 0x67, 0x30, 0xfc, 0xbf, 0x5a, 0xe0, 0x7b, 0x7a, 0x2a, 0x54, 0x6b, 0x5d, 0x62, 0x85, 0xa1, 0xf8, 0x16, 0x88, 0xec, 0x61, 0xb9, 0x96, 0xb5, 0xef, 0x2d, 0x43, 0x4d}} , + {{0x7c, 0x31, 0x33, 0xcc, 0xe4, 0xcf, 0x6c, 0xff, 0x80, 0x47, 0x77, 0xd1, 0xd8, 0xe9, 0x69, 0x97, 0x98, 0x7f, 0x20, 0x57, 0x1d, 0x1d, 0x4f, 0x08, 0x27, 0xc8, 0x35, 0x57, 0x40, 0xc6, 0x21, 0x0c}}}, +{{{0xd2, 0x8e, 0x9b, 0xfa, 0x42, 0x8e, 0xdf, 0x8f, 0xc7, 0x86, 0xf9, 0xa4, 0xca, 0x70, 0x00, 0x9d, 0x21, 0xbf, 0xec, 0x57, 0x62, 0x30, 0x58, 0x8c, 0x0d, 0x35, 0xdb, 0x5d, 0x8b, 0x6a, 0xa0, 0x5a}} , + {{0xc1, 0x58, 0x7c, 0x0d, 0x20, 0xdd, 0x11, 0x26, 0x5f, 0x89, 0x3b, 0x97, 0x58, 0xf8, 0x8b, 0xe3, 0xdf, 0x32, 0xe2, 0xfc, 0xd8, 0x67, 0xf2, 0xa5, 0x37, 0x1e, 0x6d, 0xec, 0x7c, 0x27, 0x20, 0x79}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0xe9, 0xc0, 0xfa, 0x95, 0x45, 0x23, 0x96, 0xf1, 0x2c, 0x79, 0x25, 0x14, 0xce, 0x40, 0x14, 0x44, 0x2c, 0x36, 0x50, 0xd9, 0x63, 0x56, 0xb7, 0x56, 0x3b, 0x9e, 0xa7, 0xef, 0x89, 0xbb, 0x0e}} , + {{0xce, 0x7f, 0xdc, 0x0a, 0xcc, 0x82, 0x1c, 0x0a, 0x78, 0x71, 0xe8, 0x74, 0x8d, 0x01, 0x30, 0x0f, 0xa7, 0x11, 0x4c, 0xdf, 0x38, 0xd7, 0xa7, 0x0d, 0xf8, 0x48, 0x52, 0x00, 0x80, 0x7b, 0x5f, 0x0e}}}, +{{{0x25, 0x83, 0xe6, 0x94, 0x7b, 0x81, 0xb2, 0x91, 0xae, 0x0e, 0x05, 0xc9, 0xa3, 0x68, 0x2d, 0xd9, 0x88, 0x25, 0x19, 0x2a, 0x61, 0x61, 0x21, 0x97, 0x15, 0xa1, 0x35, 0xa5, 0x46, 0xc8, 0xa2, 0x0e}} , + {{0x1b, 0x03, 0x0d, 0x8b, 0x5a, 0x1b, 0x97, 0x4b, 0xf2, 0x16, 0x31, 0x3d, 0x1f, 0x33, 0xa0, 0x50, 0x3a, 0x18, 0xbe, 0x13, 0xa1, 0x76, 0xc1, 0xba, 0x1b, 0xf1, 0x05, 0x7b, 0x33, 0xa8, 0x82, 0x3b}}}, +{{{0xba, 0x36, 0x7b, 0x6d, 0xa9, 0xea, 0x14, 0x12, 0xc5, 0xfa, 0x91, 0x00, 0xba, 0x9b, 0x99, 0xcc, 0x56, 0x02, 0xe9, 0xa0, 0x26, 0x40, 0x66, 0x8c, 0xc4, 0xf8, 0x85, 0x33, 0x68, 0xe7, 0x03, 0x20}} , + {{0x50, 0x5b, 0xff, 0xa9, 0xb2, 0xf1, 0xf1, 0x78, 0xcf, 0x14, 0xa4, 0xa9, 0xfc, 0x09, 0x46, 0x94, 0x54, 0x65, 0x0d, 0x9c, 0x5f, 0x72, 0x21, 0xe2, 0x97, 0xa5, 0x2d, 0x81, 0xce, 0x4a, 0x5f, 0x79}}}, +{{{0x3d, 0x5f, 0x5c, 0xd2, 0xbc, 0x7d, 0x77, 0x0e, 0x2a, 0x6d, 0x22, 0x45, 0x84, 0x06, 0xc4, 0xdd, 0xc6, 0xa6, 0xc6, 0xd7, 0x49, 0xad, 0x6d, 0x87, 0x91, 0x0e, 0x3a, 0x67, 0x1d, 0x2c, 0x1d, 0x56}} , + {{0xfe, 0x7a, 0x74, 0xcf, 0xd4, 0xd2, 0xe5, 0x19, 0xde, 0xd0, 0xdb, 0x70, 0x23, 0x69, 0xe6, 0x6d, 0xec, 0xec, 0xcc, 0x09, 0x33, 0x6a, 0x77, 0xdc, 0x6b, 0x22, 0x76, 0x5d, 0x92, 0x09, 0xac, 0x2d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x23, 0x15, 0x17, 0xeb, 0xd3, 0xdb, 0x12, 0x5e, 0x01, 0xf0, 0x91, 0xab, 0x2c, 0x41, 0xce, 0xac, 0xed, 0x1b, 0x4b, 0x2d, 0xbc, 0xdb, 0x17, 0x66, 0x89, 0x46, 0xad, 0x4b, 0x1e, 0x6f, 0x0b, 0x14}} , + {{0x11, 0xce, 0xbf, 0xb6, 0x77, 0x2d, 0x48, 0x22, 0x18, 0x4f, 0xa3, 0x5d, 0x4a, 0xb0, 0x70, 0x12, 0x3e, 0x54, 0xd7, 0xd8, 0x0e, 0x2b, 0x27, 0xdc, 0x53, 0xff, 0xca, 0x8c, 0x59, 0xb3, 0x4e, 0x44}}}, +{{{0x07, 0x76, 0x61, 0x0f, 0x66, 0xb2, 0x21, 0x39, 0x7e, 0xc0, 0xec, 0x45, 0x28, 0x82, 0xa1, 0x29, 0x32, 0x44, 0x35, 0x13, 0x5e, 0x61, 0x5e, 0x54, 0xcb, 0x7c, 0xef, 0xf6, 0x41, 0xcf, 0x9f, 0x0a}} , + {{0xdd, 0xf9, 0xda, 0x84, 0xc3, 0xe6, 0x8a, 0x9f, 0x24, 0xd2, 0x96, 0x5d, 0x39, 0x6f, 0x58, 0x8c, 0xc1, 0x56, 0x93, 0xab, 0xb5, 0x79, 0x3b, 0xd2, 0xa8, 0x73, 0x16, 0xed, 0xfa, 0xb4, 0x2f, 0x73}}}, +{{{0x8b, 0xb1, 0x95, 0xe5, 0x92, 0x50, 0x35, 0x11, 0x76, 0xac, 0xf4, 0x4d, 0x24, 0xc3, 0x32, 0xe6, 0xeb, 0xfe, 0x2c, 0x87, 0xc4, 0xf1, 0x56, 0xc4, 0x75, 0x24, 0x7a, 0x56, 0x85, 0x5a, 0x3a, 0x13}} , + {{0x0d, 0x16, 0xac, 0x3c, 0x4a, 0x58, 0x86, 0x3a, 0x46, 0x7f, 0x6c, 0xa3, 0x52, 0x6e, 0x37, 0xe4, 0x96, 0x9c, 0xe9, 0x5c, 0x66, 0x41, 0x67, 0xe4, 0xfb, 0x79, 0x0c, 0x05, 0xf6, 0x64, 0xd5, 0x7c}}}, +{{{0x28, 0xc1, 0xe1, 0x54, 0x73, 0xf2, 0xbf, 0x76, 0x74, 0x19, 0x19, 0x1b, 0xe4, 0xb9, 0xa8, 0x46, 0x65, 0x73, 0xf3, 0x77, 0x9b, 0x29, 0x74, 0x5b, 0xc6, 0x89, 0x6c, 0x2c, 0x7c, 0xf8, 0xb3, 0x0f}} , + {{0xf7, 0xd5, 0xe9, 0x74, 0x5d, 0xb8, 0x25, 0x16, 0xb5, 0x30, 0xbc, 0x84, 0xc5, 0xf0, 0xad, 0xca, 0x12, 0x28, 0xbc, 0x9d, 0xd4, 0xfa, 0x82, 0xe6, 0xe3, 0xbf, 0xa2, 0x15, 0x2c, 0xd4, 0x34, 0x10}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x61, 0xb1, 0x46, 0xba, 0x0e, 0x31, 0xa5, 0x67, 0x6c, 0x7f, 0xd6, 0xd9, 0x27, 0x85, 0x0f, 0x79, 0x14, 0xc8, 0x6c, 0x2f, 0x5f, 0x5b, 0x9c, 0x35, 0x3d, 0x38, 0x86, 0x77, 0x65, 0x55, 0x6a, 0x7b}} , + {{0xd3, 0xb0, 0x3a, 0x66, 0x60, 0x1b, 0x43, 0xf1, 0x26, 0x58, 0x99, 0x09, 0x8f, 0x2d, 0xa3, 0x14, 0x71, 0x85, 0xdb, 0xed, 0xf6, 0x26, 0xd5, 0x61, 0x9a, 0x73, 0xac, 0x0e, 0xea, 0xac, 0xb7, 0x0c}}}, +{{{0x5e, 0xf4, 0xe5, 0x17, 0x0e, 0x10, 0x9f, 0xe7, 0x43, 0x5f, 0x67, 0x5c, 0xac, 0x4b, 0xe5, 0x14, 0x41, 0xd2, 0xbf, 0x48, 0xf5, 0x14, 0xb0, 0x71, 0xc6, 0x61, 0xc1, 0xb2, 0x70, 0x58, 0xd2, 0x5a}} , + {{0x2d, 0xba, 0x16, 0x07, 0x92, 0x94, 0xdc, 0xbd, 0x50, 0x2b, 0xc9, 0x7f, 0x42, 0x00, 0xba, 0x61, 0xed, 0xf8, 0x43, 0xed, 0xf5, 0xf9, 0x40, 0x60, 0xb2, 0xb0, 0x82, 0xcb, 0xed, 0x75, 0xc7, 0x65}}}, +{{{0x80, 0xba, 0x0d, 0x09, 0x40, 0xa7, 0x39, 0xa6, 0x67, 0x34, 0x7e, 0x66, 0xbe, 0x56, 0xfb, 0x53, 0x78, 0xc4, 0x46, 0xe8, 0xed, 0x68, 0x6c, 0x7f, 0xce, 0xe8, 0x9f, 0xce, 0xa2, 0x64, 0x58, 0x53}} , + {{0xe8, 0xc1, 0xa9, 0xc2, 0x7b, 0x59, 0x21, 0x33, 0xe2, 0x43, 0x73, 0x2b, 0xac, 0x2d, 0xc1, 0x89, 0x3b, 0x15, 0xe2, 0xd5, 0xc0, 0x97, 0x8a, 0xfd, 0x6f, 0x36, 0x33, 0xb7, 0xb9, 0xc3, 0x88, 0x09}}}, +{{{0xd0, 0xb6, 0x56, 0x30, 0x5c, 0xae, 0xb3, 0x75, 0x44, 0xa4, 0x83, 0x51, 0x6e, 0x01, 0x65, 0xef, 0x45, 0x76, 0xe6, 0xf5, 0xa2, 0x0d, 0xd4, 0x16, 0x3b, 0x58, 0x2f, 0xf2, 0x2f, 0x36, 0x18, 0x3f}} , + {{0xfd, 0x2f, 0xe0, 0x9b, 0x1e, 0x8c, 0xc5, 0x18, 0xa9, 0xca, 0xd4, 0x2b, 0x35, 0xb6, 0x95, 0x0a, 0x9f, 0x7e, 0xfb, 0xc4, 0xef, 0x88, 0x7b, 0x23, 0x43, 0xec, 0x2f, 0x0d, 0x0f, 0x7a, 0xfc, 0x5c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b}} , + {{0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61}}}, +{{{0x54, 0x83, 0x02, 0x18, 0x82, 0x93, 0x99, 0x07, 0xd0, 0xa7, 0xda, 0xd8, 0x75, 0x89, 0xfa, 0xf2, 0xd9, 0xa3, 0xb8, 0x6b, 0x5a, 0x35, 0x28, 0xd2, 0x6b, 0x59, 0xc2, 0xf8, 0x45, 0xe2, 0xbc, 0x06}} , + {{0x65, 0xc0, 0xa3, 0x88, 0x51, 0x95, 0xfc, 0x96, 0x94, 0x78, 0xe8, 0x0d, 0x8b, 0x41, 0xc9, 0xc2, 0x58, 0x48, 0x75, 0x10, 0x2f, 0xcd, 0x2a, 0xc9, 0xa0, 0x6d, 0x0f, 0xdd, 0x9c, 0x98, 0x26, 0x3d}}}, +{{{0x2f, 0x66, 0x29, 0x1b, 0x04, 0x89, 0xbd, 0x7e, 0xee, 0x6e, 0xdd, 0xb7, 0x0e, 0xef, 0xb0, 0x0c, 0xb4, 0xfc, 0x7f, 0xc2, 0xc9, 0x3a, 0x3c, 0x64, 0xef, 0x45, 0x44, 0xaf, 0x8a, 0x90, 0x65, 0x76}} , + {{0xa1, 0x4c, 0x70, 0x4b, 0x0e, 0xa0, 0x83, 0x70, 0x13, 0xa4, 0xaf, 0xb8, 0x38, 0x19, 0x22, 0x65, 0x09, 0xb4, 0x02, 0x4f, 0x06, 0xf8, 0x17, 0xce, 0x46, 0x45, 0xda, 0x50, 0x7c, 0x8a, 0xd1, 0x4e}}}, +{{{0xf7, 0xd4, 0x16, 0x6c, 0x4e, 0x95, 0x9d, 0x5d, 0x0f, 0x91, 0x2b, 0x52, 0xfe, 0x5c, 0x34, 0xe5, 0x30, 0xe6, 0xa4, 0x3b, 0xf3, 0xf3, 0x34, 0x08, 0xa9, 0x4a, 0xa0, 0xb5, 0x6e, 0xb3, 0x09, 0x0a}} , + {{0x26, 0xd9, 0x5e, 0xa3, 0x0f, 0xeb, 0xa2, 0xf3, 0x20, 0x3b, 0x37, 0xd4, 0xe4, 0x9e, 0xce, 0x06, 0x3d, 0x53, 0xed, 0xae, 0x2b, 0xeb, 0xb6, 0x24, 0x0a, 0x11, 0xa3, 0x0f, 0xd6, 0x7f, 0xa4, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xdb, 0x9f, 0x2c, 0xfc, 0xd6, 0xb2, 0x1e, 0x2e, 0x52, 0x7a, 0x06, 0x87, 0x2d, 0x86, 0x72, 0x2b, 0x6d, 0x90, 0x77, 0x46, 0x43, 0xb5, 0x7a, 0xf8, 0x60, 0x7d, 0x91, 0x60, 0x5b, 0x9d, 0x9e, 0x07}} , + {{0x97, 0x87, 0xc7, 0x04, 0x1c, 0x38, 0x01, 0x39, 0x58, 0xc7, 0x85, 0xa3, 0xfc, 0x64, 0x00, 0x64, 0x25, 0xa2, 0xbf, 0x50, 0x94, 0xca, 0x26, 0x31, 0x45, 0x0a, 0x24, 0xd2, 0x51, 0x29, 0x51, 0x16}}}, +{{{0x4d, 0x4a, 0xd7, 0x98, 0x71, 0x57, 0xac, 0x7d, 0x8b, 0x37, 0xbd, 0x63, 0xff, 0x87, 0xb1, 0x49, 0x95, 0x20, 0x7c, 0xcf, 0x7c, 0x59, 0xc4, 0x91, 0x9c, 0xef, 0xd0, 0xdb, 0x60, 0x09, 0x9d, 0x46}} , + {{0xcb, 0x78, 0x94, 0x90, 0xe4, 0x45, 0xb3, 0xf6, 0xd9, 0xf6, 0x57, 0x74, 0xd5, 0xf8, 0x83, 0x4f, 0x39, 0xc9, 0xbd, 0x88, 0xc2, 0x57, 0x21, 0x1f, 0x24, 0x32, 0x68, 0xf8, 0xc7, 0x21, 0x5f, 0x0b}}}, +{{{0x2a, 0x36, 0x68, 0xfc, 0x5f, 0xb6, 0x4f, 0xa5, 0xe3, 0x9d, 0x24, 0x2f, 0xc0, 0x93, 0x61, 0xcf, 0xf8, 0x0a, 0xed, 0xe1, 0xdb, 0x27, 0xec, 0x0e, 0x14, 0x32, 0x5f, 0x8e, 0xa1, 0x62, 0x41, 0x16}} , + {{0x95, 0x21, 0x01, 0xce, 0x95, 0x5b, 0x0e, 0x57, 0xc7, 0xb9, 0x62, 0xb5, 0x28, 0xca, 0x11, 0xec, 0xb4, 0x46, 0x06, 0x73, 0x26, 0xff, 0xfb, 0x66, 0x7d, 0xee, 0x5f, 0xb2, 0x56, 0xfd, 0x2a, 0x08}}}, +{{{0x92, 0x67, 0x77, 0x56, 0xa1, 0xff, 0xc4, 0xc5, 0x95, 0xf0, 0xe3, 0x3a, 0x0a, 0xca, 0x94, 0x4d, 0x9e, 0x7e, 0x3d, 0xb9, 0x6e, 0xb6, 0xb0, 0xce, 0xa4, 0x30, 0x89, 0x99, 0xe9, 0xad, 0x11, 0x59}} , + {{0xf6, 0x48, 0x95, 0xa1, 0x6f, 0x5f, 0xb7, 0xa5, 0xbb, 0x30, 0x00, 0x1c, 0xd2, 0x8a, 0xd6, 0x25, 0x26, 0x1b, 0xb2, 0x0d, 0x37, 0x6a, 0x05, 0xf4, 0x9d, 0x3e, 0x17, 0x2a, 0x43, 0xd2, 0x3a, 0x06}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x32, 0x99, 0x93, 0xd1, 0x9a, 0x72, 0xf3, 0xa9, 0x16, 0xbd, 0xb4, 0x4c, 0xdd, 0xf9, 0xd4, 0xb2, 0x64, 0x9a, 0xd3, 0x05, 0xe4, 0xa3, 0x73, 0x1c, 0xcb, 0x7e, 0x57, 0x67, 0xff, 0x04, 0xb3, 0x10}} , + {{0xb9, 0x4b, 0xa4, 0xad, 0xd0, 0x6d, 0x61, 0x23, 0xb4, 0xaf, 0x34, 0xa9, 0xaa, 0x65, 0xec, 0xd9, 0x69, 0xe3, 0x85, 0xcd, 0xcc, 0xe7, 0xb0, 0x9b, 0x41, 0xc1, 0x1c, 0xf9, 0xa0, 0xfa, 0xb7, 0x13}}}, +{{{0x04, 0xfd, 0x88, 0x3c, 0x0c, 0xd0, 0x09, 0x52, 0x51, 0x4f, 0x06, 0x19, 0xcc, 0xc3, 0xbb, 0xde, 0x80, 0xc5, 0x33, 0xbc, 0xf9, 0xf3, 0x17, 0x36, 0xdd, 0xc6, 0xde, 0xe8, 0x9b, 0x5d, 0x79, 0x1b}} , + {{0x65, 0x0a, 0xbe, 0x51, 0x57, 0xad, 0x50, 0x79, 0x08, 0x71, 0x9b, 0x07, 0x95, 0x8f, 0xfb, 0xae, 0x4b, 0x38, 0xba, 0xcf, 0x53, 0x2a, 0x86, 0x1e, 0xc0, 0x50, 0x5c, 0x67, 0x1b, 0xf6, 0x87, 0x6c}}}, +{{{0x4f, 0x00, 0xb2, 0x66, 0x55, 0xed, 0x4a, 0xed, 0x8d, 0xe1, 0x66, 0x18, 0xb2, 0x14, 0x74, 0x8d, 0xfd, 0x1a, 0x36, 0x0f, 0x26, 0x5c, 0x8b, 0x89, 0xf3, 0xab, 0xf2, 0xf3, 0x24, 0x67, 0xfd, 0x70}} , + {{0xfd, 0x4e, 0x2a, 0xc1, 0x3a, 0xca, 0x8f, 0x00, 0xd8, 0xec, 0x74, 0x67, 0xef, 0x61, 0xe0, 0x28, 0xd0, 0x96, 0xf4, 0x48, 0xde, 0x81, 0xe3, 0xef, 0xdc, 0xaa, 0x7d, 0xf3, 0xb6, 0x55, 0xa6, 0x65}}}, +{{{0xeb, 0xcb, 0xc5, 0x70, 0x91, 0x31, 0x10, 0x93, 0x0d, 0xc8, 0xd0, 0xef, 0x62, 0xe8, 0x6f, 0x82, 0xe3, 0x69, 0x3d, 0x91, 0x7f, 0x31, 0xe1, 0x26, 0x35, 0x3c, 0x4a, 0x2f, 0xab, 0xc4, 0x9a, 0x5e}} , + {{0xab, 0x1b, 0xb5, 0xe5, 0x2b, 0xc3, 0x0e, 0x29, 0xb0, 0xd0, 0x73, 0xe6, 0x4f, 0x64, 0xf2, 0xbc, 0xe4, 0xe4, 0xe1, 0x9a, 0x52, 0x33, 0x2f, 0xbd, 0xcc, 0x03, 0xee, 0x8a, 0xfa, 0x00, 0x5f, 0x50}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf6, 0xdb, 0x0d, 0x22, 0x3d, 0xb5, 0x14, 0x75, 0x31, 0xf0, 0x81, 0xe2, 0xb9, 0x37, 0xa2, 0xa9, 0x84, 0x11, 0x9a, 0x07, 0xb5, 0x53, 0x89, 0x78, 0xa9, 0x30, 0x27, 0xa1, 0xf1, 0x4e, 0x5c, 0x2e}} , + {{0x8b, 0x00, 0x54, 0xfb, 0x4d, 0xdc, 0xcb, 0x17, 0x35, 0x40, 0xff, 0xb7, 0x8c, 0xfe, 0x4a, 0xe4, 0x4e, 0x99, 0x4e, 0xa8, 0x74, 0x54, 0x5d, 0x5c, 0x96, 0xa3, 0x12, 0x55, 0x36, 0x31, 0x17, 0x5c}}}, +{{{0xce, 0x24, 0xef, 0x7b, 0x86, 0xf2, 0x0f, 0x77, 0xe8, 0x5c, 0x7d, 0x87, 0x38, 0x2d, 0xef, 0xaf, 0xf2, 0x8c, 0x72, 0x2e, 0xeb, 0xb6, 0x55, 0x4b, 0x6e, 0xf1, 0x4e, 0x8a, 0x0e, 0x9a, 0x6c, 0x4c}} , + {{0x25, 0xea, 0x86, 0xc2, 0xd1, 0x4f, 0xb7, 0x3e, 0xa8, 0x5c, 0x8d, 0x66, 0x81, 0x25, 0xed, 0xc5, 0x4c, 0x05, 0xb9, 0xd8, 0xd6, 0x70, 0xbe, 0x73, 0x82, 0xe8, 0xa1, 0xe5, 0x1e, 0x71, 0xd5, 0x26}}}, +{{{0x4e, 0x6d, 0xc3, 0xa7, 0x4f, 0x22, 0x45, 0x26, 0xa2, 0x7e, 0x16, 0xf7, 0xf7, 0x63, 0xdc, 0x86, 0x01, 0x2a, 0x71, 0x38, 0x5c, 0x33, 0xc3, 0xce, 0x30, 0xff, 0xf9, 0x2c, 0x91, 0x71, 0x8a, 0x72}} , + {{0x8c, 0x44, 0x09, 0x28, 0xd5, 0x23, 0xc9, 0x8f, 0xf3, 0x84, 0x45, 0xc6, 0x9a, 0x5e, 0xff, 0xd2, 0xc7, 0x57, 0x93, 0xa3, 0xc1, 0x69, 0xdd, 0x62, 0x0f, 0xda, 0x5c, 0x30, 0x59, 0x5d, 0xe9, 0x4c}}}, +{{{0x92, 0x7e, 0x50, 0x27, 0x72, 0xd7, 0x0c, 0xd6, 0x69, 0x96, 0x81, 0x35, 0x84, 0x94, 0x35, 0x8b, 0x6c, 0xaa, 0x62, 0x86, 0x6e, 0x1c, 0x15, 0xf3, 0x6c, 0xb3, 0xff, 0x65, 0x1b, 0xa2, 0x9b, 0x59}} , + {{0xe2, 0xa9, 0x65, 0x88, 0xc4, 0x50, 0xfa, 0xbb, 0x3b, 0x6e, 0x5f, 0x44, 0x01, 0xca, 0x97, 0xd4, 0xdd, 0xf6, 0xcd, 0x3f, 0x3f, 0xe5, 0x97, 0x67, 0x2b, 0x8c, 0x66, 0x0f, 0x35, 0x9b, 0xf5, 0x07}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf1, 0x59, 0x27, 0xd8, 0xdb, 0x5a, 0x11, 0x5e, 0x82, 0xf3, 0x38, 0xff, 0x1c, 0xed, 0xfe, 0x3f, 0x64, 0x54, 0x3f, 0x7f, 0xd1, 0x81, 0xed, 0xef, 0x65, 0xc5, 0xcb, 0xfd, 0xe1, 0x80, 0xcd, 0x11}} , + {{0xe0, 0xdb, 0x22, 0x28, 0xe6, 0xff, 0x61, 0x9d, 0x41, 0x14, 0x2d, 0x3b, 0x26, 0x22, 0xdf, 0xf1, 0x34, 0x81, 0xe9, 0x45, 0xee, 0x0f, 0x98, 0x8b, 0xa6, 0x3f, 0xef, 0xf7, 0x43, 0x19, 0xf1, 0x43}}}, +{{{0xee, 0xf3, 0x00, 0xa1, 0x50, 0xde, 0xc0, 0xb6, 0x01, 0xe3, 0x8c, 0x3c, 0x4d, 0x31, 0xd2, 0xb0, 0x58, 0xcd, 0xed, 0x10, 0x4a, 0x7a, 0xef, 0x80, 0xa9, 0x19, 0x32, 0xf3, 0xd8, 0x33, 0x8c, 0x06}} , + {{0xcb, 0x7d, 0x4f, 0xff, 0x30, 0xd8, 0x12, 0x3b, 0x39, 0x1c, 0x06, 0xf9, 0x4c, 0x34, 0x35, 0x71, 0xb5, 0x16, 0x94, 0x67, 0xdf, 0xee, 0x11, 0xde, 0xa4, 0x1d, 0x88, 0x93, 0x35, 0xa9, 0x32, 0x10}}}, +{{{0xe9, 0xc3, 0xbc, 0x7b, 0x5c, 0xfc, 0xb2, 0xf9, 0xc9, 0x2f, 0xe5, 0xba, 0x3a, 0x0b, 0xab, 0x64, 0x38, 0x6f, 0x5b, 0x4b, 0x93, 0xda, 0x64, 0xec, 0x4d, 0x3d, 0xa0, 0xf5, 0xbb, 0xba, 0x47, 0x48}} , + {{0x60, 0xbc, 0x45, 0x1f, 0x23, 0xa2, 0x3b, 0x70, 0x76, 0xe6, 0x97, 0x99, 0x4f, 0x77, 0x54, 0x67, 0x30, 0x9a, 0xe7, 0x66, 0xd6, 0xcd, 0x2e, 0x51, 0x24, 0x2c, 0x42, 0x4a, 0x11, 0xfe, 0x6f, 0x7e}}}, +{{{0x87, 0xc0, 0xb1, 0xf0, 0xa3, 0x6f, 0x0c, 0x93, 0xa9, 0x0a, 0x72, 0xef, 0x5c, 0xbe, 0x65, 0x35, 0xa7, 0x6a, 0x4e, 0x2c, 0xbf, 0x21, 0x23, 0xe8, 0x2f, 0x97, 0xc7, 0x3e, 0xc8, 0x17, 0xac, 0x1e}} , + {{0x7b, 0xef, 0x21, 0xe5, 0x40, 0xcc, 0x1e, 0xdc, 0xd6, 0xbd, 0x97, 0x7a, 0x7c, 0x75, 0x86, 0x7a, 0x25, 0x5a, 0x6e, 0x7c, 0xe5, 0x51, 0x3c, 0x1b, 0x5b, 0x82, 0x9a, 0x07, 0x60, 0xa1, 0x19, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x96, 0x88, 0xa6, 0xab, 0x8f, 0xe3, 0x3a, 0x49, 0xf8, 0xfe, 0x34, 0xe7, 0x6a, 0xb2, 0xfe, 0x40, 0x26, 0x74, 0x57, 0x4c, 0xf6, 0xd4, 0x99, 0xce, 0x5d, 0x7b, 0x2f, 0x67, 0xd6, 0x5a, 0xe4, 0x4e}} , + {{0x5c, 0x82, 0xb3, 0xbd, 0x55, 0x25, 0xf6, 0x6a, 0x93, 0xa4, 0x02, 0xc6, 0x7d, 0x5c, 0xb1, 0x2b, 0x5b, 0xff, 0xfb, 0x56, 0xf8, 0x01, 0x41, 0x90, 0xc6, 0xb6, 0xac, 0x4f, 0xfe, 0xa7, 0x41, 0x70}}}, +{{{0xdb, 0xfa, 0x9b, 0x2c, 0xd4, 0x23, 0x67, 0x2c, 0x8a, 0x63, 0x6c, 0x07, 0x26, 0x48, 0x4f, 0xc2, 0x03, 0xd2, 0x53, 0x20, 0x28, 0xed, 0x65, 0x71, 0x47, 0xa9, 0x16, 0x16, 0x12, 0xbc, 0x28, 0x33}} , + {{0x39, 0xc0, 0xfa, 0xfa, 0xcd, 0x33, 0x43, 0xc7, 0x97, 0x76, 0x9b, 0x93, 0x91, 0x72, 0xeb, 0xc5, 0x18, 0x67, 0x4c, 0x11, 0xf0, 0xf4, 0xe5, 0x73, 0xb2, 0x5c, 0x1b, 0xc2, 0x26, 0x3f, 0xbf, 0x2b}}}, +{{{0x86, 0xe6, 0x8c, 0x1d, 0xdf, 0xca, 0xfc, 0xd5, 0xf8, 0x3a, 0xc3, 0x44, 0x72, 0xe6, 0x78, 0x9d, 0x2b, 0x97, 0xf8, 0x28, 0x45, 0xb4, 0x20, 0xc9, 0x2a, 0x8c, 0x67, 0xaa, 0x11, 0xc5, 0x5b, 0x2f}} , + {{0x17, 0x0f, 0x86, 0x52, 0xd7, 0x9d, 0xc3, 0x44, 0x51, 0x76, 0x32, 0x65, 0xb4, 0x37, 0x81, 0x99, 0x46, 0x37, 0x62, 0xed, 0xcf, 0x64, 0x9d, 0x72, 0x40, 0x7a, 0x4c, 0x0b, 0x76, 0x2a, 0xfb, 0x56}}}, +{{{0x33, 0xa7, 0x90, 0x7c, 0xc3, 0x6f, 0x17, 0xa5, 0xa0, 0x67, 0x72, 0x17, 0xea, 0x7e, 0x63, 0x14, 0x83, 0xde, 0xc1, 0x71, 0x2d, 0x41, 0x32, 0x7a, 0xf3, 0xd1, 0x2b, 0xd8, 0x2a, 0xa6, 0x46, 0x36}} , + {{0xac, 0xcc, 0x6b, 0x7c, 0xf9, 0xb8, 0x8b, 0x08, 0x5c, 0xd0, 0x7d, 0x8f, 0x73, 0xea, 0x20, 0xda, 0x86, 0xca, 0x00, 0xc7, 0xad, 0x73, 0x4d, 0xe9, 0xe8, 0xa9, 0xda, 0x1f, 0x03, 0x06, 0xdd, 0x24}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9c, 0xb2, 0x61, 0x0a, 0x98, 0x2a, 0xa5, 0xd7, 0xee, 0xa9, 0xac, 0x65, 0xcb, 0x0a, 0x1e, 0xe2, 0xbe, 0xdc, 0x85, 0x59, 0x0f, 0x9c, 0xa6, 0x57, 0x34, 0xa5, 0x87, 0xeb, 0x7b, 0x1e, 0x0c, 0x3c}} , + {{0x2f, 0xbd, 0x84, 0x63, 0x0d, 0xb5, 0xa0, 0xf0, 0x4b, 0x9e, 0x93, 0xc6, 0x34, 0x9a, 0x34, 0xff, 0x73, 0x19, 0x2f, 0x6e, 0x54, 0x45, 0x2c, 0x92, 0x31, 0x76, 0x34, 0xf1, 0xb2, 0x26, 0xe8, 0x74}}}, +{{{0x0a, 0x67, 0x90, 0x6d, 0x0c, 0x4c, 0xcc, 0xc0, 0xe6, 0xbd, 0xa7, 0x5e, 0x55, 0x8c, 0xcd, 0x58, 0x9b, 0x11, 0xa2, 0xbb, 0x4b, 0xb1, 0x43, 0x04, 0x3c, 0x55, 0xed, 0x23, 0xfe, 0xcd, 0xb1, 0x53}} , + {{0x05, 0xfb, 0x75, 0xf5, 0x01, 0xaf, 0x38, 0x72, 0x58, 0xfc, 0x04, 0x29, 0x34, 0x7a, 0x67, 0xa2, 0x08, 0x50, 0x6e, 0xd0, 0x2b, 0x73, 0xd5, 0xb8, 0xe4, 0x30, 0x96, 0xad, 0x45, 0xdf, 0xa6, 0x5c}}}, +{{{0x0d, 0x88, 0x1a, 0x90, 0x7e, 0xdc, 0xd8, 0xfe, 0xc1, 0x2f, 0x5d, 0x67, 0xee, 0x67, 0x2f, 0xed, 0x6f, 0x55, 0x43, 0x5f, 0x87, 0x14, 0x35, 0x42, 0xd3, 0x75, 0xae, 0xd5, 0xd3, 0x85, 0x1a, 0x76}} , + {{0x87, 0xc8, 0xa0, 0x6e, 0xe1, 0xb0, 0xad, 0x6a, 0x4a, 0x34, 0x71, 0xed, 0x7c, 0xd6, 0x44, 0x03, 0x65, 0x4a, 0x5c, 0x5c, 0x04, 0xf5, 0x24, 0x3f, 0xb0, 0x16, 0x5e, 0x8c, 0xb2, 0xd2, 0xc5, 0x20}}}, +{{{0x98, 0x83, 0xc2, 0x37, 0xa0, 0x41, 0xa8, 0x48, 0x5c, 0x5f, 0xbf, 0xc8, 0xfa, 0x24, 0xe0, 0x59, 0x2c, 0xbd, 0xf6, 0x81, 0x7e, 0x88, 0xe6, 0xca, 0x04, 0xd8, 0x5d, 0x60, 0xbb, 0x74, 0xa7, 0x0b}} , + {{0x21, 0x13, 0x91, 0xbf, 0x77, 0x7a, 0x33, 0xbc, 0xe9, 0x07, 0x39, 0x0a, 0xdd, 0x7d, 0x06, 0x10, 0x9a, 0xee, 0x47, 0x73, 0x1b, 0x15, 0x5a, 0xfb, 0xcd, 0x4d, 0xd0, 0xd2, 0x3a, 0x01, 0xba, 0x54}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x48, 0xd5, 0x39, 0x4a, 0x0b, 0x20, 0x6a, 0x43, 0xa0, 0x07, 0x82, 0x5e, 0x49, 0x7c, 0xc9, 0x47, 0xf1, 0x7c, 0x37, 0xb9, 0x23, 0xef, 0x6b, 0x46, 0x45, 0x8c, 0x45, 0x76, 0xdf, 0x14, 0x6b, 0x6e}} , + {{0x42, 0xc9, 0xca, 0x29, 0x4c, 0x76, 0x37, 0xda, 0x8a, 0x2d, 0x7c, 0x3a, 0x58, 0xf2, 0x03, 0xb4, 0xb5, 0xb9, 0x1a, 0x13, 0x2d, 0xde, 0x5f, 0x6b, 0x9d, 0xba, 0x52, 0xc9, 0x5d, 0xb3, 0xf3, 0x30}}}, +{{{0x4c, 0x6f, 0xfe, 0x6b, 0x0c, 0x62, 0xd7, 0x48, 0x71, 0xef, 0xb1, 0x85, 0x79, 0xc0, 0xed, 0x24, 0xb1, 0x08, 0x93, 0x76, 0x8e, 0xf7, 0x38, 0x8e, 0xeb, 0xfe, 0x80, 0x40, 0xaf, 0x90, 0x64, 0x49}} , + {{0x4a, 0x88, 0xda, 0xc1, 0x98, 0x44, 0x3c, 0x53, 0x4e, 0xdb, 0x4b, 0xb9, 0x12, 0x5f, 0xcd, 0x08, 0x04, 0xef, 0x75, 0xe7, 0xb1, 0x3a, 0xe5, 0x07, 0xfa, 0xca, 0x65, 0x7b, 0x72, 0x10, 0x64, 0x7f}}}, +{{{0x3d, 0x81, 0xf0, 0xeb, 0x16, 0xfd, 0x58, 0x33, 0x8d, 0x7c, 0x1a, 0xfb, 0x20, 0x2c, 0x8a, 0xee, 0x90, 0xbb, 0x33, 0x6d, 0x45, 0xe9, 0x8e, 0x99, 0x85, 0xe1, 0x08, 0x1f, 0xc5, 0xf1, 0xb5, 0x46}} , + {{0xe4, 0xe7, 0x43, 0x4b, 0xa0, 0x3f, 0x2b, 0x06, 0xba, 0x17, 0xae, 0x3d, 0xe6, 0xce, 0xbd, 0xb8, 0xed, 0x74, 0x11, 0x35, 0xec, 0x96, 0xfe, 0x31, 0xe3, 0x0e, 0x7a, 0x4e, 0xc9, 0x1d, 0xcb, 0x20}}}, +{{{0xe0, 0x67, 0xe9, 0x7b, 0xdb, 0x96, 0x5c, 0xb0, 0x32, 0xd0, 0x59, 0x31, 0x90, 0xdc, 0x92, 0x97, 0xac, 0x09, 0x38, 0x31, 0x0f, 0x7e, 0xd6, 0x5d, 0xd0, 0x06, 0xb6, 0x1f, 0xea, 0xf0, 0x5b, 0x07}} , + {{0x81, 0x9f, 0xc7, 0xde, 0x6b, 0x41, 0x22, 0x35, 0x14, 0x67, 0x77, 0x3e, 0x90, 0x81, 0xb0, 0xd9, 0x85, 0x4c, 0xca, 0x9b, 0x3f, 0x04, 0x59, 0xd6, 0xaa, 0x17, 0xc3, 0x88, 0x34, 0x37, 0xba, 0x43}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x4c, 0xb6, 0x69, 0xc8, 0x81, 0x95, 0x94, 0x33, 0x92, 0x34, 0xe9, 0x3c, 0x84, 0x0d, 0x3d, 0x5a, 0x37, 0x9c, 0x22, 0xa0, 0xaa, 0x65, 0xce, 0xb4, 0xc2, 0x2d, 0x66, 0x67, 0x02, 0xff, 0x74, 0x10}} , + {{0x22, 0xb0, 0xd5, 0xe6, 0xc7, 0xef, 0xb1, 0xa7, 0x13, 0xda, 0x60, 0xb4, 0x80, 0xc1, 0x42, 0x7d, 0x10, 0x70, 0x97, 0x04, 0x4d, 0xda, 0x23, 0x89, 0xc2, 0x0e, 0x68, 0xcb, 0xde, 0xe0, 0x9b, 0x29}}}, +{{{0x33, 0xfe, 0x42, 0x2a, 0x36, 0x2b, 0x2e, 0x36, 0x64, 0x5c, 0x8b, 0xcc, 0x81, 0x6a, 0x15, 0x08, 0xa1, 0x27, 0xe8, 0x57, 0xe5, 0x78, 0x8e, 0xf2, 0x58, 0x19, 0x12, 0x42, 0xae, 0xc4, 0x63, 0x3e}} , + {{0x78, 0x96, 0x9c, 0xa7, 0xca, 0x80, 0xae, 0x02, 0x85, 0xb1, 0x7c, 0x04, 0x5c, 0xc1, 0x5b, 0x26, 0xc1, 0xba, 0xed, 0xa5, 0x59, 0x70, 0x85, 0x8c, 0x8c, 0xe8, 0x87, 0xac, 0x6a, 0x28, 0x99, 0x35}}}, +{{{0x9f, 0x04, 0x08, 0x28, 0xbe, 0x87, 0xda, 0x80, 0x28, 0x38, 0xde, 0x9f, 0xcd, 0xe4, 0xe3, 0x62, 0xfb, 0x2e, 0x46, 0x8d, 0x01, 0xb3, 0x06, 0x51, 0xd4, 0x19, 0x3b, 0x11, 0xfa, 0xe2, 0xad, 0x1e}} , + {{0xa0, 0x20, 0x99, 0x69, 0x0a, 0xae, 0xa3, 0x70, 0x4e, 0x64, 0x80, 0xb7, 0x85, 0x9c, 0x87, 0x54, 0x43, 0x43, 0x55, 0x80, 0x6d, 0x8d, 0x7c, 0xa9, 0x64, 0xca, 0x6c, 0x2e, 0x21, 0xd8, 0xc8, 0x6c}}}, +{{{0x91, 0x4a, 0x07, 0xad, 0x08, 0x75, 0xc1, 0x4f, 0xa4, 0xb2, 0xc3, 0x6f, 0x46, 0x3e, 0xb1, 0xce, 0x52, 0xab, 0x67, 0x09, 0x54, 0x48, 0x6b, 0x6c, 0xd7, 0x1d, 0x71, 0x76, 0xcb, 0xff, 0xdd, 0x31}} , + {{0x36, 0x88, 0xfa, 0xfd, 0xf0, 0x36, 0x6f, 0x07, 0x74, 0x88, 0x50, 0xd0, 0x95, 0x38, 0x4a, 0x48, 0x2e, 0x07, 0x64, 0x97, 0x11, 0x76, 0x01, 0x1a, 0x27, 0x4d, 0x8e, 0x25, 0x9a, 0x9b, 0x1c, 0x22}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xbe, 0x57, 0xbd, 0x0e, 0x0f, 0xac, 0x5e, 0x76, 0xa3, 0x71, 0xad, 0x2b, 0x10, 0x45, 0x02, 0xec, 0x59, 0xd5, 0x5d, 0xa9, 0x44, 0xcc, 0x25, 0x4c, 0xb3, 0x3c, 0x5b, 0x69, 0x07, 0x55, 0x26, 0x6b}} , + {{0x30, 0x6b, 0xd4, 0xa7, 0x51, 0x29, 0xe3, 0xf9, 0x7a, 0x75, 0x2a, 0x82, 0x2f, 0xd6, 0x1d, 0x99, 0x2b, 0x80, 0xd5, 0x67, 0x1e, 0x15, 0x9d, 0xca, 0xfd, 0xeb, 0xac, 0x97, 0x35, 0x09, 0x7f, 0x3f}}}, +{{{0x35, 0x0d, 0x34, 0x0a, 0xb8, 0x67, 0x56, 0x29, 0x20, 0xf3, 0x19, 0x5f, 0xe2, 0x83, 0x42, 0x73, 0x53, 0xa8, 0xc5, 0x02, 0x19, 0x33, 0xb4, 0x64, 0xbd, 0xc3, 0x87, 0x8c, 0xd7, 0x76, 0xed, 0x25}} , + {{0x47, 0x39, 0x37, 0x76, 0x0d, 0x1d, 0x0c, 0xf5, 0x5a, 0x6d, 0x43, 0x88, 0x99, 0x15, 0xb4, 0x52, 0x0f, 0x2a, 0xb3, 0xb0, 0x3f, 0xa6, 0xb3, 0x26, 0xb3, 0xc7, 0x45, 0xf5, 0x92, 0x5f, 0x9b, 0x17}}}, +{{{0x9d, 0x23, 0xbd, 0x15, 0xfe, 0x52, 0x52, 0x15, 0x26, 0x79, 0x86, 0xba, 0x06, 0x56, 0x66, 0xbb, 0x8c, 0x2e, 0x10, 0x11, 0xd5, 0x4a, 0x18, 0x52, 0xda, 0x84, 0x44, 0xf0, 0x3e, 0xe9, 0x8c, 0x35}} , + {{0xad, 0xa0, 0x41, 0xec, 0xc8, 0x4d, 0xb9, 0xd2, 0x6e, 0x96, 0x4e, 0x5b, 0xc5, 0xc2, 0xa0, 0x1b, 0xcf, 0x0c, 0xbf, 0x17, 0x66, 0x57, 0xc1, 0x17, 0x90, 0x45, 0x71, 0xc2, 0xe1, 0x24, 0xeb, 0x27}}}, +{{{0x2c, 0xb9, 0x42, 0xa4, 0xaf, 0x3b, 0x42, 0x0e, 0xc2, 0x0f, 0xf2, 0xea, 0x83, 0xaf, 0x9a, 0x13, 0x17, 0xb0, 0xbd, 0x89, 0x17, 0xe3, 0x72, 0xcb, 0x0e, 0x76, 0x7e, 0x41, 0x63, 0x04, 0x88, 0x71}} , + {{0x75, 0x78, 0x38, 0x86, 0x57, 0xdd, 0x9f, 0xee, 0x54, 0x70, 0x65, 0xbf, 0xf1, 0x2c, 0xe0, 0x39, 0x0d, 0xe3, 0x89, 0xfd, 0x8e, 0x93, 0x4f, 0x43, 0xdc, 0xd5, 0x5b, 0xde, 0xf9, 0x98, 0xe5, 0x7b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xe7, 0x3b, 0x65, 0x11, 0xdf, 0xb2, 0xf2, 0x63, 0x94, 0x12, 0x6f, 0x5c, 0x9e, 0x77, 0xc1, 0xb6, 0xd8, 0xab, 0x58, 0x7a, 0x1d, 0x95, 0x73, 0xdd, 0xe7, 0xe3, 0x6f, 0xf2, 0x03, 0x1d, 0xdb, 0x76}} , + {{0xae, 0x06, 0x4e, 0x2c, 0x52, 0x1b, 0xbc, 0x5a, 0x5a, 0xa5, 0xbe, 0x27, 0xbd, 0xeb, 0xe1, 0x14, 0x17, 0x68, 0x26, 0x07, 0x03, 0xd1, 0x18, 0x0b, 0xdf, 0xf1, 0x06, 0x5c, 0xa6, 0x1b, 0xb9, 0x24}}}, +{{{0xc5, 0x66, 0x80, 0x13, 0x0e, 0x48, 0x8c, 0x87, 0x31, 0x84, 0xb4, 0x60, 0xed, 0xc5, 0xec, 0xb6, 0xc5, 0x05, 0x33, 0x5f, 0x2f, 0x7d, 0x40, 0xb6, 0x32, 0x1d, 0x38, 0x74, 0x1b, 0xf1, 0x09, 0x3d}} , + {{0xd4, 0x69, 0x82, 0xbc, 0x8d, 0xf8, 0x34, 0x36, 0x75, 0x55, 0x18, 0x55, 0x58, 0x3c, 0x79, 0xaf, 0x26, 0x80, 0xab, 0x9b, 0x95, 0x00, 0xf1, 0xcb, 0xda, 0xc1, 0x9f, 0xf6, 0x2f, 0xa2, 0xf4, 0x45}}}, +{{{0x17, 0xbe, 0xeb, 0x85, 0xed, 0x9e, 0xcd, 0x56, 0xf5, 0x17, 0x45, 0x42, 0xb4, 0x1f, 0x44, 0x4c, 0x05, 0x74, 0x15, 0x47, 0x00, 0xc6, 0x6a, 0x3d, 0x24, 0x09, 0x0d, 0x58, 0xb1, 0x42, 0xd7, 0x04}} , + {{0x8d, 0xbd, 0xa3, 0xc4, 0x06, 0x9b, 0x1f, 0x90, 0x58, 0x60, 0x74, 0xb2, 0x00, 0x3b, 0x3c, 0xd2, 0xda, 0x82, 0xbb, 0x10, 0x90, 0x69, 0x92, 0xa9, 0xb4, 0x30, 0x81, 0xe3, 0x7c, 0xa8, 0x89, 0x45}}}, +{{{0x3f, 0xdc, 0x05, 0xcb, 0x41, 0x3c, 0xc8, 0x23, 0x04, 0x2c, 0x38, 0x99, 0xe3, 0x68, 0x55, 0xf9, 0xd3, 0x32, 0xc7, 0xbf, 0xfa, 0xd4, 0x1b, 0x5d, 0xde, 0xdc, 0x10, 0x42, 0xc0, 0x42, 0xd9, 0x75}} , + {{0x2d, 0xab, 0x35, 0x4e, 0x87, 0xc4, 0x65, 0x97, 0x67, 0x24, 0xa4, 0x47, 0xad, 0x3f, 0x8e, 0xf3, 0xcb, 0x31, 0x17, 0x77, 0xc5, 0xe2, 0xd7, 0x8f, 0x3c, 0xc1, 0xcd, 0x56, 0x48, 0xc1, 0x6c, 0x69}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x14, 0xae, 0x5f, 0x88, 0x7b, 0xa5, 0x90, 0xdf, 0x10, 0xb2, 0x8b, 0x5e, 0x24, 0x17, 0xc3, 0xa3, 0xd4, 0x0f, 0x92, 0x61, 0x1a, 0x19, 0x5a, 0xad, 0x76, 0xbd, 0xd8, 0x1c, 0xdd, 0xe0, 0x12, 0x6d}} , + {{0x8e, 0xbd, 0x70, 0x8f, 0x02, 0xa3, 0x24, 0x4d, 0x5a, 0x67, 0xc4, 0xda, 0xf7, 0x20, 0x0f, 0x81, 0x5b, 0x7a, 0x05, 0x24, 0x67, 0x83, 0x0b, 0x2a, 0x80, 0xe7, 0xfd, 0x74, 0x4b, 0x9e, 0x5c, 0x0d}}}, +{{{0x94, 0xd5, 0x5f, 0x1f, 0xa2, 0xfb, 0xeb, 0xe1, 0x07, 0x34, 0xf8, 0x20, 0xad, 0x81, 0x30, 0x06, 0x2d, 0xa1, 0x81, 0x95, 0x36, 0xcf, 0x11, 0x0b, 0xaf, 0xc1, 0x2b, 0x9a, 0x6c, 0x55, 0xc1, 0x16}} , + {{0x36, 0x4f, 0xf1, 0x5e, 0x74, 0x35, 0x13, 0x28, 0xd7, 0x11, 0xcf, 0xb8, 0xde, 0x93, 0xb3, 0x05, 0xb8, 0xb5, 0x73, 0xe9, 0xeb, 0xad, 0x19, 0x1e, 0x89, 0x0f, 0x8b, 0x15, 0xd5, 0x8c, 0xe3, 0x23}}}, +{{{0x33, 0x79, 0xe7, 0x18, 0xe6, 0x0f, 0x57, 0x93, 0x15, 0xa0, 0xa7, 0xaa, 0xc4, 0xbf, 0x4f, 0x30, 0x74, 0x95, 0x5e, 0x69, 0x4a, 0x5b, 0x45, 0xe4, 0x00, 0xeb, 0x23, 0x74, 0x4c, 0xdf, 0x6b, 0x45}} , + {{0x97, 0x29, 0x6c, 0xc4, 0x42, 0x0b, 0xdd, 0xc0, 0x29, 0x5c, 0x9b, 0x34, 0x97, 0xd0, 0xc7, 0x79, 0x80, 0x63, 0x74, 0xe4, 0x8e, 0x37, 0xb0, 0x2b, 0x7c, 0xe8, 0x68, 0x6c, 0xc3, 0x82, 0x97, 0x57}}}, +{{{0x22, 0xbe, 0x83, 0xb6, 0x4b, 0x80, 0x6b, 0x43, 0x24, 0x5e, 0xef, 0x99, 0x9b, 0xa8, 0xfc, 0x25, 0x8d, 0x3b, 0x03, 0x94, 0x2b, 0x3e, 0xe7, 0x95, 0x76, 0x9b, 0xcc, 0x15, 0xdb, 0x32, 0xe6, 0x66}} , + {{0x84, 0xf0, 0x4a, 0x13, 0xa6, 0xd6, 0xfa, 0x93, 0x46, 0x07, 0xf6, 0x7e, 0x5c, 0x6d, 0x5e, 0xf6, 0xa6, 0xe7, 0x48, 0xf0, 0x06, 0xea, 0xff, 0x90, 0xc1, 0xcc, 0x4c, 0x19, 0x9c, 0x3c, 0x4e, 0x53}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2a, 0x50, 0xe3, 0x07, 0x15, 0x59, 0xf2, 0x8b, 0x81, 0xf2, 0xf3, 0xd3, 0x6c, 0x99, 0x8c, 0x70, 0x67, 0xec, 0xcc, 0xee, 0x9e, 0x59, 0x45, 0x59, 0x7d, 0x47, 0x75, 0x69, 0xf5, 0x24, 0x93, 0x5d}} , + {{0x6a, 0x4f, 0x1b, 0xbe, 0x6b, 0x30, 0xcf, 0x75, 0x46, 0xe3, 0x7b, 0x9d, 0xfc, 0xcd, 0xd8, 0x5c, 0x1f, 0xb4, 0xc8, 0xe2, 0x24, 0xec, 0x1a, 0x28, 0x05, 0x32, 0x57, 0xfd, 0x3c, 0x5a, 0x98, 0x10}}}, +{{{0xa3, 0xdb, 0xf7, 0x30, 0xd8, 0xc2, 0x9a, 0xe1, 0xd3, 0xce, 0x22, 0xe5, 0x80, 0x1e, 0xd9, 0xe4, 0x1f, 0xab, 0xc0, 0x71, 0x1a, 0x86, 0x0e, 0x27, 0x99, 0x5b, 0xfa, 0x76, 0x99, 0xb0, 0x08, 0x3c}} , + {{0x2a, 0x93, 0xd2, 0x85, 0x1b, 0x6a, 0x5d, 0xa6, 0xee, 0xd1, 0xd1, 0x33, 0xbd, 0x6a, 0x36, 0x73, 0x37, 0x3a, 0x44, 0xb4, 0xec, 0xa9, 0x7a, 0xde, 0x83, 0x40, 0xd7, 0xdf, 0x28, 0xba, 0xa2, 0x30}}}, +{{{0xd3, 0xb5, 0x6d, 0x05, 0x3f, 0x9f, 0xf3, 0x15, 0x8d, 0x7c, 0xca, 0xc9, 0xfc, 0x8a, 0x7c, 0x94, 0xb0, 0x63, 0x36, 0x9b, 0x78, 0xd1, 0x91, 0x1f, 0x93, 0xd8, 0x57, 0x43, 0xde, 0x76, 0xa3, 0x43}} , + {{0x9b, 0x35, 0xe2, 0xa9, 0x3d, 0x32, 0x1e, 0xbb, 0x16, 0x28, 0x70, 0xe9, 0x45, 0x2f, 0x8f, 0x70, 0x7f, 0x08, 0x7e, 0x53, 0xc4, 0x7a, 0xbf, 0xf7, 0xe1, 0xa4, 0x6a, 0xd8, 0xac, 0x64, 0x1b, 0x11}}}, +{{{0xb2, 0xeb, 0x47, 0x46, 0x18, 0x3e, 0x1f, 0x99, 0x0c, 0xcc, 0xf1, 0x2c, 0xe0, 0xe7, 0x8f, 0xe0, 0x01, 0x7e, 0x65, 0xb8, 0x0c, 0xd0, 0xfb, 0xc8, 0xb9, 0x90, 0x98, 0x33, 0x61, 0x3b, 0xd8, 0x27}} , + {{0xa0, 0xbe, 0x72, 0x3a, 0x50, 0x4b, 0x74, 0xab, 0x01, 0xc8, 0x93, 0xc5, 0xe4, 0xc7, 0x08, 0x6c, 0xb4, 0xca, 0xee, 0xeb, 0x8e, 0xd7, 0x4e, 0x26, 0xc6, 0x1d, 0xe2, 0x71, 0xaf, 0x89, 0xa0, 0x2a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x98, 0x0b, 0xe4, 0xde, 0xdb, 0xa8, 0xfa, 0x82, 0x74, 0x06, 0x52, 0x6d, 0x08, 0x52, 0x8a, 0xff, 0x62, 0xc5, 0x6a, 0x44, 0x0f, 0x51, 0x8c, 0x1f, 0x6e, 0xb6, 0xc6, 0x2c, 0x81, 0xd3, 0x76, 0x46}} , + {{0xf4, 0x29, 0x74, 0x2e, 0x80, 0xa7, 0x1a, 0x8f, 0xf6, 0xbd, 0xd6, 0x8e, 0xbf, 0xc1, 0x95, 0x2a, 0xeb, 0xa0, 0x7f, 0x45, 0xa0, 0x50, 0x14, 0x05, 0xb1, 0x57, 0x4c, 0x74, 0xb7, 0xe2, 0x89, 0x7d}}}, +{{{0x07, 0xee, 0xa7, 0xad, 0xb7, 0x09, 0x0b, 0x49, 0x4e, 0xbf, 0xca, 0xe5, 0x21, 0xe6, 0xe6, 0xaf, 0xd5, 0x67, 0xf3, 0xce, 0x7e, 0x7c, 0x93, 0x7b, 0x5a, 0x10, 0x12, 0x0e, 0x6c, 0x06, 0x11, 0x75}} , + {{0xd5, 0xfc, 0x86, 0xa3, 0x3b, 0xa3, 0x3e, 0x0a, 0xfb, 0x0b, 0xf7, 0x36, 0xb1, 0x5b, 0xda, 0x70, 0xb7, 0x00, 0xa7, 0xda, 0x88, 0x8f, 0x84, 0xa8, 0xbc, 0x1c, 0x39, 0xb8, 0x65, 0xf3, 0x4d, 0x60}}}, +{{{0x96, 0x9d, 0x31, 0xf4, 0xa2, 0xbe, 0x81, 0xb9, 0xa5, 0x59, 0x9e, 0xba, 0x07, 0xbe, 0x74, 0x58, 0xd8, 0xeb, 0xc5, 0x9f, 0x3d, 0xd1, 0xf4, 0xae, 0xce, 0x53, 0xdf, 0x4f, 0xc7, 0x2a, 0x89, 0x4d}} , + {{0x29, 0xd8, 0xf2, 0xaa, 0xe9, 0x0e, 0xf7, 0x2e, 0x5f, 0x9d, 0x8a, 0x5b, 0x09, 0xed, 0xc9, 0x24, 0x22, 0xf4, 0x0f, 0x25, 0x8f, 0x1c, 0x84, 0x6e, 0x34, 0x14, 0x6c, 0xea, 0xb3, 0x86, 0x5d, 0x04}}}, +{{{0x07, 0x98, 0x61, 0xe8, 0x6a, 0xd2, 0x81, 0x49, 0x25, 0xd5, 0x5b, 0x18, 0xc7, 0x35, 0x52, 0x51, 0xa4, 0x46, 0xad, 0x18, 0x0d, 0xc9, 0x5f, 0x18, 0x91, 0x3b, 0xb4, 0xc0, 0x60, 0x59, 0x8d, 0x66}} , + {{0x03, 0x1b, 0x79, 0x53, 0x6e, 0x24, 0xae, 0x57, 0xd9, 0x58, 0x09, 0x85, 0x48, 0xa2, 0xd3, 0xb5, 0xe2, 0x4d, 0x11, 0x82, 0xe6, 0x86, 0x3c, 0xe9, 0xb1, 0x00, 0x19, 0xc2, 0x57, 0xf7, 0x66, 0x7a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0f, 0xe3, 0x89, 0x03, 0xd7, 0x22, 0x95, 0x9f, 0xca, 0xb4, 0x8d, 0x9e, 0x6d, 0x97, 0xff, 0x8d, 0x21, 0x59, 0x07, 0xef, 0x03, 0x2d, 0x5e, 0xf8, 0x44, 0x46, 0xe7, 0x85, 0x80, 0xc5, 0x89, 0x50}} , + {{0x8b, 0xd8, 0x53, 0x86, 0x24, 0x86, 0x29, 0x52, 0x01, 0xfa, 0x20, 0xc3, 0x4e, 0x95, 0xcb, 0xad, 0x7b, 0x34, 0x94, 0x30, 0xb7, 0x7a, 0xfa, 0x96, 0x41, 0x60, 0x2b, 0xcb, 0x59, 0xb9, 0xca, 0x50}}}, +{{{0xc2, 0x5b, 0x9b, 0x78, 0x23, 0x1b, 0x3a, 0x88, 0x94, 0x5f, 0x0a, 0x9b, 0x98, 0x2b, 0x6e, 0x53, 0x11, 0xf6, 0xff, 0xc6, 0x7d, 0x42, 0xcc, 0x02, 0x80, 0x40, 0x0d, 0x1e, 0xfb, 0xaf, 0x61, 0x07}} , + {{0xb0, 0xe6, 0x2f, 0x81, 0x70, 0xa1, 0x2e, 0x39, 0x04, 0x7c, 0xc4, 0x2c, 0x87, 0x45, 0x4a, 0x5b, 0x69, 0x97, 0xac, 0x6d, 0x2c, 0x10, 0x42, 0x7c, 0x3b, 0x15, 0x70, 0x60, 0x0e, 0x11, 0x6d, 0x3a}}}, +{{{0x9b, 0x18, 0x80, 0x5e, 0xdb, 0x05, 0xbd, 0xc6, 0xb7, 0x3c, 0xc2, 0x40, 0x4d, 0x5d, 0xce, 0x97, 0x8a, 0x34, 0x15, 0xab, 0x28, 0x5d, 0x10, 0xf0, 0x37, 0x0c, 0xcc, 0x16, 0xfa, 0x1f, 0x33, 0x0d}} , + {{0x19, 0xf9, 0x35, 0xaa, 0x59, 0x1a, 0x0c, 0x5c, 0x06, 0xfc, 0x6a, 0x0b, 0x97, 0x53, 0x36, 0xfc, 0x2a, 0xa5, 0x5a, 0x9b, 0x30, 0xef, 0x23, 0xaf, 0x39, 0x5d, 0x9a, 0x6b, 0x75, 0x57, 0x48, 0x0b}}}, +{{{0x26, 0xdc, 0x76, 0x3b, 0xfc, 0xf9, 0x9c, 0x3f, 0x89, 0x0b, 0x62, 0x53, 0xaf, 0x83, 0x01, 0x2e, 0xbc, 0x6a, 0xc6, 0x03, 0x0d, 0x75, 0x2a, 0x0d, 0xe6, 0x94, 0x54, 0xcf, 0xb3, 0xe5, 0x96, 0x25}} , + {{0xfe, 0x82, 0xb1, 0x74, 0x31, 0x8a, 0xa7, 0x6f, 0x56, 0xbd, 0x8d, 0xf4, 0xe0, 0x94, 0x51, 0x59, 0xde, 0x2c, 0x5a, 0xf4, 0x84, 0x6b, 0x4a, 0x88, 0x93, 0xc0, 0x0c, 0x9a, 0xac, 0xa7, 0xa0, 0x68}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0x0d, 0xd6, 0xc7, 0x23, 0x47, 0x10, 0xad, 0xc7, 0x08, 0x5c, 0x87, 0x87, 0x93, 0x98, 0x18, 0xb8, 0xd3, 0x9c, 0xac, 0x5a, 0x3d, 0xc5, 0x75, 0xf8, 0x49, 0x32, 0x14, 0xcc, 0x51, 0x96, 0x24}} , + {{0x65, 0x9c, 0x5d, 0xf0, 0x37, 0x04, 0xf0, 0x34, 0x69, 0x2a, 0xf0, 0xa5, 0x64, 0xca, 0xde, 0x2b, 0x5b, 0x15, 0x10, 0xd2, 0xab, 0x06, 0xdd, 0xc4, 0xb0, 0xb6, 0x5b, 0xc1, 0x17, 0xdf, 0x8f, 0x02}}}, +{{{0xbd, 0x59, 0x3d, 0xbf, 0x5c, 0x31, 0x44, 0x2c, 0x32, 0x94, 0x04, 0x60, 0x84, 0x0f, 0xad, 0x00, 0xb6, 0x8f, 0xc9, 0x1d, 0xcc, 0x5c, 0xa2, 0x49, 0x0e, 0x50, 0x91, 0x08, 0x9a, 0x43, 0x55, 0x05}} , + {{0x5d, 0x93, 0x55, 0xdf, 0x9b, 0x12, 0x19, 0xec, 0x93, 0x85, 0x42, 0x9e, 0x66, 0x0f, 0x9d, 0xaf, 0x99, 0xaf, 0x26, 0x89, 0xbc, 0x61, 0xfd, 0xff, 0xce, 0x4b, 0xf4, 0x33, 0x95, 0xc9, 0x35, 0x58}}}, +{{{0x12, 0x55, 0xf9, 0xda, 0xcb, 0x44, 0xa7, 0xdc, 0x57, 0xe2, 0xf9, 0x9a, 0xe6, 0x07, 0x23, 0x60, 0x54, 0xa7, 0x39, 0xa5, 0x9b, 0x84, 0x56, 0x6e, 0xaa, 0x8b, 0x8f, 0xb0, 0x2c, 0x87, 0xaf, 0x67}} , + {{0x00, 0xa9, 0x4c, 0xb2, 0x12, 0xf8, 0x32, 0xa8, 0x7a, 0x00, 0x4b, 0x49, 0x32, 0xba, 0x1f, 0x5d, 0x44, 0x8e, 0x44, 0x7a, 0xdc, 0x11, 0xfb, 0x39, 0x08, 0x57, 0x87, 0xa5, 0x12, 0x42, 0x93, 0x0e}}}, +{{{0x17, 0xb4, 0xae, 0x72, 0x59, 0xd0, 0xaa, 0xa8, 0x16, 0x8b, 0x63, 0x11, 0xb3, 0x43, 0x04, 0xda, 0x0c, 0xa8, 0xb7, 0x68, 0xdd, 0x4e, 0x54, 0xe7, 0xaf, 0x5d, 0x5d, 0x05, 0x76, 0x36, 0xec, 0x0d}} , + {{0x6d, 0x7c, 0x82, 0x32, 0x38, 0x55, 0x57, 0x74, 0x5b, 0x7d, 0xc3, 0xc4, 0xfb, 0x06, 0x29, 0xf0, 0x13, 0x55, 0x54, 0xc6, 0xa7, 0xdc, 0x4c, 0x9f, 0x98, 0x49, 0x20, 0xa8, 0xc3, 0x8d, 0xfa, 0x48}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x87, 0x47, 0x9d, 0xe9, 0x25, 0xd5, 0xe3, 0x47, 0x78, 0xdf, 0x85, 0xa7, 0x85, 0x5e, 0x7a, 0x4c, 0x5f, 0x79, 0x1a, 0xf3, 0xa2, 0xb2, 0x28, 0xa0, 0x9c, 0xdd, 0x30, 0x40, 0xd4, 0x38, 0xbd, 0x28}} , + {{0xfc, 0xbb, 0xd5, 0x78, 0x6d, 0x1d, 0xd4, 0x99, 0xb4, 0xaa, 0x44, 0x44, 0x7a, 0x1b, 0xd8, 0xfe, 0xb4, 0x99, 0xb9, 0xcc, 0xe7, 0xc4, 0xd3, 0x3a, 0x73, 0x83, 0x41, 0x5c, 0x40, 0xd7, 0x2d, 0x55}}}, +{{{0x26, 0xe1, 0x7b, 0x5f, 0xe5, 0xdc, 0x3f, 0x7d, 0xa1, 0xa7, 0x26, 0x44, 0x22, 0x23, 0xc0, 0x8f, 0x7d, 0xf1, 0xb5, 0x11, 0x47, 0x7b, 0x19, 0xd4, 0x75, 0x6f, 0x1e, 0xa5, 0x27, 0xfe, 0xc8, 0x0e}} , + {{0xd3, 0x11, 0x3d, 0xab, 0xef, 0x2c, 0xed, 0xb1, 0x3d, 0x7c, 0x32, 0x81, 0x6b, 0xfe, 0xf8, 0x1c, 0x3c, 0x7b, 0xc0, 0x61, 0xdf, 0xb8, 0x75, 0x76, 0x7f, 0xaa, 0xd8, 0x93, 0xaf, 0x3d, 0xe8, 0x3d}}}, +{{{0xfd, 0x5b, 0x4e, 0x8d, 0xb6, 0x7e, 0x82, 0x9b, 0xef, 0xce, 0x04, 0x69, 0x51, 0x52, 0xff, 0xef, 0xa0, 0x52, 0xb5, 0x79, 0x17, 0x5e, 0x2f, 0xde, 0xd6, 0x3c, 0x2d, 0xa0, 0x43, 0xb4, 0x0b, 0x19}} , + {{0xc0, 0x61, 0x48, 0x48, 0x17, 0xf4, 0x9e, 0x18, 0x51, 0x2d, 0xea, 0x2f, 0xf2, 0xf2, 0xe0, 0xa3, 0x14, 0xb7, 0x8b, 0x3a, 0x30, 0xf5, 0x81, 0xc1, 0x5d, 0x71, 0x39, 0x62, 0x55, 0x1f, 0x60, 0x5a}}}, +{{{0xe5, 0x89, 0x8a, 0x76, 0x6c, 0xdb, 0x4d, 0x0a, 0x5b, 0x72, 0x9d, 0x59, 0x6e, 0x63, 0x63, 0x18, 0x7c, 0xe3, 0xfa, 0xe2, 0xdb, 0xa1, 0x8d, 0xf4, 0xa5, 0xd7, 0x16, 0xb2, 0xd0, 0xb3, 0x3f, 0x39}} , + {{0xce, 0x60, 0x09, 0x6c, 0xf5, 0x76, 0x17, 0x24, 0x80, 0x3a, 0x96, 0xc7, 0x94, 0x2e, 0xf7, 0x6b, 0xef, 0xb5, 0x05, 0x96, 0xef, 0xd3, 0x7b, 0x51, 0xda, 0x05, 0x44, 0x67, 0xbc, 0x07, 0x21, 0x4e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xe9, 0x73, 0x6f, 0x21, 0xb9, 0xde, 0x22, 0x7d, 0xeb, 0x97, 0x31, 0x10, 0xa3, 0xea, 0xe1, 0xc6, 0x37, 0xeb, 0x8f, 0x43, 0x58, 0xde, 0x41, 0x64, 0x0e, 0x3e, 0x07, 0x99, 0x3d, 0xf1, 0xdf, 0x1e}} , + {{0xf8, 0xad, 0x43, 0xc2, 0x17, 0x06, 0xe2, 0xe4, 0xa9, 0x86, 0xcd, 0x18, 0xd7, 0x78, 0xc8, 0x74, 0x66, 0xd2, 0x09, 0x18, 0xa5, 0xf1, 0xca, 0xa6, 0x62, 0x92, 0xc1, 0xcb, 0x00, 0xeb, 0x42, 0x2e}}}, +{{{0x7b, 0x34, 0x24, 0x4c, 0xcf, 0x38, 0xe5, 0x6c, 0x0a, 0x01, 0x2c, 0x22, 0x0b, 0x24, 0x38, 0xad, 0x24, 0x7e, 0x19, 0xf0, 0x6c, 0xf9, 0x31, 0xf4, 0x35, 0x11, 0xf6, 0x46, 0x33, 0x3a, 0x23, 0x59}} , + {{0x20, 0x0b, 0xa1, 0x08, 0x19, 0xad, 0x39, 0x54, 0xea, 0x3e, 0x23, 0x09, 0xb6, 0xe2, 0xd2, 0xbc, 0x4d, 0xfc, 0x9c, 0xf0, 0x13, 0x16, 0x22, 0x3f, 0xb9, 0xd2, 0x11, 0x86, 0x90, 0x55, 0xce, 0x3c}}}, +{{{0xc4, 0x0b, 0x4b, 0x62, 0x99, 0x37, 0x84, 0x3f, 0x74, 0xa2, 0xf9, 0xce, 0xe2, 0x0b, 0x0f, 0x2a, 0x3d, 0xa3, 0xe3, 0xdb, 0x5a, 0x9d, 0x93, 0xcc, 0xa5, 0xef, 0x82, 0x91, 0x1d, 0xe6, 0x6c, 0x68}} , + {{0xa3, 0x64, 0x17, 0x9b, 0x8b, 0xc8, 0x3a, 0x61, 0xe6, 0x9d, 0xc6, 0xed, 0x7b, 0x03, 0x52, 0x26, 0x9d, 0x3a, 0xb3, 0x13, 0xcc, 0x8a, 0xfd, 0x2c, 0x1a, 0x1d, 0xed, 0x13, 0xd0, 0x55, 0x57, 0x0e}}}, +{{{0x1a, 0xea, 0xbf, 0xfd, 0x4a, 0x3c, 0x8e, 0xec, 0x29, 0x7e, 0x77, 0x77, 0x12, 0x99, 0xd7, 0x84, 0xf9, 0x55, 0x7f, 0xf1, 0x8b, 0xb4, 0xd2, 0x95, 0xa3, 0x8d, 0xf0, 0x8a, 0xa7, 0xeb, 0x82, 0x4b}} , + {{0x2c, 0x28, 0xf4, 0x3a, 0xf6, 0xde, 0x0a, 0xe0, 0x41, 0x44, 0x23, 0xf8, 0x3f, 0x03, 0x64, 0x9f, 0xc3, 0x55, 0x4c, 0xc6, 0xc1, 0x94, 0x1c, 0x24, 0x5d, 0x5f, 0x92, 0x45, 0x96, 0x57, 0x37, 0x14}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc1, 0xcd, 0x90, 0x66, 0xb9, 0x76, 0xa0, 0x5b, 0xa5, 0x85, 0x75, 0x23, 0xf9, 0x89, 0xa5, 0x82, 0xb2, 0x6f, 0xb1, 0xeb, 0xc4, 0x69, 0x6f, 0x18, 0x5a, 0xed, 0x94, 0x3d, 0x9d, 0xd9, 0x2c, 0x1a}} , + {{0x35, 0xb0, 0xe6, 0x73, 0x06, 0xb7, 0x37, 0xe0, 0xf8, 0xb0, 0x22, 0xe8, 0xd2, 0xed, 0x0b, 0xef, 0xe6, 0xc6, 0x5a, 0x99, 0x9e, 0x1a, 0x9f, 0x04, 0x97, 0xe4, 0x4d, 0x0b, 0xbe, 0xba, 0x44, 0x40}}}, +{{{0xc1, 0x56, 0x96, 0x91, 0x5f, 0x1f, 0xbb, 0x54, 0x6f, 0x88, 0x89, 0x0a, 0xb2, 0xd6, 0x41, 0x42, 0x6a, 0x82, 0xee, 0x14, 0xaa, 0x76, 0x30, 0x65, 0x0f, 0x67, 0x39, 0xa6, 0x51, 0x7c, 0x49, 0x24}} , + {{0x35, 0xa3, 0x78, 0xd1, 0x11, 0x0f, 0x75, 0xd3, 0x70, 0x46, 0xdb, 0x20, 0x51, 0xcb, 0x92, 0x80, 0x54, 0x10, 0x74, 0x36, 0x86, 0xa9, 0xd7, 0xa3, 0x08, 0x78, 0xf1, 0x01, 0x29, 0xf8, 0x80, 0x3b}}}, +{{{0xdb, 0xa7, 0x9d, 0x9d, 0xbf, 0xa0, 0xcc, 0xed, 0x53, 0xa2, 0xa2, 0x19, 0x39, 0x48, 0x83, 0x19, 0x37, 0x58, 0xd1, 0x04, 0x28, 0x40, 0xf7, 0x8a, 0xc2, 0x08, 0xb7, 0xa5, 0x42, 0xcf, 0x53, 0x4c}} , + {{0xa7, 0xbb, 0xf6, 0x8e, 0xad, 0xdd, 0xf7, 0x90, 0xdd, 0x5f, 0x93, 0x89, 0xae, 0x04, 0x37, 0xe6, 0x9a, 0xb7, 0xe8, 0xc0, 0xdf, 0x16, 0x2a, 0xbf, 0xc4, 0x3a, 0x3c, 0x41, 0xd5, 0x89, 0x72, 0x5a}}}, +{{{0x1f, 0x96, 0xff, 0x34, 0x2c, 0x13, 0x21, 0xcb, 0x0a, 0x89, 0x85, 0xbe, 0xb3, 0x70, 0x9e, 0x1e, 0xde, 0x97, 0xaf, 0x96, 0x30, 0xf7, 0x48, 0x89, 0x40, 0x8d, 0x07, 0xf1, 0x25, 0xf0, 0x30, 0x58}} , + {{0x1e, 0xd4, 0x93, 0x57, 0xe2, 0x17, 0xe7, 0x9d, 0xab, 0x3c, 0x55, 0x03, 0x82, 0x2f, 0x2b, 0xdb, 0x56, 0x1e, 0x30, 0x2e, 0x24, 0x47, 0x6e, 0xe6, 0xff, 0x33, 0x24, 0x2c, 0x75, 0x51, 0xd4, 0x67}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2b, 0x06, 0xd9, 0xa1, 0x5d, 0xe1, 0xf4, 0xd1, 0x1e, 0x3c, 0x9a, 0xc6, 0x29, 0x2b, 0x13, 0x13, 0x78, 0xc0, 0xd8, 0x16, 0x17, 0x2d, 0x9e, 0xa9, 0xc9, 0x79, 0x57, 0xab, 0x24, 0x91, 0x92, 0x19}} , + {{0x69, 0xfb, 0xa1, 0x9c, 0xa6, 0x75, 0x49, 0x7d, 0x60, 0x73, 0x40, 0x42, 0xc4, 0x13, 0x0a, 0x95, 0x79, 0x1e, 0x04, 0x83, 0x94, 0x99, 0x9b, 0x1e, 0x0c, 0xe8, 0x1f, 0x54, 0xef, 0xcb, 0xc0, 0x52}}}, +{{{0x14, 0x89, 0x73, 0xa1, 0x37, 0x87, 0x6a, 0x7a, 0xcf, 0x1d, 0xd9, 0x2e, 0x1a, 0x67, 0xed, 0x74, 0xc0, 0xf0, 0x9c, 0x33, 0xdd, 0xdf, 0x08, 0xbf, 0x7b, 0xd1, 0x66, 0xda, 0xe6, 0xc9, 0x49, 0x08}} , + {{0xe9, 0xdd, 0x5e, 0x55, 0xb0, 0x0a, 0xde, 0x21, 0x4c, 0x5a, 0x2e, 0xd4, 0x80, 0x3a, 0x57, 0x92, 0x7a, 0xf1, 0xc4, 0x2c, 0x40, 0xaf, 0x2f, 0xc9, 0x92, 0x03, 0xe5, 0x5a, 0xbc, 0xdc, 0xf4, 0x09}}}, +{{{0xf3, 0xe1, 0x2b, 0x7c, 0x05, 0x86, 0x80, 0x93, 0x4a, 0xad, 0xb4, 0x8f, 0x7e, 0x99, 0x0c, 0xfd, 0xcd, 0xef, 0xd1, 0xff, 0x2c, 0x69, 0x34, 0x13, 0x41, 0x64, 0xcf, 0x3b, 0xd0, 0x90, 0x09, 0x1e}} , + {{0x9d, 0x45, 0xd6, 0x80, 0xe6, 0x45, 0xaa, 0xf4, 0x15, 0xaa, 0x5c, 0x34, 0x87, 0x99, 0xa2, 0x8c, 0x26, 0x84, 0x62, 0x7d, 0xb6, 0x29, 0xc0, 0x52, 0xea, 0xf5, 0x81, 0x18, 0x0f, 0x35, 0xa9, 0x0e}}}, +{{{0xe7, 0x20, 0x72, 0x7c, 0x6d, 0x94, 0x5f, 0x52, 0x44, 0x54, 0xe3, 0xf1, 0xb2, 0xb0, 0x36, 0x46, 0x0f, 0xae, 0x92, 0xe8, 0x70, 0x9d, 0x6e, 0x79, 0xb1, 0xad, 0x37, 0xa9, 0x5f, 0xc0, 0xde, 0x03}} , + {{0x15, 0x55, 0x37, 0xc6, 0x1c, 0x27, 0x1c, 0x6d, 0x14, 0x4f, 0xca, 0xa4, 0xc4, 0x88, 0x25, 0x46, 0x39, 0xfc, 0x5a, 0xe5, 0xfe, 0x29, 0x11, 0x69, 0xf5, 0x72, 0x84, 0x4d, 0x78, 0x9f, 0x94, 0x15}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xec, 0xd3, 0xff, 0x57, 0x0b, 0xb0, 0xb2, 0xdc, 0xf8, 0x4f, 0xe2, 0x12, 0xd5, 0x36, 0xbe, 0x6b, 0x09, 0x43, 0x6d, 0xa3, 0x4d, 0x90, 0x2d, 0xb8, 0x74, 0xe8, 0x71, 0x45, 0x19, 0x8b, 0x0c, 0x6a}} , + {{0xb8, 0x42, 0x1c, 0x03, 0xad, 0x2c, 0x03, 0x8e, 0xac, 0xd7, 0x98, 0x29, 0x13, 0xc6, 0x02, 0x29, 0xb5, 0xd4, 0xe7, 0xcf, 0xcc, 0x8b, 0x83, 0xec, 0x35, 0xc7, 0x9c, 0x74, 0xb7, 0xad, 0x85, 0x5f}}}, +{{{0x78, 0x84, 0xe1, 0x56, 0x45, 0x69, 0x68, 0x5a, 0x4f, 0xb8, 0xb1, 0x29, 0xff, 0x33, 0x03, 0x31, 0xb7, 0xcb, 0x96, 0x25, 0xe6, 0xe6, 0x41, 0x98, 0x1a, 0xbb, 0x03, 0x56, 0xf2, 0xb2, 0x91, 0x34}} , + {{0x2c, 0x6c, 0xf7, 0x66, 0xa4, 0x62, 0x6b, 0x39, 0xb3, 0xba, 0x65, 0xd3, 0x1c, 0xf8, 0x11, 0xaa, 0xbe, 0xdc, 0x80, 0x59, 0x87, 0xf5, 0x7b, 0xe5, 0xe3, 0xb3, 0x3e, 0x39, 0xda, 0xbe, 0x88, 0x09}}}, +{{{0x8b, 0xf1, 0xa0, 0xf5, 0xdc, 0x29, 0xb4, 0xe2, 0x07, 0xc6, 0x7a, 0x00, 0xd0, 0x89, 0x17, 0x51, 0xd4, 0xbb, 0xd4, 0x22, 0xea, 0x7e, 0x7d, 0x7c, 0x24, 0xea, 0xf2, 0xe8, 0x22, 0x12, 0x95, 0x06}} , + {{0xda, 0x7c, 0xa4, 0x0c, 0xf4, 0xba, 0x6e, 0xe1, 0x89, 0xb5, 0x59, 0xca, 0xf1, 0xc0, 0x29, 0x36, 0x09, 0x44, 0xe2, 0x7f, 0xd1, 0x63, 0x15, 0x99, 0xea, 0x25, 0xcf, 0x0c, 0x9d, 0xc0, 0x44, 0x6f}}}, +{{{0x1d, 0x86, 0x4e, 0xcf, 0xf7, 0x37, 0x10, 0x25, 0x8f, 0x12, 0xfb, 0x19, 0xfb, 0xe0, 0xed, 0x10, 0xc8, 0xe2, 0xf5, 0x75, 0xb1, 0x33, 0xc0, 0x96, 0x0d, 0xfb, 0x15, 0x6c, 0x0d, 0x07, 0x5f, 0x05}} , + {{0x69, 0x3e, 0x47, 0x97, 0x2c, 0xaf, 0x52, 0x7c, 0x78, 0x83, 0xad, 0x1b, 0x39, 0x82, 0x2f, 0x02, 0x6f, 0x47, 0xdb, 0x2a, 0xb0, 0xe1, 0x91, 0x99, 0x55, 0xb8, 0x99, 0x3a, 0xa0, 0x44, 0x11, 0x51}}} diff --git a/include/DomainExec/opensshlib/getopt.h b/include/DomainExec/opensshlib/getopt.h new file mode 100644 index 00000000..8eb12447 --- /dev/null +++ b/include/DomainExec/opensshlib/getopt.h @@ -0,0 +1,74 @@ +/* $OpenBSD: getopt.h,v 1.2 2008/06/26 05:42:04 ray Exp $ */ +/* $NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $ */ + +/*- + * Copyright (c) 2000 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Dieter Baron and Thomas Klausner. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _GETOPT_H_ +#define _GETOPT_H_ + +/* + * GNU-like getopt_long() and 4.4BSD getsubopt()/optreset extensions + */ +#define no_argument 0 +#define required_argument 1 +#define optional_argument 2 + +struct option { + /* name of long option */ + const char *name; + /* + * one of no_argument, required_argument, and optional_argument: + * whether option takes an argument + */ + int has_arg; + /* if not NULL, set *flag to val when option found */ + int *flag; + /* if flag not NULL, value to set *flag to; else return value */ + int val; +}; + +int getopt_long(int, char * const *, const char *, + const struct option *, int *); +int getopt_long_only(int, char * const *, const char *, + const struct option *, int *); +#ifndef _GETOPT_DEFINED_ +#define _GETOPT_DEFINED_ +int getopt(int, char * const *, const char *); +int getsubopt(char **, char * const *, char **); + +extern char *optarg; /* getopt(3) external variables */ +extern int opterr; +extern int optind; +extern int optopt; +extern int optreset; +extern char *suboptarg; /* getsubopt(3) external variable */ +#endif + +#endif /* !_GETOPT_H_ */ diff --git a/include/DomainExec/opensshlib/getrrsetbyname.h b/include/DomainExec/opensshlib/getrrsetbyname.h new file mode 100644 index 00000000..3773bac3 --- /dev/null +++ b/include/DomainExec/opensshlib/getrrsetbyname.h @@ -0,0 +1,112 @@ +/* OPENBSD BASED ON : include/netdb.h */ + +/* $OpenBSD: getrrsetbyname.c,v 1.4 2001/08/16 18:16:43 ho Exp $ */ + +/* + * Copyright (c) 2001 Jakob Schlyter. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Portions Copyright (c) 1999-2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _GETRRSETBYNAME_H +#define _GETRRSETBYNAME_H + +#include "includes.h" + +#ifndef HAVE_GETRRSETBYNAME + +#ifndef WIN32 +#include +#include +#include +#include +#include +#endif + +#ifndef HFIXEDSZ +#define HFIXEDSZ 12 +#endif + +#ifndef T_RRSIG +#define T_RRSIG 46 +#endif + +/* + * Flags for getrrsetbyname() + */ +#ifndef RRSET_VALIDATED +# define RRSET_VALIDATED 1 +#endif + +/* + * Return codes for getrrsetbyname() + */ +#ifndef ERRSET_SUCCESS +# define ERRSET_SUCCESS 0 +# define ERRSET_NOMEMORY 1 +# define ERRSET_FAIL 2 +# define ERRSET_INVAL 3 +# define ERRSET_NONAME 4 +# define ERRSET_NODATA 5 +#endif + +struct rdatainfo { + unsigned int rdi_length; /* length of data */ + unsigned char *rdi_data; /* record data */ +}; + +struct rrsetinfo { + unsigned int rri_flags; /* RRSET_VALIDATED ... */ + unsigned int rri_rdclass; /* class number */ + unsigned int rri_rdtype; /* RR type number */ + unsigned int rri_ttl; /* time to live */ + unsigned int rri_nrdatas; /* size of rdatas array */ + unsigned int rri_nsigs; /* size of sigs array */ + char *rri_name; /* canonical name */ + struct rdatainfo *rri_rdatas; /* individual records */ + struct rdatainfo *rri_sigs; /* individual signatures */ +}; + +int getrrsetbyname(const char *, unsigned int, unsigned int, unsigned int, struct rrsetinfo **); +void freerrset(struct rrsetinfo *); + +#endif /* !defined(HAVE_GETRRSETBYNAME) */ + +#endif /* _GETRRSETBYNAME_H */ diff --git a/include/DomainExec/opensshlib/glob.h b/include/DomainExec/opensshlib/glob.h new file mode 100644 index 00000000..f8a7fa5f --- /dev/null +++ b/include/DomainExec/opensshlib/glob.h @@ -0,0 +1,103 @@ +/* $OpenBSD: glob.h,v 1.11 2010/09/24 13:32:55 djm Exp $ */ +/* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ + +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Guido van Rossum. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)glob.h 8.1 (Berkeley) 6/2/93 + */ + +/* OPENBSD ORIGINAL: include/glob.h */ + +#if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \ + !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) || \ + !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ + defined(BROKEN_GLOB) + +#ifndef _GLOB_H_ +#define _GLOB_H_ + +#include + +struct stat; +typedef struct { + int gl_pathc; /* Count of total paths so far. */ + int gl_matchc; /* Count of paths matching pattern. */ + int gl_offs; /* Reserved at beginning of gl_pathv. */ + int gl_flags; /* Copy of flags parameter to glob. */ + char **gl_pathv; /* List of paths matching pattern. */ + struct stat **gl_statv; /* Stat entries corresponding to gl_pathv */ + /* Copy of errfunc parameter to glob. */ + int (*gl_errfunc)(const char *, int); + + /* + * Alternate filesystem access methods for glob; replacement + * versions of closedir(3), readdir(3), opendir(3), stat(2) + * and lstat(2). + */ + void (*gl_closedir)(void *); + struct dirent *(*gl_readdir)(void *); + void *(*gl_opendir)(const char *); + int (*gl_lstat)(const char *, struct stat *); + int (*gl_stat)(const char *, struct stat *); +} glob_t; + +#define GLOB_APPEND 0x0001 /* Append to output from previous call. */ +#define GLOB_DOOFFS 0x0002 /* Use gl_offs. */ +#define GLOB_ERR 0x0004 /* Return on error. */ +#define GLOB_MARK 0x0008 /* Append / to matching directories. */ +#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */ +#define GLOB_NOSORT 0x0020 /* Don't sort. */ +#define GLOB_NOESCAPE 0x1000 /* Disable backslash escaping. */ + +#define GLOB_NOSPACE (-1) /* Malloc call failed. */ +#define GLOB_ABORTED (-2) /* Unignored error. */ +#define GLOB_NOMATCH (-3) /* No match and GLOB_NOCHECK not set. */ +#define GLOB_NOSYS (-4) /* Function not supported. */ + +#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */ +#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */ +#define GLOB_MAGCHAR 0x0100 /* Pattern had globbing characters. */ +#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */ +#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */ +#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */ +#define GLOB_LIMIT 0x2000 /* Limit pattern match output to ARG_MAX */ +#define GLOB_KEEPSTAT 0x4000 /* Retain stat data for paths in gl_statv. */ +#define GLOB_ABEND GLOB_ABORTED /* backward compatibility */ + +int glob(const char *, int, int (*)(const char *, int), glob_t *); +void globfree(glob_t *); + +#endif /* !_GLOB_H_ */ + +#endif /* !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || + !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOH_HAS_GL_STATV) */ + diff --git a/include/DomainExec/opensshlib/hash.c b/include/DomainExec/opensshlib/hash.c new file mode 100644 index 00000000..734c6bee --- /dev/null +++ b/include/DomainExec/opensshlib/hash.c @@ -0,0 +1,76 @@ +/* $OpenBSD: hash.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* Copied from nacl-20110221/crypto_hash/sha512/ref/hash.c */ + +/* +20080913 +D. J. Bernstein +Public domain. +*/ + +#include "includes.h" + +#include "crypto_api.h" + +#define blocks crypto_hashblocks_sha512 + +static const unsigned char iv[64] = { + 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, + 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, + 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, + 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, + 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, + 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, + 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, + 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 +} ; + +typedef unsigned long long uint64; + +int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen) +{ + unsigned char h[64]; + unsigned char padded[256]; + unsigned int i; + unsigned long long bytes = inlen; + + for (i = 0;i < 64;++i) h[i] = iv[i]; + + blocks(h,in,inlen); + in += inlen; + inlen &= 127; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 112) { + for (i = inlen + 1;i < 119;++i) padded[i] = 0; + padded[119] = bytes >> 61; + padded[120] = bytes >> 53; + padded[121] = bytes >> 45; + padded[122] = bytes >> 37; + padded[123] = bytes >> 29; + padded[124] = bytes >> 21; + padded[125] = bytes >> 13; + padded[126] = bytes >> 5; + padded[127] = bytes << 3; + blocks(h,padded,128); + } else { + for (i = inlen + 1;i < 247;++i) padded[i] = 0; + padded[247] = bytes >> 61; + padded[248] = bytes >> 53; + padded[249] = bytes >> 45; + padded[250] = bytes >> 37; + padded[251] = bytes >> 29; + padded[252] = bytes >> 21; + padded[253] = bytes >> 13; + padded[254] = bytes >> 5; + padded[255] = bytes << 3; + blocks(h,padded,256); + } + + for (i = 0;i < 64;++i) out[i] = h[i]; + + return 0; +} diff --git a/include/DomainExec/opensshlib/hmac.c b/include/DomainExec/opensshlib/hmac.c new file mode 100644 index 00000000..1c879640 --- /dev/null +++ b/include/DomainExec/opensshlib/hmac.c @@ -0,0 +1,197 @@ +/* $OpenBSD: hmac.c,v 1.12 2015/03/24 20:03:44 markus Exp $ */ +/* + * Copyright (c) 2014 Markus Friedl. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include + +#include "sshbuf.h" +#include "digest.h" +#include "hmac.h" + +struct ssh_hmac_ctx { + int alg; + struct ssh_digest_ctx *ictx; + struct ssh_digest_ctx *octx; + struct ssh_digest_ctx *digest; + u_char *buf; + size_t buf_len; +}; + +size_t +ssh_hmac_bytes(int alg) +{ + return ssh_digest_bytes(alg); +} + +struct ssh_hmac_ctx * +ssh_hmac_start(int alg) +{ + struct ssh_hmac_ctx *ret; + + if ((ret = calloc(1, sizeof(*ret))) == NULL) + return NULL; + ret->alg = alg; + if ((ret->ictx = ssh_digest_start(alg)) == NULL || + (ret->octx = ssh_digest_start(alg)) == NULL || + (ret->digest = ssh_digest_start(alg)) == NULL) + goto fail; + ret->buf_len = ssh_digest_blocksize(ret->ictx); + if ((ret->buf = calloc(1, ret->buf_len)) == NULL) + goto fail; + return ret; +fail: + ssh_hmac_free(ret); + return NULL; +} + +int +ssh_hmac_init(struct ssh_hmac_ctx *ctx, const void *key, size_t klen) +{ + size_t i; + + /* reset ictx and octx if no is key given */ + if (key != NULL) { + /* truncate long keys */ + if (klen <= ctx->buf_len) + memcpy(ctx->buf, key, klen); + else if (ssh_digest_memory(ctx->alg, key, klen, ctx->buf, + ctx->buf_len) < 0) + return -1; + for (i = 0; i < ctx->buf_len; i++) + ctx->buf[i] ^= 0x36; + if (ssh_digest_update(ctx->ictx, ctx->buf, ctx->buf_len) < 0) + return -1; + for (i = 0; i < ctx->buf_len; i++) + ctx->buf[i] ^= 0x36 ^ 0x5c; + if (ssh_digest_update(ctx->octx, ctx->buf, ctx->buf_len) < 0) + return -1; + explicit_bzero(ctx->buf, ctx->buf_len); + } + /* start with ictx */ + if (ssh_digest_copy_state(ctx->ictx, ctx->digest) < 0) + return -1; + return 0; +} + +int +ssh_hmac_update(struct ssh_hmac_ctx *ctx, const void *m, size_t mlen) +{ + return ssh_digest_update(ctx->digest, m, mlen); +} + +int +ssh_hmac_update_buffer(struct ssh_hmac_ctx *ctx, const struct sshbuf *b) +{ + return ssh_digest_update_buffer(ctx->digest, b); +} + +int +ssh_hmac_final(struct ssh_hmac_ctx *ctx, u_char *d, size_t dlen) +{ + size_t len; + + len = ssh_digest_bytes(ctx->alg); + if (dlen < len || + ssh_digest_final(ctx->digest, ctx->buf, len)) + return -1; + /* switch to octx */ + if (ssh_digest_copy_state(ctx->octx, ctx->digest) < 0 || + ssh_digest_update(ctx->digest, ctx->buf, len) < 0 || + ssh_digest_final(ctx->digest, d, dlen) < 0) + return -1; + return 0; +} + +void +ssh_hmac_free(struct ssh_hmac_ctx *ctx) +{ + if (ctx != NULL) { + ssh_digest_free(ctx->ictx); + ssh_digest_free(ctx->octx); + ssh_digest_free(ctx->digest); + if (ctx->buf) { + explicit_bzero(ctx->buf, ctx->buf_len); + free(ctx->buf); + } + explicit_bzero(ctx, sizeof(*ctx)); + free(ctx); + } +} + +#ifdef TEST + +/* cc -DTEST hmac.c digest.c buffer.c cleanup.c fatal.c log.c xmalloc.c -lcrypto */ +static void +hmac_test(void *key, size_t klen, void *m, size_t mlen, u_char *e, size_t elen) +{ + struct ssh_hmac_ctx *ctx; + size_t i; + u_char digest[16]; + + if ((ctx = ssh_hmac_start(SSH_DIGEST_MD5)) == NULL) + printf("ssh_hmac_start failed"); + if (ssh_hmac_init(ctx, key, klen) < 0 || + ssh_hmac_update(ctx, m, mlen) < 0 || + ssh_hmac_final(ctx, digest, sizeof(digest)) < 0) + printf("ssh_hmac_xxx failed"); + ssh_hmac_free(ctx); + + if (memcmp(e, digest, elen)) { + for (i = 0; i < elen; i++) + printf("[%zu] %2.2x %2.2x\n", i, e[i], digest[i]); + printf("mismatch\n"); + } else + printf("ok\n"); +} + +int +main(int argc, char **argv) +{ + /* try test vectors from RFC 2104 */ + + u_char key1[16] = { + 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, + 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb }; + u_char *data1 = "Hi There"; + u_char dig1[16] = { + 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c, + 0x13, 0xf4, 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d }; + + u_char *key2 = "Jefe"; + u_char *data2 = "what do ya want for nothing?"; + u_char dig2[16] = { + 0x75, 0x0c, 0x78, 0x3e, 0x6a, 0xb0, 0xb5, 0x03, + 0xea, 0xa8, 0x6e, 0x31, 0x0a, 0x5d, 0xb7, 0x38 }; + + u_char key3[16]; + u_char data3[50]; + u_char dig3[16] = { + 0x56, 0xbe, 0x34, 0x52, 0x1d, 0x14, 0x4c, 0x88, + 0xdb, 0xb8, 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6 }; + memset(key3, 0xaa, sizeof(key3)); + memset(data3, 0xdd, sizeof(data3)); + + hmac_test(key1, sizeof(key1), data1, strlen(data1), dig1, sizeof(dig1)); + hmac_test(key2, strlen(key2), data2, strlen(data2), dig2, sizeof(dig2)); + hmac_test(key3, sizeof(key3), data3, sizeof(data3), dig3, sizeof(dig3)); + + return 0; +} + +#endif diff --git a/include/DomainExec/opensshlib/hmac.h b/include/DomainExec/opensshlib/hmac.h new file mode 100644 index 00000000..42b33d00 --- /dev/null +++ b/include/DomainExec/opensshlib/hmac.h @@ -0,0 +1,38 @@ +/* $OpenBSD: hmac.h,v 1.9 2014/06/24 01:13:21 djm Exp $ */ +/* + * Copyright (c) 2014 Markus Friedl. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _HMAC_H +#define _HMAC_H + +/* Returns the algorithm's digest length in bytes or 0 for invalid algorithm */ +size_t ssh_hmac_bytes(int alg); + +struct sshbuf; +struct ssh_hmac_ctx; +struct ssh_hmac_ctx *ssh_hmac_start(int alg); + +/* Sets the state of the HMAC or resets the state if key == NULL */ +int ssh_hmac_init(struct ssh_hmac_ctx *ctx, const void *key, size_t klen) + __attribute__((__bounded__(__buffer__, 2, 3))); +int ssh_hmac_update(struct ssh_hmac_ctx *ctx, const void *m, size_t mlen) + __attribute__((__bounded__(__buffer__, 2, 3))); +int ssh_hmac_update_buffer(struct ssh_hmac_ctx *ctx, const struct sshbuf *b); +int ssh_hmac_final(struct ssh_hmac_ctx *ctx, u_char *d, size_t dlen) + __attribute__((__bounded__(__buffer__, 2, 3))); +void ssh_hmac_free(struct ssh_hmac_ctx *ctx); + +#endif /* _HMAC_H */ diff --git a/include/DomainExec/opensshlib/hostfile.h b/include/DomainExec/opensshlib/hostfile.h new file mode 100644 index 00000000..bd210437 --- /dev/null +++ b/include/DomainExec/opensshlib/hostfile.h @@ -0,0 +1,108 @@ +/* $OpenBSD: hostfile.h,v 1.24 2015/02/16 22:08:57 djm Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ +#ifndef HOSTFILE_H +#define HOSTFILE_H + +typedef enum { + HOST_OK, HOST_NEW, HOST_CHANGED, HOST_REVOKED, HOST_FOUND +} HostStatus; + +typedef enum { + MRK_ERROR, MRK_NONE, MRK_REVOKE, MRK_CA +} HostkeyMarker; + +struct hostkey_entry { + char *host; + char *file; + u_long line; + struct sshkey *key; + HostkeyMarker marker; +}; +struct hostkeys; + +struct hostkeys *init_hostkeys(void); +void load_hostkeys(struct hostkeys *, const char *, const char *); +void free_hostkeys(struct hostkeys *); + +HostStatus check_key_in_hostkeys(struct hostkeys *, struct sshkey *, + const struct hostkey_entry **); +int lookup_key_in_hostkeys_by_type(struct hostkeys *, int, + const struct hostkey_entry **); + +int hostfile_read_key(char **, u_int *, struct sshkey *); +int add_host_to_hostfile(const char *, const char *, + const struct sshkey *, int); + +int hostfile_replace_entries(const char *filename, + const char *host, const char *ip, struct sshkey **keys, size_t nkeys, + int store_hash, int quiet, int hash_alg); + +#define HASH_MAGIC "|1|" +#define HASH_DELIM '|' + +#define CA_MARKER "@cert-authority" +#define REVOKE_MARKER "@revoked" + +char *host_hash(const char *, const char *, u_int); + +/* + * Iterate through a hostkeys file, optionally parsing keys and matching + * hostnames. Allows access to the raw keyfile lines to allow + * streaming edits to the file to take place. + */ +#define HKF_WANT_MATCH (1) /* return only matching hosts/addrs */ +#define HKF_WANT_PARSE_KEY (1<<1) /* need key parsed */ + +#define HKF_STATUS_OK 0 /* Line parsed, didn't match host */ +#define HKF_STATUS_INVALID 1 /* line had parse error */ +#define HKF_STATUS_COMMENT 2 /* valid line contained no key */ +#define HKF_STATUS_MATCHED 3 /* hostname or IP matched */ + +#define HKF_MATCH_HOST (1) /* hostname matched */ +#define HKF_MATCH_IP (1<<1) /* address matched */ +#define HKF_MATCH_HOST_HASHED (1<<2) /* hostname was hashed */ +#define HKF_MATCH_IP_HASHED (1<<3) /* address was hashed */ +/* XXX HKF_MATCH_KEY_TYPE? */ + +/* + * The callback function receives this as an argument for each matching + * hostkey line. The callback may "steal" the 'key' field by setting it to NULL. + * If a parse error occurred, then "hosts" and subsequent options may be NULL. + */ +struct hostkey_foreach_line { + const char *path; /* Path of file */ + u_long linenum; /* Line number */ + u_int status; /* One of HKF_STATUS_* */ + u_int match; /* Zero or more of HKF_MATCH_* OR'd together */ + char *line; /* Entire key line; mutable by callback */ + int marker; /* CA/revocation markers; indicated by MRK_* value */ + const char *hosts; /* Raw hosts text, may be hashed or list multiple */ + const char *rawkey; /* Text of key and any comment following it */ + int keytype; /* Type of key; KEY_UNSPEC for invalid/comment lines */ + struct sshkey *key; /* Key, if parsed ok and HKF_WANT_MATCH_HOST set */ + const char *comment; /* Any comment following the key */ +}; + +/* + * Callback fires for each line (or matching line if a HKF_WANT_* option + * is set). The foreach loop will terminate if the callback returns a non- + * zero exit status. + */ +typedef int hostkeys_foreach_fn(struct hostkey_foreach_line *l, void *ctx); + +/* Iterate over a hostkeys file */ +int hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, + const char *host, const char *ip, u_int options); + +#endif diff --git a/include/DomainExec/opensshlib/includes.h b/include/DomainExec/opensshlib/includes.h new file mode 100644 index 00000000..962856f8 --- /dev/null +++ b/include/DomainExec/opensshlib/includes.h @@ -0,0 +1,192 @@ +/* $OpenBSD: includes.h,v 1.54 2006/07/22 20:48:23 stevesk Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * This file includes most of the needed system headers. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#ifndef INCLUDES_H +#define INCLUDES_H + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#ifndef WIN32 + #include "config.h" + #include + #include + #include /* For CMSG_* */ +#else + #include "winfixssh.h" + #include "winsock.h" + #include // for rand() +#endif + + + +#ifdef HAVE_LIMITS_H +# include /* For PATH_MAX, _POSIX_HOST_NAME_MAX */ +#endif +#ifdef HAVE_BSTRING_H +# include +#endif +#if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \ + defined(GLOB_HAS_GL_MATCHC) && defined(GLOB_HAS_GL_STATV) && \ + defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 && \ + !defined(BROKEN_GLOB) +# include +#endif +#ifdef HAVE_ENDIAN_H +# include +#endif +#ifdef HAVE_TTYENT_H +# include +#endif +#ifdef HAVE_UTIME_H +# include +#endif +#ifdef HAVE_MAILLOCK_H +# include /* For _PATH_MAILDIR */ +#endif +#ifdef HAVE_NEXT +# include +#endif +#ifdef HAVE_PATHS_H +# include +#endif + +/* + *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively + */ +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_LOGIN_H +# include +#endif + +#ifdef HAVE_UTMP_H +# include +#endif +#ifdef HAVE_UTMPX_H +# include +#endif +#ifdef HAVE_LASTLOG_H +# include +#endif + +#ifdef HAVE_SYS_SELECT_H +# include +#endif +#ifdef HAVE_SYS_BSDTTY_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +//#include +#ifdef HAVE_SYS_BITYPES_H +# include /* For u_intXX_t */ +#endif +#ifdef HAVE_SYS_CDEFS_H +# include /* For __P() */ +#endif +#ifdef HAVE_SYS_STAT_H +# include /* For S_* constants and macros */ +#endif +#ifdef HAVE_SYS_SYSMACROS_H +# include /* For MIN, MAX, etc */ +#endif +#ifdef HAVE_SYS_MMAN_H +#include /* for MAP_ANONYMOUS */ +#endif +#ifdef HAVE_SYS_STRTIO_H +#include /* for TIOCCBRK on HP-UX */ +#endif +#if defined(HAVE_SYS_PTMS_H) && defined(HAVE_DEV_PTMX) +# if defined(HAVE_SYS_STREAM_H) +# include /* reqd for queue_t on Solaris 2.5.1 */ +# endif +#include /* for grantpt() and friends */ +#endif + +#ifndef WIN32 + #include + #include /* For typedefs */ +#endif + +#ifdef HAVE_RPC_TYPES_H +# include /* For INADDR_LOOPBACK */ +#endif +#ifdef USE_PAM +#if defined(HAVE_SECURITY_PAM_APPL_H) +# include +#elif defined (HAVE_PAM_PAM_APPL_H) +# include +#endif +#endif +#ifdef HAVE_READPASSPHRASE_H +# include +#endif + +#ifdef HAVE_IA_H +# include +#endif + +#ifdef HAVE_IAF_H +# include +#endif + +#ifdef HAVE_TMPDIR_H +# include +#endif + +#if defined(HAVE_BSD_LIBUTIL_H) +# include +#elif defined(HAVE_LIBUTIL_H) +# include +#endif + +#if defined(KRB5) && defined(USE_AFS) +# include +# include +#endif + +#if defined(HAVE_SYS_SYSLOG_H) +# include +#endif + +#include + +/* + * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations + * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. + */ +#ifdef GETSPNAM_CONFLICTING_DEFS +# ifdef _INCLUDE__STDC__ +# undef _INCLUDE__STDC__ +# endif +#endif + +#ifdef WITH_OPENSSL +#include /* For OPENSSL_VERSION_NUMBER */ +#endif + +#include "defines.h" + +#include "platform.h" +#include "openbsd-compat.h" +#include "bsd-nextstep.h" + +#include "entropy.h" + +#endif /* INCLUDES_H */ diff --git a/include/DomainExec/opensshlib/install-sh b/include/DomainExec/opensshlib/install-sh new file mode 100644 index 00000000..220abbf6 --- /dev/null +++ b/include/DomainExec/opensshlib/install-sh @@ -0,0 +1,251 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + chmodcmd="" + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/include/DomainExec/opensshlib/kex.c b/include/DomainExec/opensshlib/kex.c new file mode 100644 index 00000000..bce8f9e5 --- /dev/null +++ b/include/DomainExec/opensshlib/kex.c @@ -0,0 +1,964 @@ +/* $OpenBSD: kex.c,v 1.109 2015/07/30 00:01:34 djm Exp $ */ +/* + * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifndef WIN32 +#include /* MAX roundup */ +#endif + +#include +#include +#include +#include +#include + +#ifdef WITH_OPENSSL +#include +#endif + +#include "ssh2.h" +#include "packet.h" +#include "compat.h" +#include "cipher.h" +#include "sshkey.h" +#include "kex.h" +#include "log.h" +#include "mac.h" +#include "match.h" +#include "misc.h" +#include "dispatch.h" +#include "monitor.h" +//#include "roaming.h" + +#include "ssherr.h" +#include "sshbuf.h" +#include "digest.h" + +#if OPENSSL_VERSION_NUMBER >= 0x00907000L +# if defined(HAVE_EVP_SHA256) +# define evp_ssh_sha256 EVP_sha256 +# else +extern const EVP_MD *evp_ssh_sha256(void); +# endif +#endif + +/* prototype */ +static int kex_choose_conf(ncrack_ssh_state *nstate); +//static int kex_input_newkeys(ncrack_ssh_state *nstate); +static int choose_enc(struct sshenc *enc, char *client, char *server); +static int choose_mac(ncrack_ssh_state *ssh, struct sshmac *mac, char *client, char *server); +static int choose_comp(struct sshcomp *comp, char *client, char *server); +static int choose_kex(struct kex *k, char *client, char *server); +static int choose_hostkeyalg(struct kex *k, char *client, char *server); +static int proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]); + +static int +kex_choose_conf(ncrack_ssh_state *nstate) +{ + struct kex *kex = nstate->kex; + struct newkeys *newkeys; + char **my = NULL, **peer = NULL; + char **cprop, **sprop; + int nenc, nmac, ncomp; + u_int mode, ctos, need, dh_need, authlen; + int r, first_kex_follows; + + //printf("kex_choose_conf\n"); + + if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0 || + (r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0) + goto out; + + if (kex->server) { + cprop=peer; + sprop=my; + } else { + cprop=my; + sprop=peer; + } + + /* Check whether server offers roaming */ +#if 0 + if (!kex->server) { + char *roaming = match_list(KEX_RESUME, + peer[PROPOSAL_KEX_ALGS], NULL); + + if (roaming) { + kex->roaming = 1; + free(roaming); + } + } +#endif + + /* Algorithm Negotiation */ + for (mode = 0; mode < MODE_MAX; mode++) { + if ((newkeys = calloc(1, sizeof(*newkeys))) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + kex->newkeys[mode] = newkeys; + ctos = (!kex->server && mode == MODE_OUT) || + (kex->server && mode == MODE_IN); + nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC; + nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC; + ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC; + if ((r = choose_enc(&newkeys->enc, cprop[nenc], + sprop[nenc])) != 0) { + kex->failed_choice = peer[nenc]; + peer[nenc] = NULL; + goto out; + } + authlen = cipher_authlen(newkeys->enc.cipher); + /* ignore mac for authenticated encryption */ + if (authlen == 0 && + (r = choose_mac(nstate, &newkeys->mac, cprop[nmac], + sprop[nmac])) != 0) { + kex->failed_choice = peer[nmac]; + peer[nmac] = NULL; + goto out; + } + if ((r = choose_comp(&newkeys->comp, cprop[ncomp], + sprop[ncomp])) != 0) { + kex->failed_choice = peer[ncomp]; + peer[ncomp] = NULL; + goto out; + } + debug("kex: %s %s %s %s", + ctos ? "client->server" : "server->client", + newkeys->enc.name, + authlen == 0 ? newkeys->mac.name : "", + newkeys->comp.name); + } + if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], + sprop[PROPOSAL_KEX_ALGS])) != 0) { + kex->failed_choice = peer[PROPOSAL_KEX_ALGS]; + peer[PROPOSAL_KEX_ALGS] = NULL; + goto out; + } + if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], + sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) { + kex->failed_choice = peer[PROPOSAL_SERVER_HOST_KEY_ALGS]; + peer[PROPOSAL_SERVER_HOST_KEY_ALGS] = NULL; + goto out; + } + need = dh_need = 0; + for (mode = 0; mode < MODE_MAX; mode++) { + newkeys = kex->newkeys[mode]; + need = MAX(need, newkeys->enc.key_len); + need = MAX(need, newkeys->enc.block_size); + need = MAX(need, newkeys->enc.iv_len); + need = MAX(need, newkeys->mac.key_len); + dh_need = MAX(dh_need, cipher_seclen(newkeys->enc.cipher)); + dh_need = MAX(dh_need, newkeys->enc.block_size); + dh_need = MAX(dh_need, newkeys->enc.iv_len); + dh_need = MAX(dh_need, newkeys->mac.key_len); + } + /* XXX need runden? */ + kex->we_need = need; + kex->dh_need = dh_need; + + /* ignore the next message if the proposals do not match */ + if (first_kex_follows && !proposals_match(my, peer) && + !(nstate->compat & SSH_BUG_FIRSTKEX)) + nstate->dispatch_skip_packets = 1; // ncrackTODO: check this + r = 0; + out: + kex_prop_free(my); + kex_prop_free(peer); + return r; +} + + + + +struct kexalg { + char *name; + u_int type; + int ec_nid; + int hash_alg; +}; +static const struct kexalg kexalgs[] = { +#ifdef WITH_OPENSSL + { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, +#ifdef HAVE_EVP_SHA256 + { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, +#endif /* HAVE_EVP_SHA256 */ +#ifdef OPENSSL_HAS_ECC + { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, + NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, + { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, + SSH_DIGEST_SHA384 }, +# ifdef OPENSSL_HAS_NISTP521 + { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, + SSH_DIGEST_SHA512 }, +# endif /* OPENSSL_HAS_NISTP521 */ +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ +#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL) + { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, +#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ + { NULL, -1, -1, -1}, +}; + + +char * +kex_alg_list(char sep) +{ + char *ret = NULL, *tmp; + size_t nlen, rlen = 0; + const struct kexalg *k; + + for (k = kexalgs; k->name != NULL; k++) { + if (ret != NULL) + ret[rlen++] = sep; + nlen = strlen(k->name); + if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { + free(ret); + return NULL; + } + ret = tmp; + memcpy(ret + rlen, k->name, nlen + 1); + rlen += nlen; + } + return ret; +} + +static const struct kexalg * +kex_alg_by_name(const char *name) +{ + const struct kexalg *k; + + for (k = kexalgs; k->name != NULL; k++) { + if (strcmp(k->name, name) == 0) + return k; + } + return NULL; +} + +/* Validate KEX method name list */ +int +kex_names_valid(const char *names) +{ + char *s, *cp, *p; + + if (names == NULL || strcmp(names, "") == 0) + return 0; + if ((s = cp = strdup(names)) == NULL) + return 0; + for ((p = strsep(&cp, ",")); p && *p != '\0'; + (p = strsep(&cp, ","))) { + if (kex_alg_by_name(p) == NULL) { + ssh_error("Unsupported KEX algorithm \"%.100s\"", p); + free(s); + return 0; + } + } + debug3("kex names ok: [%s]", names); + free(s); + return 1; +} + + +/* + * Concatenate algorithm names, avoiding duplicates in the process. + * Caller must free returned string. + */ +char * +kex_names_cat(const char *a, const char *b) +{ + char *ret = NULL, *tmp = NULL, *cp, *p; + size_t len; + + if (a == NULL || *a == '\0') + return NULL; + if (b == NULL || *b == '\0') + return strdup(a); + if (strlen(b) > 1024*1024) + return NULL; + len = strlen(a) + strlen(b) + 2; + if ((tmp = cp = strdup(b)) == NULL || + (ret = calloc(1, len)) == NULL) { + free(tmp); + return NULL; + } + strlcpy(ret, a, len); + for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { + if (match_list(ret, p, NULL) != NULL) + continue; /* Algorithm already present */ + if (strlcat(ret, ",", len) >= len || + strlcat(ret, p, len) >= len) { + free(tmp); + free(ret); + return NULL; /* Shouldn't happen */ + } + } + free(tmp); + return ret; +} + + +/* + * Assemble a list of algorithms from a default list and a string from a + * configuration file. The user-provided string may begin with '+' to + * indicate that it should be appended to the default. + */ +int +kex_assemble_names(const char *def, char **list) +{ + char *ret; + + if (list == NULL || *list == NULL || **list == '\0') { + *list = strdup(def); + return 0; + } + if (**list != '+') { + return 0; + } + + if ((ret = kex_names_cat(def, *list + 1)) == NULL) + return SSH_ERR_ALLOC_FAIL; + free(*list); + *list = ret; + return 0; +} + + +/* put algorithm proposal into buffer */ +int +kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX]) +{ + u_int i; + int r; + + sshbuf_reset(b); + + /* + * add a dummy cookie, the cookie will be overwritten by + * kex_send_kexinit(), each time a kexinit is set + */ + for (i = 0; i < KEX_COOKIE_LEN; i++) { + if ((r = sshbuf_put_u8(b, 0)) != 0) + return r; + } + for (i = 0; i < PROPOSAL_MAX; i++) { + if ((r = sshbuf_put_cstring(b, proposal[i])) != 0) + return r; + } + if ((r = sshbuf_put_u8(b, 0)) != 0 || /* first_kex_packet_follows */ + (r = sshbuf_put_u32(b, 0)) != 0) /* uint32 reserved */ + return r; + return 0; +} + +/* parse buffer and return algorithm proposal */ +int +kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp) +{ + struct sshbuf *b = NULL; + u_char v; + u_int i; + char **proposal = NULL; + int r; + + *propp = NULL; + if ((proposal = calloc(PROPOSAL_MAX, sizeof(char *))) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((b = sshbuf_fromb(raw)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) /* skip cookie */ + goto out; + /* extract kex init proposal strings */ + for (i = 0; i < PROPOSAL_MAX; i++) { + if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0) + goto out; + debug2("kex_parse_kexinit: %s", proposal[i]); + } + /* first kex follows / reserved */ + if ((r = sshbuf_get_u8(b, &v)) != 0 || + (r = sshbuf_get_u32(b, &i)) != 0) + goto out; + if (first_kex_follows != NULL) + *first_kex_follows = i; + debug2("kex_parse_kexinit: first_kex_follows %d ", v); + debug2("kex_parse_kexinit: reserved %u ", i); + r = 0; + *propp = proposal; + out: + if (r != 0 && proposal != NULL) + kex_prop_free(proposal); + sshbuf_free(b); + return r; +} + +void +kex_prop_free(char **proposal) +{ + u_int i; + + if (proposal == NULL) + return; + for (i = 0; i < PROPOSAL_MAX; i++) + free(proposal[i]); + free(proposal); +} + +#if 0 +/* ARGSUSED */ +static int +kex_protocol_error(int type, u_int32_t seq, void *ctxt) +{ + ssh_error("Hm, kex protocol error: type %d seq %u", type, seq); + return 0; +} +#endif + +#if 0 +static void +kex_reset_dispatch(struct ssh *ssh) +{ + ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN, + SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); +} +#endif + +int +kex_send_newkeys(ncrack_ssh_state *nstate) +{ + int r; + + //kex_reset_dispatch(ssh); + if ((r = sshpkt_start(nstate, SSH2_MSG_NEWKEYS)) != 0 || + (r = sshpkt_send(nstate)) != 0) { + //printf("kex send newkeys\n"); + return r; + } + debug("SSH2_MSG_NEWKEYS sent"); + debug("expecting SSH2_MSG_NEWKEYS"); + + //ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_input_newkeys); + return 0; +} + +#if 0 +static int +kex_input_newkeys(ncrack_ssh_state *nstate) +{ + //struct ssh *ssh = ctxt; + struct kex *kex = nstate->kex; + int r; + + debug("SSH2_MSG_NEWKEYS received"); + //ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); + if ((r = sshpkt_get_end(nstate)) != 0) + return r; + kex->done = 1; + sshbuf_reset(kex->peer); + /* sshbuf_reset(kex->my); */ + kex->flags &= ~KEX_INIT_SENT; + free(kex->name); + kex->name = NULL; + + return 0; +} +#endif + + +int +kex_send_kexinit(ncrack_ssh_state *nstate) +{ + u_char *cookie; + struct kex *kex = nstate->kex; + int r; + + if (kex == NULL) + return SSH_ERR_INTERNAL_ERROR; + if (kex->flags & KEX_INIT_SENT) + return 0; + kex->done = 0; + + /* generate a random cookie */ + if (sshbuf_len(kex->my) < KEX_COOKIE_LEN) + return SSH_ERR_INVALID_FORMAT; + if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL) + return SSH_ERR_INTERNAL_ERROR; + arc4random_buf(cookie, KEX_COOKIE_LEN); + + if ((r = sshpkt_start(nstate, SSH2_MSG_KEXINIT)) != 0 || + (r = sshpkt_putb(nstate, kex->my)) != 0 || + (r = sshpkt_send(nstate)) != 0) + return r; + debug("SSH2_MSG_KEXINIT sent"); + kex->flags |= KEX_INIT_SENT; + return 0; +} + + +/* ARGSUSED */ +int +ncrackssh_kex_input_kexinit(ncrack_ssh_state *nstate) +{ + //struct ssh *ssh = ctxt; + struct kex *kex = nstate->kex; + const u_char *ptr; + u_int i; + size_t dlen; + int r; + + debug("SSH2_MSG_KEXINIT received"); + if (kex == NULL) { + return SSH_ERR_INVALID_ARGUMENT; + } + + ptr = sshpkt_ptr(nstate, &dlen); + if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) { + return r; + } + + /* discard packet */ + for (i = 0; i < KEX_COOKIE_LEN; i++) + if ((r = sshpkt_get_u8(nstate, NULL)) != 0) { + return r; + } + + for (i = 0; i < PROPOSAL_MAX; i++) + if ((r = sshpkt_get_string(nstate, NULL, NULL)) != 0) { + return r; + } + /* + * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported + * KEX method has the server move first, but a server might be using + * a custom method or one that we otherwise don't support. We should + * be prepared to remember first_kex_follows here so we can eat a + * packet later. + * XXX2 - RFC4253 is kind of ambiguous on what first_kex_follows means + * for cases where the server *doesn't* go first. I guess we should + * ignore it when it is set for these cases, which is what we do now. + */ + + if ((r = sshpkt_get_u8(nstate, NULL)) != 0 || /* first_kex_follows */ + (r = sshpkt_get_u32(nstate, NULL)) != 0 || /* reserved */ + (r = sshpkt_get_end(nstate)) != 0) + return r; + + if (!(kex->flags & KEX_INIT_SENT)) { + if ((r = kex_send_kexinit(nstate)) != 0) + return r; + } + if ((r = kex_choose_conf(nstate)) != 0) + return r; + + if (kex->kex_type < KEX_MAX && kex->kexm[kex->kex_type] != NULL) { + //printf("kex type %d\n", kex->kex_type); + //printf("kex %d \n", kex->kex[kex->kex_type]); + return (kex->kexm[kex->kex_type])(nstate); + } + + return SSH_ERR_INTERNAL_ERROR; +} + + +int +kex_new(ncrack_ssh_state *nstate, char *proposal[PROPOSAL_MAX], struct kex **kexp) +{ + struct kex *kex; + int r; + + *kexp = NULL; + if ((kex = calloc(1, sizeof(*kex))) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((kex->peer = sshbuf_new()) == NULL || + (kex->my = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = kex_prop2buf(kex->my, proposal)) != 0) + goto out; + kex->done = 0; + //kex_reset_dispatch(ssh); + r = 0; + *kexp = kex; + out: + if (r != 0) + kex_free(kex); + return r; +} + + +void +kex_free_newkeys(struct newkeys *newkeys) +{ + if (newkeys == NULL) + return; + if (newkeys->enc.key) { + explicit_bzero(newkeys->enc.key, newkeys->enc.key_len); + free(newkeys->enc.key); + newkeys->enc.key = NULL; + } + if (newkeys->enc.iv) { + explicit_bzero(newkeys->enc.iv, newkeys->enc.block_size); + free(newkeys->enc.iv); + newkeys->enc.iv = NULL; + } + free(newkeys->enc.name); + explicit_bzero(&newkeys->enc, sizeof(newkeys->enc)); + free(newkeys->comp.name); + explicit_bzero(&newkeys->comp, sizeof(newkeys->comp)); + mac_clear(&newkeys->mac); + if (newkeys->mac.key) { + explicit_bzero(newkeys->mac.key, newkeys->mac.key_len); + free(newkeys->mac.key); + newkeys->mac.key = NULL; + } + free(newkeys->mac.name); + explicit_bzero(&newkeys->mac, sizeof(newkeys->mac)); + explicit_bzero(newkeys, sizeof(*newkeys)); + free(newkeys); +} + +void +kex_free(struct kex *kex) +{ + u_int mode; + +#ifdef WITH_OPENSSL + if (kex->dh) + DH_free(kex->dh); +#ifdef OPENSSL_HAS_ECC + if (kex->ec_client_key) + EC_KEY_free(kex->ec_client_key); +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + for (mode = 0; mode < MODE_MAX; mode++) { + kex_free_newkeys(kex->newkeys[mode]); + kex->newkeys[mode] = NULL; + } + sshbuf_free(kex->peer); + sshbuf_free(kex->my); + free(kex->session_id); + free(kex->client_version_string); + free(kex->server_version_string); + free(kex->failed_choice); + free(kex); +} + +int +kex_setup(ncrack_ssh_state *nstate, char *proposal[PROPOSAL_MAX]) +{ + int r; + + if ((r = kex_new(nstate, proposal, &nstate->kex)) != 0) { + return r; + } + if ((r = kex_send_kexinit(nstate)) != 0) { /* we start */ + kex_free(nstate->kex); + nstate->kex = NULL; + return r; + } + + return 0; +} + + +static int +choose_enc(struct sshenc *enc, char *client, char *server) +{ + char *name = match_list(client, server, NULL); + + if (name == NULL) + return SSH_ERR_NO_CIPHER_ALG_MATCH; + if ((enc->cipher = cipher_by_name(name)) == NULL) + return SSH_ERR_INTERNAL_ERROR; + enc->name = name; + enc->enabled = 0; + enc->iv = NULL; + enc->iv_len = cipher_ivlen(enc->cipher); + enc->key = NULL; + enc->key_len = cipher_keylen(enc->cipher); + enc->block_size = cipher_blocksize(enc->cipher); + return 0; +} + +static int +choose_mac(ncrack_ssh_state *nstate, struct sshmac *mac, char *client, char *server) +{ + char *name = match_list(client, server, NULL); + + if (name == NULL) + return SSH_ERR_NO_MAC_ALG_MATCH; + if (mac_setup(mac, name) < 0) + return SSH_ERR_INTERNAL_ERROR; + /* truncate the key */ + if (nstate->compat & SSH_BUG_HMAC) + mac->key_len = 16; + mac->name = name; + mac->key = NULL; + mac->enabled = 0; + return 0; +} + +static int +choose_comp(struct sshcomp *comp, char *client, char *server) +{ + char *name = match_list(client, server, NULL); + + if (name == NULL) + return SSH_ERR_NO_COMPRESS_ALG_MATCH; + if (strcmp(name, "zlib@openssh.com") == 0) { + comp->type = COMP_DELAYED; + } else if (strcmp(name, "zlib") == 0) { + comp->type = COMP_ZLIB; + } else if (strcmp(name, "none") == 0) { + comp->type = COMP_NONE; + } else { + return SSH_ERR_INTERNAL_ERROR; + } + comp->name = name; + return 0; +} + +static int +choose_kex(struct kex *k, char *client, char *server) +{ + const struct kexalg *kexalg; + + k->name = match_list(client, server, NULL); + + if (k->name == NULL) + return SSH_ERR_NO_KEX_ALG_MATCH; + if ((kexalg = kex_alg_by_name(k->name)) == NULL) + return SSH_ERR_INTERNAL_ERROR; + k->kex_type = kexalg->type; + k->hash_alg = kexalg->hash_alg; + k->ec_nid = kexalg->ec_nid; + return 0; +} + +static int +choose_hostkeyalg(struct kex *k, char *client, char *server) +{ + char *hostkeyalg = match_list(client, server, NULL); + + if (hostkeyalg == NULL) + return SSH_ERR_NO_HOSTKEY_ALG_MATCH; + k->hostkey_type = sshkey_type_from_name(hostkeyalg); + if (k->hostkey_type == KEY_UNSPEC) + return SSH_ERR_INTERNAL_ERROR; + k->hostkey_nid = sshkey_ecdsa_nid_from_name(hostkeyalg); + free(hostkeyalg); + return 0; +} + +static int +proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]) +{ + static int check[] = { + PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1 + }; + int *idx; + char *p; + + for (idx = &check[0]; *idx != -1; idx++) { + if ((p = strchr(my[*idx], ',')) != NULL) + *p = '\0'; + if ((p = strchr(peer[*idx], ',')) != NULL) + *p = '\0'; + if (strcmp(my[*idx], peer[*idx]) != 0) { + debug2("proposal mismatch: my %s peer %s", + my[*idx], peer[*idx]); + return (0); + } + } + debug2("proposals match"); + return (1); +} + + +static int +derive_key(ncrack_ssh_state *nstate, int id, u_int need, u_char *hash, u_int hashlen, + const struct sshbuf *shared_secret, u_char **keyp) +{ + struct kex *kex = nstate->kex; + struct ssh_digest_ctx *hashctx = NULL; + char c = id; + u_int have; + size_t mdsz; + u_char *digest; + int r; + + if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0) + return SSH_ERR_INVALID_ARGUMENT; + if ((digest = calloc(1, roundup(need, mdsz))) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* K1 = HASH(K || H || "A" || session_id) */ + if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL || + ssh_digest_update_buffer(hashctx, shared_secret) != 0 || + ssh_digest_update(hashctx, hash, hashlen) != 0 || + ssh_digest_update(hashctx, &c, 1) != 0 || + ssh_digest_update(hashctx, kex->session_id, + kex->session_id_len) != 0 || + ssh_digest_final(hashctx, digest, mdsz) != 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + ssh_digest_free(hashctx); + hashctx = NULL; + + /* + * expand key: + * Kn = HASH(K || H || K1 || K2 || ... || Kn-1) + * Key = K1 || K2 || ... || Kn + */ + for (have = mdsz; need > have; have += mdsz) { + if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL || + ssh_digest_update_buffer(hashctx, shared_secret) != 0 || + ssh_digest_update(hashctx, hash, hashlen) != 0 || + ssh_digest_update(hashctx, digest, have) != 0 || + ssh_digest_final(hashctx, digest + have, mdsz) != 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + ssh_digest_free(hashctx); + hashctx = NULL; + } +#ifdef DEBUG_KEX + fprintf(stderr, "key '%c'== ", c); + dump_digest("key", digest, need); +#endif + *keyp = digest; + digest = NULL; + r = 0; + out: + if (digest) + free(digest); + ssh_digest_free(hashctx); + return r; +} + +#define NKEYS 6 +int +kex_derive_keys(ncrack_ssh_state *nstate, u_char *hash, u_int hashlen, + const struct sshbuf *shared_secret) +{ + struct kex *kex = nstate->kex; + u_char *keys[NKEYS]; + u_int i, j, mode, ctos; + int r; + + for (i = 0; i < NKEYS; i++) { + if ((r = derive_key(nstate, 'A'+i, kex->we_need, hash, hashlen, + shared_secret, &keys[i])) != 0) { + for (j = 0; j < i; j++) + free(keys[j]); + return r; + } + } + for (mode = 0; mode < MODE_MAX; mode++) { + ctos = (!kex->server && mode == MODE_OUT) || + (kex->server && mode == MODE_IN); + kex->newkeys[mode]->enc.iv = keys[ctos ? 0 : 1]; + kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3]; + kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5]; + } + return 0; +} + +#ifdef WITH_OPENSSL +int +kex_derive_keys_bn(ncrack_ssh_state *nstate, u_char *hash, u_int hashlen, + const BIGNUM *secret) +{ + struct sshbuf *shared_secret; + int r; + + if ((shared_secret = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_put_bignum2(shared_secret, secret)) == 0) + r = kex_derive_keys(nstate, hash, hashlen, shared_secret); + sshbuf_free(shared_secret); + return r; +} +#endif + +#ifdef WITH_SSH1 +int +derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, + u_int8_t cookie[8], u_int8_t id[16]) +{ + u_int8_t hbuf[2048], sbuf[2048], obuf[SSH_DIGEST_MAX_LENGTH]; + struct ssh_digest_ctx *hashctx = NULL; + size_t hlen, slen; + int r; + + hlen = BN_num_bytes(host_modulus); + slen = BN_num_bytes(server_modulus); + if (hlen < (512 / 8) || (u_int)hlen > sizeof(hbuf) || + slen < (512 / 8) || (u_int)slen > sizeof(sbuf)) + return SSH_ERR_KEY_BITS_MISMATCH; + if (BN_bn2bin(host_modulus, hbuf) <= 0 || + BN_bn2bin(server_modulus, sbuf) <= 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((hashctx = ssh_digest_start(SSH_DIGEST_MD5)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (ssh_digest_update(hashctx, hbuf, hlen) != 0 || + ssh_digest_update(hashctx, sbuf, slen) != 0 || + ssh_digest_update(hashctx, cookie, 8) != 0 || + ssh_digest_final(hashctx, obuf, sizeof(obuf)) != 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5)); + r = 0; + out: + ssh_digest_free(hashctx); + explicit_bzero(hbuf, sizeof(hbuf)); + explicit_bzero(sbuf, sizeof(sbuf)); + explicit_bzero(obuf, sizeof(obuf)); + return r; +} +#endif + +#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) +void +dump_digest(char *msg, u_char *digest, int len) +{ + fprintf(stderr, "%s\n", msg); + sshbuf_dump_data(digest, len, stderr); +} +#endif + + diff --git a/include/DomainExec/opensshlib/kex.h b/include/DomainExec/opensshlib/kex.h new file mode 100644 index 00000000..431341bb --- /dev/null +++ b/include/DomainExec/opensshlib/kex.h @@ -0,0 +1,255 @@ +/* $OpenBSD: kex.h,v 1.73 2015/07/30 00:01:34 djm Exp $ */ + +/* + * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef KEX_H +#define KEX_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "mac.h" +#include "buffer.h" /* XXX for typedef */ +#include "key.h" /* XXX for typedef */ + +#ifdef WITH_LEAKMALLOC +#include "leakmalloc.h" +#endif + +#include "opensshlib.h" + +#ifdef WITH_OPENSSL +# ifdef OPENSSL_HAS_ECC +# include +# else /* OPENSSL_HAS_ECC */ +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +# endif /* OPENSSL_HAS_ECC */ +#else /* WITH_OPENSSL */ +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +#endif /* WITH_OPENSSL */ + +#define KEX_COOKIE_LEN 16 + +#define KEX_DH1 "diffie-hellman-group1-sha1" +#define KEX_DH14 "diffie-hellman-group14-sha1" +#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" +#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" +#define KEX_RESUME "resume@appgate.com" +#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" +#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" +#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" +#define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org" + +#define COMP_NONE 0 +#define COMP_ZLIB 1 +#define COMP_DELAYED 2 + +#define CURVE25519_SIZE 32 + + + + +enum kex_init_proposals { + PROPOSAL_KEX_ALGS, + PROPOSAL_SERVER_HOST_KEY_ALGS, + PROPOSAL_ENC_ALGS_CTOS, + PROPOSAL_ENC_ALGS_STOC, + PROPOSAL_MAC_ALGS_CTOS, + PROPOSAL_MAC_ALGS_STOC, + PROPOSAL_COMP_ALGS_CTOS, + PROPOSAL_COMP_ALGS_STOC, + PROPOSAL_LANG_CTOS, + PROPOSAL_LANG_STOC, + PROPOSAL_MAX +}; + +enum kex_modes { + MODE_IN, + MODE_OUT, + MODE_MAX +}; + +enum kex_exchange { + KEX_DH_GRP1_SHA1, + KEX_DH_GRP14_SHA1, + KEX_DH_GEX_SHA1, + KEX_DH_GEX_SHA256, + KEX_ECDH_SHA2, + KEX_C25519_SHA256, + KEX_MAX +}; + +#define KEX_INIT_SENT 0x0001 + +struct sshenc { + char *name; + const struct sshcipher *cipher; + int enabled; + u_int key_len; + u_int iv_len; + u_int block_size; + u_char *key; + u_char *iv; +}; +struct sshcomp { + u_int type; + int enabled; + char *name; +}; +struct newkeys { + struct sshenc enc; + struct sshmac mac; + struct sshcomp comp; +}; + +struct ssh; + +struct kex { + u_char *session_id; + size_t session_id_len; + struct newkeys *newkeys[MODE_MAX]; + u_int we_need; + u_int dh_need; + int server; + char *name; + int hostkey_type; + int hostkey_nid; + u_int kex_type; + int roaming; + struct sshbuf *my; + struct sshbuf *peer; + sig_atomic_t done; + u_int flags; + int hash_alg; + int ec_nid; + char *client_version_string; + char *server_version_string; + char *failed_choice; + int (*verify_host_key)(struct sshkey *, ncrack_ssh_state *); + struct sshkey *(*load_host_public_key)(int, int, ncrack_ssh_state *); + struct sshkey *(*load_host_private_key)(int, int, ncrack_ssh_state *); + int (*host_key_index)(struct sshkey *, int, ncrack_ssh_state *); + int (*sign)(struct sshkey *, struct sshkey *, + u_char **, size_t *, const u_char *, size_t, u_int); + int (*kexm[KEX_MAX])(ncrack_ssh_state *nstate); + /* kex specific state */ + DH *dh; /* DH */ + u_int min, max, nbits; /* GEX */ + EC_KEY *ec_client_key; /* ECDH */ + const EC_GROUP *ec_group; /* ECDH */ + u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */ + u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ +}; + +int kex_names_valid(const char *); +char *kex_alg_list(char); +char *kex_names_cat(const char *, const char *); +int kex_assemble_names(const char *, char **); + +int kex_new(ncrack_ssh_state *, char *[PROPOSAL_MAX], struct kex **); +int kex_setup(ncrack_ssh_state *, char *[PROPOSAL_MAX]); +void kex_free_newkeys(struct newkeys *); +void kex_free(struct kex *); + +int kex_buf2prop(struct sshbuf *, int *, char ***); +int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); +void kex_prop_free(char **); + +int kex_send_kexinit(ncrack_ssh_state *); +int ncrackssh_kex_input_kexinit(ncrack_ssh_state *); +int kex_derive_keys(ncrack_ssh_state *, u_char *, u_int, const struct sshbuf *); +int kex_derive_keys_bn(ncrack_ssh_state *, u_char *, u_int, const BIGNUM *); +int kex_send_newkeys(ncrack_ssh_state *); + + +int ncrackssh_input_kex_dh_gex_group(ncrack_ssh_state *nstate); +int ncrackssh_input_kex_ecdh_reply(ncrack_ssh_state *nstate); +int ncrackssh_input_kex_dh_gex_reply(ncrack_ssh_state *nstate); + +int kexdh_client(ncrack_ssh_state *); +int ncrackssh_input_kex_dh(ncrack_ssh_state *nstate); + + +int kexdh_server(struct ssh *); +int kexgex_client(ncrack_ssh_state *); +int kexgex_server(struct ssh *); +int kexecdh_client(ncrack_ssh_state *); +int kexecdh_server(struct ssh *); + +int kexc25519_client(ncrack_ssh_state *); +int ncrackssh_input_kex_c25519_reply(ncrack_ssh_state *nstate); + + +int kexc25519_server(struct ssh *); + +int kex_dh_hash(const char *, const char *, + const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, + const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); + +int kexgex_hash(int, const char *, const char *, + const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, + int, int, int, + const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, + u_char *, size_t *); + +int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *, + const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, + const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); + +int kex_c25519_hash(int, const char *, const char *, const char *, size_t, + const char *, size_t, const u_char *, size_t, const u_char *, const u_char *, + const u_char *, size_t, u_char *, size_t *); + +void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) + __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); +int kexc25519_shared_key(const u_char key[CURVE25519_SIZE], + const u_char pub[CURVE25519_SIZE], struct sshbuf *out) + __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); + +int +derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); + +#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) +void dump_digest(char *, u_char *, int); +#endif + +#if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC) +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#endif + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + +#endif diff --git a/include/DomainExec/opensshlib/kexc25519.c b/include/DomainExec/opensshlib/kexc25519.c new file mode 100644 index 00000000..8d8cd4a2 --- /dev/null +++ b/include/DomainExec/opensshlib/kexc25519.c @@ -0,0 +1,133 @@ +/* $OpenBSD: kexc25519.c,v 1.9 2015/03/26 07:00:04 djm Exp $ */ +/* + * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. + * Copyright (c) 2013 Aris Adamantiadis. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include + +#include +#include + +#include +#include + +#include "sshbuf.h" +#include "ssh2.h" +#include "sshkey.h" +#include "cipher.h" +#include "kex.h" +#include "log.h" +#include "digest.h" +#include "ssherr.h" + +extern int crypto_scalarmult_curve25519(u_char a[CURVE25519_SIZE], + const u_char b[CURVE25519_SIZE], const u_char c[CURVE25519_SIZE]) + __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 3, CURVE25519_SIZE))); + +void +kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) +{ + static const u_char basepoint[CURVE25519_SIZE] = {9}; + + arc4random_buf(key, CURVE25519_SIZE); + crypto_scalarmult_curve25519(pub, key, basepoint); +} + +int +kexc25519_shared_key(const u_char key[CURVE25519_SIZE], + const u_char pub[CURVE25519_SIZE], struct sshbuf *out) +{ + u_char shared_key[CURVE25519_SIZE]; + int r; + + /* Check for all-zero public key */ + explicit_bzero(shared_key, CURVE25519_SIZE); + if (timingsafe_bcmp(pub, shared_key, CURVE25519_SIZE) == 0) + return SSH_ERR_KEY_INVALID_EC_VALUE; + + crypto_scalarmult_curve25519(shared_key, key, pub); +#ifdef DEBUG_KEXECDH + dump_digest("shared secret", shared_key, CURVE25519_SIZE); +#endif + sshbuf_reset(out); + r = sshbuf_put_bignum2_bytes(out, shared_key, CURVE25519_SIZE); + explicit_bzero(shared_key, CURVE25519_SIZE); + return r; +} + +int +kex_c25519_hash( + int hash_alg, + const char *client_version_string, + const char *server_version_string, + const char *ckexinit, size_t ckexinitlen, + const char *skexinit, size_t skexinitlen, + const u_char *serverhostkeyblob, size_t sbloblen, + const u_char client_dh_pub[CURVE25519_SIZE], + const u_char server_dh_pub[CURVE25519_SIZE], + const u_char *shared_secret, size_t secretlen, + u_char *hash, size_t *hashlen) +{ + struct sshbuf *b; + int r; + + if (*hashlen < ssh_digest_bytes(hash_alg)) + return SSH_ERR_INVALID_ARGUMENT; + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_put_cstring(b, client_version_string)) < 0 || + (r = sshbuf_put_cstring(b, server_version_string)) < 0 || + /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ + (r = sshbuf_put_u32(b, ckexinitlen+1)) < 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) < 0 || + (r = sshbuf_put(b, ckexinit, ckexinitlen)) < 0 || + (r = sshbuf_put_u32(b, skexinitlen+1)) < 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) < 0 || + (r = sshbuf_put(b, skexinit, skexinitlen)) < 0 || + (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) < 0 || + (r = sshbuf_put_string(b, client_dh_pub, CURVE25519_SIZE)) < 0 || + (r = sshbuf_put_string(b, server_dh_pub, CURVE25519_SIZE)) < 0 || + (r = sshbuf_put(b, shared_secret, secretlen)) < 0) { + sshbuf_free(b); + return r; + } +#ifdef DEBUG_KEX + sshbuf_dump(b, stderr); +#endif + if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { + sshbuf_free(b); + return SSH_ERR_LIBCRYPTO_ERROR; + } + sshbuf_free(b); + *hashlen = ssh_digest_bytes(hash_alg); +#ifdef DEBUG_KEX + dump_digest("hash", hash, *hashlen); +#endif + return 0; +} diff --git a/include/DomainExec/opensshlib/kexc25519c.c b/include/DomainExec/opensshlib/kexc25519c.c new file mode 100644 index 00000000..b09651c7 --- /dev/null +++ b/include/DomainExec/opensshlib/kexc25519c.c @@ -0,0 +1,175 @@ +/* $OpenBSD: kexc25519c.c,v 1.7 2015/01/26 06:10:03 djm Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. + * Copyright (c) 2013 Aris Adamantiadis. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include + +#include +#include +#include + +#include "sshkey.h" +#include "cipher.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "ssh2.h" +#include "sshbuf.h" +#include "digest.h" +#include "ssherr.h" + +//static int input_kex_c25519_reply(int type, u_int32_t seq, void *ctxt); + +int +kexc25519_client(ncrack_ssh_state *nstate) +{ + struct kex *kex = nstate->kex; + int r; + + //printf("kexc 25519 client\n"); + + kexc25519_keygen(kex->c25519_client_key, kex->c25519_client_pubkey); +#ifdef DEBUG_KEXECDH + dump_digest("client private key:", kex->c25519_client_key, + sizeof(kex->c25519_client_key)); +#endif + if ((r = sshpkt_start(nstate, SSH2_MSG_KEX_ECDH_INIT)) != 0 || + (r = sshpkt_put_string(nstate, kex->c25519_client_pubkey, + sizeof(kex->c25519_client_pubkey))) != 0 || + (r = sshpkt_send(nstate)) != 0) + return r; + + debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); + //ssh_dispatch_set(nstate, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_c25519_reply); + return 0; +} + +int +ncrackssh_input_kex_c25519_reply(ncrack_ssh_state *nstate) +{ + //struct ssh *ssh = ctxt; + struct kex *kex = nstate->kex; + struct sshkey *server_host_key = NULL; + struct sshbuf *shared_secret = NULL; + u_char *server_pubkey = NULL; + u_char *server_host_key_blob = NULL, *signature = NULL; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t slen, pklen, sbloblen, hashlen; + int r; + + //printf("kex c25519 reply\n"); + + if (kex->verify_host_key == NULL) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + + /* hostkey */ + if ((r = sshpkt_get_string(nstate, &server_host_key_blob, + &sbloblen)) != 0 || + (r = sshkey_from_blob(server_host_key_blob, sbloblen, + &server_host_key)) != 0) + goto out; + if (server_host_key->type != kex->hostkey_type || + (kex->hostkey_type == KEY_ECDSA && + server_host_key->ecdsa_nid != kex->hostkey_nid)) { + r = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (kex->verify_host_key(server_host_key, nstate) == -1) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + + /* Q_S, server public key */ + /* signed H */ + if ((r = sshpkt_get_string(nstate, &server_pubkey, &pklen)) != 0 || + (r = sshpkt_get_string(nstate, &signature, &slen)) != 0 || + (r = sshpkt_get_end(nstate)) != 0) + goto out; + if (pklen != CURVE25519_SIZE) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + +#ifdef DEBUG_KEXECDH + dump_digest("server public key:", server_pubkey, CURVE25519_SIZE); +#endif + + if ((shared_secret = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = kexc25519_shared_key(kex->c25519_client_key, server_pubkey, + shared_secret)) < 0) + goto out; + + /* calc and verify H */ + hashlen = sizeof(hash); + if ((r = kex_c25519_hash( + kex->hash_alg, + kex->client_version_string, + kex->server_version_string, + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + server_host_key_blob, sbloblen, + kex->c25519_client_pubkey, + server_pubkey, + sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), + hash, &hashlen)) < 0) + goto out; + + if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, + nstate->compat)) != 0) + goto out; + + /* save session id */ + if (kex->session_id == NULL) { + kex->session_id_len = hashlen; + kex->session_id = malloc(kex->session_id_len); + if (kex->session_id == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(kex->session_id, hash, kex->session_id_len); + } + + if ((r = kex_derive_keys(nstate, hash, hashlen, shared_secret)) == 0) { + //printf("kex send newkeys 25519\n"); + r = kex_send_newkeys(nstate); + } +out: + explicit_bzero(hash, sizeof(hash)); + explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key)); + free(server_host_key_blob); + free(server_pubkey); + free(signature); + sshkey_free(server_host_key); + sshbuf_free(shared_secret); + return r; +} diff --git a/include/DomainExec/opensshlib/kexdh.c b/include/DomainExec/opensshlib/kexdh.c new file mode 100644 index 00000000..feea6697 --- /dev/null +++ b/include/DomainExec/opensshlib/kexdh.c @@ -0,0 +1,93 @@ +/* $OpenBSD: kexdh.c,v 1.25 2015/01/19 20:16:15 markus Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef WITH_OPENSSL + +#include + +#include + +#include + +#include "ssh2.h" +#include "sshkey.h" +#include "cipher.h" +#include "kex.h" +#include "ssherr.h" +#include "sshbuf.h" +#include "digest.h" + +int +kex_dh_hash( + const char *client_version_string, + const char *server_version_string, + const u_char *ckexinit, size_t ckexinitlen, + const u_char *skexinit, size_t skexinitlen, + const u_char *serverhostkeyblob, size_t sbloblen, + const BIGNUM *client_dh_pub, + const BIGNUM *server_dh_pub, + const BIGNUM *shared_secret, + u_char *hash, size_t *hashlen) +{ + struct sshbuf *b; + int r; + + if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1)) + return SSH_ERR_INVALID_ARGUMENT; + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 || + (r = sshbuf_put_cstring(b, server_version_string)) != 0 || + /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ + (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || + (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || + (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || + (r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 || + (r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 || + (r = sshbuf_put_bignum2(b, shared_secret)) != 0) { + sshbuf_free(b); + return r; + } +#ifdef DEBUG_KEX + sshbuf_dump(b, stderr); +#endif + if (ssh_digest_buffer(SSH_DIGEST_SHA1, b, hash, *hashlen) != 0) { + sshbuf_free(b); + return SSH_ERR_LIBCRYPTO_ERROR; + } + sshbuf_free(b); + *hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1); +#ifdef DEBUG_KEX + dump_digest("hash", hash, *hashlen); +#endif + return 0; +} +#endif /* WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/kexdhc.c b/include/DomainExec/opensshlib/kexdhc.c new file mode 100644 index 00000000..cf5e04c9 --- /dev/null +++ b/include/DomainExec/opensshlib/kexdhc.c @@ -0,0 +1,219 @@ +/* $OpenBSD: kexdhc.c,v 1.18 2015/01/26 06:10:03 djm Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef WITH_OPENSSL + +#include + +#include + +#include +#include +#include +#include + +#include "sshkey.h" +#include "cipher.h" +#include "digest.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "dh.h" +#include "ssh2.h" +#include "dispatch.h" +#include "compat.h" +#include "ssherr.h" +#include "sshbuf.h" + +//static int input_kex_dh(int, u_int32_t, void *); + +int +kexdh_client(ncrack_ssh_state *nstate) +{ + struct kex *kex = nstate->kex; + int r; + const BIGNUM *kex_dh_pub_key; + + //printf("kexdh client\n"); + + /* generate and send 'e', client DH public key */ + switch (kex->kex_type) { + case KEX_DH_GRP1_SHA1: + kex->dh = dh_new_group1(); + break; + case KEX_DH_GRP14_SHA1: + kex->dh = dh_new_group14(); + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if (kex->dh == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + debug("sending SSH2_MSG_KEXDH_INIT"); + DH_get0_key(kex->dh, &kex_dh_pub_key, NULL); + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || + (r = sshpkt_start(nstate, SSH2_MSG_KEXDH_INIT)) != 0 || + (r = sshpkt_put_bignum2(nstate, kex_dh_pub_key)) != 0 || + (r = sshpkt_send(nstate)) != 0) + goto out; +#ifdef DEBUG_KEXDH + DHparams_print_fp(stderr, kex->dh); + fprintf(stderr, "pub= "); + BN_print_fp(stderr, kex_dh_pub_key); + fprintf(stderr, "\n"); +#endif + debug("expecting SSH2_MSG_KEXDH_REPLY"); + //ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_REPLY, &input_kex_dh); + r = 0; + out: + return r; +} + +int +ncrackssh_input_kex_dh(ncrack_ssh_state *nstate) +{ + //struct ssh *ssh = ctxt; + struct kex *kex = nstate->kex; + BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; + struct sshkey *server_host_key = NULL; + u_char *kbuf = NULL, *server_host_key_blob = NULL, *signature = NULL; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t klen = 0, slen, sbloblen, hashlen; + int kout, r; + const BIGNUM *kex_dh_pub_key; + + if (kex->verify_host_key == NULL) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + /* key, cert */ + if ((r = sshpkt_get_string(nstate, &server_host_key_blob, + &sbloblen)) != 0 || + (r = sshkey_from_blob(server_host_key_blob, sbloblen, + &server_host_key)) != 0) + goto out; + if (server_host_key->type != kex->hostkey_type || + (kex->hostkey_type == KEY_ECDSA && + server_host_key->ecdsa_nid != kex->hostkey_nid)) { + r = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (kex->verify_host_key(server_host_key, nstate) == -1) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + /* DH parameter f, server public DH key */ + if ((dh_server_pub = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + /* signed H */ + if ((r = sshpkt_get_bignum2(nstate, dh_server_pub)) != 0 || + (r = sshpkt_get_string(nstate, &signature, &slen)) != 0 || + (r = sshpkt_get_end(nstate)) != 0) + goto out; +#ifdef DEBUG_KEXDH + fprintf(stderr, "dh_server_pub= "); + BN_print_fp(stderr, dh_server_pub); + fprintf(stderr, "\n"); + debug("bits %d", BN_num_bits(dh_server_pub)); +#endif + if (!dh_pub_is_valid(kex->dh, dh_server_pub)) { + sshpkt_disconnect(nstate, "bad server public DH value"); + r = SSH_ERR_MESSAGE_INCOMPLETE; + goto out; + } + + klen = DH_size(kex->dh); + if ((kbuf = malloc(klen)) == NULL || + (shared_secret = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 || + BN_bin2bn(kbuf, kout, shared_secret) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } +#ifdef DEBUG_KEXDH + dump_digest("shared secret", kbuf, kout); +#endif + + DH_get0_key(kex->dh, &kex_dh_pub_key, NULL); + + /* calc and verify H */ + hashlen = sizeof(hash); + if ((r = kex_dh_hash( + kex->client_version_string, + kex->server_version_string, + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + server_host_key_blob, sbloblen, + kex_dh_pub_key, + dh_server_pub, + shared_secret, + hash, &hashlen)) != 0) + goto out; + + if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, + nstate->compat)) != 0) + goto out; + + /* save session id */ + if (kex->session_id == NULL) { + kex->session_id_len = hashlen; + kex->session_id = malloc(kex->session_id_len); + if (kex->session_id == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(kex->session_id, hash, kex->session_id_len); + } + + if ((r = kex_derive_keys_bn(nstate, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(nstate); + out: + explicit_bzero(hash, sizeof(hash)); + DH_free(kex->dh); + kex->dh = NULL; + if (dh_server_pub) + BN_clear_free(dh_server_pub); + if (kbuf) { + explicit_bzero(kbuf, klen); + free(kbuf); + } + if (shared_secret) + BN_clear_free(shared_secret); + sshkey_free(server_host_key); + free(server_host_key_blob); + free(signature); + return r; +} +#endif /* WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/kexecdh.c b/include/DomainExec/opensshlib/kexecdh.c new file mode 100644 index 00000000..2a4fec6b --- /dev/null +++ b/include/DomainExec/opensshlib/kexecdh.c @@ -0,0 +1,100 @@ +/* $OpenBSD: kexecdh.c,v 1.6 2015/01/19 20:16:15 markus Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + +#include + +#include +#include + +#include +#include +#include +#include + +#include "ssh2.h" +#include "sshkey.h" +#include "cipher.h" +#include "kex.h" +#include "sshbuf.h" +#include "digest.h" +#include "ssherr.h" + +int +kex_ecdh_hash( + int hash_alg, + const EC_GROUP *ec_group, + const char *client_version_string, + const char *server_version_string, + const u_char *ckexinit, size_t ckexinitlen, + const u_char *skexinit, size_t skexinitlen, + const u_char *serverhostkeyblob, size_t sbloblen, + const EC_POINT *client_dh_pub, + const EC_POINT *server_dh_pub, + const BIGNUM *shared_secret, + u_char *hash, size_t *hashlen) +{ + struct sshbuf *b; + int r; + + if (*hashlen < ssh_digest_bytes(hash_alg)) + return SSH_ERR_INVALID_ARGUMENT; + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 || + (r = sshbuf_put_cstring(b, server_version_string)) != 0 || + /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ + (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || + (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || + (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || + (r = sshbuf_put_ec(b, client_dh_pub, ec_group)) != 0 || + (r = sshbuf_put_ec(b, server_dh_pub, ec_group)) != 0 || + (r = sshbuf_put_bignum2(b, shared_secret)) != 0) { + sshbuf_free(b); + return r; + } +#ifdef DEBUG_KEX + sshbuf_dump(b, stderr); +#endif + if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { + sshbuf_free(b); + return SSH_ERR_LIBCRYPTO_ERROR; + } + sshbuf_free(b); + *hashlen = ssh_digest_bytes(hash_alg); +#ifdef DEBUG_KEX + dump_digest("hash", hash, *hashlen); +#endif + return 0; +} +#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ diff --git a/include/DomainExec/opensshlib/kexecdhc.c b/include/DomainExec/opensshlib/kexecdhc.c new file mode 100644 index 00000000..a5986085 --- /dev/null +++ b/include/DomainExec/opensshlib/kexecdhc.c @@ -0,0 +1,245 @@ +/* $OpenBSD: kexecdhc.c,v 1.10 2015/01/26 06:10:03 djm Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + +#include + +#include +#include +#include + +#include + +#include "sshkey.h" +#include "cipher.h" +#include "digest.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "dh.h" +#include "ssh2.h" +#include "dispatch.h" +#include "compat.h" +#include "ssherr.h" +#include "sshbuf.h" + + +//static int input_kex_ecdh_reply(int, u_int32_t, void *); + +int +kexecdh_client(ncrack_ssh_state *nstate) +{ + struct kex *kex = nstate->kex; + EC_KEY *client_key = NULL; + const EC_GROUP *group; + const EC_POINT *public_key; + int r; + + + //printf("kexecdh client \n"); + + if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (EC_KEY_generate_key(client_key) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + group = EC_KEY_get0_group(client_key); + public_key = EC_KEY_get0_public_key(client_key); + + if ((r = sshpkt_start(nstate, SSH2_MSG_KEX_ECDH_INIT)) != 0 || + (r = sshpkt_put_ec(nstate, public_key, group)) != 0 || + (r = sshpkt_send(nstate)) != 0) + goto out; + debug("sending SSH2_MSG_KEX_ECDH_INIT"); + +#ifdef DEBUG_KEXECDH + fputs("client private key:\n", stderr); + sshkey_dump_ec_key(client_key); +#endif + kex->ec_client_key = client_key; + kex->ec_group = group; + client_key = NULL; /* owned by the kex */ + + debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); + //ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_ecdh_reply); + r = 0; + out: + if (client_key) + EC_KEY_free(client_key); + return r; +} + +int +ncrackssh_input_kex_ecdh_reply(ncrack_ssh_state *nstate) +{ + //struct ssh *ssh = ctxt; + struct kex *kex = nstate->kex; + const EC_GROUP *group; + EC_POINT *server_public = NULL; + EC_KEY *client_key; + BIGNUM *shared_secret = NULL; + struct sshkey *server_host_key = NULL; + u_char *server_host_key_blob = NULL, *signature = NULL; + u_char *kbuf = NULL; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t slen, sbloblen; + size_t klen = 0, hashlen; + int r; + + //printf("KEX ECDH REPLY\n"); + + if (kex->verify_host_key == NULL) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + group = kex->ec_group; + client_key = kex->ec_client_key; + + /* hostkey */ + if ((r = sshpkt_get_string(nstate, &server_host_key_blob, + &sbloblen)) != 0 || + (r = sshkey_from_blob(server_host_key_blob, sbloblen, + &server_host_key)) != 0) + goto out; + if (server_host_key->type != kex->hostkey_type || + (kex->hostkey_type == KEY_ECDSA && + server_host_key->ecdsa_nid != kex->hostkey_nid)) { + r = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (kex->verify_host_key(server_host_key, nstate) == -1) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + + //printf("before EC_POINT NEW\n"); + + /* Q_S, server public key */ + /* signed H */ + if ((server_public = EC_POINT_new(group)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshpkt_get_ec(nstate, server_public, group)) != 0 || + (r = sshpkt_get_string(nstate, &signature, &slen)) != 0 || + (r = sshpkt_get_end(nstate)) != 0) + goto out; + +#ifdef DEBUG_KEXECDH + fputs("server public key:\n", stderr); + sshkey_dump_ec_point(group, server_public); +#endif + + + if (sshkey_ec_validate_public(group, server_public) != 0) { + sshpkt_disconnect(nstate, "invalid server public key"); + r = SSH_ERR_MESSAGE_INCOMPLETE; + goto out; + } + + klen = (EC_GROUP_get_degree(group) + 7) / 8; + if ((kbuf = malloc(klen)) == NULL || + (shared_secret = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if (ECDH_compute_key(kbuf, klen, server_public, client_key, NULL) != (int)klen) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + +#ifdef DEBUG_KEXECDH + dump_digest("shared secret", kbuf, klen); +#endif + /* calc and verify H */ + hashlen = sizeof(hash); + if ((r = kex_ecdh_hash( + kex->hash_alg, + group, + kex->client_version_string, + kex->server_version_string, + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + server_host_key_blob, sbloblen, + EC_KEY_get0_public_key(client_key), + server_public, + shared_secret, + hash, &hashlen)) != 0) + goto out; + + if ((r = sshkey_verify(server_host_key, signature, slen, hash, + hashlen, nstate->compat)) != 0) + goto out; + + /* save session id */ + if (kex->session_id == NULL) { + kex->session_id_len = hashlen; + kex->session_id = malloc(kex->session_id_len); + if (kex->session_id == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(kex->session_id, hash, kex->session_id_len); + } + + if ((r = kex_derive_keys_bn(nstate, hash, hashlen, shared_secret)) == 0) { + r = kex_send_newkeys(nstate); + } + + out: + explicit_bzero(hash, sizeof(hash)); + if (kex->ec_client_key) { + EC_KEY_free(kex->ec_client_key); + kex->ec_client_key = NULL; + } + if (server_public) + EC_POINT_clear_free(server_public); + if (kbuf) { + explicit_bzero(kbuf, klen); + free(kbuf); + } + if (shared_secret) + BN_clear_free(shared_secret); + sshkey_free(server_host_key); + free(server_host_key_blob); + free(signature); + return r; +} +#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ + + diff --git a/include/DomainExec/opensshlib/kexgex.c b/include/DomainExec/opensshlib/kexgex.c new file mode 100644 index 00000000..8b0d8333 --- /dev/null +++ b/include/DomainExec/opensshlib/kexgex.c @@ -0,0 +1,102 @@ +/* $OpenBSD: kexgex.c,v 1.29 2015/01/19 20:16:15 markus Exp $ */ +/* + * Copyright (c) 2000 Niels Provos. All rights reserved. + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef WITH_OPENSSL + +#include + +#include +#include + +#include "sshkey.h" +#include "cipher.h" +#include "kex.h" +#include "ssh2.h" +#include "ssherr.h" +#include "sshbuf.h" +#include "digest.h" + +int +kexgex_hash( + int hash_alg, + const char *client_version_string, + const char *server_version_string, + const u_char *ckexinit, size_t ckexinitlen, + const u_char *skexinit, size_t skexinitlen, + const u_char *serverhostkeyblob, size_t sbloblen, + int min, int wantbits, int max, + const BIGNUM *prime, + const BIGNUM *gen, + const BIGNUM *client_dh_pub, + const BIGNUM *server_dh_pub, + const BIGNUM *shared_secret, + u_char *hash, size_t *hashlen) +{ + struct sshbuf *b; + int r; + + if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1)) + return SSH_ERR_INVALID_ARGUMENT; + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 || + (r = sshbuf_put_cstring(b, server_version_string)) != 0 || + /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ + (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || + (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || + (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || + (min != -1 && (r = sshbuf_put_u32(b, min)) != 0) || + (r = sshbuf_put_u32(b, wantbits)) != 0 || + (max != -1 && (r = sshbuf_put_u32(b, max)) != 0) || + (r = sshbuf_put_bignum2(b, prime)) != 0 || + (r = sshbuf_put_bignum2(b, gen)) != 0 || + (r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 || + (r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 || + (r = sshbuf_put_bignum2(b, shared_secret)) != 0) { + sshbuf_free(b); + return r; + } +#ifdef DEBUG_KEXDH + sshbuf_dump(b, stderr); +#endif + if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { + sshbuf_free(b); + return SSH_ERR_LIBCRYPTO_ERROR; + } + sshbuf_free(b); + *hashlen = ssh_digest_bytes(hash_alg); +#ifdef DEBUG_KEXDH + dump_digest("hash", hash, *hashlen); +#endif + return 0; +} +#endif /* WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/kexgexc.c b/include/DomainExec/opensshlib/kexgexc.c new file mode 100644 index 00000000..cccf5be4 --- /dev/null +++ b/include/DomainExec/opensshlib/kexgexc.c @@ -0,0 +1,286 @@ +/* $OpenBSD: kexgexc.c,v 1.22 2015/05/26 23:23:40 dtucker Exp $ */ +/* + * Copyright (c) 2000 Niels Provos. All rights reserved. + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef WITH_OPENSSL + +#ifndef WIN32 +#include +#endif +#include + +#include + +#include +#include +#include +#include + +#include "sshkey.h" +#include "cipher.h" +#include "digest.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "dh.h" +#include "ssh2.h" +#include "compat.h" +#include "dispatch.h" +#include "ssherr.h" +#include "sshbuf.h" + +//static int input_kex_dh_gex_group(int, u_int32_t, void *); +//static int input_kex_dh_gex_reply(int, u_int32_t, void *); + +int +kexgex_client(ncrack_ssh_state *nstate) +{ + struct kex *kex = nstate->kex; + int r; + u_int nbits; + + //printf("kexgex client\n"); + + nbits = dh_estimate(kex->dh_need * 8); + + kex->min = DH_GRP_MIN; + kex->max = DH_GRP_MAX; + kex->nbits = nbits; + if (nstate->datafellows & SSH_BUG_DHGEX_LARGE) + kex->nbits = MIN(kex->nbits, 4096); + /* New GEX request */ + if ((r = sshpkt_start(nstate, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 || + (r = sshpkt_put_u32(nstate, kex->min)) != 0 || + (r = sshpkt_put_u32(nstate, kex->nbits)) != 0 || + (r = sshpkt_put_u32(nstate, kex->max)) != 0 || + (r = sshpkt_send(nstate)) != 0) + goto out; + debug("SSH2_MSG_KEX_DH_GEX_REQUEST(%u<%u<%u) sent", + kex->min, kex->nbits, kex->max); +#ifdef DEBUG_KEXDH + fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n", + kex->min, kex->nbits, kex->max); +#endif + //ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, + // &input_kex_dh_gex_group); + + r = 0; + out: + return r; +} + +int +ncrackssh_input_kex_dh_gex_group(ncrack_ssh_state *nstate) +{ + //struct ssh *ssh = ctxt; + struct kex *kex = nstate->kex; + BIGNUM *p = NULL, *g = NULL; + int r, bits; + const BIGNUM *kex_dh_pub_key; + + //printf("DH GEX GROUP\n"); + + debug("got SSH2_MSG_KEX_DH_GEX_GROUP"); + + if ((p = BN_new()) == NULL || + (g = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshpkt_get_bignum2(nstate, p)) != 0 || + (r = sshpkt_get_bignum2(nstate, g)) != 0 || + (r = sshpkt_get_end(nstate)) != 0) + goto out; + if ((bits = BN_num_bits(p)) < 0 || + (u_int)bits < kex->min || (u_int)bits > kex->max) { + r = SSH_ERR_DH_GEX_OUT_OF_RANGE; + goto out; + } + if ((kex->dh = dh_new_group(g, p)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + p = g = NULL; /* belong to kex->dh now */ + r = dh_gen_key(kex->dh, kex->we_need * 8); + DH_get0_key(kex->dh, &kex_dh_pub_key, NULL); + + /* generate and send 'e', client DH public key */ + if (r != 0 || + (r = sshpkt_start(nstate, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || + (r = sshpkt_put_bignum2(nstate, kex_dh_pub_key)) != 0 || + (r = sshpkt_send(nstate)) != 0) + goto out; + debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); +#ifdef DEBUG_KEXDH + DHparams_print_fp(stderr, kex->dh); + fprintf(stderr, "pub= "); + BN_print_fp(stderr, kex_dh_pub_key); + fprintf(stderr, "\n"); +#endif + + //ssh_dispatch_set(nstate, SSH2_MSG_KEX_DH_GEX_GROUP, NULL); + //ssh_dispatch_set(nstate, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply); + r = 0; +out: + if (p) + BN_clear_free(p); + if (g) + BN_clear_free(g); + return r; +} + +int +ncrackssh_input_kex_dh_gex_reply(ncrack_ssh_state *nstate) +{ + //struct ssh *ssh = ctxt; + struct kex *kex = nstate->kex; + BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; + struct sshkey *server_host_key = NULL; + u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t klen = 0, slen, sbloblen, hashlen; + int kout, r; + const BIGNUM *kex_dh_pub_key, *kex_dh_p, *kex_dh_g; + + debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); + if (kex->verify_host_key == NULL) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + /* key, cert */ + if ((r = sshpkt_get_string(nstate, &server_host_key_blob, + &sbloblen)) != 0 || + (r = sshkey_from_blob(server_host_key_blob, sbloblen, + &server_host_key)) != 0) + goto out; + if (server_host_key->type != kex->hostkey_type) { + r = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (server_host_key->type != kex->hostkey_type || + (kex->hostkey_type == KEY_ECDSA && + server_host_key->ecdsa_nid != kex->hostkey_nid)) { + r = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (kex->verify_host_key(server_host_key, nstate) == -1) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + /* DH parameter f, server public DH key */ + if ((dh_server_pub = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + /* signed H */ + if ((r = sshpkt_get_bignum2(nstate, dh_server_pub)) != 0 || + (r = sshpkt_get_string(nstate, &signature, &slen)) != 0 || + (r = sshpkt_get_end(nstate)) != 0) + goto out; +#ifdef DEBUG_KEXDH + fprintf(stderr, "dh_server_pub= "); + BN_print_fp(stderr, dh_server_pub); + fprintf(stderr, "\n"); + debug("bits %d", BN_num_bits(dh_server_pub)); +#endif + if (!dh_pub_is_valid(kex->dh, dh_server_pub)) { + sshpkt_disconnect(nstate, "bad server public DH value"); + r = SSH_ERR_MESSAGE_INCOMPLETE; + goto out; + } + + klen = DH_size(kex->dh); + if ((kbuf = malloc(klen)) == NULL || + (shared_secret = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 || + BN_bin2bn(kbuf, kout, shared_secret) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } +#ifdef DEBUG_KEXDH + dump_digest("shared secret", kbuf, kout); +#endif + if (nstate->compat & SSH_OLD_DHGEX) + kex->min = kex->max = -1; + DH_get0_key(kex->dh, &kex_dh_pub_key, NULL); + DH_get0_pqg(kex->dh, &kex_dh_p, NULL, &kex_dh_g); + + /* calc and verify H */ + hashlen = sizeof(hash); + if ((r = kexgex_hash( + kex->hash_alg, + kex->client_version_string, + kex->server_version_string, + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + server_host_key_blob, sbloblen, + kex->min, kex->nbits, kex->max, + kex_dh_p, kex_dh_g, + kex_dh_pub_key, + dh_server_pub, + shared_secret, + hash, &hashlen)) != 0) + goto out; + + if ((r = sshkey_verify(server_host_key, signature, slen, hash, + hashlen, nstate->compat)) != 0) + goto out; + + /* save session id */ + if (kex->session_id == NULL) { + kex->session_id_len = hashlen; + kex->session_id = malloc(kex->session_id_len); + if (kex->session_id == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(kex->session_id, hash, kex->session_id_len); + } + + if ((r = kex_derive_keys_bn(nstate, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(nstate); + out: + explicit_bzero(hash, sizeof(hash)); + DH_free(kex->dh); + kex->dh = NULL; + if (dh_server_pub) + BN_clear_free(dh_server_pub); + if (kbuf) { + explicit_bzero(kbuf, klen); + free(kbuf); + } + if (shared_secret) + BN_clear_free(shared_secret); + sshkey_free(server_host_key); + free(server_host_key_blob); + free(signature); + return r; +} +#endif /* WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/key.c b/include/DomainExec/opensshlib/key.c new file mode 100644 index 00000000..f3b154fa --- /dev/null +++ b/include/DomainExec/opensshlib/key.c @@ -0,0 +1,426 @@ +/* $OpenBSD: key.c,v 1.128 2015/07/03 03:43:18 djm Exp $ */ +/* + * placed in the public domain + */ + +#include "includes.h" + +#include +#include +#include +#include +#include + +#define SSH_KEY_NO_DEFINE +#include "key.h" + +#include "compat.h" +#include "sshkey.h" +#include "ssherr.h" +#include "log.h" +#include "authfile.h" + +void +key_add_private(Key *k) +{ + int r; + + if ((r = sshkey_add_private(k)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +Key * +key_new_private(int type) +{ + Key *ret = NULL; + + if ((ret = sshkey_new_private(type)) == NULL) + fatal("%s: failed", __func__); + return ret; +} + +int +key_read(Key *ret, char **cpp) +{ + return sshkey_read(ret, cpp) == 0 ? 1 : -1; +} + +int +key_write(const Key *key, FILE *f) +{ + return sshkey_write(key, f) == 0 ? 1 : 0; +} + +Key * +key_generate(int type, u_int bits) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_generate(type, bits, &ret)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + return ret; +} + +void +key_cert_copy(const Key *from_key, Key *to_key) +{ + int r; + + if ((r = sshkey_cert_copy(from_key, to_key)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +Key * +key_from_private(const Key *k) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_from_private(k, &ret)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + return ret; +} + +static void +fatal_on_fatal_errors(int r, const char *func, int extra_fatal) +{ + if (r == SSH_ERR_INTERNAL_ERROR || + r == SSH_ERR_ALLOC_FAIL || + (extra_fatal != 0 && r == extra_fatal)) + fatal("%s: %s", func, ssh_err(r)); +} + +Key * +key_from_blob(const u_char *blob, u_int blen) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_from_blob(blob, blen, &ret)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + ssh_error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +int +key_to_blob(const Key *key, u_char **blobp, u_int *lenp) +{ + u_char *blob; + size_t blen; + int r; + + if (blobp != NULL) + *blobp = NULL; + if (lenp != NULL) + *lenp = 0; + if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + ssh_error("%s: %s", __func__, ssh_err(r)); + return 0; + } + if (blen > INT_MAX) + fatal("%s: giant len %zu", __func__, blen); + if (blobp != NULL) + *blobp = blob; + if (lenp != NULL) + *lenp = blen; + return blen; +} + +int +key_sign(const Key *key, u_char **sigp, u_int *lenp, + const u_char *data, u_int datalen) +{ + int r; + u_char *sig; + size_t siglen; + + if (sigp != NULL) + *sigp = NULL; + if (lenp != NULL) + *lenp = 0; + if ((r = sshkey_sign(key, &sig, &siglen, + data, datalen, datafellows)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + ssh_error("%s: %s", __func__, ssh_err(r)); + return -1; + } + if (siglen > INT_MAX) + fatal("%s: giant len %zu", __func__, siglen); + if (sigp != NULL) + *sigp = sig; + if (lenp != NULL) + *lenp = siglen; + return 0; +} + +int +key_verify(const Key *key, const u_char *signature, u_int signaturelen, + const u_char *data, u_int datalen) +{ + int r; + + if ((r = sshkey_verify(key, signature, signaturelen, + data, datalen, datafellows)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + ssh_error("%s: %s", __func__, ssh_err(r)); + return r == SSH_ERR_SIGNATURE_INVALID ? 0 : -1; + } + return 1; +} + +Key * +key_demote(const Key *k) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_demote(k, &ret)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + return ret; +} + +int +key_to_certified(Key *k) +{ + int r; + + if ((r = sshkey_to_certified(k)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + ssh_error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} + +int +key_drop_cert(Key *k) +{ + int r; + + if ((r = sshkey_drop_cert(k)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + ssh_error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} + +int +key_certify(Key *k, Key *ca) +{ + int r; + + if ((r = sshkey_certify(k, ca)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + ssh_error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} + +int +key_cert_check_authority(const Key *k, int want_host, int require_principal, + const char *name, const char **reason) +{ + int r; + + if ((r = sshkey_cert_check_authority(k, want_host, require_principal, + name, reason)) != 0) { + fatal_on_fatal_errors(r, __func__, 0); + ssh_error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) +int +key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) +{ + int r; + + if ((r = sshkey_ec_validate_public(group, public)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + ssh_error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} + +int +key_ec_validate_private(const EC_KEY *key) +{ + int r; + + if ((r = sshkey_ec_validate_private(key)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + ssh_error("%s: %s", __func__, ssh_err(r)); + return -1; + } + return 0; +} +#endif /* WITH_OPENSSL */ + +void +key_private_serialize(const Key *key, struct sshbuf *b) +{ + int r; + + if ((r = sshkey_private_serialize(key, b)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +Key * +key_private_deserialize(struct sshbuf *blob) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_private_deserialize(blob, &ret)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + ssh_error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +/* authfile.c */ + +int +key_save_private(Key *key, const char *filename, const char *passphrase, + const char *comment, int force_new_format, const char *new_format_cipher, + int new_format_rounds) +{ + int r; + + if ((r = sshkey_save_private(key, filename, passphrase, comment, + force_new_format, new_format_cipher, new_format_rounds)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + ssh_error("%s: %s", __func__, ssh_err(r)); + return 0; + } + return 1; +} + +int +key_load_file(int fd, const char *filename, struct sshbuf *blob) +{ + int r; + + if ((r = sshkey_load_file(fd, blob)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + ssh_error("%s: %s", __func__, ssh_err(r)); + return 0; + } + return 1; +} + +Key * +key_load_cert(const char *filename) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_load_cert(filename, &ret)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR) + debug("%s: %s", __func__, ssh_err(r)); + else + ssh_error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; + +} + +Key * +key_load_public(const char *filename, char **commentp) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_load_public(filename, &ret, commentp)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR) + debug("%s: %s", __func__, ssh_err(r)); + else + ssh_error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +Key * +key_load_private(const char *path, const char *passphrase, + char **commentp) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_load_private(path, passphrase, &ret, commentp)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR || + r == SSH_ERR_KEY_WRONG_PASSPHRASE) + debug("%s: %s", __func__, ssh_err(r)); + else + ssh_error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +Key * +key_load_private_cert(int type, const char *filename, const char *passphrase, + int *perm_ok) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_load_private_cert(type, filename, passphrase, + &ret, perm_ok)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR || + r == SSH_ERR_KEY_WRONG_PASSPHRASE) + debug("%s: %s", __func__, ssh_err(r)); + else + ssh_error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +Key * +key_load_private_type(int type, const char *filename, const char *passphrase, + char **commentp, int *perm_ok) +{ + int r; + Key *ret = NULL; + + if ((r = sshkey_load_private_type(type, filename, passphrase, + &ret, commentp, perm_ok)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR || + (r == SSH_ERR_KEY_WRONG_PASSPHRASE)) + debug("%s: %s", __func__, ssh_err(r)); + else + ssh_error("%s: %s", __func__, ssh_err(r)); + return NULL; + } + return ret; +} + +int +key_perm_ok(int fd, const char *filename) +{ + return sshkey_perm_ok(fd, filename) == 0 ? 1 : 0; +} + diff --git a/include/DomainExec/opensshlib/key.h b/include/DomainExec/opensshlib/key.h new file mode 100644 index 00000000..903bdf67 --- /dev/null +++ b/include/DomainExec/opensshlib/key.h @@ -0,0 +1,104 @@ +/* $OpenBSD: key.h,v 1.48 2015/07/03 03:43:18 djm Exp $ */ + +/* + * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef KEY_H +#define KEY_H + +#include "sshkey.h" + +typedef struct sshkey Key; + +#define types sshkey_types +#define fp_type sshkey_fp_type +#define fp_rep sshkey_fp_rep + +#ifndef SSH_KEY_NO_DEFINE +#define key_new sshkey_new +#define key_free sshkey_free +#define key_equal_public sshkey_equal_public +#define key_equal sshkey_equal +#define key_type sshkey_type +#define key_cert_type sshkey_cert_type +#define key_ssh_name sshkey_ssh_name +#define key_ssh_name_plain sshkey_ssh_name_plain +#define key_type_from_name sshkey_type_from_name +#define key_ecdsa_nid_from_name sshkey_ecdsa_nid_from_name +#define key_type_is_cert sshkey_type_is_cert +#define key_size sshkey_size +#define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid +#define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid +#define key_is_cert sshkey_is_cert +#define key_type_plain sshkey_type_plain +#define key_curve_name_to_nid sshkey_curve_name_to_nid +#define key_curve_nid_to_bits sshkey_curve_nid_to_bits +#define key_curve_nid_to_name sshkey_curve_nid_to_name +#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg +#define key_dump_ec_point sshkey_dump_ec_point +#define key_dump_ec_key sshkey_dump_ec_key +#endif + +void key_add_private(Key *); +Key *key_new_private(int); +void key_free(Key *); +Key *key_demote(const Key *); +int key_write(const Key *, FILE *); +int key_read(Key *, char **); + +Key *key_generate(int, u_int); +Key *key_from_private(const Key *); +int key_to_certified(Key *); +int key_drop_cert(Key *); +int key_certify(Key *, Key *); +void key_cert_copy(const Key *, Key *); +int key_cert_check_authority(const Key *, int, int, const char *, + const char **); +char *key_alg_list(int, int); + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) +int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); +int key_ec_validate_private(const EC_KEY *); +#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ + +Key *key_from_blob(const u_char *, u_int); +int key_to_blob(const Key *, u_char **, u_int *); + +int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); +int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); + +void key_private_serialize(const Key *, struct sshbuf *); +Key *key_private_deserialize(struct sshbuf *); + +/* authfile.c */ +int key_save_private(Key *, const char *, const char *, const char *, + int, const char *, int); +int key_load_file(int, const char *, struct sshbuf *); +Key *key_load_cert(const char *); +Key *key_load_public(const char *, char **); +Key *key_load_private(const char *, const char *, char **); +Key *key_load_private_cert(int, const char *, const char *, int *); +Key *key_load_private_type(int, const char *, const char *, char **, int *); +int key_perm_ok(int, const char *); + +#endif diff --git a/include/DomainExec/opensshlib/log.c b/include/DomainExec/opensshlib/log.c new file mode 100644 index 00000000..2c05ed1a --- /dev/null +++ b/include/DomainExec/opensshlib/log.c @@ -0,0 +1,478 @@ +/* $OpenBSD: log.c,v 1.46 2015/07/08 19:04:21 markus Exp $ */ +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include + +#include +#include +#include +#include +#include +#ifndef WIN32 +#include +#include +#endif +#include +#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) +# include +#endif + +#include "log.h" + +//static LogLevel log_level = SYSLOG_LEVEL_INFO; +static int log_on_stderr = 1; +static int log_stderr_fd = STDERR_FILENO; +//#ifndef WIN32 +//static int log_facility = LOG_AUTH; +//#endif +//static char *argv0; +static log_handler_fn *log_handler; +static void *log_handler_ctx; + +extern char *__progname; + +#define LOG_SYSLOG_VIS (VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL) +#define LOG_STDERR_VIS (VIS_SAFE|VIS_OCTAL) + +/* textual representation of log-facilities/levels */ + +static struct { + const char *name; + SyslogFacility val; +} log_facilities[] = { + { "DAEMON", SYSLOG_FACILITY_DAEMON }, + { "USER", SYSLOG_FACILITY_USER }, + { "AUTH", SYSLOG_FACILITY_AUTH }, +#ifdef LOG_AUTHPRIV + { "AUTHPRIV", SYSLOG_FACILITY_AUTHPRIV }, +#endif + { "LOCAL0", SYSLOG_FACILITY_LOCAL0 }, + { "LOCAL1", SYSLOG_FACILITY_LOCAL1 }, + { "LOCAL2", SYSLOG_FACILITY_LOCAL2 }, + { "LOCAL3", SYSLOG_FACILITY_LOCAL3 }, + { "LOCAL4", SYSLOG_FACILITY_LOCAL4 }, + { "LOCAL5", SYSLOG_FACILITY_LOCAL5 }, + { "LOCAL6", SYSLOG_FACILITY_LOCAL6 }, + { "LOCAL7", SYSLOG_FACILITY_LOCAL7 }, + { NULL, SYSLOG_FACILITY_NOT_SET } +}; + +static struct { + const char *name; + LogLevel val; +} log_levels[] = +{ + { "QUIET", SYSLOG_LEVEL_QUIET }, + { "FATAL", SYSLOG_LEVEL_FATAL }, + { "ERROR", SYSLOG_LEVEL_ERROR }, + { "INFO", SYSLOG_LEVEL_INFO }, + { "VERBOSE", SYSLOG_LEVEL_VERBOSE }, + { "DEBUG", SYSLOG_LEVEL_DEBUG1 }, + { "DEBUG1", SYSLOG_LEVEL_DEBUG1 }, + { "DEBUG2", SYSLOG_LEVEL_DEBUG2 }, + { "DEBUG3", SYSLOG_LEVEL_DEBUG3 }, + { NULL, SYSLOG_LEVEL_NOT_SET } +}; + +SyslogFacility +log_facility_number(char *name) +{ + int i; + + if (name != NULL) + for (i = 0; log_facilities[i].name; i++) +#ifndef WIN32 + if (strcasecmp(log_facilities[i].name, name) == 0) +#else + if (stricmp(log_facilities[i].name, name) == 0) +#endif + return log_facilities[i].val; + return SYSLOG_FACILITY_NOT_SET; +} + +const char * +log_facility_name(SyslogFacility facility) +{ + u_int i; + + for (i = 0; log_facilities[i].name; i++) + if (log_facilities[i].val == facility) + return log_facilities[i].name; + return NULL; +} + +LogLevel +log_level_number(char *name) +{ + int i; + + if (name != NULL) + for (i = 0; log_levels[i].name; i++) +#ifndef WIN32 + if (strcasecmp(log_levels[i].name, name) == 0) +#else + if (stricmp(log_levels[i].name, name) == 0) +#endif + return log_levels[i].val; + return SYSLOG_LEVEL_NOT_SET; +} + +const char * +log_level_name(LogLevel level) +{ + u_int i; + + for (i = 0; log_levels[i].name != NULL; i++) + if (log_levels[i].val == level) + return log_levels[i].name; + return NULL; +} + +/* Error messages that should be logged. */ + +void +ssh_error(const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + do_log(SYSLOG_LEVEL_ERROR, fmt, args); + va_end(args); +} + +void +sigdie(const char *fmt,...) +{ +#ifdef DO_LOG_SAFE_IN_SIGHAND + va_list args; + + va_start(args, fmt); + do_log(SYSLOG_LEVEL_FATAL, fmt, args); + va_end(args); +#endif + _exit(1); +} + + +/* Log this message (information that usually should go to the log). */ + +void +logit(const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + do_log(SYSLOG_LEVEL_INFO, fmt, args); + va_end(args); +} + +/* More detailed messages (information that does not need to go to the log). */ + +void +verbose(const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + do_log(SYSLOG_LEVEL_VERBOSE, fmt, args); + va_end(args); +} + +/* Debugging messages that should not be logged during normal operation. */ + +void +debug(const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + do_log(SYSLOG_LEVEL_DEBUG1, fmt, args); + va_end(args); +} + +void +debug2(const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + do_log(SYSLOG_LEVEL_DEBUG2, fmt, args); + va_end(args); +} + +void +debug3(const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + do_log(SYSLOG_LEVEL_DEBUG3, fmt, args); + va_end(args); +} + +/* + * Initialize the log. + */ + +void +log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) +{ +#if 0 +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + struct syslog_data sdata = SYSLOG_DATA_INIT; +#endif + + argv0 = av0; + + switch (level) { + case SYSLOG_LEVEL_QUIET: + case SYSLOG_LEVEL_FATAL: + case SYSLOG_LEVEL_ERROR: + case SYSLOG_LEVEL_INFO: + case SYSLOG_LEVEL_VERBOSE: + case SYSLOG_LEVEL_DEBUG1: + case SYSLOG_LEVEL_DEBUG2: + case SYSLOG_LEVEL_DEBUG3: + log_level = level; + break; + default: + fprintf(stderr, "Unrecognized internal syslog level code %d\n", + (int) level); + exit(1); + } + + log_handler = NULL; + log_handler_ctx = NULL; + + log_on_stderr = on_stderr; + if (on_stderr) + return; + + switch (facility) { + case SYSLOG_FACILITY_DAEMON: + log_facility = LOG_DAEMON; + break; + case SYSLOG_FACILITY_USER: + log_facility = LOG_USER; + break; + case SYSLOG_FACILITY_AUTH: + log_facility = LOG_AUTH; + break; +#ifdef LOG_AUTHPRIV + case SYSLOG_FACILITY_AUTHPRIV: + log_facility = LOG_AUTHPRIV; + break; +#endif + case SYSLOG_FACILITY_LOCAL0: + log_facility = LOG_LOCAL0; + break; + case SYSLOG_FACILITY_LOCAL1: + log_facility = LOG_LOCAL1; + break; + case SYSLOG_FACILITY_LOCAL2: + log_facility = LOG_LOCAL2; + break; + case SYSLOG_FACILITY_LOCAL3: + log_facility = LOG_LOCAL3; + break; + case SYSLOG_FACILITY_LOCAL4: + log_facility = LOG_LOCAL4; + break; + case SYSLOG_FACILITY_LOCAL5: + log_facility = LOG_LOCAL5; + break; + case SYSLOG_FACILITY_LOCAL6: + log_facility = LOG_LOCAL6; + break; + case SYSLOG_FACILITY_LOCAL7: + log_facility = LOG_LOCAL7; + break; + default: + fprintf(stderr, + "Unrecognized internal syslog facility code %d\n", + (int) facility); + exit(1); + } + + /* + * If an external library (eg libwrap) attempts to use syslog + * immediately after reexec, syslog may be pointing to the wrong + * facility, so we force an open/close of syslog here. + */ +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); + closelog_r(&sdata); +#else + openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); + closelog(); +#endif +#endif +} + +void +log_change_level(LogLevel new_log_level) +{ +#if 0 + /* no-op if log_init has not been called */ + if (argv0 == NULL) + return; + log_init(argv0, new_log_level, log_facility, log_on_stderr); +#endif +} + +int +log_is_on_stderr(void) +{ + return log_on_stderr; +} + +/* redirect what would usually get written to stderr to specified file */ +void +log_redirect_stderr_to(const char *logfile) +{ + int fd; + + if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) { + fprintf(stderr, "Couldn't open logfile %s: %s\n", logfile, + strerror(errno)); + exit(1); + } + log_stderr_fd = fd; +} + +#define MSGBUFSIZ 1024 + +void +set_log_handler(log_handler_fn *handler, void *ctx) +{ + log_handler = handler; + log_handler_ctx = ctx; +} + +void +do_log2(LogLevel level, const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + do_log(level, fmt, args); + va_end(args); +} + +void +do_log(LogLevel level, const char *fmt, va_list args) +{ +#if 0 +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + struct syslog_data sdata = SYSLOG_DATA_INIT; +#endif + char msgbuf[MSGBUFSIZ]; + char fmtbuf[MSGBUFSIZ]; + char *txt = NULL; + int pri = LOG_INFO; + int saved_errno = errno; + log_handler_fn *tmp_handler; + + if (level > log_level) + return; + + switch (level) { + case SYSLOG_LEVEL_FATAL: + if (!log_on_stderr) + txt = "fatal"; + pri = LOG_CRIT; + break; + case SYSLOG_LEVEL_ERROR: + if (!log_on_stderr) + txt = "error"; + pri = LOG_ERR; + break; + case SYSLOG_LEVEL_INFO: + pri = LOG_INFO; + break; + case SYSLOG_LEVEL_VERBOSE: + pri = LOG_INFO; + break; + case SYSLOG_LEVEL_DEBUG1: + txt = "debug1"; + pri = LOG_DEBUG; + break; + case SYSLOG_LEVEL_DEBUG2: + txt = "debug2"; + pri = LOG_DEBUG; + break; + case SYSLOG_LEVEL_DEBUG3: + txt = "debug3"; + pri = LOG_DEBUG; + break; + default: + txt = "internal error"; + pri = LOG_ERR; + break; + } + if (txt != NULL && log_handler == NULL) { + snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); + vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); + } else { + vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); + } + strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), + log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); + if (log_handler != NULL) { + /* Avoid recursion */ + tmp_handler = log_handler; + log_handler = NULL; + tmp_handler(level, fmtbuf, log_handler_ctx); + log_handler = tmp_handler; + } else if (log_on_stderr) { + snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); + (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); + } else { +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); + syslog_r(pri, &sdata, "%.500s", fmtbuf); + closelog_r(&sdata); +#else + openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); + syslog(pri, "%.500s", fmtbuf); + closelog(); +#endif + } + errno = saved_errno; +#endif +} diff --git a/include/DomainExec/opensshlib/log.h b/include/DomainExec/opensshlib/log.h new file mode 100644 index 00000000..6e2a1fb0 --- /dev/null +++ b/include/DomainExec/opensshlib/log.h @@ -0,0 +1,88 @@ +/* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#ifndef SSH_LOG_H +#define SSH_LOG_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Supported syslog facilities and levels. */ +typedef enum { + SYSLOG_FACILITY_DAEMON, + SYSLOG_FACILITY_USER, + SYSLOG_FACILITY_AUTH, +#ifdef LOG_AUTHPRIV + SYSLOG_FACILITY_AUTHPRIV, +#endif + SYSLOG_FACILITY_LOCAL0, + SYSLOG_FACILITY_LOCAL1, + SYSLOG_FACILITY_LOCAL2, + SYSLOG_FACILITY_LOCAL3, + SYSLOG_FACILITY_LOCAL4, + SYSLOG_FACILITY_LOCAL5, + SYSLOG_FACILITY_LOCAL6, + SYSLOG_FACILITY_LOCAL7, + SYSLOG_FACILITY_NOT_SET = -1 +} SyslogFacility; + +typedef enum { + SYSLOG_LEVEL_QUIET, + SYSLOG_LEVEL_FATAL, + SYSLOG_LEVEL_ERROR, + SYSLOG_LEVEL_INFO, + SYSLOG_LEVEL_VERBOSE, + SYSLOG_LEVEL_DEBUG1, + SYSLOG_LEVEL_DEBUG2, + SYSLOG_LEVEL_DEBUG3, + SYSLOG_LEVEL_NOT_SET = -1 +} LogLevel; + +typedef void (log_handler_fn)(LogLevel, const char *, void *); + +void log_init(char *, LogLevel, SyslogFacility, int); +void log_change_level(LogLevel); +int log_is_on_stderr(void); +void log_redirect_stderr_to(const char *); + +SyslogFacility log_facility_number(char *); +const char * log_facility_name(SyslogFacility); +LogLevel log_level_number(char *); +const char * log_level_name(LogLevel); + +void fatal(const char *, ...) __attribute__((noreturn)) + __attribute__((format(printf, 1, 2))); +void ssh_error(const char *, ...) __attribute__((format(printf, 1, 2))); +void sigdie(const char *, ...) __attribute__((noreturn)) + __attribute__((format(printf, 1, 2))); +void logit(const char *, ...) __attribute__((format(printf, 1, 2))); +void verbose(const char *, ...) __attribute__((format(printf, 1, 2))); +void debug(const char *, ...) __attribute__((format(printf, 1, 2))); +void debug2(const char *, ...) __attribute__((format(printf, 1, 2))); +void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); + + +void set_log_handler(log_handler_fn *, void *); +void do_log2(LogLevel, const char *, ...) + __attribute__((format(printf, 2, 3))); +void do_log(LogLevel, const char *, va_list); +void cleanup_exit(int) __attribute__((noreturn)); + + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + +#endif diff --git a/include/DomainExec/opensshlib/mac.c b/include/DomainExec/opensshlib/mac.c new file mode 100644 index 00000000..f777cd27 --- /dev/null +++ b/include/DomainExec/opensshlib/mac.c @@ -0,0 +1,265 @@ +/* $OpenBSD: mac.c,v 1.34 2017/05/08 22:57:38 djm Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include + +#include +#include + +#include "digest.h" +#include "hmac.h" +#include "umac.h" +#include "mac.h" +#include "misc.h" +#include "ssherr.h" +#include "sshbuf.h" + +#include "openssl-compat.h" + +#define SSH_DIGEST 1 /* SSH_DIGEST_XXX */ +#define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ +#define SSH_UMAC128 3 + +struct macalg { + char *name; + int type; + int alg; + int truncatebits; /* truncate digest if != 0 */ + int key_len; /* just for UMAC */ + int len; /* just for UMAC */ + int etm; /* Encrypt-then-MAC */ +}; + +static const struct macalg macs[] = { + /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ + { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, + { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 }, +#ifdef HAVE_EVP_SHA256 + { "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 }, + { "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 }, +#endif + { "hmac-md5", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 }, + { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, + { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, + { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, + + /* Encrypt-then-MAC variants */ + { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, + { "hmac-sha1-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 1 }, +#ifdef HAVE_EVP_SHA256 + { "hmac-sha2-256-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 }, + { "hmac-sha2-512-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 }, +#endif + { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, + { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, + { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, + { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, + + { NULL, 0, 0, 0, 0, 0, 0 } +}; + +/* Returns a list of supported MACs separated by the specified char. */ +char * +mac_alg_list(char sep) +{ + char *ret = NULL, *tmp; + size_t nlen, rlen = 0; + const struct macalg *m; + + for (m = macs; m->name != NULL; m++) { + if (ret != NULL) + ret[rlen++] = sep; + nlen = strlen(m->name); + if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { + free(ret); + return NULL; + } + ret = tmp; + memcpy(ret + rlen, m->name, nlen + 1); + rlen += nlen; + } + return ret; +} + +static int +mac_setup_by_alg(struct sshmac *mac, const struct macalg *macalg) +{ + mac->type = macalg->type; + if (mac->type == SSH_DIGEST) { + if ((mac->hmac_ctx = ssh_hmac_start(macalg->alg)) == NULL) + return SSH_ERR_ALLOC_FAIL; + mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); + } else { + mac->mac_len = macalg->len / 8; + mac->key_len = macalg->key_len / 8; + mac->umac_ctx = NULL; + } + if (macalg->truncatebits != 0) + mac->mac_len = macalg->truncatebits / 8; + mac->etm = macalg->etm; + return 0; +} + +int +mac_setup(struct sshmac *mac, char *name) +{ + const struct macalg *m; + + for (m = macs; m->name != NULL; m++) { + if (strcmp(name, m->name) != 0) + continue; + if (mac != NULL) + return mac_setup_by_alg(mac, m); + return 0; + } + return SSH_ERR_INVALID_ARGUMENT; +} + +int +mac_init(struct sshmac *mac) +{ + if (mac->key == NULL) + return SSH_ERR_INVALID_ARGUMENT; + switch (mac->type) { + case SSH_DIGEST: + if (mac->hmac_ctx == NULL || + ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) + return SSH_ERR_INVALID_ARGUMENT; + return 0; + case SSH_UMAC: + if ((mac->umac_ctx = umac_new(mac->key)) == NULL) + return SSH_ERR_ALLOC_FAIL; + return 0; + case SSH_UMAC128: + if ((mac->umac_ctx = umac128_new(mac->key)) == NULL) + return SSH_ERR_ALLOC_FAIL; + return 0; + default: + return SSH_ERR_INVALID_ARGUMENT; + } +} + +int +mac_compute(struct sshmac *mac, u_int32_t seqno, + const u_char *data, int datalen, + u_char *digest, size_t dlen) +{ + static union { + u_char m[SSH_DIGEST_MAX_LENGTH]; + u_int64_t for_align; + } u; + u_char b[4]; + u_char nonce[8]; + + if (mac->mac_len > sizeof(u)) + return SSH_ERR_INTERNAL_ERROR; + + switch (mac->type) { + case SSH_DIGEST: + put_u32(b, seqno); + /* reset HMAC context */ + if (ssh_hmac_init(mac->hmac_ctx, NULL, 0) < 0 || + ssh_hmac_update(mac->hmac_ctx, b, sizeof(b)) < 0 || + ssh_hmac_update(mac->hmac_ctx, data, datalen) < 0 || + ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) + return SSH_ERR_LIBCRYPTO_ERROR; + break; + case SSH_UMAC: + POKE_U64(nonce, seqno); + umac_update(mac->umac_ctx, data, datalen); + umac_final(mac->umac_ctx, u.m, nonce); + break; + case SSH_UMAC128: + put_u64(nonce, seqno); + umac128_update(mac->umac_ctx, data, datalen); + umac128_final(mac->umac_ctx, u.m, nonce); + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } + if (digest != NULL) { + if (dlen > mac->mac_len) + dlen = mac->mac_len; + memcpy(digest, u.m, dlen); + } + return 0; +} + +int +mac_check(struct sshmac *mac, u_int32_t seqno, + const u_char *data, size_t dlen, + const u_char *theirmac, size_t mlen) +{ + u_char ourmac[SSH_DIGEST_MAX_LENGTH]; + int r; + + if (mac->mac_len > mlen) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = mac_compute(mac, seqno, data, dlen, + ourmac, sizeof(ourmac))) != 0) + return r; + if (timingsafe_bcmp(ourmac, theirmac, mac->mac_len) != 0) + return SSH_ERR_MAC_INVALID; + return 0; +} + +void +mac_clear(struct sshmac *mac) +{ + if (mac->type == SSH_UMAC) { + if (mac->umac_ctx != NULL) + umac_delete(mac->umac_ctx); + } else if (mac->type == SSH_UMAC128) { + if (mac->umac_ctx != NULL) + umac128_delete(mac->umac_ctx); + } else if (mac->hmac_ctx != NULL) + ssh_hmac_free(mac->hmac_ctx); + mac->hmac_ctx = NULL; + mac->umac_ctx = NULL; +} + +/* XXX copied from ciphers_valid */ +#define MAC_SEP "," +int +mac_valid(const char *names) +{ + char *maclist, *cp, *p; + + if (names == NULL || strcmp(names, "") == 0) + return 0; + if ((maclist = cp = strdup(names)) == NULL) + return 0; + for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0'; + (p = strsep(&cp, MAC_SEP))) { + if (mac_setup(NULL, p) < 0) { + free(maclist); + return 0; + } + } + free(maclist); + return 1; +} diff --git a/include/DomainExec/opensshlib/mac.h b/include/DomainExec/opensshlib/mac.h new file mode 100644 index 00000000..e5f6b84d --- /dev/null +++ b/include/DomainExec/opensshlib/mac.h @@ -0,0 +1,51 @@ +/* $OpenBSD: mac.h,v 1.9 2015/01/13 19:31:40 markus Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef SSHMAC_H +#define SSHMAC_H + +#include + +struct sshmac { + char *name; + int enabled; + u_int mac_len; + u_char *key; + u_int key_len; + int type; + int etm; /* Encrypt-then-MAC */ + struct ssh_hmac_ctx *hmac_ctx; + struct umac_ctx *umac_ctx; +}; + +int mac_valid(const char *); +char *mac_alg_list(char); +int mac_setup(struct sshmac *, char *); +int mac_init(struct sshmac *); +int mac_compute(struct sshmac *, u_int32_t, const u_char *, int, + u_char *, size_t); +void mac_clear(struct sshmac *); + +#endif /* SSHMAC_H */ diff --git a/include/DomainExec/opensshlib/match.c b/include/DomainExec/opensshlib/match.c new file mode 100644 index 00000000..d55f7fee --- /dev/null +++ b/include/DomainExec/opensshlib/match.c @@ -0,0 +1,279 @@ +/* $OpenBSD: match.c,v 1.30 2015/05/04 06:10:48 djm Exp $ */ +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * Simple pattern matching, with '*' and '?' as wildcards. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include + +#include +#include +#include + +#include "xmalloc.h" +#include "match.h" + +/* + * Returns true if the given string matches the pattern (which may contain ? + * and * as wildcards), and zero if it does not match. + */ + +int +match_pattern(const char *s, const char *pattern) +{ + for (;;) { + /* If at end of pattern, accept if also at end of string. */ + if (!*pattern) + return !*s; + + if (*pattern == '*') { + /* Skip the asterisk. */ + pattern++; + + /* If at end of pattern, accept immediately. */ + if (!*pattern) + return 1; + + /* If next character in pattern is known, optimize. */ + if (*pattern != '?' && *pattern != '*') { + /* + * Look instances of the next character in + * pattern, and try to match starting from + * those. + */ + for (; *s; s++) + if (*s == *pattern && + match_pattern(s + 1, pattern + 1)) + return 1; + /* Failed. */ + return 0; + } + /* + * Move ahead one character at a time and try to + * match at each position. + */ + for (; *s; s++) + if (match_pattern(s, pattern)) + return 1; + /* Failed. */ + return 0; + } + /* + * There must be at least one more character in the string. + * If we are at the end, fail. + */ + if (!*s) + return 0; + + /* Check if the next character of the string is acceptable. */ + if (*pattern != '?' && *pattern != *s) + return 0; + + /* Move to the next character, both in string and in pattern. */ + s++; + pattern++; + } + /* NOTREACHED */ +} + +/* + * Tries to match the string against the + * comma-separated sequence of subpatterns (each possibly preceded by ! to + * indicate negation). Returns -1 if negation matches, 1 if there is + * a positive match, 0 if there is no match at all. + */ +int +match_pattern_list(const char *string, const char *pattern, int dolower) +{ + char sub[1024]; + int negated; + int got_positive; + u_int i, subi, len = strlen(pattern); + + got_positive = 0; + for (i = 0; i < len;) { + /* Check if the subpattern is negated. */ + if (pattern[i] == '!') { + negated = 1; + i++; + } else + negated = 0; + + /* + * Extract the subpattern up to a comma or end. Convert the + * subpattern to lowercase. + */ + for (subi = 0; + i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; + subi++, i++) + sub[subi] = dolower && isupper((u_char)pattern[i]) ? + tolower((u_char)pattern[i]) : pattern[i]; + /* If subpattern too long, return failure (no match). */ + if (subi >= sizeof(sub) - 1) + return 0; + + /* If the subpattern was terminated by a comma, skip the comma. */ + if (i < len && pattern[i] == ',') + i++; + + /* Null-terminate the subpattern. */ + sub[subi] = '\0'; + + /* Try to match the subpattern against the string. */ + if (match_pattern(string, sub)) { + if (negated) + return -1; /* Negative */ + else + got_positive = 1; /* Positive */ + } + } + + /* + * Return success if got a positive match. If there was a negative + * match, we have already returned -1 and never get here. + */ + return got_positive; +} + +/* + * Tries to match the host name (which must be in all lowercase) against the + * comma-separated sequence of subpatterns (each possibly preceded by ! to + * indicate negation). Returns -1 if negation matches, 1 if there is + * a positive match, 0 if there is no match at all. + */ +int +match_hostname(const char *host, const char *pattern) +{ + return match_pattern_list(host, pattern, 1); +} + +#if 0 +/* + * returns 0 if we get a negative match for the hostname or the ip + * or if we get no match at all. returns -1 on error, or 1 on + * successful match. + */ +int +match_host_and_ip(const char *host, const char *ipaddr, + const char *patterns) +{ + int mhost, mip; + + /* error in ipaddr match */ + if ((mip = addr_match_list(ipaddr, patterns)) == -2) + return -1; + else if (mip == -1) /* negative ip address match */ + return 0; + + /* negative hostname match */ + if ((mhost = match_hostname(host, patterns)) == -1) + return 0; + /* no match at all */ + if (mhost == 0 && mip == 0) + return 0; + return 1; +} + +/* + * match user, user@host_or_ip, user@host_or_ip_list against pattern + */ +int +match_user(const char *user, const char *host, const char *ipaddr, + const char *pattern) +{ + char *p, *pat; + int ret; + + if ((p = strchr(pattern,'@')) == NULL) + return match_pattern(user, pattern); + + pat = xstrdup(pattern); + p = strchr(pat, '@'); + *p++ = '\0'; + + if ((ret = match_pattern(user, pat)) == 1) + ret = match_host_and_ip(host, ipaddr, p); + free(pat); + + return ret; +} +#endif + +/* + * Returns first item from client-list that is also supported by server-list, + * caller must free the returned string. + */ +#define MAX_PROP 40 +#define SEP "," +char * +match_list(const char *client, const char *server, u_int *next) +{ + char *sproposals[MAX_PROP]; + char *c, *s, *p, *ret, *cp, *sp; + int i, j, nproposals; + + c = cp = xstrdup(client); + s = sp = xstrdup(server); + + for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0'; + (p = strsep(&sp, SEP)), i++) { + if (i < MAX_PROP) + sproposals[i] = p; + else + break; + } + nproposals = i; + + for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0'; + (p = strsep(&cp, SEP)), i++) { + for (j = 0; j < nproposals; j++) { + if (strcmp(p, sproposals[j]) == 0) { + ret = xstrdup(p); + if (next != NULL) + *next = (cp == NULL) ? + strlen(c) : (u_int)(cp - c); + free(c); + free(s); + return ret; + } + } + } + if (next != NULL) + *next = strlen(c); + free(c); + free(s); + return NULL; +} diff --git a/include/DomainExec/opensshlib/match.h b/include/DomainExec/opensshlib/match.h new file mode 100644 index 00000000..3269cf60 --- /dev/null +++ b/include/DomainExec/opensshlib/match.h @@ -0,0 +1,36 @@ +/* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ +#ifndef MATCH_H +#define MATCH_H + +#ifdef __cplusplus +extern "C" { +#endif + +int match_pattern(const char *, const char *); +int match_pattern_list(const char *, const char *, int); +int match_hostname(const char *, const char *); +int match_host_and_ip(const char *, const char *, const char *); +int match_user(const char *, const char *, const char *, const char *); +char *match_list(const char *, const char *, u_int *); + +/* addrmatch.c */ +int addr_match_list(const char *, const char *); +int addr_match_cidr_list(const char *, const char *); + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + +#endif diff --git a/include/DomainExec/opensshlib/md-sha256.c b/include/DomainExec/opensshlib/md-sha256.c new file mode 100644 index 00000000..ba467b7d --- /dev/null +++ b/include/DomainExec/opensshlib/md-sha256.c @@ -0,0 +1,86 @@ +/* $OpenBSD: md-sha256.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ +/* + * Copyright (c) 2005 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* EVP wrapper for SHA256 */ + +#include "includes.h" + +#include +#include + +#if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) + +#include +#include +#ifdef HAVE_SHA256_UPDATE +# ifdef HAVE_SHA2_H +# include +# elif defined(HAVE_CRYPTO_SHA2_H) +# include +# endif +#endif + +const EVP_MD *evp_ssh_sha256(void); + +static int +ssh_sha256_init(EVP_MD_CTX *ctxt) +{ + SHA256_Init(ctxt->md_data); + return (1); +} + +static int +ssh_sha256_update(EVP_MD_CTX *ctxt, const void *data, unsigned long len) +{ + SHA256_Update(ctxt->md_data, data, len); + return (1); +} + +static int +ssh_sha256_final(EVP_MD_CTX *ctxt, unsigned char *digest) +{ + SHA256_Final(digest, ctxt->md_data); + return (1); +} + +static int +ssh_sha256_cleanup(EVP_MD_CTX *ctxt) +{ + memset(ctxt->md_data, 0, sizeof(SHA256_CTX_struct)); + return (1); +} + +const EVP_MD * +evp_ssh_sha256(void) +{ + static EVP_MD ssh_sha256; + + memset(&ssh_sha256, 0, sizeof(ssh_sha256)); + ssh_sha256.type = NID_undef; + ssh_sha256.md_size = SHA256_DIGEST_LENGTH; + ssh_sha256.init = ssh_sha256_init; + ssh_sha256.update = ssh_sha256_update; + ssh_sha256.final = ssh_sha256_final; + ssh_sha256.cleanup = ssh_sha256_cleanup; + ssh_sha256.block_size = SHA256_BLOCK_LENGTH; + ssh_sha256.ctx_size = sizeof(SHA256_CTX_struct); + + return (&ssh_sha256); +} + +#endif /* !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) */ + diff --git a/include/DomainExec/opensshlib/md5.h b/include/DomainExec/opensshlib/md5.h new file mode 100644 index 00000000..c83c19dc --- /dev/null +++ b/include/DomainExec/opensshlib/md5.h @@ -0,0 +1,51 @@ +/* $OpenBSD: md5.h,v 1.17 2012/12/05 23:19:57 deraadt Exp $ */ + +/* + * This code implements the MD5 message-digest algorithm. + * The algorithm is due to Ron Rivest. This code was + * written by Colin Plumb in 1993, no copyright is claimed. + * This code is in the public domain; do with it what you wish. + * + * Equivalent code is available from RSA Data Security, Inc. + * This code has been tested against that, and is equivalent, + * except that you don't need to include two pages of legalese + * with every copy. + */ + +#ifndef _MD5_H_ +#define _MD5_H_ + +#ifndef WITH_OPENSSL + +#define MD5_BLOCK_LENGTH 64 +#define MD5_DIGEST_LENGTH 16 +#define MD5_DIGEST_STRING_LENGTH (MD5_DIGEST_LENGTH * 2 + 1) + +typedef struct MD5Context { + u_int32_t state[4]; /* state */ + u_int64_t count; /* number of bits, mod 2^64 */ + u_int8_t buffer[MD5_BLOCK_LENGTH]; /* input buffer */ +} MD5_CTX; + +void MD5Init(MD5_CTX *); +void MD5Update(MD5_CTX *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void MD5Pad(MD5_CTX *); +void MD5Final(u_int8_t [MD5_DIGEST_LENGTH], MD5_CTX *) + __attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH))); +void MD5Transform(u_int32_t [4], const u_int8_t [MD5_BLOCK_LENGTH]) + __attribute__((__bounded__(__minbytes__,1,4))) + __attribute__((__bounded__(__minbytes__,2,MD5_BLOCK_LENGTH))); +char *MD5End(MD5_CTX *, char *) + __attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH))); +char *MD5File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH))); +char *MD5FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH))); +char *MD5Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,MD5_DIGEST_STRING_LENGTH))); + +#endif /* !WITH_OPENSSL */ + +#endif /* _MD5_H_ */ diff --git a/include/DomainExec/opensshlib/misc.c b/include/DomainExec/opensshlib/misc.c new file mode 100644 index 00000000..4ca7c026 --- /dev/null +++ b/include/DomainExec/opensshlib/misc.c @@ -0,0 +1,1144 @@ +/* $OpenBSD: misc.c,v 1.97 2015/04/24 01:36:00 deraadt Exp $ */ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2005,2006 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include +#ifndef WIN32 +#include +#include +#include +#endif + +#include +#include +#include +#include +#include +#include +#ifndef WIN32 +#include + +#include +#include +#include +#include +#endif + +#include +#include +#include +#ifndef WIN32 +#include +#endif +#ifdef HAVE_PATHS_H +# include +#include +#endif +#ifdef SSH_TUN_OPENBSD +#include +#endif + +#include "xmalloc.h" +#include "misc.h" +#include "log.h" +#include "ssh.h" + +/* remove newline at end of string */ +char * +chop(char *s) +{ + char *t = s; + while (*t) { + if (*t == '\n' || *t == '\r') { + *t = '\0'; + return s; + } + t++; + } + return s; + +} + +#if 0 +/* set/unset filedescriptor to non-blocking */ +int +set_nonblock(int fd) +{ + int val; + + val = fcntl(fd, F_GETFL, 0); + if (val < 0) { + ssh_error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); + return (-1); + } + if (val & O_NONBLOCK) { + debug3("fd %d is O_NONBLOCK", fd); + return (0); + } + debug2("fd %d setting O_NONBLOCK", fd); + val |= O_NONBLOCK; + if (fcntl(fd, F_SETFL, val) == -1) { + debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, + strerror(errno)); + return (-1); + } + return (0); +} +#endif + +#if 0 +int +unset_nonblock(int fd) +{ + int val; + + val = fcntl(fd, F_GETFL, 0); + if (val < 0) { + ssh_error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); + return (-1); + } + if (!(val & O_NONBLOCK)) { + debug3("fd %d is not O_NONBLOCK", fd); + return (0); + } + debug("fd %d clearing O_NONBLOCK", fd); + val &= ~O_NONBLOCK; + if (fcntl(fd, F_SETFL, val) == -1) { + debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s", + fd, strerror(errno)); + return (-1); + } + return (0); +} +#endif + +#if 0 +const char * +ssh_gai_strerror(int gaierr) +{ + if (gaierr == EAI_SYSTEM && errno != 0) + return strerror(errno); + return gai_strerror(gaierr); +} +#endif + +/* disable nagle on socket */ +void +set_nodelay(int fd) +{ + int opt; + socklen_t optlen; + + optlen = sizeof opt; + if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) { + debug("getsockopt TCP_NODELAY: %.100s", strerror(errno)); + return; + } + if (opt == 1) { + debug2("fd %d is TCP_NODELAY", fd); + return; + } + opt = 1; + debug2("fd %d setting TCP_NODELAY", fd); + if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) + ssh_error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); +} + +/* Characters considered whitespace in strsep calls. */ +#define WHITESPACE " \t\r\n" +#define QUOTE "\"" + +/* return next token in configuration line */ +char * +strdelim(char **s) +{ + char *old; + int wspace = 0; + + if (*s == NULL) + return NULL; + + old = *s; + + *s = strpbrk(*s, WHITESPACE QUOTE "="); + if (*s == NULL) + return (old); + + if (*s[0] == '\"') { + memmove(*s, *s + 1, strlen(*s)); /* move nul too */ + /* Find matching quote */ + if ((*s = strpbrk(*s, QUOTE)) == NULL) { + return (NULL); /* no matching quote */ + } else { + *s[0] = '\0'; + *s += strspn(*s + 1, WHITESPACE) + 1; + return (old); + } + } + + /* Allow only one '=' to be skipped */ + if (*s[0] == '=') + wspace = 1; + *s[0] = '\0'; + + /* Skip any extra whitespace after first token */ + *s += strspn(*s + 1, WHITESPACE) + 1; + if (*s[0] == '=' && !wspace) + *s += strspn(*s + 1, WHITESPACE) + 1; + + return (old); +} + +#if 0 +struct passwd * +pwcopy(struct passwd *pw) +{ + struct passwd *copy = xcalloc(1, sizeof(*copy)); + + copy->pw_name = xstrdup(pw->pw_name); + copy->pw_passwd = xstrdup(pw->pw_passwd); +#ifdef HAVE_STRUCT_PASSWD_PW_GECOS + copy->pw_gecos = xstrdup(pw->pw_gecos); +#endif + copy->pw_uid = pw->pw_uid; + copy->pw_gid = pw->pw_gid; +#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE + copy->pw_expire = pw->pw_expire; +#endif +#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE + copy->pw_change = pw->pw_change; +#endif +#ifdef HAVE_STRUCT_PASSWD_PW_CLASS + copy->pw_class = xstrdup(pw->pw_class); +#endif + copy->pw_dir = xstrdup(pw->pw_dir); + copy->pw_shell = xstrdup(pw->pw_shell); + return copy; +} +#endif + +/* + * Convert ASCII string to TCP/IP port number. + * Port must be >=0 and <=65535. + * Return -1 if invalid. + */ +int +a2port(const char *s) +{ + long long port; + const char *errstr; + + port = strtonum(s, 0, 65535, &errstr); + if (errstr != NULL) + return -1; + return (int)port; +} + +#if 0 +int +a2tun(const char *s, int *remote) +{ + const char *errstr = NULL; + char *sp, *ep; + int tun; + + if (remote != NULL) { + *remote = SSH_TUNID_ANY; + sp = xstrdup(s); + if ((ep = strchr(sp, ':')) == NULL) { + free(sp); + return (a2tun(s, NULL)); + } + ep[0] = '\0'; ep++; + *remote = a2tun(ep, NULL); + tun = a2tun(sp, NULL); + free(sp); + return (*remote == SSH_TUNID_ERR ? *remote : tun); + } + + if (strcasecmp(s, "any") == 0) + return (SSH_TUNID_ANY); + + tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr); + if (errstr != NULL) + return (SSH_TUNID_ERR); + + return (tun); +} +#endif + +#define SECONDS 1 +#define MINUTES (SECONDS * 60) +#define HOURS (MINUTES * 60) +#define DAYS (HOURS * 24) +#define WEEKS (DAYS * 7) + +/* + * Convert a time string into seconds; format is + * a sequence of: + * time[qualifier] + * + * Valid time qualifiers are: + * seconds + * s|S seconds + * m|M minutes + * h|H hours + * d|D days + * w|W weeks + * + * Examples: + * 90m 90 minutes + * 1h30m 90 minutes + * 2d 2 days + * 1w 1 week + * + * Return -1 if time string is invalid. + */ +long +convtime(const char *s) +{ + long total, secs; + const char *p; + char *endp; + + errno = 0; + total = 0; + p = s; + + if (p == NULL || *p == '\0') + return -1; + + while (*p) { + secs = strtol(p, &endp, 10); + if (p == endp || + (errno == ERANGE && (secs == LONG_MIN || secs == LONG_MAX)) || + secs < 0) + return -1; + + switch (*endp++) { + case '\0': + endp--; + break; + case 's': + case 'S': + break; + case 'm': + case 'M': + secs *= MINUTES; + break; + case 'h': + case 'H': + secs *= HOURS; + break; + case 'd': + case 'D': + secs *= DAYS; + break; + case 'w': + case 'W': + secs *= WEEKS; + break; + default: + return -1; + } + total += secs; + if (total < 0) + return -1; + p = endp; + } + + return total; +} + +/* + * Returns a standardized host+port identifier string. + * Caller must free returned string. + */ +#if 0 +char * +put_host_port(const char *host, u_short port) +{ + char *hoststr; + + if (port == 0 || port == SSH_DEFAULT_PORT) + return(xstrdup(host)); + if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) + fatal("put_host_port: asprintf: %s", strerror(errno)); + debug3("put_host_port: %s", hoststr); + return hoststr; +} +#endif + +/* + * Search for next delimiter between hostnames/addresses and ports. + * Argument may be modified (for termination). + * Returns *cp if parsing succeeds. + * *cp is set to the start of the next delimiter, if one was found. + * If this is the last field, *cp is set to NULL. + */ +char * +hpdelim(char **cp) +{ + char *s, *old; + + if (cp == NULL || *cp == NULL) + return NULL; + + old = s = *cp; + if (*s == '[') { + if ((s = strchr(s, ']')) == NULL) + return NULL; + else + s++; + } else if ((s = strpbrk(s, ":/")) == NULL) + s = *cp + strlen(*cp); /* skip to end (see first case below) */ + + switch (*s) { + case '\0': + *cp = NULL; /* no more fields*/ + break; + + case ':': + case '/': + *s = '\0'; /* terminate */ + *cp = s + 1; + break; + + default: + return NULL; + } + + return old; +} + +char * +cleanhostname(char *host) +{ + if (*host == '[' && host[strlen(host) - 1] == ']') { + host[strlen(host) - 1] = '\0'; + return (host + 1); + } else + return host; +} + +char * +colon(char *cp) +{ + int flag = 0; + + if (*cp == ':') /* Leading colon is part of file name. */ + return NULL; + if (*cp == '[') + flag = 1; + + for (; *cp; ++cp) { + if (*cp == '@' && *(cp+1) == '[') + flag = 1; + if (*cp == ']' && *(cp+1) == ':' && flag) + return (cp+1); + if (*cp == ':' && !flag) + return (cp); + if (*cp == '/') + return NULL; + } + return NULL; +} + +#if 0 +/* function to assist building execv() arguments */ +void +addargs(arglist *args, char *fmt, ...) +{ + va_list ap; + char *cp; + u_int nalloc; + int r; + + va_start(ap, fmt); + r = vasprintf(&cp, fmt, ap); + va_end(ap); + if (r == -1) + fatal("addargs: argument too long"); + + nalloc = args->nalloc; + if (args->list == NULL) { + nalloc = 32; + args->num = 0; + } else if (args->num+2 >= nalloc) + nalloc *= 2; + + args->list = xreallocarray(args->list, nalloc, sizeof(char *)); + args->nalloc = nalloc; + args->list[args->num++] = cp; + args->list[args->num] = NULL; +} + +void +replacearg(arglist *args, u_int which, char *fmt, ...) +{ + va_list ap; + char *cp; + int r; + + va_start(ap, fmt); + r = vasprintf(&cp, fmt, ap); + va_end(ap); + if (r == -1) + fatal("replacearg: argument too long"); + + if (which >= args->num) + fatal("replacearg: tried to replace invalid arg %d >= %d", + which, args->num); + free(args->list[which]); + args->list[which] = cp; +} + +void +freeargs(arglist *args) +{ + u_int i; + + if (args->list != NULL) { + for (i = 0; i < args->num; i++) + free(args->list[i]); + free(args->list); + args->nalloc = args->num = 0; + args->list = NULL; + } +} +#endif + +/* + * Expands tildes in the file name. Returns data allocated by xmalloc. + * Warning: this calls getpw*. + */ +#if 0 +char * +tilde_expand_filename(const char *filename, uid_t uid) +{ + const char *path, *sep; + char user[128], *ret; + struct passwd *pw; + u_int len, slash; + + if (*filename != '~') + return (xstrdup(filename)); + filename++; + + path = strchr(filename, '/'); + if (path != NULL && path > filename) { /* ~user/path */ + slash = path - filename; + if (slash > sizeof(user) - 1) + fatal("tilde_expand_filename: ~username too long"); + memcpy(user, filename, slash); + user[slash] = '\0'; + if ((pw = getpwnam(user)) == NULL) + fatal("tilde_expand_filename: No such user %s", user); + } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ + fatal("tilde_expand_filename: No such uid %ld", (long)uid); + + /* Make sure directory has a trailing '/' */ + len = strlen(pw->pw_dir); + if (len == 0 || pw->pw_dir[len - 1] != '/') + sep = "/"; + else + sep = ""; + + /* Skip leading '/' from specified path */ + if (path != NULL) + filename = path + 1; + + if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX) + fatal("tilde_expand_filename: Path too long"); + + return (ret); +} +#endif + +/* + * Expand a string with a set of %[char] escapes. A number of escapes may be + * specified as (char *escape_chars, char *replacement) pairs. The list must + * be terminated by a NULL escape_char. Returns replaced string in memory + * allocated by xmalloc. + */ +char * +percent_expand(const char *string, ...) +{ +#define EXPAND_MAX_KEYS 16 + u_int num_keys, i, j; + struct { + const char *key; + const char *repl; + } keys[EXPAND_MAX_KEYS]; + char buf[4096]; + va_list ap; + + /* Gather keys */ + va_start(ap, string); + for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) { + keys[num_keys].key = va_arg(ap, char *); + if (keys[num_keys].key == NULL) + break; + keys[num_keys].repl = va_arg(ap, char *); + if (keys[num_keys].repl == NULL) + fatal("%s: NULL replacement", __func__); + } + if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL) + fatal("%s: too many keys", __func__); + va_end(ap); + + /* Expand string */ + *buf = '\0'; + for (i = 0; *string != '\0'; string++) { + if (*string != '%') { + append: + buf[i++] = *string; + if (i >= sizeof(buf)) + fatal("%s: string too long", __func__); + buf[i] = '\0'; + continue; + } + string++; + /* %% case */ + if (*string == '%') + goto append; + for (j = 0; j < num_keys; j++) { + if (strchr(keys[j].key, *string) != NULL) { + i = strlcat(buf, keys[j].repl, sizeof(buf)); + if (i >= sizeof(buf)) + fatal("%s: string too long", __func__); + break; + } + } + if (j >= num_keys) + fatal("%s: unknown key %%%c", __func__, *string); + } + return (xstrdup(buf)); +#undef EXPAND_MAX_KEYS +} + +/* + * Read an entire line from a public key file into a static buffer, discarding + * lines that exceed the buffer size. Returns 0 on success, -1 on failure. + */ +int +read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, + u_long *lineno) +{ + while (fgets(buf, bufsz, f) != NULL) { + if (buf[0] == '\0') + continue; + (*lineno)++; + if (buf[strlen(buf) - 1] == '\n' || feof(f)) { + return 0; + } else { + debug("%s: %s line %lu exceeds size limit", __func__, + filename, *lineno); + /* discard remainder of line */ + while (fgetc(f) != '\n' && !feof(f)) + ; /* nothing */ + } + } + return -1; +} + +int +tun_open(int tun, int mode) +{ +#if defined(CUSTOM_SYS_TUN_OPEN) + return 0; + //return (sys_tun_open(tun, mode)); +#elif defined(SSH_TUN_OPENBSD) + struct ifreq ifr; + char name[100]; + int fd = -1, sock; + + /* Open the tunnel device */ + if (tun <= SSH_TUNID_MAX) { + snprintf(name, sizeof(name), "/dev/tun%d", tun); + fd = open(name, O_RDWR); + } else if (tun == SSH_TUNID_ANY) { + for (tun = 100; tun >= 0; tun--) { + snprintf(name, sizeof(name), "/dev/tun%d", tun); + if ((fd = open(name, O_RDWR)) >= 0) + break; + } + } else { + debug("%s: invalid tunnel %u", __func__, tun); + return (-1); + } + + if (fd < 0) { + debug("%s: %s open failed: %s", __func__, name, strerror(errno)); + return (-1); + } + + debug("%s: %s mode %d fd %d", __func__, name, mode, fd); + + /* Set the tunnel device operation mode */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun); + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) + goto failed; + + if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) + goto failed; + + /* Set interface mode */ + ifr.ifr_flags &= ~IFF_UP; + if (mode == SSH_TUNMODE_ETHERNET) + ifr.ifr_flags |= IFF_LINK0; + else + ifr.ifr_flags &= ~IFF_LINK0; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; + + /* Bring interface up */ + ifr.ifr_flags |= IFF_UP; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; + + close(sock); + return (fd); + + failed: + if (fd >= 0) + close(fd); + if (sock >= 0) + close(sock); + debug("%s: failed to set %s mode %d: %s", __func__, name, + mode, strerror(errno)); + return (-1); +#else + ssh_error("Tunnel interfaces are not supported on this platform"); + return (-1); +#endif +} + +void +sanitise_stdfd(void) +{ +#if 0 + int nullfd, dupfd; + + if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { + fprintf(stderr, "Couldn't open /dev/null: %s\n", + strerror(errno)); + exit(1); + } + while (++dupfd <= 2) { + /* Only clobber closed fds */ + if (fcntl(dupfd, F_GETFL, 0) >= 0) + continue; + if (dup2(nullfd, dupfd) == -1) { + fprintf(stderr, "dup2: %s\n", strerror(errno)); + exit(1); + } + } + if (nullfd > 2) + close(nullfd); +#endif +} + +char * +tohex(const void *vp, size_t l) +{ + const u_char *p = (const u_char *)vp; + char b[3], *r; + size_t i, hl; + + if (l > 65536) + return xstrdup("tohex: length > 65536"); + + hl = l * 2 + 1; + r = xcalloc(1, hl); + for (i = 0; i < l; i++) { + snprintf(b, sizeof(b), "%02x", p[i]); + strlcat(r, b, hl); + } + return (r); +} + +u_int64_t +get_u64(const void *vp) +{ + const u_char *p = (const u_char *)vp; + u_int64_t v; + + v = (u_int64_t)p[0] << 56; + v |= (u_int64_t)p[1] << 48; + v |= (u_int64_t)p[2] << 40; + v |= (u_int64_t)p[3] << 32; + v |= (u_int64_t)p[4] << 24; + v |= (u_int64_t)p[5] << 16; + v |= (u_int64_t)p[6] << 8; + v |= (u_int64_t)p[7]; + + return (v); +} + +u_int32_t +get_u32(const void *vp) +{ + const u_char *p = (const u_char *)vp; + u_int32_t v; + + v = (u_int32_t)p[0] << 24; + v |= (u_int32_t)p[1] << 16; + v |= (u_int32_t)p[2] << 8; + v |= (u_int32_t)p[3]; + + return (v); +} + +u_int32_t +get_u32_le(const void *vp) +{ + const u_char *p = (const u_char *)vp; + u_int32_t v; + + v = (u_int32_t)p[0]; + v |= (u_int32_t)p[1] << 8; + v |= (u_int32_t)p[2] << 16; + v |= (u_int32_t)p[3] << 24; + + return (v); +} + +u_int16_t +get_u16(const void *vp) +{ + const u_char *p = (const u_char *)vp; + u_int16_t v; + + v = (u_int16_t)p[0] << 8; + v |= (u_int16_t)p[1]; + + return (v); +} + +void +put_u64(void *vp, u_int64_t v) +{ + u_char *p = (u_char *)vp; + + p[0] = (u_char)(v >> 56) & 0xff; + p[1] = (u_char)(v >> 48) & 0xff; + p[2] = (u_char)(v >> 40) & 0xff; + p[3] = (u_char)(v >> 32) & 0xff; + p[4] = (u_char)(v >> 24) & 0xff; + p[5] = (u_char)(v >> 16) & 0xff; + p[6] = (u_char)(v >> 8) & 0xff; + p[7] = (u_char)v & 0xff; +} + +void +put_u32(void *vp, u_int32_t v) +{ + u_char *p = (u_char *)vp; + + p[0] = (u_char)(v >> 24) & 0xff; + p[1] = (u_char)(v >> 16) & 0xff; + p[2] = (u_char)(v >> 8) & 0xff; + p[3] = (u_char)v & 0xff; +} + +void +put_u32_le(void *vp, u_int32_t v) +{ + u_char *p = (u_char *)vp; + + p[0] = (u_char)v & 0xff; + p[1] = (u_char)(v >> 8) & 0xff; + p[2] = (u_char)(v >> 16) & 0xff; + p[3] = (u_char)(v >> 24) & 0xff; +} + +void +put_u16(void *vp, u_int16_t v) +{ + u_char *p = (u_char *)vp; + + p[0] = (u_char)(v >> 8) & 0xff; + p[1] = (u_char)v & 0xff; +} + +void +ms_subtract_diff(struct timeval *start, int *ms) +{ + struct timeval diff, finish; + + gettimeofday(&finish, NULL); + timersub(&finish, start, &diff); + *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000); +} + +void +ms_to_timeval(struct timeval *tv, int ms) +{ + if (ms < 0) + ms = 0; + tv->tv_sec = ms / 1000; + tv->tv_usec = (ms % 1000) * 1000; +} + +time_t +monotime(void) +{ +#if defined(HAVE_CLOCK_GETTIME) && \ + (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME)) + struct timespec ts; + static int gettime_failed = 0; + + if (!gettime_failed) { +#if defined(CLOCK_BOOTTIME) + if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0) + return (ts.tv_sec); +#endif +#if defined(CLOCK_MONOTONIC) + if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) + return (ts.tv_sec); +#endif + debug3("clock_gettime: %s", strerror(errno)); + gettime_failed = 1; + } +#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */ + + return time(NULL); +} + +void +bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) +{ + bw->buflen = buflen; + bw->rate = kbps; + bw->thresh = bw->rate; + bw->lamt = 0; + timerclear(&bw->bwstart); + timerclear(&bw->bwend); +} + +/* Callback from read/write loop to insert bandwidth-limiting delays */ +void +bandwidth_limit(struct bwlimit *bw, size_t read_len) +{ + u_int64_t waitlen; + struct timespec ts, rm; + + if (!timerisset(&bw->bwstart)) { + gettimeofday(&bw->bwstart, NULL); + return; + } + + bw->lamt += read_len; + if (bw->lamt < bw->thresh) + return; + + gettimeofday(&bw->bwend, NULL); + timersub(&bw->bwend, &bw->bwstart, &bw->bwend); + if (!timerisset(&bw->bwend)) + return; + + bw->lamt *= 8; + waitlen = (double)1000000L * bw->lamt / bw->rate; + + bw->bwstart.tv_sec = waitlen / 1000000L; + bw->bwstart.tv_usec = waitlen % 1000000L; + + if (timercmp(&bw->bwstart, &bw->bwend, >)) { + timersub(&bw->bwstart, &bw->bwend, &bw->bwend); + + /* Adjust the wait time */ + if (bw->bwend.tv_sec) { + bw->thresh /= 2; + if (bw->thresh < bw->buflen / 4) + bw->thresh = bw->buflen / 4; + } else if (bw->bwend.tv_usec < 10000) { + bw->thresh *= 2; + if (bw->thresh > bw->buflen * 8) + bw->thresh = bw->buflen * 8; + } + + TIMEVAL_TO_TIMESPEC(&bw->bwend, &ts); + while (nanosleep(&ts, &rm) == -1) { + if (errno != EINTR) + break; + ts = rm; + } + } + + bw->lamt = 0; + gettimeofday(&bw->bwstart, NULL); +} + +/* Make a template filename for mk[sd]temp() */ +void +mktemp_proto(char *s, size_t len) +{ + const char *tmpdir; + int r; + + if ((tmpdir = getenv("TMPDIR")) != NULL) { + r = snprintf(s, len, "%s/ssh-XXXXXXXXXXXX", tmpdir); + if (r > 0 && (size_t)r < len) + return; + } + r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX"); + if (r < 0 || (size_t)r >= len) + fatal("%s: template string too short", __func__); +} + +static const struct { + const char *name; + int value; +} ipqos[] = { + { "af11", IPTOS_DSCP_AF11 }, + { "af12", IPTOS_DSCP_AF12 }, + { "af13", IPTOS_DSCP_AF13 }, + { "af21", IPTOS_DSCP_AF21 }, + { "af22", IPTOS_DSCP_AF22 }, + { "af23", IPTOS_DSCP_AF23 }, + { "af31", IPTOS_DSCP_AF31 }, + { "af32", IPTOS_DSCP_AF32 }, + { "af33", IPTOS_DSCP_AF33 }, + { "af41", IPTOS_DSCP_AF41 }, + { "af42", IPTOS_DSCP_AF42 }, + { "af43", IPTOS_DSCP_AF43 }, + { "cs0", IPTOS_DSCP_CS0 }, + { "cs1", IPTOS_DSCP_CS1 }, + { "cs2", IPTOS_DSCP_CS2 }, + { "cs3", IPTOS_DSCP_CS3 }, + { "cs4", IPTOS_DSCP_CS4 }, + { "cs5", IPTOS_DSCP_CS5 }, + { "cs6", IPTOS_DSCP_CS6 }, + { "cs7", IPTOS_DSCP_CS7 }, + { "ef", IPTOS_DSCP_EF }, + { "lowdelay", IPTOS_LOWDELAY }, + { "throughput", IPTOS_THROUGHPUT }, + { "reliability", IPTOS_RELIABILITY }, + { NULL, -1 } +}; + +#if 0 +int +parse_ipqos(const char *cp) +{ + u_int i; + char *ep; + long val; + + if (cp == NULL) + return -1; + for (i = 0; ipqos[i].name != NULL; i++) { + if (strcasecmp(cp, ipqos[i].name) == 0) + return ipqos[i].value; + } + /* Try parsing as an integer */ + val = strtol(cp, &ep, 0); + if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255) + return -1; + return val; +} +#endif + +const char * +iptos2str(int iptos) +{ + int i; + static char iptos_str[sizeof "0xff"]; + + for (i = 0; ipqos[i].name != NULL; i++) { + if (ipqos[i].value == iptos) + return ipqos[i].name; + } + snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos); + return iptos_str; +} + +void +lowercase(char *s) +{ + for (; *s; s++) + *s = tolower((u_char)*s); +} + +int +unix_listener(const char *path, int backlog, int unlink_first) +{ + struct sockaddr_un sunaddr; + int saved_errno, sock; + + memset(&sunaddr, 0, sizeof(sunaddr)); + sunaddr.sun_family = AF_UNIX; + if (strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) { + ssh_error("%s: \"%s\" too long for Unix domain socket", __func__, + path); + errno = ENAMETOOLONG; + return -1; + } + + sock = socket(PF_UNIX, SOCK_STREAM, 0); + if (sock < 0) { + saved_errno = errno; + ssh_error("socket: %.100s", strerror(errno)); + errno = saved_errno; + return -1; + } + if (unlink_first == 1) { + if (unlink(path) != 0 && errno != ENOENT) + ssh_error("unlink(%s): %.100s", path, strerror(errno)); + } + if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { + saved_errno = errno; + ssh_error("bind: %.100s", strerror(errno)); + close(sock); + ssh_error("%s: cannot bind to path: %s", __func__, path); + errno = saved_errno; + return -1; + } + if (listen(sock, backlog) < 0) { + saved_errno = errno; + ssh_error("listen: %.100s", strerror(errno)); + close(sock); + unlink(path); + ssh_error("%s: cannot listen on path: %s", __func__, path); + errno = saved_errno; + return -1; + } + return sock; +} + +void +sock_set_v6only(int s) +{ +#ifdef IPV6_V6ONLY + int on = 1; + + debug3("%s: set socket %d IPV6_V6ONLY", __func__, s); + if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1) + ssh_error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); +#endif +} diff --git a/include/DomainExec/opensshlib/misc.h b/include/DomainExec/opensshlib/misc.h new file mode 100644 index 00000000..19da060f --- /dev/null +++ b/include/DomainExec/opensshlib/misc.h @@ -0,0 +1,146 @@ +/* $OpenBSD: misc.h,v 1.54 2014/07/15 15:54:14 millert Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#ifndef _MISC_H +#define _MISC_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Data structure for representing a forwarding request. */ +struct Forward { + char *listen_host; /* Host (address) to listen on. */ + int listen_port; /* Port to forward. */ + char *listen_path; /* Path to bind domain socket. */ + char *connect_host; /* Host to connect. */ + int connect_port; /* Port to connect on connect_host. */ + char *connect_path; /* Path to connect domain socket. */ + int allocated_port; /* Dynamically allocated listen port */ + int handle; /* Handle for dynamic listen ports */ +}; + +/* Common server and client forwarding options. */ +struct ForwardOptions { + int gateway_ports; /* Allow remote connects to forwarded ports. */ +// mode_t streamlocal_bind_mask; /* umask for streamlocal binds */ + int streamlocal_bind_unlink; /* unlink socket before bind */ +}; + +/* misc.c */ + +char *chop(char *); +char *strdelim(char **); +int set_nonblock(int); +int unset_nonblock(int); +void set_nodelay(int); +int a2port(const char *); +int a2tun(const char *, int *); +char *put_host_port(const char *, u_short); +char *hpdelim(char **); +char *cleanhostname(char *); +char *colon(char *); +long convtime(const char *); +char *tilde_expand_filename(const char *, uid_t); +char *percent_expand(const char *, ...) __attribute__((__sentinel__)); +char *tohex(const void *, size_t); +void sanitise_stdfd(void); +void ms_subtract_diff(struct timeval *, int *); +void ms_to_timeval(struct timeval *, int); +time_t monotime(void); +void lowercase(char *s); +int unix_listener(const char *, int, int); + +void sock_set_v6only(int); + +struct passwd *pwcopy(struct passwd *); +const char *ssh_gai_strerror(int); + +typedef struct arglist arglist; +struct arglist { + char **list; + u_int num; + u_int nalloc; +}; +void addargs(arglist *, char *, ...) + __attribute__((format(printf, 2, 3))); +void replacearg(arglist *, u_int, char *, ...) + __attribute__((format(printf, 3, 4))); +void freeargs(arglist *); + +int tun_open(int, int); + +/* Common definitions for ssh tunnel device forwarding */ +#define SSH_TUNMODE_NO 0x00 +#define SSH_TUNMODE_POINTOPOINT 0x01 +#define SSH_TUNMODE_ETHERNET 0x02 +#define SSH_TUNMODE_DEFAULT SSH_TUNMODE_POINTOPOINT +#define SSH_TUNMODE_YES (SSH_TUNMODE_POINTOPOINT|SSH_TUNMODE_ETHERNET) + +#define SSH_TUNID_ANY 0x7fffffff +#define SSH_TUNID_ERR (SSH_TUNID_ANY - 1) +#define SSH_TUNID_MAX (SSH_TUNID_ANY - 2) + +/* Fake port to indicate that host field is really a path. */ +#define PORT_STREAMLOCAL -2 + +/* Functions to extract or store big-endian words of various sizes */ +u_int64_t get_u64(const void *) + __attribute__((__bounded__( __minbytes__, 1, 8))); +u_int32_t get_u32(const void *) + __attribute__((__bounded__( __minbytes__, 1, 4))); +u_int16_t get_u16(const void *) + __attribute__((__bounded__( __minbytes__, 1, 2))); +void put_u64(void *, u_int64_t) + __attribute__((__bounded__( __minbytes__, 1, 8))); +void put_u32(void *, u_int32_t) + __attribute__((__bounded__( __minbytes__, 1, 4))); +void put_u16(void *, u_int16_t) + __attribute__((__bounded__( __minbytes__, 1, 2))); + +/* Little-endian store/load, used by umac.c */ +u_int32_t get_u32_le(const void *) + __attribute__((__bounded__(__minbytes__, 1, 4))); +void put_u32_le(void *, u_int32_t) + __attribute__((__bounded__(__minbytes__, 1, 4))); + +struct bwlimit { + size_t buflen; + u_int64_t rate, thresh, lamt; + struct timeval bwstart, bwend; +}; + +void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); +void bandwidth_limit(struct bwlimit *, size_t); + +int parse_ipqos(const char *); +const char *iptos2str(int); +void mktemp_proto(char *, size_t); + +/* readpass.c */ + +#define RP_ECHO 0x0001 +#define RP_ALLOW_STDIN 0x0002 +#define RP_ALLOW_EOF 0x0004 +#define RP_USE_ASKPASS 0x0008 + +char *read_passphrase(const char *, int); +int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); +int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + +#endif /* _MISC_H */ diff --git a/include/DomainExec/opensshlib/moduli.c b/include/DomainExec/opensshlib/moduli.c new file mode 100644 index 00000000..56225f0f --- /dev/null +++ b/include/DomainExec/opensshlib/moduli.c @@ -0,0 +1,817 @@ +/* $OpenBSD: moduli.c,v 1.30 2015/01/20 23:14:00 deraadt Exp $ */ +/* + * Copyright 1994 Phil Karn + * Copyright 1996-1998, 2003 William Allen Simpson + * Copyright 2000 Niels Provos + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Two-step process to generate safe primes for DHGEX + * + * Sieve candidates for "safe" primes, + * suitable for use as Diffie-Hellman moduli; + * that is, where q = (p-1)/2 is also prime. + * + * First step: generate candidate primes (memory intensive) + * Second step: test primes' safety (processor intensive) + */ + +#include "includes.h" + +#ifdef WITH_OPENSSL + +#ifndef WIN32 +#include /* MAX */ +#endif +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#ifndef WIN32 +#include +#endif +#include + +#include "xmalloc.h" +#include "dh.h" +#include "log.h" +#include "misc.h" + +#include "openbsd-compat.h" + +/* + * File output defines + */ + +/* need line long enough for largest moduli plus headers */ +#define QLINESIZE (100+8192) + +/* + * Size: decimal. + * Specifies the number of the most significant bit (0 to M). + * WARNING: internally, usually 1 to N. + */ +#define QSIZE_MINIMUM (511) + +/* + * Prime sieving defines + */ + +/* Constant: assuming 8 bit bytes and 32 bit words */ +#define SHIFT_BIT (3) +#define SHIFT_BYTE (2) +#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE) +#define SHIFT_MEGABYTE (20) +#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE) + +/* + * Using virtual memory can cause thrashing. This should be the largest + * number that is supported without a large amount of disk activity -- + * that would increase the run time from hours to days or weeks! + */ +#define LARGE_MINIMUM (8UL) /* megabytes */ + +/* + * Do not increase this number beyond the unsigned integer bit size. + * Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits). + */ +#define LARGE_MAXIMUM (127UL) /* megabytes */ + +/* + * Constant: when used with 32-bit integers, the largest sieve prime + * has to be less than 2**32. + */ +#define SMALL_MAXIMUM (0xffffffffUL) + +/* Constant: can sieve all primes less than 2**32, as 65537**2 > 2**32-1. */ +#define TINY_NUMBER (1UL<<16) + +/* Ensure enough bit space for testing 2*q. */ +#define TEST_MAXIMUM (1UL<<16) +#define TEST_MINIMUM (QSIZE_MINIMUM + 1) +/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */ +#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */ + +/* bit operations on 32-bit words */ +#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31))) +#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31))) +#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31))) + +/* + * Prime testing defines + */ + +/* Minimum number of primality tests to perform */ +#define TRIAL_MINIMUM (4) + +/* + * Sieving data (XXX - move to struct) + */ + +/* sieve 2**16 */ +static u_int32_t *TinySieve, tinybits; + +/* sieve 2**30 in 2**16 parts */ +static u_int32_t *SmallSieve, smallbits, smallbase; + +/* sieve relative to the initial value */ +static u_int32_t *LargeSieve, largewords, largetries, largenumbers; +static u_int32_t largebits, largememory; /* megabytes */ +static BIGNUM *largebase; + +int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); +int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, + unsigned long); + +/* + * print moduli out in consistent form, + */ +static int +qfileout(FILE * ofile, u_int32_t otype, u_int32_t otests, u_int32_t otries, + u_int32_t osize, u_int32_t ogenerator, BIGNUM * omodulus) +{ + struct tm *gtm; + time_t time_now; + int res; + + time(&time_now); + gtm = gmtime(&time_now); + + res = fprintf(ofile, "%04d%02d%02d%02d%02d%02d %u %u %u %u %x ", + gtm->tm_year + 1900, gtm->tm_mon + 1, gtm->tm_mday, + gtm->tm_hour, gtm->tm_min, gtm->tm_sec, + otype, otests, otries, osize, ogenerator); + + if (res < 0) + return (-1); + + if (BN_print_fp(ofile, omodulus) < 1) + return (-1); + + res = fprintf(ofile, "\n"); + fflush(ofile); + + return (res > 0 ? 0 : -1); +} + + +/* + ** Sieve p's and q's with small factors + */ +static void +sieve_large(u_int32_t s) +{ + u_int32_t r, u; + + debug3("sieve_large %u", s); + largetries++; + /* r = largebase mod s */ + r = BN_mod_word(largebase, s); + if (r == 0) + u = 0; /* s divides into largebase exactly */ + else + u = s - r; /* largebase+u is first entry divisible by s */ + + if (u < largebits * 2) { + /* + * The sieve omits p's and q's divisible by 2, so ensure that + * largebase+u is odd. Then, step through the sieve in + * increments of 2*s + */ + if (u & 0x1) + u += s; /* Make largebase+u odd, and u even */ + + /* Mark all multiples of 2*s */ + for (u /= 2; u < largebits; u += s) + BIT_SET(LargeSieve, u); + } + + /* r = p mod s */ + r = (2 * r + 1) % s; + if (r == 0) + u = 0; /* s divides p exactly */ + else + u = s - r; /* p+u is first entry divisible by s */ + + if (u < largebits * 4) { + /* + * The sieve omits p's divisible by 4, so ensure that + * largebase+u is not. Then, step through the sieve in + * increments of 4*s + */ + while (u & 0x3) { + if (SMALL_MAXIMUM - u < s) + return; + u += s; + } + + /* Mark all multiples of 4*s */ + for (u /= 4; u < largebits; u += s) + BIT_SET(LargeSieve, u); + } +} + +/* + * list candidates for Sophie-Germain primes (where q = (p-1)/2) + * to standard output. + * The list is checked against small known primes (less than 2**30). + */ +int +gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) +{ + BIGNUM *q; + u_int32_t j, r, s, t; + u_int32_t smallwords = TINY_NUMBER >> 6; + u_int32_t tinywords = TINY_NUMBER >> 6; + time_t time_start, time_stop; + u_int32_t i; + int ret = 0; + + largememory = memory; + + if (memory != 0 && + (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) { + ssh_error("Invalid memory amount (min %ld, max %ld)", + LARGE_MINIMUM, LARGE_MAXIMUM); + return (-1); + } + + /* + * Set power to the length in bits of the prime to be generated. + * This is changed to 1 less than the desired safe prime moduli p. + */ + if (power > TEST_MAXIMUM) { + ssh_error("Too many bits: %u > %lu", power, TEST_MAXIMUM); + return (-1); + } else if (power < TEST_MINIMUM) { + ssh_error("Too few bits: %u < %u", power, TEST_MINIMUM); + return (-1); + } + power--; /* decrement before squaring */ + + /* + * The density of ordinary primes is on the order of 1/bits, so the + * density of safe primes should be about (1/bits)**2. Set test range + * to something well above bits**2 to be reasonably sure (but not + * guaranteed) of catching at least one safe prime. + */ + largewords = ((power * power) >> (SHIFT_WORD - TEST_POWER)); + + /* + * Need idea of how much memory is available. We don't have to use all + * of it. + */ + if (largememory > LARGE_MAXIMUM) { + logit("Limited memory: %u MB; limit %lu MB", + largememory, LARGE_MAXIMUM); + largememory = LARGE_MAXIMUM; + } + + if (largewords <= (largememory << SHIFT_MEGAWORD)) { + logit("Increased memory: %u MB; need %u bytes", + largememory, (largewords << SHIFT_BYTE)); + largewords = (largememory << SHIFT_MEGAWORD); + } else if (largememory > 0) { + logit("Decreased memory: %u MB; want %u bytes", + largememory, (largewords << SHIFT_BYTE)); + largewords = (largememory << SHIFT_MEGAWORD); + } + + TinySieve = xcalloc(tinywords, sizeof(u_int32_t)); + tinybits = tinywords << SHIFT_WORD; + + SmallSieve = xcalloc(smallwords, sizeof(u_int32_t)); + smallbits = smallwords << SHIFT_WORD; + + /* + * dynamically determine available memory + */ + while ((LargeSieve = calloc(largewords, sizeof(u_int32_t))) == NULL) + largewords -= (1L << (SHIFT_MEGAWORD - 2)); /* 1/4 MB chunks */ + + largebits = largewords << SHIFT_WORD; + largenumbers = largebits * 2; /* even numbers excluded */ + + /* validation check: count the number of primes tried */ + largetries = 0; + if ((q = BN_new()) == NULL) + fatal("BN_new failed"); + + /* + * Generate random starting point for subprime search, or use + * specified parameter. + */ + if ((largebase = BN_new()) == NULL) + fatal("BN_new failed"); + if (start == NULL) { + if (BN_rand(largebase, power, 1, 1) == 0) + fatal("BN_rand failed"); + } else { + if (BN_copy(largebase, start) == NULL) + fatal("BN_copy: failed"); + } + + /* ensure odd */ + if (BN_set_bit(largebase, 0) == 0) + fatal("BN_set_bit: failed"); + + time(&time_start); + + logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start), + largenumbers, power); + debug2("start point: 0x%s", BN_bn2hex(largebase)); + + /* + * TinySieve + */ + for (i = 0; i < tinybits; i++) { + if (BIT_TEST(TinySieve, i)) + continue; /* 2*i+3 is composite */ + + /* The next tiny prime */ + t = 2 * i + 3; + + /* Mark all multiples of t */ + for (j = i + t; j < tinybits; j += t) + BIT_SET(TinySieve, j); + + sieve_large(t); + } + + /* + * Start the small block search at the next possible prime. To avoid + * fencepost errors, the last pass is skipped. + */ + for (smallbase = TINY_NUMBER + 3; + smallbase < (SMALL_MAXIMUM - TINY_NUMBER); + smallbase += TINY_NUMBER) { + for (i = 0; i < tinybits; i++) { + if (BIT_TEST(TinySieve, i)) + continue; /* 2*i+3 is composite */ + + /* The next tiny prime */ + t = 2 * i + 3; + r = smallbase % t; + + if (r == 0) { + s = 0; /* t divides into smallbase exactly */ + } else { + /* smallbase+s is first entry divisible by t */ + s = t - r; + } + + /* + * The sieve omits even numbers, so ensure that + * smallbase+s is odd. Then, step through the sieve + * in increments of 2*t + */ + if (s & 1) + s += t; /* Make smallbase+s odd, and s even */ + + /* Mark all multiples of 2*t */ + for (s /= 2; s < smallbits; s += t) + BIT_SET(SmallSieve, s); + } + + /* + * SmallSieve + */ + for (i = 0; i < smallbits; i++) { + if (BIT_TEST(SmallSieve, i)) + continue; /* 2*i+smallbase is composite */ + + /* The next small prime */ + sieve_large((2 * i) + smallbase); + } + + memset(SmallSieve, 0, smallwords << SHIFT_BYTE); + } + + time(&time_stop); + + logit("%.24s Sieved with %u small primes in %ld seconds", + ctime(&time_stop), largetries, (long) (time_stop - time_start)); + + for (j = r = 0; j < largebits; j++) { + if (BIT_TEST(LargeSieve, j)) + continue; /* Definitely composite, skip */ + + debug2("test q = largebase+%u", 2 * j); + if (BN_set_word(q, 2 * j) == 0) + fatal("BN_set_word failed"); + if (BN_add(q, q, largebase) == 0) + fatal("BN_add failed"); + if (qfileout(out, MODULI_TYPE_SOPHIE_GERMAIN, + MODULI_TESTS_SIEVE, largetries, + (power - 1) /* MSB */, (0), q) == -1) { + ret = -1; + break; + } + + r++; /* count q */ + } + + time(&time_stop); + + free(LargeSieve); + free(SmallSieve); + free(TinySieve); + + logit("%.24s Found %u candidates", ctime(&time_stop), r); + + return (ret); +} + +#if 0 +static void +write_checkpoint(char *cpfile, u_int32_t lineno) +{ + FILE *fp; + char tmp[PATH_MAX]; + int r; + + r = snprintf(tmp, sizeof(tmp), "%s.XXXXXXXXXX", cpfile); + if (r == -1 || r >= PATH_MAX) { + logit("write_checkpoint: temp pathname too long"); + return; + } + if ((r = mkstemp(tmp)) == -1) { + logit("mkstemp(%s): %s", tmp, strerror(errno)); + return; + } + if ((fp = fdopen(r, "w")) == NULL) { + logit("write_checkpoint: fdopen: %s", strerror(errno)); + unlink(tmp); + close(r); + return; + } + if (fprintf(fp, "%lu\n", (unsigned long)lineno) > 0 && fclose(fp) == 0 + && rename(tmp, cpfile) == 0) + debug3("wrote checkpoint line %lu to '%s'", + (unsigned long)lineno, cpfile); + else + logit("failed to write to checkpoint file '%s': %s", cpfile, + strerror(errno)); +} +#endif + +static unsigned long +read_checkpoint(char *cpfile) +{ + FILE *fp; + unsigned long lineno = 0; + + if ((fp = fopen(cpfile, "r")) == NULL) + return 0; + if (fscanf(fp, "%lu\n", &lineno) < 1) + logit("Failed to load checkpoint from '%s'", cpfile); + else + logit("Loaded checkpoint from '%s' line %lu", cpfile, lineno); + fclose(fp); + return lineno; +} + +static unsigned long +count_lines(FILE *f) +{ + unsigned long count = 0; + char lp[QLINESIZE + 1]; + + if (fseek(f, 0, SEEK_SET) != 0) { + debug("input file is not seekable"); + return ULONG_MAX; + } + while (fgets(lp, QLINESIZE + 1, f) != NULL) + count++; + rewind(f); + debug("input file has %lu lines", count); + return count; +} + +static char * +fmt_time(time_t seconds) +{ + int day, hr, min; + static char buf[128]; + + min = (seconds / 60) % 60; + hr = (seconds / 60 / 60) % 24; + day = seconds / 60 / 60 / 24; + if (day > 0) + snprintf(buf, sizeof buf, "%dd %d:%02d", day, hr, min); + else + snprintf(buf, sizeof buf, "%d:%02d", hr, min); + return buf; +} + +static void +print_progress(unsigned long start_lineno, unsigned long current_lineno, + unsigned long end_lineno) +{ + static time_t time_start, time_prev; + time_t time_now, elapsed; + unsigned long num_to_process, processed, remaining, percent, eta; + double time_per_line; + char *eta_str; + + time_now = monotime(); + if (time_start == 0) { + time_start = time_prev = time_now; + return; + } + /* print progress after 1m then once per 5m */ + if (time_now - time_prev < 5 * 60) + return; + time_prev = time_now; + elapsed = time_now - time_start; + processed = current_lineno - start_lineno; + remaining = end_lineno - current_lineno; + num_to_process = end_lineno - start_lineno; + time_per_line = (double)elapsed / processed; + /* if we don't know how many we're processing just report count+time */ + time(&time_now); + if (end_lineno == ULONG_MAX) { + logit("%.24s processed %lu in %s", ctime(&time_now), + processed, fmt_time(elapsed)); + return; + } + percent = 100 * processed / num_to_process; + eta = time_per_line * remaining; + eta_str = xstrdup(fmt_time(eta)); + logit("%.24s processed %lu of %lu (%lu%%) in %s, ETA %s", + ctime(&time_now), processed, num_to_process, percent, + fmt_time(elapsed), eta_str); + free(eta_str); +} + +/* + * perform a Miller-Rabin primality test + * on the list of candidates + * (checking both q and p) + * The result is a list of so-call "safe" primes + */ +int +prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, + char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines) +{ + BIGNUM *q, *p, *a; + BN_CTX *ctx; + char *cp, *lp; + u_int32_t count_in = 0, count_out = 0, count_possible = 0; + u_int32_t generator_known, in_tests, in_tries, in_type, in_size; + unsigned long last_processed = 0, end_lineno; + time_t time_start, time_stop; + int res; + + if (trials < TRIAL_MINIMUM) { + ssh_error("Minimum primality trials is %d", TRIAL_MINIMUM); + return (-1); + } + + if (num_lines == 0) + end_lineno = count_lines(in); + else + end_lineno = start_lineno + num_lines; + + time(&time_start); + + if ((p = BN_new()) == NULL) + fatal("BN_new failed"); + if ((q = BN_new()) == NULL) + fatal("BN_new failed"); + if ((ctx = BN_CTX_new()) == NULL) + fatal("BN_CTX_new failed"); + + debug2("%.24s Final %u Miller-Rabin trials (%x generator)", + ctime(&time_start), trials, generator_wanted); + + if (checkpoint_file != NULL) + last_processed = read_checkpoint(checkpoint_file); + last_processed = start_lineno = MAX(last_processed, start_lineno); + if (end_lineno == ULONG_MAX) + debug("process from line %lu from pipe", last_processed); + else + debug("process from line %lu to line %lu", last_processed, + end_lineno); + + res = 0; + lp = xmalloc(QLINESIZE + 1); + while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) { + count_in++; + if (count_in <= last_processed) { + debug3("skipping line %u, before checkpoint or " + "specified start line", count_in); + continue; + } +#if 0 + if (checkpoint_file != NULL) + write_checkpoint(checkpoint_file, count_in); +#endif + print_progress(start_lineno, count_in, end_lineno); + if (strlen(lp) < 14 || *lp == '!' || *lp == '#') { + debug2("%10u: comment or short line", count_in); + continue; + } + + /* XXX - fragile parser */ + /* time */ + cp = &lp[14]; /* (skip) */ + + /* type */ + in_type = strtoul(cp, &cp, 10); + + /* tests */ + in_tests = strtoul(cp, &cp, 10); + + if (in_tests & MODULI_TESTS_COMPOSITE) { + debug2("%10u: known composite", count_in); + continue; + } + + /* tries */ + in_tries = strtoul(cp, &cp, 10); + + /* size (most significant bit) */ + in_size = strtoul(cp, &cp, 10); + + /* generator (hex) */ + generator_known = strtoul(cp, &cp, 16); + + /* Skip white space */ + cp += strspn(cp, " "); + + /* modulus (hex) */ + switch (in_type) { + case MODULI_TYPE_SOPHIE_GERMAIN: + debug2("%10u: (%u) Sophie-Germain", count_in, in_type); + a = q; + if (BN_hex2bn(&a, cp) == 0) + fatal("BN_hex2bn failed"); + /* p = 2*q + 1 */ + if (BN_lshift(p, q, 1) == 0) + fatal("BN_lshift failed"); + if (BN_add_word(p, 1) == 0) + fatal("BN_add_word failed"); + in_size += 1; + generator_known = 0; + break; + case MODULI_TYPE_UNSTRUCTURED: + case MODULI_TYPE_SAFE: + case MODULI_TYPE_SCHNORR: + case MODULI_TYPE_STRONG: + case MODULI_TYPE_UNKNOWN: + debug2("%10u: (%u)", count_in, in_type); + a = p; + if (BN_hex2bn(&a, cp) == 0) + fatal("BN_hex2bn failed"); + /* q = (p-1) / 2 */ + if (BN_rshift(q, p, 1) == 0) + fatal("BN_rshift failed"); + break; + default: + debug2("Unknown prime type"); + break; + } + + /* + * due to earlier inconsistencies in interpretation, check + * the proposed bit size. + */ + if ((u_int32_t)BN_num_bits(p) != (in_size + 1)) { + debug2("%10u: bit size %u mismatch", count_in, in_size); + continue; + } + if (in_size < QSIZE_MINIMUM) { + debug2("%10u: bit size %u too short", count_in, in_size); + continue; + } + + if (in_tests & MODULI_TESTS_MILLER_RABIN) + in_tries += trials; + else + in_tries = trials; + + /* + * guess unknown generator + */ + if (generator_known == 0) { + if (BN_mod_word(p, 24) == 11) + generator_known = 2; + else if (BN_mod_word(p, 12) == 5) + generator_known = 3; + else { + u_int32_t r = BN_mod_word(p, 10); + + if (r == 3 || r == 7) + generator_known = 5; + } + } + /* + * skip tests when desired generator doesn't match + */ + if (generator_wanted > 0 && + generator_wanted != generator_known) { + debug2("%10u: generator %d != %d", + count_in, generator_known, generator_wanted); + continue; + } + + /* + * Primes with no known generator are useless for DH, so + * skip those. + */ + if (generator_known == 0) { + debug2("%10u: no known generator", count_in); + continue; + } + + count_possible++; + + /* + * The (1/4)^N performance bound on Miller-Rabin is + * extremely pessimistic, so don't spend a lot of time + * really verifying that q is prime until after we know + * that p is also prime. A single pass will weed out the + * vast majority of composite q's. + */ + if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) { + debug("%10u: q failed first possible prime test", + count_in); + continue; + } + + /* + * q is possibly prime, so go ahead and really make sure + * that p is prime. If it is, then we can go back and do + * the same for q. If p is composite, chances are that + * will show up on the first Rabin-Miller iteration so it + * doesn't hurt to specify a high iteration count. + */ + if (!BN_is_prime_ex(p, trials, ctx, NULL)) { + debug("%10u: p is not prime", count_in); + continue; + } + debug("%10u: p is almost certainly prime", count_in); + + /* recheck q more rigorously */ + if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) { + debug("%10u: q is not prime", count_in); + continue; + } + debug("%10u: q is almost certainly prime", count_in); + + if (qfileout(out, MODULI_TYPE_SAFE, + in_tests | MODULI_TESTS_MILLER_RABIN, + in_tries, in_size, generator_known, p)) { + res = -1; + break; + } + + count_out++; + } + + time(&time_stop); + free(lp); + BN_free(p); + BN_free(q); + BN_CTX_free(ctx); + + if (checkpoint_file != NULL) + unlink(checkpoint_file); + + logit("%.24s Found %u safe primes of %u candidates in %ld seconds", + ctime(&time_stop), count_out, count_possible, + (long) (time_stop - time_start)); + + return (res); +} + +#endif /* WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/monitor.h b/include/DomainExec/opensshlib/monitor.h new file mode 100644 index 00000000..93b8b66d --- /dev/null +++ b/include/DomainExec/opensshlib/monitor.h @@ -0,0 +1,98 @@ +/* $OpenBSD: monitor.h,v 1.19 2015/01/19 19:52:16 markus Exp $ */ + +/* + * Copyright 2002 Niels Provos + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _MONITOR_H_ +#define _MONITOR_H_ + +/* Please keep *_REQ_* values on even numbers and *_ANS_* on odd numbers */ +enum monitor_reqtype { + MONITOR_REQ_MODULI = 0, MONITOR_ANS_MODULI = 1, + MONITOR_REQ_FREE = 2, + MONITOR_REQ_AUTHSERV = 4, + MONITOR_REQ_SIGN = 6, MONITOR_ANS_SIGN = 7, + MONITOR_REQ_PWNAM = 8, MONITOR_ANS_PWNAM = 9, + MONITOR_REQ_AUTH2_READ_BANNER = 10, MONITOR_ANS_AUTH2_READ_BANNER = 11, + MONITOR_REQ_AUTHPASSWORD = 12, MONITOR_ANS_AUTHPASSWORD = 13, + MONITOR_REQ_BSDAUTHQUERY = 14, MONITOR_ANS_BSDAUTHQUERY = 15, + MONITOR_REQ_BSDAUTHRESPOND = 16, MONITOR_ANS_BSDAUTHRESPOND = 17, + MONITOR_REQ_SKEYQUERY = 18, MONITOR_ANS_SKEYQUERY = 19, + MONITOR_REQ_SKEYRESPOND = 20, MONITOR_ANS_SKEYRESPOND = 21, + MONITOR_REQ_KEYALLOWED = 22, MONITOR_ANS_KEYALLOWED = 23, + MONITOR_REQ_KEYVERIFY = 24, MONITOR_ANS_KEYVERIFY = 25, + MONITOR_REQ_KEYEXPORT = 26, + MONITOR_REQ_PTY = 28, MONITOR_ANS_PTY = 29, + MONITOR_REQ_PTYCLEANUP = 30, + MONITOR_REQ_SESSKEY = 32, MONITOR_ANS_SESSKEY = 33, + MONITOR_REQ_SESSID = 34, + MONITOR_REQ_RSAKEYALLOWED = 36, MONITOR_ANS_RSAKEYALLOWED = 37, + MONITOR_REQ_RSACHALLENGE = 38, MONITOR_ANS_RSACHALLENGE = 39, + MONITOR_REQ_RSARESPONSE = 40, MONITOR_ANS_RSARESPONSE = 41, + MONITOR_REQ_GSSSETUP = 42, MONITOR_ANS_GSSSETUP = 43, + MONITOR_REQ_GSSSTEP = 44, MONITOR_ANS_GSSSTEP = 45, + MONITOR_REQ_GSSUSEROK = 46, MONITOR_ANS_GSSUSEROK = 47, + MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49, + MONITOR_REQ_TERM = 50, + + MONITOR_REQ_PAM_START = 100, + MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103, + MONITOR_REQ_PAM_INIT_CTX = 104, MONITOR_ANS_PAM_INIT_CTX = 105, + MONITOR_REQ_PAM_QUERY = 106, MONITOR_ANS_PAM_QUERY = 107, + MONITOR_REQ_PAM_RESPOND = 108, MONITOR_ANS_PAM_RESPOND = 109, + MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, + MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, + +}; + +struct mm_master; +struct monitor { + int m_recvfd; + int m_sendfd; + int m_log_recvfd; + int m_log_sendfd; + struct mm_master *m_zback; + struct mm_master *m_zlib; + struct kex **m_pkex; + pid_t m_pid; +}; + +struct monitor *monitor_init(void); +void monitor_reinit(struct monitor *); +void monitor_sync(struct monitor *); + +struct Authctxt; +void monitor_child_preauth(struct Authctxt *, struct monitor *); +void monitor_child_postauth(struct monitor *); + +struct mon_table; +int monitor_read(struct monitor*, struct mon_table *, struct mon_table **); + +/* Prototypes for request sending and receiving */ +void mm_request_send(int, enum monitor_reqtype, Buffer *); +void mm_request_receive(int, Buffer *); +void mm_request_receive_expect(int, enum monitor_reqtype, Buffer *); + +#endif /* _MONITOR_H_ */ diff --git a/include/DomainExec/opensshlib/msg.h b/include/DomainExec/opensshlib/msg.h new file mode 100644 index 00000000..dfb34247 --- /dev/null +++ b/include/DomainExec/opensshlib/msg.h @@ -0,0 +1,32 @@ +/* $OpenBSD: msg.h,v 1.5 2015/01/15 09:40:00 djm Exp $ */ +/* + * Copyright (c) 2002 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef SSH_MSG_H +#define SSH_MSG_H + +struct sshbuf; +int ssh_msg_send(int, u_char, struct sshbuf *); +int ssh_msg_recv(int, struct sshbuf *); + +#endif diff --git a/include/DomainExec/opensshlib/myproposal.h b/include/DomainExec/opensshlib/myproposal.h new file mode 100644 index 00000000..46e5b988 --- /dev/null +++ b/include/DomainExec/opensshlib/myproposal.h @@ -0,0 +1,195 @@ +/* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */ + +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +/* conditional algorithm support */ + +#ifdef OPENSSL_HAS_ECC +#ifdef OPENSSL_HAS_NISTP521 +# define KEX_ECDH_METHODS \ + "ecdh-sha2-nistp256," \ + "ecdh-sha2-nistp384," \ + "ecdh-sha2-nistp521," +# define HOSTKEY_ECDSA_CERT_METHODS \ + "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp521-cert-v01@openssh.com," +# define HOSTKEY_ECDSA_METHODS \ + "ecdsa-sha2-nistp256," \ + "ecdsa-sha2-nistp384," \ + "ecdsa-sha2-nistp521," +#else +# define KEX_ECDH_METHODS \ + "ecdh-sha2-nistp256," \ + "ecdh-sha2-nistp384," +# define HOSTKEY_ECDSA_CERT_METHODS \ + "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp384-cert-v01@openssh.com," +# define HOSTKEY_ECDSA_METHODS \ + "ecdsa-sha2-nistp256," \ + "ecdsa-sha2-nistp384," +#endif +#else +# define KEX_ECDH_METHODS +# define HOSTKEY_ECDSA_CERT_METHODS +# define HOSTKEY_ECDSA_METHODS +#endif + +#ifdef OPENSSL_HAVE_EVPGCM +# define AESGCM_CIPHER_MODES \ + ",aes128-gcm@openssh.com,aes256-gcm@openssh.com" +#else +# define AESGCM_CIPHER_MODES +#endif + +#ifdef HAVE_EVP_SHA256 +# define KEX_SHA256_METHODS \ + "diffie-hellman-group-exchange-sha256," +#define SHA2_HMAC_MODES \ + "hmac-sha2-256," \ + "hmac-sha2-512," +#else +# define KEX_SHA256_METHODS +# define SHA2_HMAC_MODES +#endif + +#ifdef WITH_OPENSSL +# ifdef HAVE_EVP_SHA256 +# define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org," +# else +# define KEX_CURVE25519_METHODS "" +# endif +#define KEX_COMMON_KEX \ + KEX_CURVE25519_METHODS \ + KEX_ECDH_METHODS \ + KEX_SHA256_METHODS + +#define KEX_SERVER_KEX KEX_COMMON_KEX \ + "diffie-hellman-group14-sha1" \ + +#define KEX_CLIENT_KEX KEX_COMMON_KEX \ + "diffie-hellman-group-exchange-sha1," \ + "diffie-hellman-group14-sha1" + +#define KEX_DEFAULT_PK_ALG \ + HOSTKEY_ECDSA_CERT_METHODS \ + "ssh-ed25519-cert-v01@openssh.com," \ + "ssh-rsa-cert-v01@openssh.com," \ + HOSTKEY_ECDSA_METHODS \ + "ssh-ed25519," \ + "ssh-rsa" \ + +/* the actual algorithms */ + +#define KEX_SERVER_ENCRYPT \ + "chacha20-poly1305@openssh.com," \ + "aes128-ctr,aes192-ctr,aes256-ctr" \ + AESGCM_CIPHER_MODES + +#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ + "arcfour256,arcfour128," \ + "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ + "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" + +#define KEX_SERVER_MAC \ + "umac-64-etm@openssh.com," \ + "umac-128-etm@openssh.com," \ + "hmac-sha2-256-etm@openssh.com," \ + "hmac-sha2-512-etm@openssh.com," \ + "hmac-sha1-etm@openssh.com," \ + "umac-64@openssh.com," \ + "umac-128@openssh.com," \ + "hmac-sha2-256," \ + "hmac-sha2-512," \ + "hmac-sha1" + +#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ + "hmac-md5-etm@openssh.com," \ + "hmac-ripemd160-etm@openssh.com," \ + "hmac-sha1-96-etm@openssh.com," \ + "hmac-md5-96-etm@openssh.com," \ + "hmac-md5," \ + "hmac-ripemd160," \ + "hmac-ripemd160@openssh.com," \ + "hmac-sha1-96," \ + "hmac-md5-96" + +#else + +#define KEX_SERVER_KEX \ + "curve25519-sha256@libssh.org" +#define KEX_DEFAULT_PK_ALG \ + "ssh-ed25519-cert-v01@openssh.com," \ + "ssh-ed25519" +#define KEX_SERVER_ENCRYPT \ + "chacha20-poly1305@openssh.com," \ + "aes128-ctr,aes192-ctr,aes256-ctr" +#define KEX_SERVER_MAC \ + "umac-64-etm@openssh.com," \ + "umac-128-etm@openssh.com," \ + "hmac-sha2-256-etm@openssh.com," \ + "hmac-sha2-512-etm@openssh.com," \ + "hmac-sha1-etm@openssh.com," \ + "umac-64@openssh.com," \ + "umac-128@openssh.com," \ + "hmac-sha2-256," \ + "hmac-sha2-512," \ + "hmac-sha1" + +#define KEX_CLIENT_KEX KEX_SERVER_KEX +#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT +#define KEX_CLIENT_MAC KEX_SERVER_MAC + +#endif /* WITH_OPENSSL */ + +#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" +#define KEX_DEFAULT_LANG "" + +#define KEX_CLIENT \ + KEX_CLIENT_KEX, \ + KEX_DEFAULT_PK_ALG, \ + KEX_CLIENT_ENCRYPT, \ + KEX_CLIENT_ENCRYPT, \ + KEX_CLIENT_MAC, \ + KEX_CLIENT_MAC, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_LANG, \ + KEX_DEFAULT_LANG + +#define KEX_SERVER \ + KEX_SERVER_KEX, \ + KEX_DEFAULT_PK_ALG, \ + KEX_SERVER_ENCRYPT, \ + KEX_SERVER_ENCRYPT, \ + KEX_SERVER_MAC, \ + KEX_SERVER_MAC, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_LANG, \ + KEX_DEFAULT_LANG + diff --git a/include/DomainExec/opensshlib/opacket.c b/include/DomainExec/opensshlib/opacket.c new file mode 100644 index 00000000..1875d21d --- /dev/null +++ b/include/DomainExec/opensshlib/opacket.c @@ -0,0 +1,353 @@ +/* Written by Markus Friedl. Placed in the public domain. */ + +#include "includes.h" + +#include "ssherr.h" +#include "packet.h" +#include "log.h" + +struct ssh *active_state, *backup_state; + +/* Map old to new API */ + +void +ssh_packet_start(ncrack_ssh_state *nstate, u_char type) +{ + int r; + + if ((r = sshpkt_start(nstate, type)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +void +ssh_packet_put_char(ncrack_ssh_state *nstate, int value) +{ + u_char ch = value; + int r; + + if ((r = sshpkt_put_u8(nstate, ch)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +void +ssh_packet_put_int(ncrack_ssh_state *nstate, u_int value) +{ + int r; + + if ((r = sshpkt_put_u32(nstate, value)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +void +ssh_packet_put_int64(ncrack_ssh_state *nstate, u_int64_t value) +{ + int r; + + if ((r = sshpkt_put_u64(nstate, value)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +void +ssh_packet_put_string(ncrack_ssh_state *nstate, const void *buf, u_int len) +{ + int r; + + if ((r = sshpkt_put_string(nstate, buf, len)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +void +ssh_packet_put_cstring(ncrack_ssh_state *nstate, const char *str) +{ + int r; + + if ((r = sshpkt_put_cstring(nstate, str)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +void +ssh_packet_put_raw(ncrack_ssh_state *nstate, const void *buf, u_int len) +{ + int r; + + if ((r = sshpkt_put(nstate, buf, len)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +#ifdef WITH_SSH1 +void +ssh_packet_put_bignum(ncrack_ssh_state *nstate, BIGNUM * value) +{ + int r; + + if ((r = sshpkt_put_bignum1(nstate, value)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} +#endif + +#ifdef WITH_OPENSSL +void +ssh_packet_put_bignum2(ncrack_ssh_state *nstate, BIGNUM * value) +{ + int r; + + if ((r = sshpkt_put_bignum2(nstate, value)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +# ifdef OPENSSL_HAS_ECC +void +ssh_packet_put_ecpoint(ncrack_ssh_state *nstate, const EC_GROUP *curve, + const EC_POINT *point) +{ + int r; + + if ((r = sshpkt_put_ec(nstate, point, curve)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} +# endif +#endif /* WITH_OPENSSL */ + +void +ssh_packet_send(ncrack_ssh_state *nstate) +{ + int r; + + if ((r = sshpkt_send(nstate)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +u_int +ssh_packet_get_char(ncrack_ssh_state *nstate) +{ + u_char ch; + int r; + + if ((r = sshpkt_get_u8(nstate, &ch)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + return ch; +} + +u_int +ssh_packet_get_int(ncrack_ssh_state *nstate) +{ + u_int val; + int r; + + if ((r = sshpkt_get_u32(nstate, &val)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + return val; +} + +u_int64_t +ssh_packet_get_int64(ncrack_ssh_state *nstate) +{ + u_int64_t val; + int r; + + if ((r = sshpkt_get_u64(nstate, &val)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + return val; +} + +#ifdef WITH_SSH1 +void +ssh_packet_get_bignum(ncrack_ssh_state *nstate, BIGNUM * value) +{ + int r; + + if ((r = sshpkt_get_bignum1(nstate, value)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} +#endif + +#ifdef WITH_OPENSSL +void +ssh_packet_get_bignum2(ncrack_ssh_state *nstate, BIGNUM * value) +{ + int r; + + if ((r = sshpkt_get_bignum2(nstate, value)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} + +# ifdef OPENSSL_HAS_ECC +void +ssh_packet_get_ecpoint(ncrack_ssh_state *nstate, const EC_GROUP *curve, EC_POINT *point) +{ + int r; + + if ((r = sshpkt_get_ec(nstate, point, curve)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} +# endif +#endif /* WITH_OPENSSL */ + +void * +ssh_packet_get_string(ncrack_ssh_state *nstate, u_int *length_ptr) +{ + int r; + size_t len; + u_char *val; + + if ((r = sshpkt_get_string(nstate, &val, &len)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + if (length_ptr != NULL) + *length_ptr = (u_int)len; + return val; +} + +const void * +ssh_packet_get_string_ptr(ncrack_ssh_state *nstate, u_int *length_ptr) +{ + int r; + size_t len; + const u_char *val; + + if ((r = sshpkt_get_string_direct(nstate, &val, &len)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + if (length_ptr != NULL) + *length_ptr = (u_int)len; + return val; +} + +char * +ssh_packet_get_cstring(ncrack_ssh_state *nstate, u_int *length_ptr) +{ + int r; + size_t len; + char *val; + + if ((r = sshpkt_get_cstring(nstate, &val, &len)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + if (length_ptr != NULL) + *length_ptr = (u_int)len; + return val; +} + +/* Old API, that had to be reimplemented */ + +#if 0 +void +packet_set_connection(int fd_in, int fd_out) +{ + active_state = ssh_packet_set_connection(active_state); //, fd_in, fd_out); + if (active_state == NULL) + fatal("%s: ssh_packet_set_connection failed", __func__); +} + +void +packet_backup_state(void) +{ + ssh_packet_backup_state(active_state, backup_state); +} + +void +packet_restore_state(void) +{ + ssh_packet_restore_state(active_state, backup_state); +} + +u_int +packet_get_char(void) +{ + return (ssh_packet_get_char(active_state)); +} + +u_int +packet_get_int(void) +{ + return (ssh_packet_get_int(active_state)); +} + +int +packet_read_seqnr(u_int32_t *seqnr) +{ + u_char type; + int r; + + if ((r = ssh_packet_read_seqnr(active_state, &type, seqnr)) != 0) + sshpkt_fatal(active_state, __func__, r); + return type; +} + +int +packet_read_poll_seqnr(u_int32_t *seqnr) +{ + u_char type; + int r; + + if ((r = ssh_packet_read_poll_seqnr(active_state, &type, seqnr))) + sshpkt_fatal(active_state, __func__, r); + return type; +} +#endif + +void +packet_close(void) +{ + ssh_packet_close(active_state); + active_state = NULL; +} + +#if 0 +void +packet_process_incoming(const char *buf, u_int len) +{ + int r; + + if ((r = ssh_packet_process_incoming(active_state, buf, len)) != 0) + sshpkt_fatal(active_state, __func__, r); +} + +void +packet_write_wait(void) +{ + int r; + + if ((r = ssh_packet_write_wait(active_state)) != 0) + sshpkt_fatal(active_state, __func__, r); +} + +void +packet_write_poll(void) +{ + int r; + + if ((r = ssh_packet_write_poll(active_state)) != 0) + sshpkt_fatal(active_state, __func__, r); +} + +void +packet_read_expect(int expected_type) +{ + int r; + + if ((r = ssh_packet_read_expect(active_state, expected_type)) != 0) + sshpkt_fatal(active_state, __func__, r); +} + +void +packet_disconnect(const char *fmt, ...) +{ + char buf[1024]; + va_list args; + + va_start(args, fmt); + vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + ssh_packet_disconnect(active_state, "%s", buf); +} + +void +packet_send_debug(const char *fmt, ...) +{ + char buf[1024]; + va_list args; + + va_start(args, fmt); + vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + ssh_packet_send_debug(active_state, "%s", buf); +} +#endif diff --git a/include/DomainExec/opensshlib/opacket.h b/include/DomainExec/opensshlib/opacket.h new file mode 100644 index 00000000..b518f8c6 --- /dev/null +++ b/include/DomainExec/opensshlib/opacket.h @@ -0,0 +1,168 @@ +#ifndef _OPACKET_H +/* Written by Markus Friedl. Placed in the public domain. */ + +/* Map old to new API */ +void ssh_packet_start(ncrack_ssh_state *, u_char); +void ssh_packet_put_char(ncrack_ssh_state *, int ch); +void ssh_packet_put_int(ncrack_ssh_state *, u_int value); +void ssh_packet_put_int64(ncrack_ssh_state *, u_int64_t value); +void ssh_packet_put_bignum(ncrack_ssh_state *, BIGNUM * value); +void ssh_packet_put_bignum2(ncrack_ssh_state *, BIGNUM * value); +void ssh_packet_put_ecpoint(ncrack_ssh_state *, const EC_GROUP *, const EC_POINT *); +void ssh_packet_put_string(ncrack_ssh_state *, const void *buf, u_int len); +void ssh_packet_put_cstring(ncrack_ssh_state *, const char *str); +void ssh_packet_put_raw(ncrack_ssh_state *, const void *buf, u_int len); +void ssh_packet_send(ncrack_ssh_state *); + +u_int ssh_packet_get_char(ncrack_ssh_state *); +u_int ssh_packet_get_int(ncrack_ssh_state *); +u_int64_t ssh_packet_get_int64(ncrack_ssh_state *); +void ssh_packet_get_bignum(ncrack_ssh_state *, BIGNUM * value); +void ssh_packet_get_bignum2(ncrack_ssh_state *, BIGNUM * value); +void ssh_packet_get_ecpoint(ncrack_ssh_state *, const EC_GROUP *, EC_POINT *); +void *ssh_packet_get_string(ncrack_ssh_state *, u_int *length_ptr); +char *ssh_packet_get_cstring(ncrack_ssh_state *, u_int *length_ptr); + +/* don't allow remaining bytes after the end of the message */ +#define ssh_packet_check_eom(ssh) \ +do { \ + int _len = ssh_packet_remaining(ssh); \ + if (_len > 0) { \ + logit("Packet integrity error (%d bytes remaining) at %s:%d", \ + _len ,__FILE__, __LINE__); \ + ssh_packet_disconnect(ssh, \ + "Packet integrity error."); \ + } \ +} while (0) + +/* old API */ +void packet_close(void); +u_int packet_get_char(void); +u_int packet_get_int(void); +void packet_backup_state(void); +void packet_restore_state(void); +void packet_set_connection(int, int); +int packet_read_seqnr(u_int32_t *); +int packet_read_poll_seqnr(u_int32_t *); +void packet_process_incoming(const char *buf, u_int len); +void packet_write_wait(void); +void packet_write_poll(void); +void packet_read_expect(int expected_type); +#define packet_set_timeout(timeout, count) \ + ssh_packet_set_timeout(active_state, (timeout), (count)) +#define packet_connection_is_on_socket() \ + ssh_packet_connection_is_on_socket(active_state) +#define packet_set_nonblocking() \ + ssh_packet_set_nonblocking(active_state) +#define packet_get_connection_in() \ + ssh_packet_get_connection_in(active_state) +#define packet_get_connection_out() \ + ssh_packet_get_connection_out(active_state) +#define packet_set_protocol_flags(protocol_flags) \ + ssh_packet_set_protocol_flags(active_state, (protocol_flags)) +#define packet_get_protocol_flags() \ + ssh_packet_get_protocol_flags(active_state) +#define packet_start_compression(level) \ + ssh_packet_start_compression(active_state, (level)) +#define packet_set_encryption_key(key, keylen, number) \ + ssh_packet_set_encryption_key(active_state, (key), (keylen), (number)) +#define packet_start(type) \ + ssh_packet_start(active_state, (type)) +#define packet_put_char(value) \ + ssh_packet_put_char(active_state, (value)) +#define packet_put_int(value) \ + ssh_packet_put_int(active_state, (value)) +#define packet_put_int64(value) \ + ssh_packet_put_int64(active_state, (value)) +#define packet_put_string( buf, len) \ + ssh_packet_put_string(active_state, (buf), (len)) +#define packet_put_cstring(str) \ + ssh_packet_put_cstring(active_state, (str)) +#define packet_put_raw(buf, len) \ + ssh_packet_put_raw(active_state, (buf), (len)) +#define packet_put_bignum(value) \ + ssh_packet_put_bignum(active_state, (value)) +#define packet_put_bignum2(value) \ + ssh_packet_put_bignum2(active_state, (value)) +#define packet_send() \ + ssh_packet_send(active_state) +#define packet_read() \ + ssh_packet_read(active_state) +#define packet_get_int64() \ + ssh_packet_get_int64(active_state) +#define packet_get_bignum(value) \ + ssh_packet_get_bignum(active_state, (value)) +#define packet_get_bignum2(value) \ + ssh_packet_get_bignum2(active_state, (value)) +#define packet_remaining() \ + ssh_packet_remaining(active_state) +#define packet_get_string(length_ptr) \ + ssh_packet_get_string(active_state, (length_ptr)) +#define packet_get_string_ptr(length_ptr) \ + ssh_packet_get_string_ptr(active_state, (length_ptr)) +#define packet_get_cstring(length_ptr) \ + ssh_packet_get_cstring(active_state, (length_ptr)) +void packet_send_debug(const char *, ...) + __attribute__((format(printf, 1, 2))); +void packet_disconnect(const char *, ...) + __attribute__((format(printf, 1, 2))) + __attribute__((noreturn)); +#define packet_have_data_to_write() \ + ssh_packet_have_data_to_write(active_state) +#define packet_not_very_much_data_to_write() \ + ssh_packet_not_very_much_data_to_write(active_state) +#define packet_set_interactive(interactive, qos_interactive, qos_bulk) \ + ssh_packet_set_interactive(active_state, (interactive), (qos_interactive), (qos_bulk)) +#define packet_is_interactive() \ + ssh_packet_is_interactive(active_state) +#define packet_set_maxsize(s) \ + ssh_packet_set_maxsize(active_state, (s)) +#define packet_inc_alive_timeouts() \ + ssh_packet_inc_alive_timeouts(active_state) +#define packet_set_alive_timeouts(ka) \ + ssh_packet_set_alive_timeouts(active_state, (ka)) +#define packet_get_maxsize() \ + ssh_packet_get_maxsize(active_state) +#define packet_add_padding(pad) \ + sshpkt_add_padding(active_state, (pad)) +#define packet_send_ignore(nbytes) \ + ssh_packet_send_ignore(active_state, (nbytes)) +#define packet_need_rekeying() \ + ssh_packet_need_rekeying(active_state) +#define packet_set_server() \ + ssh_packet_set_server(active_state) +#define packet_set_authenticated() \ + ssh_packet_set_authenticated(active_state) +#define packet_get_input() \ + ssh_packet_get_input(active_state) +#define packet_get_output() \ + ssh_packet_get_output(active_state) +#define packet_set_compress_hooks(ctx, allocfunc, freefunc) \ + ssh_packet_set_compress_hooks(active_state, ctx, \ + allocfunc, freefunc); +#define packet_check_eom() \ + ssh_packet_check_eom(active_state) +#define set_newkeys(mode) \ + ssh_set_newkeys(active_state, (mode)) +#define packet_get_state(m) \ + ssh_packet_get_state(active_state, m) +#define packet_set_state(m) \ + ssh_packet_set_state(active_state, m) +#if 0 +#define get_remote_ipaddr() \ + ssh_remote_ipaddr(active_state) +#endif +#define packet_get_raw(lenp) \ + sshpkt_ptr(active_state, lenp) +#define packet_get_ecpoint(c,p) \ + ssh_packet_get_ecpoint(active_state, c, p) +#define packet_put_ecpoint(c,p) \ + ssh_packet_put_ecpoint(active_state, c, p) +#define packet_get_rekey_timeout() \ + ssh_packet_get_rekey_timeout(active_state) +#define packet_set_rekey_limits(x,y) \ + ssh_packet_set_rekey_limits(active_state, x, y) +#define packet_get_bytes(x,y) \ + ssh_packet_get_bytes(active_state, x, y) + +#endif /* _OPACKET_H */ diff --git a/include/DomainExec/opensshlib/openbsd-compat.h b/include/DomainExec/opensshlib/openbsd-compat.h new file mode 100644 index 00000000..b159319d --- /dev/null +++ b/include/DomainExec/opensshlib/openbsd-compat.h @@ -0,0 +1,368 @@ +/* + * Copyright (c) 1999-2003 Damien Miller. All rights reserved. + * Copyright (c) 2003 Ben Lindstrom. All rights reserved. + * Copyright (c) 2002 Tim Rice. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _OPENBSD_COMPAT_H +#define _OPENBSD_COMPAT_H + +#include "includes.h" + +#include +#ifndef WIN32 +#include +#endif + +#ifndef WIN32 +#include +#endif + +#include /* for wchar_t */ + +/* OpenBSD function replacements */ +#include "base64.h" +#include "sigact.h" +#include "glob.h" +#include "readpassphrase.h" +#include "vis.h" +#include "getrrsetbyname.h" +#include "sha1.h" +#include "sha2.h" +#include "rmd160.h" +#include "md5.h" +#include "blf.h" + +#ifndef HAVE_BASENAME +char *basename(const char *path); +#endif + +#ifndef HAVE_BINDRESVPORT_SA +int bindresvport_sa(int sd, struct sockaddr *sa); +#endif + +#ifndef HAVE_CLOSEFROM +void closefrom(int); +#endif + +#ifndef HAVE_GETLINE +#include +ssize_t getline(char **, size_t *, FILE *); +#endif + +#ifndef HAVE_GETPAGESIZE +int getpagesize(void); +#endif + +#ifndef HAVE_GETCWD +char *getcwd(char *pt, size_t size); +#endif + +#ifndef HAVE_REALLOCARRAY +void *reallocarray(void *, size_t, size_t); +#endif + +#ifndef HAVE_RECALLOCARRAY +void *recallocarray(void *, size_t, size_t, size_t); +#endif + +#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) +/* + * glibc's FORTIFY_SOURCE can redefine this and prevent us picking up the + * compat version. + */ +# ifdef BROKEN_REALPATH +# define realpath(x, y) _ssh_compat_realpath(x, y) +# endif + +char *realpath(const char *path, char *resolved); +#endif + +#ifndef HAVE_RRESVPORT_AF +int rresvport_af(int *alport, sa_family_t af); +#endif + +#ifndef HAVE_STRLCPY +size_t strlcpy(char *dst, const char *src, size_t siz); +#endif + +#ifndef HAVE_STRLCAT +size_t strlcat(char *dst, const char *src, size_t siz); +#endif + +#ifndef HAVE_STRCASESTR +char *strcasestr(const char *, const char *); +#endif + +#ifndef HAVE_SETENV +int setenv(register const char *name, register const char *value, int rewrite); +#endif + +#ifndef HAVE_STRMODE +void strmode(int mode, char *p); +#endif + +#ifndef HAVE_STRPTIME +#include +char *strptime(const char *buf, const char *fmt, struct tm *tm); +#endif + +#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) +int mkstemps(char *path, int slen); +int mkstemp(char *path); +char *mkdtemp(char *path); +#endif + +#ifndef WIN32 + +#ifndef HAVE_DAEMON +int daemon(int nochdir, int noclose); +#endif + +#ifndef HAVE_DIRNAME +char *dirname(const char *path); +#endif + +#ifndef HAVE_FMT_SCALED +#define FMT_SCALED_STRSIZE 7 +int fmt_scaled(long long number, char *result); +#endif + +#ifndef HAVE_SCAN_SCALED +int scan_scaled(char *, long long *); +#endif + +#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) +char *inet_ntoa(struct in_addr in); +#endif + +#ifndef HAVE_INET_NTOP +const char *inet_ntop(int af, const void *src, char *dst, socklen_t size); +#endif + +#ifndef HAVE_INET_ATON +int inet_aton(const char *cp, struct in_addr *addr); +#endif + +#ifndef HAVE_STRSEP +char *strsep(char **stringp, const char *delim); +#endif + +#ifndef HAVE_SETPROCTITLE +void setproctitle(const char *fmt, ...); +void compat_init_setproctitle(int argc, char *argv[]); +#endif + +#ifndef HAVE_GETGROUPLIST +int getgrouplist(const char *, gid_t, gid_t *, int *); +#endif + +#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) +int BSDgetopt(int argc, char * const *argv, const char *opts); +#include "getopt.h" +#endif + +#if ((defined(HAVE_DECL_READV) && HAVE_DECL_READV == 0) || \ + (defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0)) +# include +# include + +# if defined(HAVE_DECL_READV) && HAVE_DECL_READV == 0 +int readv(int, struct iovec *, int); +# endif + +# if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 +int writev(int, struct iovec *, int); +# endif +#endif + +/* Home grown routines */ +#include "bsd-misc.h" +#include "bsd-setres_id.h" +//#include "bsd-signal.h" +#include "bsd-statvfs.h" +#include "bsd-waitpid.h" +#include "bsd-poll.h" + +#ifndef HAVE_GETPEEREID +int getpeereid(int , uid_t *, gid_t *); +#endif + +#ifdef HAVE_ARC4RANDOM +# ifndef HAVE_ARC4RANDOM_STIR +# define arc4random_stir() +# endif +#else +unsigned int arc4random(void); +void arc4random_stir(void); +#endif /* !HAVE_ARC4RANDOM */ + +#ifndef HAVE_ARC4RANDOM_BUF +void arc4random_buf(void *, size_t); +#endif + +#ifndef HAVE_ARC4RANDOM_UNIFORM +u_int32_t arc4random_uniform(u_int32_t); +#endif + +#ifndef HAVE_ASPRINTF +int asprintf(char **, const char *, ...); +#endif + +#ifndef HAVE_OPENPTY +#ifndef WIN32 +# include /* for struct winsize */ +#endif +int openpty(int *, int *, char *, struct termios *, struct winsize *); +#endif /* HAVE_OPENPTY */ + +#ifndef HAVE_SNPRINTF +int snprintf(char *, size_t, SNPRINTF_CONST char *, ...); +#endif + +#ifndef HAVE_STRTOLL +long long strtoll(const char *, char **, int); +#endif + +#ifndef HAVE_STRTOUL +unsigned long strtoul(const char *, char **, int); +#endif + +#ifndef HAVE_STRTOULL +unsigned long long strtoull(const char *, char **, int); +#endif + +#ifndef HAVE_STRTONUM +long long strtonum(const char *, long long, long long, const char **); +#endif + +/* multibyte character support */ +#ifndef HAVE_MBLEN +# define mblen(x, y) (1) +#endif + +#ifndef HAVE_WCWIDTH +# define wcwidth(x) (((x) >= 0x20 && (x) <= 0x7e) ? 1 : -1) +/* force our no-op nl_langinfo and mbtowc */ +# undef HAVE_NL_LANGINFO +# undef HAVE_MBTOWC +# undef HAVE_LANGINFO_H +#endif + +#ifndef HAVE_NL_LANGINFO +# define nl_langinfo(x) "" +#endif + +#ifndef HAVE_MBTOWC +int mbtowc(wchar_t *, const char*, size_t); +#endif + +#if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF) +# include +#endif + +/* + * Some platforms unconditionally undefine va_copy() so we define VA_COPY() + * instead. This is known to be the case on at least some configurations of + * AIX with the xlc compiler. + */ +#ifndef VA_COPY +# ifdef HAVE_VA_COPY +# define VA_COPY(dest, src) va_copy(dest, src) +# else +# ifdef HAVE___VA_COPY +# define VA_COPY(dest, src) __va_copy(dest, src) +# else +# define VA_COPY(dest, src) (dest) = (src) +# endif +# endif +#endif + +#ifndef HAVE_VASPRINTF +int vasprintf(char **, const char *, va_list); +#endif + +#ifndef HAVE_VSNPRINTF +int vsnprintf(char *, size_t, const char *, va_list); +#endif + +#ifndef HAVE_USER_FROM_UID +char *user_from_uid(uid_t, int); +#endif + +#ifndef HAVE_GROUP_FROM_GID +char *group_from_gid(gid_t, int); +#endif + +#ifndef HAVE_TIMINGSAFE_BCMP +int timingsafe_bcmp(const void *, const void *, size_t); +#endif + +#ifndef HAVE_BCRYPT_PBKDF +int bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t, + u_int8_t *, size_t, unsigned int); +#endif + +#ifndef HAVE_EXPLICIT_BZERO +void explicit_bzero(void *p, size_t n); +#endif + +#ifndef HAVE_FREEZERO +void freezero(void *, size_t); +#endif + +char *xcrypt(const char *password, const char *salt); +char *shadow_pw(struct passwd *pw); + +/* rfc2553 socket API replacements */ +#include "fake-rfc2553.h" + +/* Routines for a single OS platform */ +#include "bsd-cygwin_util.h" + +#include "port-aix.h" +#include "port-irix.h" +#include "port-linux.h" +#include "port-solaris.h" +#include "port-net.h" +#include "port-uw.h" + +/* _FORTIFY_SOURCE breaks FD_ISSET(n)/FD_SET(n) for n > FD_SETSIZE. Avoid. */ +#if defined(HAVE_FEATURES_H) && defined(_FORTIFY_SOURCE) +# include +# if defined(__GNU_LIBRARY__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) +# include /* Ensure include guard is defined */ +# undef FD_SET +# undef FD_ISSET +# define FD_SET(n, set) kludge_FD_SET(n, set) +# define FD_ISSET(n, set) kludge_FD_ISSET(n, set) +void kludge_FD_SET(int, fd_set *); +int kludge_FD_ISSET(int, fd_set *); +# endif /* __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) */ +# endif /* __GNU_LIBRARY__ && __GLIBC_PREREQ */ +#endif /* HAVE_FEATURES_H && _FORTIFY_SOURCE */ + +#endif // WIN32 + +#endif /* _OPENBSD_COMPAT_H */ diff --git a/include/DomainExec/opensshlib/openssh.h b/include/DomainExec/opensshlib/openssh.h new file mode 100644 index 00000000..80c9f124 --- /dev/null +++ b/include/DomainExec/opensshlib/openssh.h @@ -0,0 +1,22 @@ + +#ifndef OPENSSH_H +#define OPENSSH_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "kex.h" +#include "buffer.h" + +u_int buffer_len(Buffer *); +void *buffer_ptr(Buffer *); +Kex *kex_setup(char *[PROPOSAL_MAX], Buffer ncrack_buf); + + + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + +#endif diff --git a/include/DomainExec/opensshlib/openssh.vcxproj b/include/DomainExec/opensshlib/openssh.vcxproj new file mode 100644 index 00000000..84cfdb4b --- /dev/null +++ b/include/DomainExec/opensshlib/openssh.vcxproj @@ -0,0 +1,206 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + + opensshlib + {B630C8F7-3138-1337-11FF-DEADBEEFAC5F} + opensshlib + Win32Proj + 10.0 + + + + StaticLibrary + MultiByte + v142 + + + StaticLibrary + MultiByte + v142 + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.30319.1 + .\ + Debug\ + .\ + Release\ + + + + Disabled + ..\mswin32;..\;..\mswin32\OpenSSL\include;%(AdditionalIncludeDirectories) + WIN32;_LIB;%(PreprocessorDefinitions) + true + + + EnableFastChecks + MultiThreadedDebug + + + Level3 + EditAndContinue + Default + + + $(OutDir)openssh.lib + + + + + /D "_CRT_SECURE_NO_DEPRECATE" /DUMAC_OUTPUT_LEN=16 /Dumac_new=umac128_new /Dumac_update=umac128_update /Dumac_final=umac128_final /Dumac_delete=umac128_delete %(AdditionalOptions) + ..\mswin32;..\;..\mswin32\OpenSSL\include;%(AdditionalIncludeDirectories) + WIN32;_LIB;%(PreprocessorDefinitions) + + + MultiThreadedDLL + + + Level3 + ProgramDatabase + Default + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/include/DomainExec/opensshlib/opensshlib.h b/include/DomainExec/opensshlib/opensshlib.h new file mode 100644 index 00000000..920f3bee --- /dev/null +++ b/include/DomainExec/opensshlib/opensshlib.h @@ -0,0 +1,239 @@ + +/*************************************************************************** + * opensshlib.h -- header file containing generic structure that is being * + * passed along all hooked OpenSSH functions to track Ncrack state for the * + * SSH module. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + + +#ifndef OPENSSHLIB_H +#define OPENSSHLIB_H + +#include "buffer.h" +#include "sshbuf.h" +#include "cipher.h" +#include "ssh1.h" + +#ifdef __cplusplus +extern "C" { +#endif + +struct kex; +struct newkeys; + +typedef struct packet_state { + u_int32_t seqnr; + u_int32_t packets; + u_int64_t blocks; + u_int64_t bytes; +} packet_state; + +/* + * Every module invocation has its own Ncrack_state struct which holds every + * bit of information needed to keep track of things. Most of the variables + * found inside this object were usually static/global variables in the original + * OpenSSH codebase. + */ +typedef struct ncrack_ssh_state { + + struct kex *kex; + DH *dh; + /* Session key information for Encryption and MAC */ + struct newkeys *newkeys[2]; + struct newkeys *current_keys[2]; + char *client_version_string; + char *server_version_string; + /* Encryption context for receiving data. This is only used for decryption. */ + struct sshcipher_ctx receive_context; + /* Encryption context for sending data. This is only used for encryption. */ + struct sshcipher_ctx send_context; + + /* ***** IO Buffers ****** */ + //Buffer ncrack_buf; + + /* Buffer for raw input data from the socket. */ + struct sshbuf *input; + /* Buffer for raw output data going to the socket. */ + struct sshbuf *output; + /* Buffer for the incoming packet currently being processed. */ + struct sshbuf *incoming_packet; + /* Buffer for the partial outgoing packet being constructed. */ + struct sshbuf *outgoing_packet; + + u_int64_t max_blocks_in; + u_int64_t max_blocks_out; + packet_state p_read; + packet_state p_send; + + /* Used in packet_read_poll2() */ + u_int packlen; + + int compat20; /* boolean -> true if SSHv2 compatible */ + + /* Compatibility mode for different bugs of various older sshd + * versions. It holds a list of these bug types in a binary OR list + */ + int datafellows; + int compat; + int type; /* type of packet returned */ + u_char extra_pad; /* extra padding that might be needed */ + + /* + * Reason that this connection was ended. It might be that we got a + * disconnnect packet from the server due to many authentication attempts + * or some other exotic reason. + */ + char *disc_reason; + + u_int packet_length; // TODO check this + + int rekeying; + u_int32_t rekey_limit; + u_int32_t rekey_interval; + time_t rekey_time; + int cipher_warning_done; + + int keep_alive_timeouts; + int dispatch_skip_packets; + + u_int packet_discard; + struct sshmac *packet_discard_mac; + + char *prev_user; + + +} ncrack_ssh_state; + + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + + + +#endif diff --git a/include/DomainExec/opensshlib/openssl-compat.h b/include/DomainExec/opensshlib/openssl-compat.h new file mode 100644 index 00000000..8917551d --- /dev/null +++ b/include/DomainExec/opensshlib/openssl-compat.h @@ -0,0 +1,96 @@ +/* $Id: openssl-compat.h,v 1.31 2014/08/29 18:18:29 djm Exp $ */ + +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _OPENSSL_COMPAT_H +#define _OPENSSL_COMPAT_H + +#include "includes.h" +#ifdef WITH_OPENSSL + +#include +#include +#include +#include + +int ssh_compatible_openssl(long, long); + +#if (OPENSSL_VERSION_NUMBER <= 0x0090805fL) +# error OpenSSL 0.9.8f or greater is required +#endif + +#if OPENSSL_VERSION_NUMBER < 0x10000001L +# define LIBCRYPTO_EVP_INL_TYPE unsigned int +#else +# define LIBCRYPTO_EVP_INL_TYPE size_t +#endif + +#ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +#endif +#ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +#endif + +#ifndef OPENSSL_HAVE_EVPCTR +# define EVP_aes_128_ctr evp_aes_128_ctr +# define EVP_aes_192_ctr evp_aes_128_ctr +# define EVP_aes_256_ctr evp_aes_128_ctr +const EVP_CIPHER *evp_aes_128_ctr(void); +void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); +#endif + +/* Avoid some #ifdef. Code that uses these is unreachable without GCM */ +#if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED) +# define EVP_CTRL_GCM_SET_IV_FIXED -1 +# define EVP_CTRL_GCM_IV_GEN -1 +# define EVP_CTRL_GCM_SET_TAG -1 +# define EVP_CTRL_GCM_GET_TAG -1 +#endif + +/* Replace missing EVP_CIPHER_CTX_ctrl() with something that returns failure */ +#ifndef HAVE_EVP_CIPHER_CTX_CTRL +# ifdef OPENSSL_HAVE_EVPGCM +# error AES-GCM enabled without EVP_CIPHER_CTX_ctrl /* shouldn't happen */ +# else +# define EVP_CIPHER_CTX_ctrl(a,b,c,d) (0) +# endif +#endif + +/* + * We overload some of the OpenSSL crypto functions with ssh_* equivalents + * to automatically handle OpenSSL engine initialisation. + * + * In order for the compat library to call the real functions, it must + * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and + * implement the ssh_* equivalents. + */ +#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS + +# ifdef USE_OPENSSL_ENGINE +# ifdef OpenSSL_add_all_algorithms +# undef OpenSSL_add_all_algorithms +# endif +# define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms() +# endif + +void ssh_OpenSSL_add_all_algorithms(void); + +#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ + +#endif /* WITH_OPENSSL */ +#endif /* _OPENSSL_COMPAT_H */ diff --git a/include/DomainExec/opensshlib/packet.c b/include/DomainExec/opensshlib/packet.c new file mode 100644 index 00000000..e5bb16cb --- /dev/null +++ b/include/DomainExec/opensshlib/packet.c @@ -0,0 +1,3056 @@ +/* $OpenBSD: packet.c,v 1.214 2015/08/20 22:32:42 deraadt Exp $ */ +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * This file contains code implementing the packet protocol and communication + * with the other side. This same code is used both on client and server side. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + * + * + * SSH2 packet format added by Markus Friedl. + * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef WIN32 +#include "winfixssh.h" +#endif + +#ifndef WIN32 +#include /* MIN roundup */ +#endif +#include +#include "sys-queue.h" +#ifndef WIN32 +#include +#endif +#ifdef HAVE_SYS_TIME_H +# include +#endif + +#ifndef WIN32 +#include +#include +#include +#endif + +#include +#include +#include +#include +#include +#ifndef WIN32 +#include +#endif +#include +#include +#include + +//#include + +#include "buffer.h" /* typedefs XXX */ +#include "key.h" /* typedefs XXX */ + +#include "xmalloc.h" +#include "crc32.h" +#include "compat.h" +#include "ssh1.h" +#include "ssh2.h" +#include "cipher.h" +#include "sshkey.h" +#include "kex.h" +#include "digest.h" +#include "mac.h" +#include "log.h" +#include "canohost.h" +#include "misc.h" +#include "channels.h" +#include "ssh.h" +#include "packet.h" +#include "ssherr.h" +#include "sshbuf.h" + +#ifdef PACKET_DEBUG +#define DBG(x) x +#else +#define DBG(x) +#endif + +#define PACKET_MAX_SIZE (256 * 1024) + +#if 0 +struct packet_state { + u_int32_t seqnr; + u_int32_t packets; + u_int64_t blocks; + u_int64_t bytes; +}; +#endif + +struct packet { + TAILQ_ENTRY(packet) next; + u_char type; + struct sshbuf *payload; +}; + +struct session_state { + /* + * This variable contains the file descriptors used for + * communicating with the other side. connection_in is used for + * reading; connection_out for writing. These can be the same + * descriptor, in which case it is assumed to be a socket. + */ + int connection_in; + int connection_out; + + /* Protocol flags for the remote side. */ + u_int remote_protocol_flags; + + /* Encryption context for receiving data. Only used for decryption. */ + struct sshcipher_ctx receive_context; + + /* Encryption context for sending data. Only used for encryption. */ + struct sshcipher_ctx send_context; + + /* Buffer for raw input data from the socket. */ + struct sshbuf *input; + + /* Buffer for raw output data going to the socket. */ + struct sshbuf *output; + + /* Buffer for the partial outgoing packet being constructed. */ + struct sshbuf *outgoing_packet; + + /* Buffer for the incoming packet currently being processed. */ + struct sshbuf *incoming_packet; + + /* Scratch buffer for packet compression/decompression. */ + struct sshbuf *compression_buffer; + + /* Incoming/outgoing compression dictionaries */ + //z_stream compression_in_stream; + //z_stream compression_out_stream; + int compression_in_started; + int compression_out_started; + int compression_in_failures; + int compression_out_failures; + + /* + * Flag indicating whether packet compression/decompression is + * enabled. + */ + int packet_compression; + + /* default maximum packet size */ + u_int max_packet_size; + + /* Flag indicating whether this module has been initialized. */ + int initialized; + + /* Set to true if the connection is interactive. */ + int interactive_mode; + + /* Set to true if we are the server side. */ + int server_side; + + /* Set to true if we are authenticated. */ + int after_authentication; + + int keep_alive_timeouts; + + /* The maximum time that we will wait to send or receive a packet */ + int packet_timeout_ms; + + /* Session key information for Encryption and MAC */ + struct newkeys *newkeys[MODE_MAX]; + //struct packet_state p_read, p_send; + + /* Volume-based rekeying */ + u_int64_t max_blocks_in, max_blocks_out; + u_int32_t rekey_limit; + + /* Time-based rekeying */ + u_int32_t rekey_interval; /* how often in seconds */ + time_t rekey_time; /* time of last rekeying */ + + /* Session key for protocol v1 */ + u_char ssh1_key[SSH_SESSION_KEY_LENGTH]; + u_int ssh1_keylen; + + /* roundup current message to extra_pad bytes */ + u_char extra_pad; + + /* XXX discard incoming data after MAC error */ + u_int packet_discard; + struct sshmac *packet_discard_mac; + + /* Used in packet_read_poll2() */ + u_int packlen; + + /* Used in packet_send2 */ + int rekeying; + + /* Used in packet_set_interactive */ + int set_interactive_called; + + /* Used in packet_set_maxsize */ + int set_maxsize_called; + + /* One-off warning about weak ciphers */ + int cipher_warning_done; + + /* SSH1 CRC compensation attack detector */ + //struct deattack_ctx deattack; + + TAILQ_HEAD(, packet) outgoing; +}; + + +#if 0 +struct ssh * +ssh_alloc_session_state(void) +{ + struct ssh *ssh = NULL; + struct session_state *state = NULL; + + if ((ssh = calloc(1, sizeof(*ssh))) == NULL || + (state = calloc(1, sizeof(*state))) == NULL || + (state->input = sshbuf_new()) == NULL || + (state->output = sshbuf_new()) == NULL || + (state->outgoing_packet = sshbuf_new()) == NULL || + (state->incoming_packet = sshbuf_new()) == NULL) + goto fail; + TAILQ_INIT(&state->outgoing); + TAILQ_INIT(&ssh->private_keys); + TAILQ_INIT(&ssh->public_keys); + state->connection_in = -1; + state->connection_out = -1; + state->max_packet_size = 32768; + state->packet_timeout_ms = -1; + state->p_send.packets = state->p_read.packets = 0; + state->initialized = 1; + /* + * ssh_packet_send2() needs to queue packets until + * we've done the initial key exchange. + */ + state->rekeying = 1; + ssh->state = state; + return ssh; + fail: + if (state) { + sshbuf_free(state->input); + sshbuf_free(state->output); + sshbuf_free(state->incoming_packet); + sshbuf_free(state->outgoing_packet); + free(state); + } + free(ssh); + return NULL; +} +#endif + + +/* + * Sets the descriptors used for communication. Disables encryption until + * packet_set_encryption_key is called. + */ +int +ssh_packet_set_connection(ncrack_ssh_state *nstate) +{ + //struct session_state *state; + const struct sshcipher *none = cipher_by_name("none"); + int r; + + if (none == NULL) { + ssh_error("%s: cannot load cipher 'none'", __func__); + return -1; + } + +#if 0 + if (ssh == NULL) + ssh = ssh_alloc_session_state(); + if (ssh == NULL) { + ssh_error("%s: cound not allocate state", __func__); + return NULL; + } +#endif + + nstate->input = sshbuf_new(); + nstate->output = sshbuf_new(); + nstate->outgoing_packet = sshbuf_new(); + nstate->incoming_packet = sshbuf_new(); + nstate->p_send.packets = nstate->p_read.packets = 0; + + //state = ssh->state; + //state->connection_in = fd_in; + //state->connection_out = fd_out; + if ((r = cipher_init(&nstate->send_context, none, + (const u_char *)"", 0, NULL, 0, CIPHER_ENCRYPT)) != 0 || + (r = cipher_init(&nstate->receive_context, none, + (const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) { + ssh_error("%s: cipher_init failed: %s", __func__, ssh_err(r)); + //free(ssh); + return -1; + } + nstate->newkeys[MODE_IN] = nstate->newkeys[MODE_OUT] = NULL; + //deattack_init(&nstate->deattack); + /* + * Cache the IP address of the remote connection for use in error + * messages that might be generated after the connection has closed. + */ + //(void)ssh_remote_ipaddr(ssh); + //return ssh; + return 0; +} + + +void +ssh_packet_set_timeout(struct ssh *ssh, int timeout, int count) +{ + struct session_state *state = ssh->state; + + if (timeout <= 0 || count <= 0) { + state->packet_timeout_ms = -1; + return; + } + if ((INT_MAX / 1000) / count < timeout) + state->packet_timeout_ms = INT_MAX; + else + state->packet_timeout_ms = timeout * count * 1000; +} + +int +ssh_packet_stop_discard(ncrack_ssh_state *nstate) +{ + //struct session_state *state = ssh->state; + int r; + + if (nstate->packet_discard_mac) { + char buf[1024]; + + memset(buf, 'a', sizeof(buf)); + while (sshbuf_len(nstate->incoming_packet) < + PACKET_MAX_SIZE) + if ((r = sshbuf_put(nstate->incoming_packet, buf, + sizeof(buf))) != 0) + return r; + (void) mac_compute(nstate->packet_discard_mac, + nstate->p_read.seqnr, + sshbuf_ptr(nstate->incoming_packet), PACKET_MAX_SIZE, + NULL, 0); + } + //logit("Finished discarding for %.200s", ssh_remote_ipaddr(ssh)); + return SSH_ERR_MAC_INVALID; +} + +static int +ssh_packet_start_discard(ncrack_ssh_state *nstate, struct sshenc *enc, + struct sshmac *mac, u_int packet_length, u_int discard) +{ + //struct session_state *state = ssh->state; + int r; + + if (enc == NULL || !cipher_is_cbc(enc->cipher) || (mac && mac->etm)) { + if ((r = sshpkt_disconnect(nstate, "Packet corrupt")) != 0) + return r; + return SSH_ERR_MAC_INVALID; + } + if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled) + nstate->packet_discard_mac = mac; + if (sshbuf_len(nstate->input) >= discard && + (r = ssh_packet_stop_discard(nstate)) != 0) + return r; + nstate->packet_discard = discard - sshbuf_len(nstate->input); + return 0; +} + +/* Returns 1 if remote host is connected via socket, 0 if not. */ + +int +ssh_packet_connection_is_on_socket(struct ssh *ssh) +{ +#if 0 + struct session_state *state = ssh->state; + struct sockaddr_storage from, to; + socklen_t fromlen, tolen; + + /* filedescriptors in and out are the same, so it's a socket */ + if (state->connection_in == state->connection_out) + return 1; + fromlen = sizeof(from); + memset(&from, 0, sizeof(from)); + if (getpeername(state->connection_in, (struct sockaddr *)&from, + &fromlen) < 0) + return 0; + tolen = sizeof(to); + memset(&to, 0, sizeof(to)); + if (getpeername(state->connection_out, (struct sockaddr *)&to, + &tolen) < 0) + return 0; + if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) + return 0; + if (from.ss_family != AF_INET && from.ss_family != AF_INET6) + return 0; +#endif + return 1; +} + + +void +ssh_packet_get_bytes(struct ssh *ssh, u_int64_t *ibytes, u_int64_t *obytes) +{ +#if 0 + if (ibytes) + *ibytes = ssh->state->p_read.bytes; + if (obytes) + *obytes = ssh->state->p_send.bytes; +#endif +} + +int +ssh_packet_connection_af(struct ssh *ssh) +{ +#if 0 + struct sockaddr_storage to; + socklen_t tolen = sizeof(to); + + memset(&to, 0, sizeof(to)); + if (getsockname(ssh->state->connection_out, (struct sockaddr *)&to, + &tolen) < 0) + return 0; +#ifdef IPV4_IN_IPV6 + if (to.ss_family == AF_INET6 && + IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr)) + return AF_INET; +#endif + return to.ss_family; +#endif + return -1; // temp +} + +/* Sets the connection into non-blocking mode. */ + +#if 0 +void +ssh_packet_set_nonblocking(struct ssh *ssh) +{ + /* Set the socket into non-blocking mode. */ + set_nonblock(ssh->state->connection_in); + + if (ssh->state->connection_out != ssh->state->connection_in) + set_nonblock(ssh->state->connection_out); +} +#endif + +/* Returns the socket used for reading. */ + +int +ssh_packet_get_connection_in(struct ssh *ssh) +{ + return ssh->state->connection_in; +} + +/* Returns the descriptor used for writing. */ + +int +ssh_packet_get_connection_out(struct ssh *ssh) +{ + return ssh->state->connection_out; +} + +/* + * Returns the IP-address of the remote host as a string. The returned + * string must not be freed. + */ + +const char * +ssh_remote_ipaddr(struct ssh *ssh) +{ +#if 0 + /* Check whether we have cached the ipaddr. */ + if (ssh->remote_ipaddr == NULL) + ssh->remote_ipaddr = ssh_packet_connection_is_on_socket(ssh) ? + get_peer_ipaddr(ssh->state->connection_in) : + strdup("UNKNOWN"); + if (ssh->remote_ipaddr == NULL) + return "UNKNOWN"; + return ssh->remote_ipaddr; +#endif + return NULL; // temp +} + +/* Closes the connection and clears and frees internal data structures. */ + +void +ssh_packet_close(struct ssh *ssh) +{ +#if 0 + struct session_state *state = ssh->state; + int r; + u_int mode; + + if (!state->initialized) + return; + state->initialized = 0; + if (state->connection_in == state->connection_out) { + shutdown(state->connection_out, SHUT_RDWR); + close(state->connection_out); + } else { + close(state->connection_in); + close(state->connection_out); + } + sshbuf_free(state->input); + sshbuf_free(state->output); + sshbuf_free(state->outgoing_packet); + sshbuf_free(state->incoming_packet); + for (mode = 0; mode < MODE_MAX; mode++) + kex_free_newkeys(state->newkeys[mode]); + if (state->compression_buffer) { +#if 0 + sshbuf_free(state->compression_buffer); + if (state->compression_out_started) { + z_streamp stream = &state->compression_out_stream; + debug("compress outgoing: " + "raw data %llu, compressed %llu, factor %.2f", + (unsigned long long)stream->total_in, + (unsigned long long)stream->total_out, + stream->total_in == 0 ? 0.0 : + (double) stream->total_out / stream->total_in); + if (state->compression_out_failures == 0) + deflateEnd(stream); + } + if (state->compression_in_started) { + z_streamp stream = &state->compression_out_stream; + debug("compress incoming: " + "raw data %llu, compressed %llu, factor %.2f", + (unsigned long long)stream->total_out, + (unsigned long long)stream->total_in, + stream->total_out == 0 ? 0.0 : + (double) stream->total_in / stream->total_out); + if (state->compression_in_failures == 0) + inflateEnd(stream); + } +#endif + } + if ((r = cipher_cleanup(&state->send_context)) != 0) + ssh_error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); + if ((r = cipher_cleanup(&state->receive_context)) != 0) + ssh_error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); + if (ssh->remote_ipaddr) { + free(ssh->remote_ipaddr); + ssh->remote_ipaddr = NULL; + } + free(ssh->state); + ssh->state = NULL; +#endif +} + +/* Sets remote side protocol flags. */ + +void +ssh_packet_set_protocol_flags(struct ssh *ssh, u_int protocol_flags) +{ + ssh->state->remote_protocol_flags = protocol_flags; +} + +/* Returns the remote protocol flags set earlier by the above function. */ + +u_int +ssh_packet_get_protocol_flags(struct ssh *ssh) +{ + return ssh->state->remote_protocol_flags; +} + + +#if 0 +/* + * Starts packet compression from the next packet on in both directions. + * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip. + */ + +static int +ssh_packet_init_compression(struct ssh *ssh) +{ + if (!ssh->state->compression_buffer && + ((ssh->state->compression_buffer = sshbuf_new()) == NULL)) + return SSH_ERR_ALLOC_FAIL; + return 0; +} + +static int +start_compression_out(struct ssh *ssh, int level) +{ + if (level < 1 || level > 9) + return SSH_ERR_INVALID_ARGUMENT; + debug("Enabling compression at level %d.", level); + if (ssh->state->compression_out_started == 1) + deflateEnd(&ssh->state->compression_out_stream); + switch (deflateInit(&ssh->state->compression_out_stream, level)) { + case Z_OK: + ssh->state->compression_out_started = 1; + break; + case Z_MEM_ERROR: + return SSH_ERR_ALLOC_FAIL; + default: + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} + +static int +start_compression_in(struct ssh *ssh) +{ + if (ssh->state->compression_in_started == 1) + inflateEnd(&ssh->state->compression_in_stream); + switch (inflateInit(&ssh->state->compression_in_stream)) { + case Z_OK: + ssh->state->compression_in_started = 1; + break; + case Z_MEM_ERROR: + return SSH_ERR_ALLOC_FAIL; + default: + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} + +int +ssh_packet_start_compression(struct ssh *ssh, int level) +{ + int r; + + if (ssh->state->packet_compression && !compat20) + return SSH_ERR_INTERNAL_ERROR; + ssh->state->packet_compression = 1; + if ((r = ssh_packet_init_compression(ssh)) != 0 || + (r = start_compression_in(ssh)) != 0 || + (r = start_compression_out(ssh, level)) != 0) + return r; + return 0; +} + +/* XXX remove need for separate compression buffer */ +static int +compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) +{ + u_char buf[4096]; + int r, status; + + if (ssh->state->compression_out_started != 1) + return SSH_ERR_INTERNAL_ERROR; + + /* This case is not handled below. */ + if (sshbuf_len(in) == 0) + return 0; + + /* Input is the contents of the input buffer. */ + if ((ssh->state->compression_out_stream.next_in = + sshbuf_mutable_ptr(in)) == NULL) + return SSH_ERR_INTERNAL_ERROR; + ssh->state->compression_out_stream.avail_in = sshbuf_len(in); + + /* Loop compressing until deflate() returns with avail_out != 0. */ + do { + /* Set up fixed-size output buffer. */ + ssh->state->compression_out_stream.next_out = buf; + ssh->state->compression_out_stream.avail_out = sizeof(buf); + + /* Compress as much data into the buffer as possible. */ + status = deflate(&ssh->state->compression_out_stream, + Z_PARTIAL_FLUSH); + switch (status) { + case Z_MEM_ERROR: + return SSH_ERR_ALLOC_FAIL; + case Z_OK: + /* Append compressed data to output_buffer. */ + if ((r = sshbuf_put(out, buf, sizeof(buf) - + ssh->state->compression_out_stream.avail_out)) != 0) + return r; + break; + case Z_STREAM_ERROR: + default: + ssh->state->compression_out_failures++; + return SSH_ERR_INVALID_FORMAT; + } + } while (ssh->state->compression_out_stream.avail_out == 0); + return 0; +} + +static int +uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) +{ + u_char buf[4096]; + int r, status; + + if (ssh->state->compression_in_started != 1) + return SSH_ERR_INTERNAL_ERROR; + + if ((ssh->state->compression_in_stream.next_in = + sshbuf_mutable_ptr(in)) == NULL) + return SSH_ERR_INTERNAL_ERROR; + ssh->state->compression_in_stream.avail_in = sshbuf_len(in); + + for (;;) { + /* Set up fixed-size output buffer. */ + ssh->state->compression_in_stream.next_out = buf; + ssh->state->compression_in_stream.avail_out = sizeof(buf); + + status = inflate(&ssh->state->compression_in_stream, + Z_PARTIAL_FLUSH); + switch (status) { + case Z_OK: + if ((r = sshbuf_put(out, buf, sizeof(buf) - + ssh->state->compression_in_stream.avail_out)) != 0) + return r; + break; + case Z_BUF_ERROR: + /* + * Comments in zlib.h say that we should keep calling + * inflate() until we get an error. This appears to + * be the error that we get. + */ + return 0; + case Z_DATA_ERROR: + return SSH_ERR_INVALID_FORMAT; + case Z_MEM_ERROR: + return SSH_ERR_ALLOC_FAIL; + case Z_STREAM_ERROR: + default: + ssh->state->compression_in_failures++; + return SSH_ERR_INTERNAL_ERROR; + } + } + /* NOTREACHED */ +} + +/* Serialise compression state into a blob for privsep */ +static int +ssh_packet_get_compress_state(struct sshbuf *m, struct ssh *ssh) +{ + struct session_state *state = ssh->state; + struct sshbuf *b; + int r; + + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (state->compression_in_started) { + if ((r = sshbuf_put_string(b, &state->compression_in_stream, + sizeof(state->compression_in_stream))) != 0) + goto out; + } else if ((r = sshbuf_put_string(b, NULL, 0)) != 0) + goto out; + if (state->compression_out_started) { + if ((r = sshbuf_put_string(b, &state->compression_out_stream, + sizeof(state->compression_out_stream))) != 0) + goto out; + } else if ((r = sshbuf_put_string(b, NULL, 0)) != 0) + goto out; + r = sshbuf_put_stringb(m, b); + out: + sshbuf_free(b); + return r; +} + +/* Deserialise compression state from a blob for privsep */ +static int +ssh_packet_set_compress_state(struct ssh *ssh, struct sshbuf *m) +{ + struct session_state *state = ssh->state; + struct sshbuf *b = NULL; + int r; + const u_char *inblob, *outblob; + size_t inl, outl; + + if ((r = sshbuf_froms(m, &b)) != 0) + goto out; + if ((r = sshbuf_get_string_direct(b, &inblob, &inl)) != 0 || + (r = sshbuf_get_string_direct(b, &outblob, &outl)) != 0) + goto out; + if (inl == 0) + state->compression_in_started = 0; + else if (inl != sizeof(state->compression_in_stream)) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } else { + state->compression_in_started = 1; + memcpy(&state->compression_in_stream, inblob, inl); + } + if (outl == 0) + state->compression_out_started = 0; + else if (outl != sizeof(state->compression_out_stream)) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } else { + state->compression_out_started = 1; + memcpy(&state->compression_out_stream, outblob, outl); + } + r = 0; + out: + sshbuf_free(b); + return r; +} + +void +ssh_packet_set_compress_hooks(struct ssh *ssh, void *ctx, + void *(*allocfunc)(void *, u_int, u_int), + void (*freefunc)(void *, void *)) +{ + ssh->state->compression_out_stream.zalloc = (alloc_func)allocfunc; + ssh->state->compression_out_stream.zfree = (free_func)freefunc; + ssh->state->compression_out_stream.opaque = ctx; + ssh->state->compression_in_stream.zalloc = (alloc_func)allocfunc; + ssh->state->compression_in_stream.zfree = (free_func)freefunc; + ssh->state->compression_in_stream.opaque = ctx; +} +#endif + + +/* + * Causes any further packets to be encrypted using the given key. The same + * key is used for both sending and reception. However, both directions are + * encrypted independently of each other. + */ + +void +ssh_packet_set_encryption_key(struct ssh *ssh, const u_char *key, u_int keylen, int number) +{ +#ifndef WITH_SSH1 + fatal("no SSH protocol 1 support"); +#else /* WITH_SSH1 */ + struct session_state *state = ssh->state; + const struct sshcipher *cipher = cipher_by_number(number); + int r; + const char *wmsg; + + if (cipher == NULL) + fatal("%s: unknown cipher number %d", __func__, number); + if (keylen < 20) + fatal("%s: keylen too small: %d", __func__, keylen); + if (keylen > SSH_SESSION_KEY_LENGTH) + fatal("%s: keylen too big: %d", __func__, keylen); + memcpy(state->ssh1_key, key, keylen); + state->ssh1_keylen = keylen; + if ((r = cipher_init(&state->send_context, cipher, key, keylen, + NULL, 0, CIPHER_ENCRYPT)) != 0 || + (r = cipher_init(&state->receive_context, cipher, key, keylen, + NULL, 0, CIPHER_DECRYPT) != 0)) + fatal("%s: cipher_init failed: %s", __func__, ssh_err(r)); + if (!state->cipher_warning_done && + ((wmsg = cipher_warning_message(&state->send_context)) != NULL || + (wmsg = cipher_warning_message(&state->send_context)) != NULL)) { + ssh_error("Warning: %s", wmsg); + state->cipher_warning_done = 1; + } +#endif /* WITH_SSH1 */ +} + +/* + * Finalizes and sends the packet. If the encryption key has been set, + * encrypts the packet before sending. + */ + +int +ssh_packet_send1(ncrack_ssh_state *nstate) +{ + //struct session_state *state = ssh->state; + u_char buf[8], *cp; + int r, padding, len; + u_int checksum; + + /* + * If using packet compression, compress the payload of the outgoing + * packet. + */ +#if 0 + if (nstate->packet_compression) { + sshbuf_reset(nstate->compression_buffer); + /* Skip padding. */ + if ((r = sshbuf_consume(nstate->outgoing_packet, 8)) != 0) + goto out; + /* padding */ + if ((r = sshbuf_put(nstate->compression_buffer, + "\0\0\0\0\0\0\0\0", 8)) != 0) + goto out; + if ((r = compress_buffer(ssh, nstate->outgoing_packet, + nstate->compression_buffer)) != 0) + goto out; + sshbuf_reset(nstate->outgoing_packet); + if ((r = sshbuf_putb(nstate->outgoing_packet, + nstate->compression_buffer)) != 0) + goto out; + } +#endif + /* Compute packet length without padding (add checksum, remove padding). */ + len = sshbuf_len(nstate->outgoing_packet) + 4 - 8; + + /* Insert padding. Initialized to zero in packet_start1() */ + padding = 8 - len % 8; + if (!nstate->send_context.plaintext) { + cp = sshbuf_mutable_ptr(nstate->outgoing_packet); + if (cp == NULL) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + arc4random_buf(cp + 8 - padding, padding); + } + if ((r = sshbuf_consume(nstate->outgoing_packet, 8 - padding)) != 0) + goto out; + + /* Add check bytes. */ + checksum = ssh_crc32(sshbuf_ptr(nstate->outgoing_packet), + sshbuf_len(nstate->outgoing_packet)); + POKE_U32(buf, checksum); + if ((r = sshbuf_put(nstate->outgoing_packet, buf, 4)) != 0) + goto out; + +#ifdef PACKET_DEBUG + fprintf(stderr, "packet_send plain: "); + sshbuf_dump(nstate->outgoing_packet, stderr); +#endif + + /* Append to output. */ + POKE_U32(buf, len); + if ((r = sshbuf_put(nstate->output, buf, 4)) != 0) + goto out; + if ((r = sshbuf_reserve(nstate->output, + sshbuf_len(nstate->outgoing_packet), &cp)) != 0) + goto out; + if ((r = cipher_crypt(&nstate->send_context, 0, cp, + sshbuf_ptr(nstate->outgoing_packet), + sshbuf_len(nstate->outgoing_packet), 0, 0)) != 0) + goto out; + +#ifdef PACKET_DEBUG + fprintf(stderr, "encrypted: "); + sshbuf_dump(nstate->output, stderr); +#endif + nstate->p_send.packets++; + nstate->p_send.bytes += len + + sshbuf_len(nstate->outgoing_packet); + sshbuf_reset(nstate->outgoing_packet); + + /* + * Note that the packet is now only buffered in output. It won't be + * actually sent until ssh_packet_write_wait or ssh_packet_write_poll + * is called. + */ + r = 0; + out: + return r; +} + +int +ssh_set_newkeys(ncrack_ssh_state *nstate, int mode) +{ + //struct session_state *state = ssh->state; + struct sshenc *enc; + struct sshmac *mac; + struct sshcomp *comp; + struct sshcipher_ctx *cc; + u_int64_t *max_blocks; + const char *wmsg; + int r, crypt_type; + + debug2("set_newkeys: mode %d", mode); + + if (mode == MODE_OUT) { + cc = &nstate->send_context; + crypt_type = CIPHER_ENCRYPT; + nstate->p_send.packets = nstate->p_send.blocks = 0; + max_blocks = &nstate->max_blocks_out; + } else { + cc = &nstate->receive_context; + crypt_type = CIPHER_DECRYPT; + nstate->p_read.packets = nstate->p_read.blocks = 0; + max_blocks = &nstate->max_blocks_in; + } + if (nstate->newkeys[mode] != NULL) { + debug("set_newkeys: rekeying"); + if ((r = cipher_cleanup(cc)) != 0) + return r; + enc = &nstate->newkeys[mode]->enc; + mac = &nstate->newkeys[mode]->mac; + comp = &nstate->newkeys[mode]->comp; + mac_clear(mac); + explicit_bzero(enc->iv, enc->iv_len); + explicit_bzero(enc->key, enc->key_len); + explicit_bzero(mac->key, mac->key_len); + free(enc->name); + free(enc->iv); + free(enc->key); + free(mac->name); + free(mac->key); + free(comp->name); + free(nstate->newkeys[mode]); + } + /* move newkeys from kex to state */ + if ((nstate->newkeys[mode] = nstate->kex->newkeys[mode]) == NULL) + return SSH_ERR_INTERNAL_ERROR; + nstate->kex->newkeys[mode] = NULL; + enc = &nstate->newkeys[mode]->enc; + mac = &nstate->newkeys[mode]->mac; + comp = &nstate->newkeys[mode]->comp; + if (cipher_authlen(enc->cipher) == 0) { + if ((r = mac_init(mac)) != 0) + return r; + } + mac->enabled = 1; + DBG(debug("cipher_init_context: %d", mode)); + if ((r = cipher_init(cc, enc->cipher, enc->key, enc->key_len, + enc->iv, enc->iv_len, crypt_type)) != 0) + return r; + if (!nstate->cipher_warning_done && + (wmsg = cipher_warning_message(cc)) != NULL) { + ssh_error("Warning: %s", wmsg); + nstate->cipher_warning_done = 1; + } + /* Deleting the keys does not gain extra security */ + /* explicit_bzero(enc->iv, enc->block_size); + explicit_bzero(enc->key, enc->key_len); + explicit_bzero(mac->key, mac->key_len); */ + +#if 0 + if ((comp->type == COMP_ZLIB || + (comp->type == COMP_DELAYED && + state->after_authentication)) && comp->enabled == 0) { + if ((r = ssh_packet_init_compression(ssh)) < 0) + return r; + if (mode == MODE_OUT) { + if ((r = start_compression_out(ssh, 6)) != 0) + return r; + } else { + if ((r = start_compression_in(ssh)) != 0) + return r; + } + comp->enabled = 1; + } +#endif + /* + * The 2^(blocksize*2) limit is too expensive for 3DES, + * blowfish, etc, so enforce a 1GB limit for small blocksizes. + */ + if (enc->block_size >= 16) + *max_blocks = (u_int64_t)1 << (enc->block_size*2); + else + *max_blocks = ((u_int64_t)1 << 30) / enc->block_size; + if (nstate->rekey_limit) + *max_blocks = MIN(*max_blocks, + nstate->rekey_limit / enc->block_size); + return 0; +} + + +#if 0 +/* + * Delayed compression for SSH2 is enabled after authentication: + * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, + * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received. + */ +static int +ssh_packet_enable_delayed_compress(struct ssh *ssh) +{ + struct session_state *state = ssh->state; + struct sshcomp *comp = NULL; + int r, mode; + + /* + * Remember that we are past the authentication step, so rekeying + * with COMP_DELAYED will turn on compression immediately. + */ + state->after_authentication = 1; + for (mode = 0; mode < MODE_MAX; mode++) { + /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */ + if (state->newkeys[mode] == NULL) + continue; + comp = &state->newkeys[mode]->comp; + if (comp && !comp->enabled && comp->type == COMP_DELAYED) { + if ((r = ssh_packet_init_compression(ssh)) != 0) + return r; + if (mode == MODE_OUT) { + if ((r = start_compression_out(ssh, 6)) != 0) + return r; + } else { + if ((r = start_compression_in(ssh)) != 0) + return r; + } + comp->enabled = 1; + } + } + return 0; +} +#endif + + +/* + * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) + */ +int +ssh_packet_send2_wrapped(ncrack_ssh_state *nstate) +{ + //struct session_state *state = ssh->state; + u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; + u_char padlen, pad = 0; + u_int authlen = 0, aadlen = 0; + u_int len; + struct sshenc *enc = NULL; + struct sshmac *mac = NULL; + struct sshcomp *comp = NULL; + int r, block_size; + + if (nstate->newkeys[MODE_OUT] != NULL) { + enc = &nstate->newkeys[MODE_OUT]->enc; + mac = &nstate->newkeys[MODE_OUT]->mac; + comp = &nstate->newkeys[MODE_OUT]->comp; + /* disable mac for authenticated encryption */ + if ((authlen = cipher_authlen(enc->cipher)) != 0) + mac = NULL; + } + block_size = enc ? enc->block_size : 8; + aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; + + type = (sshbuf_ptr(nstate->outgoing_packet))[5]; + +#ifdef PACKET_DEBUG + fprintf(stderr, "plain: "); + sshbuf_dump(nstate->outgoing_packet, stderr); +#endif + + if (comp && comp->enabled) { +#if 0 + len = sshbuf_len(state->outgoing_packet); + /* skip header, compress only payload */ + if ((r = sshbuf_consume(state->outgoing_packet, 5)) != 0) + goto out; + sshbuf_reset(state->compression_buffer); + if ((r = compress_buffer(ssh, state->outgoing_packet, + state->compression_buffer)) != 0) + goto out; + sshbuf_reset(state->outgoing_packet); + if ((r = sshbuf_put(state->outgoing_packet, + "\0\0\0\0\0", 5)) != 0 || + (r = sshbuf_putb(state->outgoing_packet, + state->compression_buffer)) != 0) + goto out; + DBG(debug("compression: raw %d compressed %zd", len, + sshbuf_len(state->outgoing_packet))); +#endif + } + + /* sizeof (packet_len + pad_len + payload) */ + len = sshbuf_len(nstate->outgoing_packet); + + /* + * calc size of padding, alloc space, get random data, + * minimum padding is 4 bytes + */ + len -= aadlen; /* packet length is not encrypted for EtM modes */ + padlen = block_size - (len % block_size); + if (padlen < 4) + padlen += block_size; + if (nstate->extra_pad) { + /* will wrap if extra_pad+padlen > 255 */ + nstate->extra_pad = + roundup(nstate->extra_pad, block_size); + pad = nstate->extra_pad - + ((len + padlen) % nstate->extra_pad); + DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)", + __func__, pad, len, padlen, nstate->extra_pad)); + padlen += pad; + nstate->extra_pad = 0; + } + if ((r = sshbuf_reserve(nstate->outgoing_packet, padlen, &cp)) != 0) + goto out; + if (enc && !nstate->send_context.plaintext) { + /* random padding */ + arc4random_buf(cp, padlen); + } else { + /* clear padding */ + explicit_bzero(cp, padlen); + } + /* sizeof (packet_len + pad_len + payload + padding) */ + len = sshbuf_len(nstate->outgoing_packet); + cp = sshbuf_mutable_ptr(nstate->outgoing_packet); + if (cp == NULL) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + /* packet_length includes payload, padding and padding length field */ + POKE_U32(cp, len - 4); + cp[4] = padlen; + DBG(debug("send: len %d (includes padlen %d, aadlen %d)", + len, padlen, aadlen)); + + /* compute MAC over seqnr and packet(length fields, payload, padding) */ + if (mac && mac->enabled && !mac->etm) { + if ((r = mac_compute(mac, nstate->p_send.seqnr, + sshbuf_ptr(nstate->outgoing_packet), len, + macbuf, sizeof(macbuf))) != 0) + goto out; + DBG(debug("done calc MAC out #%d", nstate->p_send.seqnr)); + } + /* encrypt packet and append to output buffer. */ + if ((r = sshbuf_reserve(nstate->output, + sshbuf_len(nstate->outgoing_packet) + authlen, &cp)) != 0) + goto out; + if ((r = cipher_crypt(&nstate->send_context, nstate->p_send.seqnr, cp, + sshbuf_ptr(nstate->outgoing_packet), + len - aadlen, aadlen, authlen)) != 0) + goto out; + /* append unencrypted MAC */ + if (mac && mac->enabled) { + if (mac->etm) { + /* EtM: compute mac over aadlen + cipher text */ + if ((r = mac_compute(mac, nstate->p_send.seqnr, + cp, len, macbuf, sizeof(macbuf))) != 0) + goto out; + DBG(debug("done calc MAC(EtM) out #%d", + nstate->p_send.seqnr)); + } + if ((r = sshbuf_put(nstate->output, macbuf, mac->mac_len)) != 0) + goto out; + } +#ifdef PACKET_DEBUG + fprintf(stderr, "encrypted: "); + sshbuf_dump(nstate->output, stderr); +#endif + /* increment sequence number for outgoing packets */ + if (++nstate->p_send.seqnr == 0) + logit("outgoing seqnr wraps around"); + if (++nstate->p_send.packets == 0) + if (!(nstate->compat & SSH_BUG_NOREKEY)) + return SSH_ERR_NEED_REKEY; + nstate->p_send.blocks += len / block_size; + nstate->p_send.bytes += len; + sshbuf_reset(nstate->outgoing_packet); + + if (type == SSH2_MSG_NEWKEYS) + r = ssh_set_newkeys(nstate, MODE_OUT); + //else if (type == SSH2_MSG_USERAUTH_SUCCESS && state->server_side) + // r = ssh_packet_enable_delayed_compress(ssh); + else + r = 0; + out: + return r; +} + +int +ssh_packet_send2(ncrack_ssh_state *nstate) +{ + //struct session_state *state = ssh->state; + struct packet *p; + u_char type; + int r; + + type = sshbuf_ptr(nstate->outgoing_packet)[5]; + + /* during rekeying we can only send key exchange messages */ + if (nstate->rekeying) { + + if ((type < SSH2_MSG_TRANSPORT_MIN) || + (type > SSH2_MSG_TRANSPORT_MAX) || + (type == SSH2_MSG_SERVICE_REQUEST) || + (type == SSH2_MSG_SERVICE_ACCEPT)) { + debug("enqueue packet: %u", type); + p = calloc(1, sizeof(*p)); + if (p == NULL) + return SSH_ERR_ALLOC_FAIL; + p->type = type; + p->payload = nstate->outgoing_packet; + + //TAILQ_INSERT_TAIL(&nstate->outgoing, p, next); + + nstate->outgoing_packet = sshbuf_new(); + if (nstate->outgoing_packet == NULL) + return SSH_ERR_ALLOC_FAIL; + return 0; + } + } + + /* rekeying starts with sending KEXINIT */ + if (type == SSH2_MSG_KEXINIT) + nstate->rekeying = 1; + + if ((r = ssh_packet_send2_wrapped(nstate)) != 0) + return r; + + /* after a NEWKEYS message we can send the complete queue */ + if (type == SSH2_MSG_NEWKEYS) { + + nstate->rekeying = 0; + + //state->rekey_time = monotime(); + //while ((p = TAILQ_FIRST(&state->outgoing))) { + // type = p->type; + // debug("dequeue packet: %u", type); + // sshbuf_free(state->outgoing_packet); + // state->outgoing_packet = p->payload; + // TAILQ_REMOVE(&state->outgoing, p, next); + // free(p); + //if ((r = ssh_packet_send2_wrapped(nstate)) != 0) + // return r; + //} + } + return 0; +} + +/* + * Waits until a packet has been received, and returns its type. Note that + * no other data is processed until this returns, so this function should not + * be used during the interactive session. + */ + +#if 0 +int +ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) +{ + struct session_state *state = ssh->state; + int len, r, ms_remain, cont; + fd_set *setp; + char buf[8192]; + struct timeval timeout, start, *timeoutp = NULL; + + DBG(debug("packet_read()")); + + setp = calloc(howmany(state->connection_in + 1, + NFDBITS), sizeof(fd_mask)); + if (setp == NULL) + return SSH_ERR_ALLOC_FAIL; + + /* + * Since we are blocking, ensure that all written packets have + * been sent. + */ + if ((r = ssh_packet_write_wait(ssh)) != 0) + goto out; + + /* Stay in the loop until we have received a complete packet. */ + for (;;) { + /* Try to read a packet from the buffer. */ + r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p); + if (r != 0) + break; + if (!compat20 && ( + *typep == SSH_SMSG_SUCCESS + || *typep == SSH_SMSG_FAILURE + || *typep == SSH_CMSG_EOF + || *typep == SSH_CMSG_EXIT_CONFIRMATION)) + if ((r = sshpkt_get_end(ssh)) != 0) + break; + /* If we got a packet, return it. */ + if (*typep != SSH_MSG_NONE) + break; + /* + * Otherwise, wait for some data to arrive, add it to the + * buffer, and try again. + */ + memset(setp, 0, howmany(state->connection_in + 1, + NFDBITS) * sizeof(fd_mask)); + FD_SET(state->connection_in, setp); + + if (state->packet_timeout_ms > 0) { + ms_remain = state->packet_timeout_ms; + timeoutp = &timeout; + } + /* Wait for some data to arrive. */ + for (;;) { + if (state->packet_timeout_ms != -1) { + ms_to_timeval(&timeout, ms_remain); + gettimeofday(&start, NULL); + } + if ((r = select(state->connection_in + 1, setp, + NULL, NULL, timeoutp)) >= 0) + break; + if (errno != EAGAIN && errno != EINTR && + errno != EWOULDBLOCK) + break; + if (state->packet_timeout_ms == -1) + continue; + ms_subtract_diff(&start, &ms_remain); + if (ms_remain <= 0) { + r = 0; + break; + } + } + if (r == 0) + return SSH_ERR_CONN_TIMEOUT; + /* Read data from the socket. */ + do { + cont = 0; + //len = roaming_read(state->connection_in, buf, sizeof(buf), &cont); + } while (len == 0 && cont); + if (len == 0) { + r = SSH_ERR_CONN_CLOSED; + goto out; + } + if (len < 0) { + r = SSH_ERR_SYSTEM_ERROR; + goto out; + } + + /* Append it to the buffer. */ + if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0) + goto out; + } + out: + free(setp); + return r; +} + +int +ssh_packet_read(struct ssh *ssh) +{ + u_char type; + int r; + + if ((r = ssh_packet_read_seqnr(ssh, &type, NULL)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + return type; +} +#endif + +int +ncrackssh_ssh_packet_read(ncrack_ssh_state *nstate) +{ + u_char type; + int r; + if ((r = ssh_packet_read_poll_seqnr(nstate, &type, NULL)) != 0) + ; + //printf("ssh_packet_read_poll_seqnr returned err: %d\n", r); + //fatal("%s: %s", __func__, ssh_err(r)); + + //ssh_packet_read_poll_seqnr(nstate, &type, NULL); + + return type; +} + + + +#if 0 +/* + * Waits until a packet has been received, verifies that its type matches + * that given, and gives a fatal error and exits if there is a mismatch. + */ + +int +ssh_packet_read_expect(struct ssh *ssh, u_int expected_type) +{ + int r; + u_char type; + + if ((r = ssh_packet_read_seqnr(ssh, &type, NULL)) != 0) + return r; + if (type != expected_type) { + if ((r = sshpkt_disconnect(ssh, + "Protocol error: expected packet type %d, got %d", + expected_type, type)) != 0) + return r; + return SSH_ERR_PROTOCOL_ERROR; + } + return 0; +} +#endif + +/* Checks if a full packet is available in the data received so far via + * packet_process_incoming. If so, reads the packet; otherwise returns + * SSH_MSG_NONE. This does not wait for data from the connection. + * + * SSH_MSG_DISCONNECT is handled specially here. Also, + * SSH_MSG_IGNORE messages are skipped by this function and are never returned + * to higher levels. + */ + +int +ssh_packet_read_poll1(ncrack_ssh_state *nstate, u_char *typep) +{ + //struct session_state *state = ssh->state; + u_int len, padded_len; + //const char *emsg; + const u_char *cp; + u_char *p; + u_int checksum, stored_checksum; + int r; + + *typep = SSH_MSG_NONE; + + /* Check if input size is less than minimum packet size. */ + if (sshbuf_len(nstate->input) < 4 + 8) + return 0; + /* Get length of incoming packet. */ + len = PEEK_U32(sshbuf_ptr(nstate->input)); + if (len < 1 + 2 + 2 || len > 256 * 1024) { + if ((r = sshpkt_disconnect(nstate, "Bad packet length %u", + len)) != 0) + return r; + return SSH_ERR_CONN_CORRUPT; + } + padded_len = (len + 8) & ~7; + + /* Check if the packet has been entirely received. */ + if (sshbuf_len(nstate->input) < 4 + padded_len) + return 0; + + /* The entire packet is in buffer. */ + + /* Consume packet length. */ + if ((r = sshbuf_consume(nstate->input, 4)) != 0) + goto out; + + +#if 0 + /* + * Cryptographic attack detector for ssh + * (C)1998 CORE-SDI, Buenos Aires Argentina + * Ariel Futoransky(futo@core-sdi.com) + */ + if (!nstate->receive_context.plaintext) { + emsg = NULL; + switch (detect_attack(&nstate->deattack, + sshbuf_ptr(nstate->input), padded_len)) { + case DEATTACK_OK: + break; + case DEATTACK_DETECTED: + emsg = "crc32 compensation attack detected"; + break; + case DEATTACK_DOS_DETECTED: + emsg = "deattack denial of service detected"; + break; + default: + emsg = "deattack error"; + break; + } + if (emsg != NULL) { + ssh_error("%s", emsg); + if ((r = sshpkt_disconnect(nstate, "%s", emsg)) != 0 || + (r = ssh_packet_write_wait(nstate)) != 0) + return r; + return SSH_ERR_CONN_CORRUPT; + } + } +#endif + + /* Decrypt data to incoming_packet. */ + sshbuf_reset(nstate->incoming_packet); + if ((r = sshbuf_reserve(nstate->incoming_packet, padded_len, &p)) != 0) + goto out; + if ((r = cipher_crypt(&nstate->receive_context, 0, p, + sshbuf_ptr(nstate->input), padded_len, 0, 0)) != 0) + goto out; + + if ((r = sshbuf_consume(nstate->input, padded_len)) != 0) + goto out; + +#ifdef PACKET_DEBUG + fprintf(stderr, "read_poll plain: "); + sshbuf_dump(nstate->incoming_packet, stderr); +#endif + + /* Compute packet checksum. */ + checksum = ssh_crc32(sshbuf_ptr(nstate->incoming_packet), + sshbuf_len(nstate->incoming_packet) - 4); + + /* Skip padding. */ + if ((r = sshbuf_consume(nstate->incoming_packet, 8 - len % 8)) != 0) + goto out; + + /* Test check bytes. */ + if (len != sshbuf_len(nstate->incoming_packet)) { + ssh_error("%s: len %d != sshbuf_len %zd", __func__, + len, sshbuf_len(nstate->incoming_packet)); + if ((r = sshpkt_disconnect(nstate, "invalid packet length")) != 0 || + (r = ssh_packet_write_wait(nstate)) != 0) + return r; + return SSH_ERR_CONN_CORRUPT; + } + + cp = sshbuf_ptr(nstate->incoming_packet) + len - 4; + stored_checksum = PEEK_U32(cp); + if (checksum != stored_checksum) { + ssh_error("Corrupted check bytes on input"); + if ((r = sshpkt_disconnect(nstate, "connection corrupted")) != 0 || + (r = ssh_packet_write_wait(nstate)) != 0) + return r; + return SSH_ERR_CONN_CORRUPT; + } + if ((r = sshbuf_consume_end(nstate->incoming_packet, 4)) < 0) + goto out; + +#if 0 + if (nstate->packet_compression) { + sshbuf_reset(nstate->compression_buffer); + if ((r = uncompress_buffer(ssh, nstate->incoming_packet, + nstate->compression_buffer)) != 0) + goto out; + sshbuf_reset(nstate->incoming_packet); + if ((r = sshbuf_putb(nstate->incoming_packet, + nstate->compression_buffer)) != 0) + goto out; + } +#endif + nstate->p_read.packets++; + nstate->p_read.bytes += padded_len + 4; + if ((r = sshbuf_get_u8(nstate->incoming_packet, typep)) != 0) + goto out; + if (*typep < SSH_MSG_MIN || *typep > SSH_MSG_MAX) { + ssh_error("Invalid ssh1 packet type: %d", *typep); + if ((r = sshpkt_disconnect(nstate, "invalid packet type")) != 0 || + (r = ssh_packet_write_wait(nstate)) != 0) + return r; + return SSH_ERR_PROTOCOL_ERROR; + } + r = 0; + out: + return r; +} + +int +ssh_packet_read_poll2(ncrack_ssh_state *nstate, u_char *typep, u_int32_t *seqnr_p) +{ + //struct session_state *state = ssh->state; + u_int padlen, need; + u_char *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; + u_int maclen, aadlen = 0, authlen = 0, block_size; + struct sshenc *enc = NULL; + struct sshmac *mac = NULL; + //struct sshcomp *comp = NULL; + int r; + + *typep = SSH_MSG_NONE; + + if (nstate->packet_discard) + return 0; + + if (nstate->newkeys[MODE_IN] != NULL) { + enc = &nstate->newkeys[MODE_IN]->enc; + mac = &nstate->newkeys[MODE_IN]->mac; + //comp = &nstate->newkeys[MODE_IN]->comp; + /* disable mac for authenticated encryption */ + if ((authlen = cipher_authlen(enc->cipher)) != 0) + mac = NULL; + } + + maclen = mac && mac->enabled ? mac->mac_len : 0; + block_size = enc ? enc->block_size : 8; + aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; + + if (aadlen && nstate->packlen == 0) { + if (cipher_get_length(&nstate->receive_context, + &nstate->packlen, nstate->p_read.seqnr, + sshbuf_ptr(nstate->input), sshbuf_len(nstate->input)) != 0) + return 0; + if (nstate->packlen < 1 + 4 || + nstate->packlen > PACKET_MAX_SIZE) { +#ifdef PACKET_DEBUG + sshbuf_dump(nstate->input, stderr); +#endif + logit("Bad packet length %u.", nstate->packlen); + if ((r = sshpkt_disconnect(nstate, "Packet corrupt")) != 0) + return r; + } + sshbuf_reset(nstate->incoming_packet); + } else if (nstate->packlen == 0) { + /* + * check if input size is less than the cipher block size, + * decrypt first block and extract length of incoming packet + */ + if (sshbuf_len(nstate->input) < block_size) + return 0; + sshbuf_reset(nstate->incoming_packet); + if ((r = sshbuf_reserve(nstate->incoming_packet, block_size, + &cp)) != 0) + goto out; + if ((r = cipher_crypt(&nstate->receive_context, + nstate->p_send.seqnr, cp, sshbuf_ptr(nstate->input), + block_size, 0, 0)) != 0) + goto out; + nstate->packlen = PEEK_U32(sshbuf_ptr(nstate->incoming_packet)); + if (nstate->packlen < 1 + 4 || + nstate->packlen > PACKET_MAX_SIZE) { +#ifdef PACKET_DEBUG + fprintf(stderr, "input: \n"); + sshbuf_dump(nstate->input, stderr); + fprintf(stderr, "incoming_packet: \n"); + sshbuf_dump(nstate->incoming_packet, stderr); +#endif + logit("Bad packet length %u.", nstate->packlen); + return ssh_packet_start_discard(nstate, enc, mac, + nstate->packlen, PACKET_MAX_SIZE); + } + if ((r = sshbuf_consume(nstate->input, block_size)) != 0) + goto out; + } + DBG(debug("input: packet len %u", nstate->packlen+4)); + + if (aadlen) { + /* only the payload is encrypted */ + need = nstate->packlen; + } else { + /* + * the payload size and the payload are encrypted, but we + * have a partial packet of block_size bytes + */ + need = 4 + nstate->packlen - block_size; + } + DBG(debug("partial packet: block %d, need %d, maclen %d, authlen %d," + " aadlen %d", block_size, need, maclen, authlen, aadlen)); + if (need % block_size != 0) { + logit("padding error: need %d block %d mod %d", + need, block_size, need % block_size); + return ssh_packet_start_discard(nstate, enc, mac, + nstate->packlen, PACKET_MAX_SIZE - block_size); + } + /* + * check if the entire packet has been received and + * decrypt into incoming_packet: + * 'aadlen' bytes are unencrypted, but authenticated. + * 'need' bytes are encrypted, followed by either + * 'authlen' bytes of authentication tag or + * 'maclen' bytes of message authentication code. + */ + if (sshbuf_len(nstate->input) < aadlen + need + authlen + maclen) + return 0; +#ifdef PACKET_DEBUG + fprintf(stderr, "read_poll enc/full: "); + sshbuf_dump(nstate->input, stderr); +#endif + /* EtM: compute mac over encrypted input */ + if (mac && mac->enabled && mac->etm) { + if ((r = mac_compute(mac, nstate->p_read.seqnr, + sshbuf_ptr(nstate->input), aadlen + need, + macbuf, sizeof(macbuf))) != 0) + goto out; + } + if ((r = sshbuf_reserve(nstate->incoming_packet, aadlen + need, + &cp)) != 0) + goto out; + if ((r = cipher_crypt(&nstate->receive_context, nstate->p_read.seqnr, cp, + sshbuf_ptr(nstate->input), need, aadlen, authlen)) != 0) + goto out; + if ((r = sshbuf_consume(nstate->input, aadlen + need + authlen)) != 0) + goto out; + /* + * compute MAC over seqnr and packet, + * increment sequence number for incoming packet + */ + if (mac && mac->enabled) { + if (!mac->etm) + if ((r = mac_compute(mac, nstate->p_read.seqnr, + sshbuf_ptr(nstate->incoming_packet), + sshbuf_len(nstate->incoming_packet), + macbuf, sizeof(macbuf))) != 0) + goto out; + if (timingsafe_bcmp(macbuf, sshbuf_ptr(nstate->input), + mac->mac_len) != 0) { + logit("Corrupted MAC on input."); + if (need > PACKET_MAX_SIZE) + return SSH_ERR_INTERNAL_ERROR; + return ssh_packet_start_discard(nstate, enc, mac, + nstate->packlen, PACKET_MAX_SIZE - need); + } + + DBG(debug("MAC #%d ok", nstate->p_read.seqnr)); + if ((r = sshbuf_consume(nstate->input, mac->mac_len)) != 0) + goto out; + } + if (seqnr_p != NULL) + *seqnr_p = nstate->p_read.seqnr; + if (++nstate->p_read.seqnr == 0) + logit("incoming seqnr wraps around"); + if (++nstate->p_read.packets == 0) + if (!(nstate->compat & SSH_BUG_NOREKEY)) + return SSH_ERR_NEED_REKEY; + nstate->p_read.blocks += (nstate->packlen + 4) / block_size; + nstate->p_read.bytes += nstate->packlen + 4; + + /* get padlen */ + padlen = sshbuf_ptr(nstate->incoming_packet)[4]; + DBG(debug("input: padlen %d", padlen)); + if (padlen < 4) { + if ((r = sshpkt_disconnect(nstate, + "Corrupted padlen %d on input.", padlen)) != 0 || + (r = ssh_packet_write_wait(nstate)) != 0) + return r; + return SSH_ERR_CONN_CORRUPT; + } + + /* skip packet size + padlen, discard padding */ + if ((r = sshbuf_consume(nstate->incoming_packet, 4 + 1)) != 0 || + ((r = sshbuf_consume_end(nstate->incoming_packet, padlen)) != 0)) + goto out; + + DBG(debug("input: len before de-compress %zd", + sshbuf_len(nstate->incoming_packet))); + +#if 0 + if (comp && comp->enabled) { + sshbuf_reset(nstate->compression_buffer); + if ((r = uncompress_buffer(ssh, nstate->incoming_packet, + nstate->compression_buffer)) != 0) + goto out; + sshbuf_reset(nstate->incoming_packet); + if ((r = sshbuf_putb(nstate->incoming_packet, + nstate->compression_buffer)) != 0) + goto out; + DBG(debug("input: len after de-compress %zd", + sshbuf_len(nstate->incoming_packet))); + } +#endif + /* + * get packet type, implies consume. + * return length of payload (without type field) + */ + if ((r = sshbuf_get_u8(nstate->incoming_packet, typep)) != 0) + goto out; + if (*typep < SSH2_MSG_MIN || *typep >= SSH2_MSG_LOCAL_MIN) { + if ((r = sshpkt_disconnect(nstate, + "Invalid ssh2 packet type: %d", *typep)) != 0 || + (r = ssh_packet_write_wait(nstate)) != 0) + return r; + return SSH_ERR_PROTOCOL_ERROR; + } + if (*typep == SSH2_MSG_NEWKEYS) { + r = ssh_set_newkeys(nstate, MODE_IN); + } +#if 0 + else if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !nstate->server_side) + r = ssh_packet_enable_delayed_compress(ssh); +#endif + else + r = 0; +#ifdef PACKET_DEBUG + fprintf(stderr, "read/plain[%d]:\r\n", *typep); + sshbuf_dump(nstate->incoming_packet, stderr); +#endif + /* reset for next packet */ + nstate->packlen = 0; + out: + return r; +} + +int +ssh_packet_read_poll_seqnr(ncrack_ssh_state *nstate, u_char *typep, u_int32_t *seqnr_p) +{ +// struct session_state *state = ssh->state; + u_int reason, seqnr; + int r; + u_char *msg; + + for (;;) { + msg = NULL; + if (nstate->compat20) { + r = ssh_packet_read_poll2(nstate, typep, seqnr_p); + if (r != 0) + return r; + if (*typep) { + nstate->keep_alive_timeouts = 0; + DBG(debug("received packet type %d", *typep)); + } + switch (*typep) { + case SSH2_MSG_IGNORE: + debug3("Received SSH2_MSG_IGNORE"); + break; + case SSH2_MSG_DEBUG: + if ((r = sshpkt_get_u8(nstate, NULL)) != 0 || + (r = sshpkt_get_string(nstate, &msg, NULL)) != 0 || + (r = sshpkt_get_string(nstate, NULL, NULL)) != 0) { + if (msg) + free(msg); + return r; + } + debug("Remote: %.900s", msg); + free(msg); + break; + case SSH2_MSG_DISCONNECT: + if ((r = sshpkt_get_u32(nstate, &reason)) != 0 || + (r = sshpkt_get_string(nstate, &msg, NULL)) != 0) + return r; + /* Ignore normal client exit notifications */ +#if 0 + do_log2(ssh->state->server_side && + reason == SSH2_DISCONNECT_BY_APPLICATION ? + SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, + "Received disconnect from %s: %u: %.400s", + ssh_remote_ipaddr(ssh), reason, msg); +#endif + free(msg); + return SSH_ERR_DISCONNECTED; + case SSH2_MSG_UNIMPLEMENTED: + if ((r = sshpkt_get_u32(nstate, &seqnr)) != 0) + return r; + debug("Received SSH2_MSG_UNIMPLEMENTED for %u", + seqnr); + break; + default: + return 0; + } + } + else { + r = ssh_packet_read_poll1(nstate, typep); + switch (*typep) { + case SSH_MSG_NONE: + return SSH_MSG_NONE; + case SSH_MSG_IGNORE: + break; + case SSH_MSG_DEBUG: + if ((r = sshpkt_get_string(nstate, &msg, NULL)) != 0) + return r; + debug("Remote: %.900s", msg); + free(msg); + break; + case SSH_MSG_DISCONNECT: + if ((r = sshpkt_get_string(nstate, &msg, NULL)) != 0) + return r; + //ssh_error("Received disconnect from %s: %.400s", + // ssh_remote_ipaddr(ssh), msg); + free(msg); + return SSH_ERR_DISCONNECTED; + default: + DBG(debug("received packet type %d", *typep)); + return 0; + } + } + } +} + +/* + * Buffers the given amount of input characters. This is intended to be used + * together with packet_read_poll. + */ + +int +ssh_packet_process_incoming(ncrack_ssh_state *nstate, const char *buf, u_int len) +{ + //struct session_state *state = ssh->state; + int r; + + if (nstate->packet_discard) { + nstate->keep_alive_timeouts = 0; /* ?? */ + if (len >= nstate->packet_discard) { + if ((r = ssh_packet_stop_discard(nstate)) != 0) + return r; + } + nstate->packet_discard -= len; + return 0; + } + if ((r = sshbuf_put(nstate->input, buf, len)) != 0) + return r; + + return 0; +} + +int +ssh_packet_remaining(ncrack_ssh_state *nstate) +{ + return sshbuf_len(nstate->incoming_packet); +} + + +#if 0 +/* + * Sends a diagnostic message from the server to the client. This message + * can be sent at any time (but not while constructing another message). The + * message is printed immediately, but only if the client is being executed + * in verbose mode. These messages are primarily intended to ease debugging + * authentication problems. The length of the formatted message must not + * exceed 1024 bytes. This will automatically call ssh_packet_write_wait. + */ +void +ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) +{ + char buf[1024]; + va_list args; + int r; + + if (compat20 && (ssh->compat & SSH_BUG_DEBUG)) + return; + + va_start(args, fmt); + vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + + if (compat20) { + if ((r = sshpkt_start(ssh, SSH2_MSG_DEBUG)) != 0 || + (r = sshpkt_put_u8(ssh, 0)) != 0 || /* always display */ + (r = sshpkt_put_cstring(ssh, buf)) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + } else { + if ((r = sshpkt_start(ssh, SSH_MSG_DEBUG)) != 0 || + (r = sshpkt_put_cstring(ssh, buf)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + } + if ((r = ssh_packet_write_wait(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); +} +#endif + +/* + * Pretty-print connection-terminating errors and exit. + */ +void +sshpkt_fatal(struct ssh *ssh, const char *tag, int r) +{ + switch (r) { + case SSH_ERR_CONN_CLOSED: + logit("Connection closed by %.200s", ssh_remote_ipaddr(ssh)); + cleanup_exit(255); + case SSH_ERR_CONN_TIMEOUT: + logit("Connection to %.200s timed out", ssh_remote_ipaddr(ssh)); + cleanup_exit(255); + case SSH_ERR_DISCONNECTED: + logit("Disconnected from %.200s", + ssh_remote_ipaddr(ssh)); + cleanup_exit(255); + case SSH_ERR_SYSTEM_ERROR: + if (errno == ECONNRESET) { + logit("Connection reset by %.200s", + ssh_remote_ipaddr(ssh)); + cleanup_exit(255); + } + /* FALLTHROUGH */ + case SSH_ERR_NO_CIPHER_ALG_MATCH: + case SSH_ERR_NO_MAC_ALG_MATCH: + case SSH_ERR_NO_COMPRESS_ALG_MATCH: + case SSH_ERR_NO_KEX_ALG_MATCH: + case SSH_ERR_NO_HOSTKEY_ALG_MATCH: + if (ssh && ssh->kex && ssh->kex->failed_choice) { + fatal("Unable to negotiate with %.200s: %s. " + "Their offer: %s", ssh_remote_ipaddr(ssh), + ssh_err(r), ssh->kex->failed_choice); + } + /* FALLTHROUGH */ + default: + fatal("%s%sConnection to %.200s: %s", + tag != NULL ? tag : "", tag != NULL ? ": " : "", + ssh_remote_ipaddr(ssh), ssh_err(r)); + } +} + +#if 0 +/* + * Logs the error plus constructs and sends a disconnect packet, closes the + * connection, and exits. This function never returns. The error message + * should not contain a newline. The length of the formatted message must + * not exceed 1024 bytes. + */ +void +ssh_packet_disconnect(ssh *ssh, const char *fmt,...) +{ + char buf[1024]; + va_list args; + static int disconnecting = 0; + int r; + + if (disconnecting) /* Guard against recursive invocations. */ + fatal("packet_disconnect called recursively."); + disconnecting = 1; + + /* + * Format the message. Note that the caller must make sure the + * message is of limited size. + */ + va_start(args, fmt); + vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + + /* Display the error locally */ + logit("Disconnecting: %.100s", buf); + + /* + * Send the disconnect message to the other side, and wait + * for it to get sent. + */ + if ((r = sshpkt_disconnect(ssh, "%s", buf)) != 0) + sshpkt_fatal(ssh, __func__, r); + + if ((r = ssh_packet_write_wait(ssh)) != 0) + sshpkt_fatal(ssh, __func__, r); + + /* Close the connection. */ + ssh_packet_close(ssh); + cleanup_exit(255); +} +#endif + +/* + * Checks if there is any buffered output, and tries to write some of + * the output. + */ +int +ssh_packet_write_poll(ncrack_ssh_state *nstate) +{ + //struct session_state *state = ssh->state; + int len = sshbuf_len(nstate->output); + int cont, r; + + if (len > 0) { + cont = 0; + //len = roaming_write(state->connection_out, sshbuf_ptr(state->output), len, &cont); + if (len == -1) { + if (errno == EINTR || errno == EAGAIN || + errno == EWOULDBLOCK) + return 0; + return SSH_ERR_SYSTEM_ERROR; + } + if (len == 0 && !cont) + return SSH_ERR_CONN_CLOSED; + if ((r = sshbuf_consume(nstate->output, len)) != 0) + return r; + } + return 0; +} + +/* + * Calls packet_write_poll repeatedly until all pending output data has been + * written. + */ +int +ssh_packet_write_wait(ncrack_ssh_state *nstate) +{ + //fd_set *setp; + //int ret, r, ms_remain = 0; + //struct timeval start, timeout, *timeoutp = NULL; + //struct session_state *state = ssh->state; + + //setp = calloc(howmany(state->connection_out + 1, + // NFDBITS), sizeof(fd_mask)); + //if (setp == NULL) + // return SSH_ERR_ALLOC_FAIL; + ssh_packet_write_poll(nstate); + +#if 0 + while (ssh_packet_have_data_to_write(nstate)) { + memset(setp, 0, howmany(nstate->connection_out + 1, + NFDBITS) * sizeof(fd_mask)); + FD_SET(nstate->connection_out, setp); + + if (nstate->packet_timeout_ms > 0) { + ms_remain = nstate->packet_timeout_ms; + timeoutp = &timeout; + } + for (;;) { + if (nstate->packet_timeout_ms != -1) { + ms_to_timeval(&timeout, ms_remain); + gettimeofday(&start, NULL); + } + if ((ret = select(state->connection_out + 1, + NULL, setp, NULL, timeoutp)) >= 0) + break; + if (errno != EAGAIN && errno != EINTR && + errno != EWOULDBLOCK) + break; + if (state->packet_timeout_ms == -1) + continue; + ms_subtract_diff(&start, &ms_remain); + if (ms_remain <= 0) { + ret = 0; + break; + } + } + if (ret == 0) { + free(setp); + return SSH_ERR_CONN_TIMEOUT; + } + if ((r = ssh_packet_write_poll(nstate)) != 0) { + free(setp); + return r; + } + } + free(setp); +#endif + return 0; +} + +/* Returns true if there is buffered data to write to the connection. */ + +int +ssh_packet_have_data_to_write(struct ssh *ssh) +{ + return sshbuf_len(ssh->state->output) != 0; +} + +/* Returns true if there is not too much data to write to the connection. */ + +int +ssh_packet_not_very_much_data_to_write(struct ssh *ssh) +{ + if (ssh->state->interactive_mode) + return sshbuf_len(ssh->state->output) < 16384; + else + return sshbuf_len(ssh->state->output) < 128 * 1024; +} + +void +ssh_packet_set_tos(struct ssh *ssh, int tos) +{ +#ifndef IP_TOS_IS_BROKEN + if (!ssh_packet_connection_is_on_socket(ssh)) + return; + switch (ssh_packet_connection_af(ssh)) { +# ifdef IP_TOS + case AF_INET: + debug3("%s: set IP_TOS 0x%02x", __func__, tos); + if (setsockopt(ssh->state->connection_in, + IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0) + ssh_error("setsockopt IP_TOS %d: %.100s:", + tos, strerror(errno)); + break; +# endif /* IP_TOS */ +# ifdef IPV6_TCLASS + case AF_INET6: + debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos); + if (setsockopt(ssh->state->connection_in, + IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) < 0) + ssh_error("setsockopt IPV6_TCLASS %d: %.100s:", + tos, strerror(errno)); + break; +# endif /* IPV6_TCLASS */ + } +#endif /* IP_TOS_IS_BROKEN */ +} + +/* Informs that the current session is interactive. Sets IP flags for that. */ + +void +ssh_packet_set_interactive(struct ssh *ssh, int interactive, int qos_interactive, int qos_bulk) +{ + struct session_state *state = ssh->state; + + if (state->set_interactive_called) + return; + state->set_interactive_called = 1; + + /* Record that we are in interactive mode. */ + state->interactive_mode = interactive; + + /* Only set socket options if using a socket. */ + if (!ssh_packet_connection_is_on_socket(ssh)) + return; + set_nodelay(state->connection_in); + ssh_packet_set_tos(ssh, interactive ? qos_interactive : + qos_bulk); +} + +/* Returns true if the current connection is interactive. */ + +int +ssh_packet_is_interactive(struct ssh *ssh) +{ + return ssh->state->interactive_mode; +} + +int +ssh_packet_set_maxsize(struct ssh *ssh, u_int s) +{ + struct session_state *state = ssh->state; + + if (state->set_maxsize_called) { + logit("packet_set_maxsize: called twice: old %d new %d", + state->max_packet_size, s); + return -1; + } + if (s < 4 * 1024 || s > 1024 * 1024) { + logit("packet_set_maxsize: bad size %d", s); + return -1; + } + state->set_maxsize_called = 1; + debug("packet_set_maxsize: setting to %d", s); + state->max_packet_size = s; + return s; +} + +int +ssh_packet_inc_alive_timeouts(struct ssh *ssh) +{ + return ++ssh->state->keep_alive_timeouts; +} + +void +ssh_packet_set_alive_timeouts(struct ssh *ssh, int ka) +{ + ssh->state->keep_alive_timeouts = ka; +} + +u_int +ssh_packet_get_maxsize(struct ssh *ssh) +{ + return ssh->state->max_packet_size; +} + +#if 0 +/* + * 9.2. Ignored Data Message + * + * byte SSH_MSG_IGNORE + * string data + * + * All implementations MUST understand (and ignore) this message at any + * time (after receiving the protocol version). No implementation is + * required to send them. This message can be used as an additional + * protection measure against advanced traffic analysis techniques. + */ +void +ssh_packet_send_ignore(struct ssh *ssh, int nbytes) +{ + u_int32_t rnd = 0; + int r, i; + + if ((r = sshpkt_start(ssh, compat20 ? + SSH2_MSG_IGNORE : SSH_MSG_IGNORE)) != 0 || + (r = sshpkt_put_u32(ssh, nbytes)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + for (i = 0; i < nbytes; i++) { + if (i % 4 == 0) + rnd = arc4random(); + if ((r = sshpkt_put_u8(ssh, (u_char)rnd & 0xff)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + rnd >>= 8; + } +} +#endif + +#define MAX_PACKETS (1U<<31) +int +ssh_packet_need_rekeying(ncrack_ssh_state *nstate) +{ + //struct session_state *state = ssh->state; + + if (nstate->compat & SSH_BUG_NOREKEY) + return 0; + return + (nstate->p_send.packets > MAX_PACKETS) || + (nstate->p_read.packets > MAX_PACKETS) || + (nstate->max_blocks_out && + (nstate->p_send.blocks > nstate->max_blocks_out)) || + (nstate->max_blocks_in && + (nstate->p_read.blocks > nstate->max_blocks_in)) || + (nstate->rekey_interval != 0 && nstate->rekey_time + + nstate->rekey_interval <= monotime()); +} + +void +ssh_packet_set_rekey_limits(struct ssh *ssh, u_int32_t bytes, time_t seconds) +{ + debug3("rekey after %lld bytes, %d seconds", (long long)bytes, + (int)seconds); + ssh->state->rekey_limit = bytes; + ssh->state->rekey_interval = seconds; +} + +time_t +ssh_packet_get_rekey_timeout(struct ssh *ssh) +{ + time_t seconds; + + seconds = ssh->state->rekey_time + ssh->state->rekey_interval - + monotime(); + return (seconds <= 0 ? 1 : seconds); +} + +void +ssh_packet_set_server(struct ssh *ssh) +{ + ssh->state->server_side = 1; +} + +void +ssh_packet_set_authenticated(struct ssh *ssh) +{ + ssh->state->after_authentication = 1; +} + +void * +ssh_packet_get_input(struct ssh *ssh) +{ + return (void *)ssh->state->input; +} + +void * +ssh_packet_get_output(struct ssh *ssh) +{ + return (void *)ssh->state->output; +} + +#if 0 +/* XXX TODO update roaming to new API (does not work anyway) */ +/* + * Save the state for the real connection, and use a separate state when + * resuming a suspended connection. + */ +void +ssh_packet_backup_state(struct ssh *ssh, + struct ssh *backup_state) +{ + struct ssh *tmp; + + close(ssh->state->connection_in); + ssh->state->connection_in = -1; + close(ssh->state->connection_out); + ssh->state->connection_out = -1; + if (backup_state) + tmp = backup_state; + else + tmp = ssh_alloc_session_state(); + backup_state = ssh; + ssh = tmp; +} + +/* XXX FIXME FIXME FIXME */ +/* + * Swap in the old state when resuming a connecion. + */ +void +ssh_packet_restore_state(struct ssh *ssh, + struct ssh *backup_state) +{ + struct ssh *tmp; + u_int len; + int r; + + tmp = backup_state; + backup_state = ssh; + ssh = tmp; + ssh->state->connection_in = backup_state->state->connection_in; + backup_state->state->connection_in = -1; + ssh->state->connection_out = backup_state->state->connection_out; + backup_state->state->connection_out = -1; + len = sshbuf_len(backup_state->state->input); + if (len > 0) { + if ((r = sshbuf_putb(ssh->state->input, + backup_state->state->input)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + sshbuf_reset(backup_state->state->input); + add_recv_bytes(len); + } +} + +/* Reset after_authentication and reset compression in post-auth privsep */ +static int +ssh_packet_set_postauth(struct ssh *ssh) +{ + struct sshcomp *comp; + int r, mode; + + debug("%s: called", __func__); + /* This was set in net child, but is not visible in user child */ + ssh->state->after_authentication = 1; + ssh->state->rekeying = 0; + for (mode = 0; mode < MODE_MAX; mode++) { + if (ssh->state->newkeys[mode] == NULL) + continue; + comp = &ssh->state->newkeys[mode]->comp; + if (comp && comp->enabled && + (r = ssh_packet_init_compression(ssh)) != 0) + return r; + } + return 0; +} + +/* Packet state (de-)serialization for privsep */ + +/* turn kex into a blob for packet state serialization */ +static int +kex_to_blob(struct sshbuf *m, struct kex *kex) +{ + int r; + + if ((r = sshbuf_put_string(m, kex->session_id, + kex->session_id_len)) != 0 || + (r = sshbuf_put_u32(m, kex->we_need)) != 0 || + (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 || + (r = sshbuf_put_u32(m, kex->kex_type)) != 0 || + (r = sshbuf_put_stringb(m, kex->my)) != 0 || + (r = sshbuf_put_stringb(m, kex->peer)) != 0 || + (r = sshbuf_put_u32(m, kex->flags)) != 0 || + (r = sshbuf_put_cstring(m, kex->client_version_string)) != 0 || + (r = sshbuf_put_cstring(m, kex->server_version_string)) != 0) + return r; + return 0; +} + +/* turn key exchange results into a blob for packet state serialization */ +static int +newkeys_to_blob(struct sshbuf *m, struct ssh *ssh, int mode) +{ + struct sshbuf *b; + struct sshcipher_ctx *cc; + struct sshcomp *comp; + struct sshenc *enc; + struct sshmac *mac; + struct newkeys *newkey; + int r; + + if ((newkey = ssh->state->newkeys[mode]) == NULL) + return SSH_ERR_INTERNAL_ERROR; + enc = &newkey->enc; + mac = &newkey->mac; + comp = &newkey->comp; + cc = (mode == MODE_OUT) ? &ssh->state->send_context : + &ssh->state->receive_context; + if ((r = cipher_get_keyiv(cc, enc->iv, enc->iv_len)) != 0) + return r; + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + /* The cipher struct is constant and shared, you export pointer */ + if ((r = sshbuf_put_cstring(b, enc->name)) != 0 || + (r = sshbuf_put(b, &enc->cipher, sizeof(enc->cipher))) != 0 || + (r = sshbuf_put_u32(b, enc->enabled)) != 0 || + (r = sshbuf_put_u32(b, enc->block_size)) != 0 || + (r = sshbuf_put_string(b, enc->key, enc->key_len)) != 0 || + (r = sshbuf_put_string(b, enc->iv, enc->iv_len)) != 0) + goto out; + if (cipher_authlen(enc->cipher) == 0) { + if ((r = sshbuf_put_cstring(b, mac->name)) != 0 || + (r = sshbuf_put_u32(b, mac->enabled)) != 0 || + (r = sshbuf_put_string(b, mac->key, mac->key_len)) != 0) + goto out; + } + if ((r = sshbuf_put_u32(b, comp->type)) != 0 || + (r = sshbuf_put_u32(b, comp->enabled)) != 0 || + (r = sshbuf_put_cstring(b, comp->name)) != 0) + goto out; + r = sshbuf_put_stringb(m, b); + out: + if (b != NULL) + sshbuf_free(b); + return r; +} + +/* serialize packet state into a blob */ +int +ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) +{ + struct session_state *state = ssh->state; + u_char *p; + size_t slen, rlen; + int r, ssh1cipher; + + if (!compat20) { + ssh1cipher = cipher_get_number(state->receive_context.cipher); + slen = cipher_get_keyiv_len(&state->send_context); + rlen = cipher_get_keyiv_len(&state->receive_context); + if ((r = sshbuf_put_u32(m, state->remote_protocol_flags)) != 0 || + (r = sshbuf_put_u32(m, ssh1cipher)) != 0 || + (r = sshbuf_put_string(m, state->ssh1_key, state->ssh1_keylen)) != 0 || + (r = sshbuf_put_u32(m, slen)) != 0 || + (r = sshbuf_reserve(m, slen, &p)) != 0 || + (r = cipher_get_keyiv(&state->send_context, p, slen)) != 0 || + (r = sshbuf_put_u32(m, rlen)) != 0 || + (r = sshbuf_reserve(m, rlen, &p)) != 0 || + (r = cipher_get_keyiv(&state->receive_context, p, rlen)) != 0) + return r; + } else { + if ((r = kex_to_blob(m, ssh->kex)) != 0 || + (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || + (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || + (r = sshbuf_put_u32(m, state->rekey_limit)) != 0 || + (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 || + (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || + (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || + (r = sshbuf_put_u32(m, state->p_send.packets)) != 0 || + (r = sshbuf_put_u64(m, state->p_send.bytes)) != 0 || + (r = sshbuf_put_u32(m, state->p_read.seqnr)) != 0 || + (r = sshbuf_put_u64(m, state->p_read.blocks)) != 0 || + (r = sshbuf_put_u32(m, state->p_read.packets)) != 0 || + (r = sshbuf_put_u64(m, state->p_read.bytes)) != 0) + return r; + } + + slen = cipher_get_keycontext(&state->send_context, NULL); + rlen = cipher_get_keycontext(&state->receive_context, NULL); + if ((r = sshbuf_put_u32(m, slen)) != 0 || + (r = sshbuf_reserve(m, slen, &p)) != 0) + return r; + if (cipher_get_keycontext(&state->send_context, p) != (int)slen) + return SSH_ERR_INTERNAL_ERROR; + if ((r = sshbuf_put_u32(m, rlen)) != 0 || + (r = sshbuf_reserve(m, rlen, &p)) != 0) + return r; + if (cipher_get_keycontext(&state->receive_context, p) != (int)rlen) + return SSH_ERR_INTERNAL_ERROR; + + if ((r = ssh_packet_get_compress_state(m, ssh)) != 0 || + (r = sshbuf_put_stringb(m, state->input)) != 0 || + (r = sshbuf_put_stringb(m, state->output)) != 0) + return r; + + if (compat20) { + if ((r = sshbuf_put_u64(m, get_sent_bytes())) != 0 || + (r = sshbuf_put_u64(m, get_recv_bytes())) != 0) + return r; + } + return 0; +} +#endif + +#if 0 +/* restore key exchange results from blob for packet state de-serialization */ +static int +newkeys_from_blob(struct sshbuf *m, struct ssh *ssh, int mode) +{ + struct sshbuf *b = NULL; + struct sshcomp *comp; + struct sshenc *enc; + struct sshmac *mac; + struct newkeys *newkey = NULL; + size_t keylen, ivlen, maclen; + int r; + + if ((newkey = calloc(1, sizeof(*newkey))) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_froms(m, &b)) != 0) + goto out; +#ifdef DEBUG_PK + sshbuf_dump(b, stderr); +#endif + enc = &newkey->enc; + mac = &newkey->mac; + comp = &newkey->comp; + + if ((r = sshbuf_get_cstring(b, &enc->name, NULL)) != 0 || + (r = sshbuf_get(b, &enc->cipher, sizeof(enc->cipher))) != 0 || + (r = sshbuf_get_u32(b, (u_int *)&enc->enabled)) != 0 || + (r = sshbuf_get_u32(b, &enc->block_size)) != 0 || + (r = sshbuf_get_string(b, &enc->key, &keylen)) != 0 || + (r = sshbuf_get_string(b, &enc->iv, &ivlen)) != 0) + goto out; + if (cipher_authlen(enc->cipher) == 0) { + if ((r = sshbuf_get_cstring(b, &mac->name, NULL)) != 0) + goto out; + if ((r = mac_setup(mac, mac->name)) != 0) + goto out; + if ((r = sshbuf_get_u32(b, (u_int *)&mac->enabled)) != 0 || + (r = sshbuf_get_string(b, &mac->key, &maclen)) != 0) + goto out; + if (maclen > mac->key_len) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + mac->key_len = maclen; + } + if ((r = sshbuf_get_u32(b, &comp->type)) != 0 || + (r = sshbuf_get_u32(b, (u_int *)&comp->enabled)) != 0 || + (r = sshbuf_get_cstring(b, &comp->name, NULL)) != 0) + goto out; + if (enc->name == NULL || + cipher_by_name(enc->name) != enc->cipher) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (sshbuf_len(b) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + enc->key_len = keylen; + enc->iv_len = ivlen; + ssh->kex->newkeys[mode] = newkey; + newkey = NULL; + r = 0; + out: + if (newkey != NULL) + free(newkey); + if (b != NULL) + sshbuf_free(b); + return r; +} + +/* restore kex from blob for packet state de-serialization */ +static int +kex_from_blob(struct sshbuf *m, struct kex **kexp) +{ + struct kex *kex; + int r; + + if ((kex = calloc(1, sizeof(struct kex))) == NULL || + (kex->my = sshbuf_new()) == NULL || + (kex->peer = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_get_string(m, &kex->session_id, &kex->session_id_len)) != 0 || + (r = sshbuf_get_u32(m, &kex->we_need)) != 0 || + (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 || + (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 || + (r = sshbuf_get_stringb(m, kex->my)) != 0 || + (r = sshbuf_get_stringb(m, kex->peer)) != 0 || + (r = sshbuf_get_u32(m, &kex->flags)) != 0 || + (r = sshbuf_get_cstring(m, &kex->client_version_string, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &kex->server_version_string, NULL)) != 0) + goto out; + kex->server = 1; + kex->done = 1; + r = 0; + out: + if (r != 0 || kexp == NULL) { + if (kex != NULL) { + if (kex->my != NULL) + sshbuf_free(kex->my); + if (kex->peer != NULL) + sshbuf_free(kex->peer); + free(kex); + } + if (kexp != NULL) + *kexp = NULL; + } else { + *kexp = kex; + } + return r; +} + +/* + * Restore packet state from content of blob 'm' (de-serialization). + * Note that 'm' will be partially consumed on parsing or any other errors. + */ +int +ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) +{ +#if 0 + struct session_state *state = ssh->state; + const u_char *ssh1key, *ivin, *ivout, *keyin, *keyout, *input, *output; + size_t ssh1keylen, rlen, slen, ilen, olen; + int r; + u_int ssh1cipher = 0; + u_int64_t sent_bytes = 0, recv_bytes = 0; + + if (!compat20) { + if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 || + (r = sshbuf_get_u32(m, &ssh1cipher)) != 0 || + (r = sshbuf_get_string_direct(m, &ssh1key, &ssh1keylen)) != 0 || + (r = sshbuf_get_string_direct(m, &ivout, &slen)) != 0 || + (r = sshbuf_get_string_direct(m, &ivin, &rlen)) != 0) + return r; + if (ssh1cipher > INT_MAX) + return SSH_ERR_KEY_UNKNOWN_CIPHER; + ssh_packet_set_encryption_key(ssh, ssh1key, ssh1keylen, + (int)ssh1cipher); + if (cipher_get_keyiv_len(&state->send_context) != (int)slen || + cipher_get_keyiv_len(&state->receive_context) != (int)rlen) + return SSH_ERR_INVALID_FORMAT; + if ((r = cipher_set_keyiv(&state->send_context, ivout)) != 0 || + (r = cipher_set_keyiv(&state->receive_context, ivin)) != 0) + return r; + } else { + if ((r = kex_from_blob(m, &ssh->kex)) != 0 || + (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || + (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || + (r = sshbuf_get_u32(m, &state->rekey_limit)) != 0 || + (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 || + (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || + (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || + (r = sshbuf_get_u32(m, &state->p_send.packets)) != 0 || + (r = sshbuf_get_u64(m, &state->p_send.bytes)) != 0 || + (r = sshbuf_get_u32(m, &state->p_read.seqnr)) != 0 || + (r = sshbuf_get_u64(m, &state->p_read.blocks)) != 0 || + (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 || + (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0) + return r; + /* + * We set the time here so that in post-auth privsep slave we + * count from the completion of the authentication. + */ + state->rekey_time = monotime(); + /* XXX ssh_set_newkeys overrides p_read.packets? XXX */ + if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || + (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) + return r; + } + if ((r = sshbuf_get_string_direct(m, &keyout, &slen)) != 0 || + (r = sshbuf_get_string_direct(m, &keyin, &rlen)) != 0) + return r; + if (cipher_get_keycontext(&state->send_context, NULL) != (int)slen || + cipher_get_keycontext(&state->receive_context, NULL) != (int)rlen) + return SSH_ERR_INVALID_FORMAT; + cipher_set_keycontext(&state->send_context, keyout); + cipher_set_keycontext(&state->receive_context, keyin); + + if ((r = ssh_packet_set_compress_state(ssh, m)) != 0 || + (r = ssh_packet_set_postauth(ssh)) != 0) + return r; + + sshbuf_reset(state->input); + sshbuf_reset(state->output); + if ((r = sshbuf_get_string_direct(m, &input, &ilen)) != 0 || + (r = sshbuf_get_string_direct(m, &output, &olen)) != 0 || + (r = sshbuf_put(state->input, input, ilen)) != 0 || + (r = sshbuf_put(state->output, output, olen)) != 0) + return r; + + if (compat20) { + if ((r = sshbuf_get_u64(m, &sent_bytes)) != 0 || + (r = sshbuf_get_u64(m, &recv_bytes)) != 0) + return r; + roam_set_bytes(sent_bytes, recv_bytes); + } + if (sshbuf_len(m)) + return SSH_ERR_INVALID_FORMAT; + debug3("%s: done", __func__); + return 0; +#endif +} +#endif + +/* NEW API */ + +/* put data to the outgoing packet */ + +int +sshpkt_put(ncrack_ssh_state *nstate, const void *v, size_t len) +{ + return sshbuf_put(nstate->outgoing_packet, v, len); +} + + +int +sshpkt_putb(ncrack_ssh_state *nstate, const struct sshbuf *b) +{ + return sshbuf_putb(nstate->outgoing_packet, b); +} + + +int +sshpkt_put_u8(ncrack_ssh_state *nstate, u_char val) +{ + return sshbuf_put_u8(nstate->outgoing_packet, val); +} + +int +sshpkt_put_u32(ncrack_ssh_state *nstate, u_int32_t val) +{ + return sshbuf_put_u32(nstate->outgoing_packet, val); +} + +int +sshpkt_put_u64(ncrack_ssh_state *nstate, u_int64_t val) +{ + return sshbuf_put_u64(nstate->outgoing_packet, val); +} + +int +sshpkt_put_string(ncrack_ssh_state *nstate, const void *v, size_t len) +{ + return sshbuf_put_string(nstate->outgoing_packet, v, len); +} + +int +sshpkt_put_cstring(ncrack_ssh_state *nstate, const void *v) +{ + return sshbuf_put_cstring(nstate->outgoing_packet, v); +} + +int +sshpkt_put_stringb(ncrack_ssh_state *nstate, const struct sshbuf *v) +{ + return sshbuf_put_stringb(nstate->outgoing_packet, v); +} + +#ifdef WITH_OPENSSL +#ifdef OPENSSL_HAS_ECC +int +sshpkt_put_ec(ncrack_ssh_state *nstate, const EC_POINT *v, const EC_GROUP *g) +{ + return sshbuf_put_ec(nstate->outgoing_packet, v, g); +} +#endif /* OPENSSL_HAS_ECC */ + +#ifdef WITH_SSH1 +int +sshpkt_put_bignum1(ncrack_ssh_state *nstate, const BIGNUM *v) +{ + return sshbuf_put_bignum1(nstate->outgoing_packet, v); +} +#endif /* WITH_SSH1 */ + +int +sshpkt_put_bignum2(ncrack_ssh_state *nstate, const BIGNUM *v) +{ + return sshbuf_put_bignum2(nstate->outgoing_packet, v); +} +#endif /* WITH_OPENSSL */ + +/* fetch data from the incoming packet */ + +int +sshpkt_get(ncrack_ssh_state *nstate, void *valp, size_t len) +{ + return sshbuf_get(nstate->incoming_packet, valp, len); +} + +int +sshpkt_get_u8(ncrack_ssh_state *nstate, u_char *valp) +{ + return sshbuf_get_u8(nstate->incoming_packet, valp); +} + +int +sshpkt_get_u32(ncrack_ssh_state *nstate, u_int32_t *valp) +{ + return sshbuf_get_u32(nstate->incoming_packet, valp); +} + +int +sshpkt_get_u64(ncrack_ssh_state *nstate, u_int64_t *valp) +{ + return sshbuf_get_u64(nstate->incoming_packet, valp); +} + +int +sshpkt_get_string(ncrack_ssh_state *nstate, u_char **valp, size_t *lenp) +{ + return sshbuf_get_string(nstate->incoming_packet, valp, lenp); +} + +int +sshpkt_get_string_direct(ncrack_ssh_state *nstate, const u_char **valp, size_t *lenp) +{ + return sshbuf_get_string_direct(nstate->incoming_packet, valp, lenp); +} + +int +sshpkt_get_cstring(ncrack_ssh_state *nstate, char **valp, size_t *lenp) +{ + return sshbuf_get_cstring(nstate->incoming_packet, valp, lenp); +} + +#ifdef WITH_OPENSSL +#ifdef OPENSSL_HAS_ECC +int +sshpkt_get_ec(ncrack_ssh_state *nstate, EC_POINT *v, const EC_GROUP *g) +{ + return sshbuf_get_ec(nstate->incoming_packet, v, g); +} +#endif /* OPENSSL_HAS_ECC */ + +#ifdef WITH_SSH1 +int +sshpkt_get_bignum1(ncrack_ssh_state *nstate, BIGNUM *v) +{ + return sshbuf_get_bignum1(nstate->incoming_packet, v); +} +#endif /* WITH_SSH1 */ + +int +sshpkt_get_bignum2(ncrack_ssh_state *nstate, BIGNUM *v) +{ + return sshbuf_get_bignum2(nstate->incoming_packet, v); +} +#endif /* WITH_OPENSSL */ + +int +sshpkt_get_end(ncrack_ssh_state *nstate) +{ + if (sshbuf_len(nstate->incoming_packet) > 0) + return SSH_ERR_UNEXPECTED_TRAILING_DATA; + return 0; +} + +const u_char * +sshpkt_ptr(ncrack_ssh_state *nstate, size_t *lenp) +{ + if (lenp != NULL) + *lenp = sshbuf_len(nstate->incoming_packet); + return sshbuf_ptr(nstate->incoming_packet); +} + + + +/* start a new packet */ + +int +sshpkt_start(ncrack_ssh_state *nstate, u_char type) +{ + u_char buf[9]; + int len; + + + // NCRACK: INITIALIZE COMPAT20 HERE FOR NOW + nstate->compat20 = 1; + nstate->packet_length = 0; + nstate->packlen = 0; + + + DBG(debug("packet_start[%d]", type)); + len = nstate->compat20 ? 6 : 9; + memset(buf, 0, len - 1); + buf[len - 1] = type; + sshbuf_reset(nstate->outgoing_packet); + return sshbuf_put(nstate->outgoing_packet, buf, len); +} + + +/* send it */ + +int +sshpkt_send(ncrack_ssh_state *nstate) +{ + if (nstate->compat20) + return ssh_packet_send2(nstate); + else + return ssh_packet_send1(nstate); +} + +int +sshpkt_disconnect(ncrack_ssh_state *nstate, const char *fmt,...) +{ + char buf[1024]; + va_list args; + int r; + + va_start(args, fmt); + vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + + if (compat20) { + if ((r = sshpkt_start(nstate, SSH2_MSG_DISCONNECT)) != 0 || + (r = sshpkt_put_u32(nstate, SSH2_DISCONNECT_PROTOCOL_ERROR)) != 0 || + (r = sshpkt_put_cstring(nstate, buf)) != 0 || + (r = sshpkt_put_cstring(nstate, "")) != 0 || + (r = sshpkt_send(nstate)) != 0) + return r; + } else { + if ((r = sshpkt_start(nstate, SSH_MSG_DISCONNECT)) != 0 || + (r = sshpkt_put_cstring(nstate, buf)) != 0 || + (r = sshpkt_send(nstate)) != 0) + return r; + } + return 0; +} + +/* roundup current message to pad bytes */ +int +sshpkt_add_padding(ncrack_ssh_state *nstate, u_char pad) +{ + nstate->extra_pad = pad; + return 0; +} + + diff --git a/include/DomainExec/opensshlib/packet.h b/include/DomainExec/opensshlib/packet.h new file mode 100644 index 00000000..f52b682e --- /dev/null +++ b/include/DomainExec/opensshlib/packet.h @@ -0,0 +1,244 @@ +/* $OpenBSD: packet.h,v 1.66 2015/01/30 01:13:33 djm Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * Interface for the packet protocol functions. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#ifndef PACKET_H +#define PACKET_H + +#ifdef WIN32 +#include "winfixssh.h" +#endif + +#include "opensshlib.h" + +#ifndef WIN32 +#include +#endif + +#ifdef WITH_OPENSSL +# include +# ifdef OPENSSL_HAS_ECC +# include +# else /* OPENSSL_HAS_ECC */ +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +# endif /* OPENSSL_HAS_ECC */ +#else /* WITH_OPENSSL */ +# define BIGNUM void +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +#endif /* WITH_OPENSSL */ + +#ifndef WIN32 +#include +#endif +#include "sys-queue.h" + + +#ifdef __cplusplus +extern "C" { +#endif + +struct kex; +struct sshkey; +struct sshbuf; +struct session_state; /* private session data */ + +#include "dispatch.h" /* typedef, DISPATCH_MAX */ + +struct key_entry { + TAILQ_ENTRY(key_entry) next; + struct sshkey *key; +}; + +struct ssh { + /* Session state */ + struct session_state *state; + + /* Key exchange */ + struct kex *kex; + + /* cached remote ip address and port*/ + char *remote_ipaddr; + int remote_port; + + /* Dispatcher table */ +// dispatch_fn *dispatch[DISPATCH_MAX]; + /* number of packets to ignore in the dispatcher */ + int dispatch_skip_packets; + + /* datafellows */ + int compat; + + /* Lists for private and public keys */ + TAILQ_HEAD(, key_entry) private_keys; + TAILQ_HEAD(, key_entry) public_keys; + + /* APP data */ + void *app_data; +}; + +struct ssh *ssh_alloc_session_state(void); + +//struct ssh *ssh_packet_set_connection(struct ssh *, int, int); +int ssh_packet_set_connection(ncrack_ssh_state *nstate); + + +void ssh_packet_set_timeout(struct ssh *, int, int); +int ssh_packet_stop_discard(ncrack_ssh_state *); +int ssh_packet_connection_af(struct ssh *); +void ssh_packet_set_nonblocking(struct ssh *); +int ssh_packet_get_connection_in(struct ssh *); +int ssh_packet_get_connection_out(struct ssh *); +void ssh_packet_close(struct ssh *); +void ssh_packet_set_encryption_key(struct ssh *, const u_char *, u_int, int); +void ssh_packet_set_protocol_flags(struct ssh *, u_int); +u_int ssh_packet_get_protocol_flags(struct ssh *); +int ssh_packet_start_compression(struct ssh *, int); +void ssh_packet_set_tos(struct ssh *, int); +void ssh_packet_set_interactive(struct ssh *, int, int, int); +int ssh_packet_is_interactive(struct ssh *); +void ssh_packet_set_server(struct ssh *); +void ssh_packet_set_authenticated(struct ssh *); + +int ssh_packet_send1(ncrack_ssh_state *); +int ssh_packet_send2_wrapped(ncrack_ssh_state *); +int ssh_packet_send2(ncrack_ssh_state *); + +int ssh_packet_read(struct ssh *); +int ssh_packet_read_expect(struct ssh *, u_int type); +int ssh_packet_read_poll(struct ssh *); +int ssh_packet_read_poll1(ncrack_ssh_state *, u_char *); + +int ssh_packet_read_poll2(ncrack_ssh_state *nstate, u_char *, u_int32_t *seqnr_p); + +int ssh_packet_process_incoming(ncrack_ssh_state *, const char *buf, u_int len); +int ssh_packet_read_seqnr(struct ssh *, u_char *, u_int32_t *seqnr_p); +int ssh_packet_read_poll_seqnr(ncrack_ssh_state *, u_char *, u_int32_t *seqnr_p); + +const void *ssh_packet_get_string_ptr(ncrack_ssh_state *, u_int *length_ptr); +void ssh_packet_disconnect(ncrack_ssh_state *, const char *fmt, ...) + __attribute__((format(printf, 2, 3))) + __attribute__((noreturn)); +void ssh_packet_send_debug(struct ssh *, const char *fmt, ...) __attribute__((format(printf, 2, 3))); + +int ssh_set_newkeys(ncrack_ssh_state *nstate, int mode); +void ssh_packet_get_bytes(struct ssh *, u_int64_t *, u_int64_t *); + +typedef void *(ssh_packet_comp_alloc_func)(void *, u_int, u_int); +typedef void (ssh_packet_comp_free_func)(void *, void *); +void ssh_packet_set_compress_hooks(struct ssh *, void *, + ssh_packet_comp_alloc_func *, ssh_packet_comp_free_func *); + +int ssh_packet_write_poll(ncrack_ssh_state *); +int ssh_packet_write_wait(ncrack_ssh_state *); +int ssh_packet_have_data_to_write(struct ssh *); +int ssh_packet_not_very_much_data_to_write(struct ssh *); + +int ssh_packet_connection_is_on_socket(struct ssh *); +int ssh_packet_remaining(ncrack_ssh_state *); +void ssh_packet_send_ignore(struct ssh *, int); + +void tty_make_modes(int, struct termios *); +void tty_parse_modes(int, int *); + +void ssh_packet_set_alive_timeouts(struct ssh *, int); +int ssh_packet_inc_alive_timeouts(struct ssh *); +int ssh_packet_set_maxsize(struct ssh *, u_int); +u_int ssh_packet_get_maxsize(struct ssh *); + +int ssh_packet_get_state(struct ssh *, struct sshbuf *); +int ssh_packet_set_state(struct ssh *, struct sshbuf *); + +const char *ssh_remote_ipaddr(struct ssh *); + +int ssh_packet_need_rekeying(ncrack_ssh_state *nstate); +void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t); +time_t ssh_packet_get_rekey_timeout(struct ssh *); + +/* XXX FIXME */ +void ssh_packet_backup_state(struct ssh *, struct ssh *); +void ssh_packet_restore_state(struct ssh *, struct ssh *); + +void *ssh_packet_get_input(struct ssh *); +void *ssh_packet_get_output(struct ssh *); + +/* new API */ +//int sshpkt_start(struct ssh *ssh, u_char type); +int sshpkt_start(ncrack_ssh_state *nstate, u_char type); + + + +int sshpkt_send(ncrack_ssh_state *ssh); +int sshpkt_disconnect(ncrack_ssh_state *, const char *fmt, ...) + __attribute__((format(printf, 2, 3))); +int sshpkt_add_padding(ncrack_ssh_state *, u_char); +void sshpkt_fatal(struct ssh *ssh, const char *tag, int r); + +//int sshpkt_put(struct ssh *ssh, const void *v, size_t len); +int sshpkt_put(ncrack_ssh_state *nstate, const void *v, size_t len); + + +//int sshpkt_putb(struct ssh *ssh, const struct sshbuf *b); +int sshpkt_putb(ncrack_ssh_state *nstate, const struct sshbuf *b); + + +int sshpkt_put_u8(ncrack_ssh_state *nstate, u_char val); +int sshpkt_put_u32(ncrack_ssh_state *nstate, u_int32_t val); +int sshpkt_put_u64(ncrack_ssh_state *nstate, u_int64_t val); +int sshpkt_put_string(ncrack_ssh_state *nstate, const void *v, size_t len); +int sshpkt_put_cstring(ncrack_ssh_state *nstate, const void *v); +int sshpkt_put_stringb(ncrack_ssh_state *nstate, const struct sshbuf *v); +int sshpkt_put_ec(ncrack_ssh_state *nstate, const EC_POINT *v, const EC_GROUP *g); +int sshpkt_put_bignum1(ncrack_ssh_state *nstate, const BIGNUM *v); +int sshpkt_put_bignum2(ncrack_ssh_state *nstate, const BIGNUM *v); + +int sshpkt_get(ncrack_ssh_state *nstate, void *valp, size_t len); +int sshpkt_get_u8(ncrack_ssh_state *nstate, u_char *valp); +int sshpkt_get_u32(ncrack_ssh_state *nstate, u_int32_t *valp); +int sshpkt_get_u64(ncrack_ssh_state *nstate, u_int64_t *valp); +int sshpkt_get_string(ncrack_ssh_state *nstate, u_char **valp, size_t *lenp); +int sshpkt_get_string_direct(ncrack_ssh_state *nstate, const u_char **valp, size_t *lenp); +int sshpkt_get_cstring(ncrack_ssh_state *nstate, char **valp, size_t *lenp); +int sshpkt_get_ec(ncrack_ssh_state *nstate, EC_POINT *v, const EC_GROUP *g); +int sshpkt_get_bignum1(ncrack_ssh_state *nstate, BIGNUM *v); +int sshpkt_get_bignum2(ncrack_ssh_state *nstate, BIGNUM *v); +int sshpkt_get_end(ncrack_ssh_state *nstate); +const u_char *sshpkt_ptr(ncrack_ssh_state *, size_t *lenp); + +int ncrackssh_ssh_packet_read(ncrack_ssh_state *nstate); + + +/* OLD API */ +extern struct ssh *active_state; +#include "opacket.h" + +#if !defined(WITH_OPENSSL) +# undef BIGNUM +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#elif !defined(OPENSSL_HAS_ECC) +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#endif + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + +#endif /* PACKET_H */ diff --git a/include/DomainExec/opensshlib/pathnames.h b/include/DomainExec/opensshlib/pathnames.h new file mode 100644 index 00000000..ec89fc66 --- /dev/null +++ b/include/DomainExec/opensshlib/pathnames.h @@ -0,0 +1,183 @@ +/* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#define ETCDIR "/etc" + +#ifndef SSHDIR +#define SSHDIR ETCDIR "/ssh" +#endif + +#ifndef _PATH_SSH_PIDDIR +#define _PATH_SSH_PIDDIR "/var/run" +#endif + +/* + * System-wide file containing host keys of known hosts. This file should be + * world-readable. + */ +#define _PATH_SSH_SYSTEM_HOSTFILE SSHDIR "/ssh_known_hosts" +/* backward compat for protocol 2 */ +#define _PATH_SSH_SYSTEM_HOSTFILE2 SSHDIR "/ssh_known_hosts2" + +/* + * Of these, ssh_host_key must be readable only by root, whereas ssh_config + * should be world-readable. + */ +#define _PATH_SERVER_CONFIG_FILE SSHDIR "/sshd_config" +#define _PATH_HOST_CONFIG_FILE SSHDIR "/ssh_config" +#define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key" +#define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" +#define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key" +#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key" +#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" +#define _PATH_DH_MODULI SSHDIR "/moduli" +/* Backwards compatibility */ +#define _PATH_DH_PRIMES SSHDIR "/primes" + +#ifndef _PATH_SSH_PROGRAM +#define _PATH_SSH_PROGRAM "/usr/bin/ssh" +#endif + +/* + * The process id of the daemon listening for connections is saved here to + * make it easier to kill the correct daemon when necessary. + */ +#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid" + +/* + * The directory in user's home directory in which the files reside. The + * directory should be world-readable (though not all files are). + */ +#define _PATH_SSH_USER_DIR ".ssh" + +/* + * Per-user file containing host keys of known hosts. This file need not be + * readable by anyone except the user him/herself, though this does not + * contain anything particularly secret. + */ +#define _PATH_SSH_USER_HOSTFILE "~/" _PATH_SSH_USER_DIR "/known_hosts" +/* backward compat for protocol 2 */ +#define _PATH_SSH_USER_HOSTFILE2 "~/" _PATH_SSH_USER_DIR "/known_hosts2" + +/* + * Name of the default file containing client-side authentication key. This + * file should only be readable by the user him/herself. + */ +#define _PATH_SSH_CLIENT_IDENTITY _PATH_SSH_USER_DIR "/identity" +#define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa" +#define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa" +#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" +#define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519" + +/* + * Configuration file in user's home directory. This file need not be + * readable by anyone but the user him/herself, but does not contain anything + * particularly secret. If the user's home directory resides on an NFS + * volume where root is mapped to nobody, this may need to be world-readable. + */ +#define _PATH_SSH_USER_CONFFILE _PATH_SSH_USER_DIR "/config" + +/* + * File containing a list of those rsa keys that permit logging in as this + * user. This file need not be readable by anyone but the user him/herself, + * but does not contain anything particularly secret. If the user's home + * directory resides on an NFS volume where root is mapped to nobody, this + * may need to be world-readable. (This file is read by the daemon which is + * running as root.) + */ +#define _PATH_SSH_USER_PERMITTED_KEYS _PATH_SSH_USER_DIR "/authorized_keys" + +/* backward compat for protocol v2 */ +#define _PATH_SSH_USER_PERMITTED_KEYS2 _PATH_SSH_USER_DIR "/authorized_keys2" + +/* + * Per-user and system-wide ssh "rc" files. These files are executed with + * /bin/sh before starting the shell or command if they exist. They will be + * passed "proto cookie" as arguments if X11 forwarding with spoofing is in + * use. xauth will be run if neither of these exists. + */ +#define _PATH_SSH_USER_RC _PATH_SSH_USER_DIR "/rc" +#define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc" + +/* + * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use + * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. + */ +#define _PATH_SSH_HOSTS_EQUIV SSHDIR "/shosts.equiv" +#define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv" + +/* + * Default location of askpass + */ +#ifndef _PATH_SSH_ASKPASS_DEFAULT +#define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass" +#endif + +/* Location of ssh-keysign for hostbased authentication */ +#ifndef _PATH_SSH_KEY_SIGN +#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" +#endif + +/* Location of ssh-pkcs11-helper to support keys in tokens */ +#ifndef _PATH_SSH_PKCS11_HELPER +#define _PATH_SSH_PKCS11_HELPER "/usr/libexec/ssh-pkcs11-helper" +#endif + +/* xauth for X11 forwarding */ +#ifndef _PATH_XAUTH +#define _PATH_XAUTH "/usr/X11R6/bin/xauth" +#endif + +/* UNIX domain socket for X11 server; displaynum will replace %u */ +#ifndef _PATH_UNIX_X +#define _PATH_UNIX_X "/tmp/.X11-unix/X%u" +#endif + +/* for scp */ +#ifndef _PATH_CP +#define _PATH_CP "cp" +#endif + +/* for sftp */ +#ifndef _PATH_SFTP_SERVER +#define _PATH_SFTP_SERVER "/usr/libexec/sftp-server" +#endif + +/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ +#ifndef _PATH_PRIVSEP_CHROOT_DIR +#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" +#endif + +/* for passwd change */ +#ifndef _PATH_PASSWD_PROG +#define _PATH_PASSWD_PROG "/usr/bin/passwd" +#endif + +#ifndef _PATH_LS +#define _PATH_LS "ls" +#endif + +/* path to login program */ +#ifndef LOGIN_PROGRAM +# ifdef LOGIN_PROGRAM_FALLBACK +# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK +# else +# define LOGIN_PROGRAM "/usr/bin/login" +# endif +#endif /* LOGIN_PROGRAM */ + +/* Askpass program define */ +#ifndef ASKPASS_PROGRAM +#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" +#endif /* ASKPASS_PROGRAM */ diff --git a/include/DomainExec/opensshlib/platform.c b/include/DomainExec/opensshlib/platform.c new file mode 100644 index 00000000..71f34824 --- /dev/null +++ b/include/DomainExec/opensshlib/platform.c @@ -0,0 +1,215 @@ +/* $Id: platform.c,v 1.22 2014/07/18 04:11:26 djm Exp $ */ + +/* + * Copyright (c) 2006 Darren Tucker. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include + +#include +#include + +#include "log.h" +#include "buffer.h" +#include "misc.h" +#include "servconf.h" +#include "key.h" +#include "hostfile.h" +#include "auth.h" +#include "auth-pam.h" +#include "platform.h" + +#include "openbsd-compat/openbsd-compat.h" + +extern int use_privsep; +extern ServerOptions options; + +void +platform_pre_listen(void) +{ +#ifdef LINUX_OOM_ADJUST + /* Adjust out-of-memory killer so listening process is not killed */ + oom_adjust_setup(); +#endif +} + +void +platform_pre_fork(void) +{ +#ifdef USE_SOLARIS_PROCESS_CONTRACTS + solaris_contract_pre_fork(); +#endif +} + +void +platform_pre_restart(void) +{ +#ifdef LINUX_OOM_ADJUST + oom_adjust_restore(); +#endif +} + +void +platform_post_fork_parent(pid_t child_pid) +{ +#ifdef USE_SOLARIS_PROCESS_CONTRACTS + solaris_contract_post_fork_parent(child_pid); +#endif +} + +void +platform_post_fork_child(void) +{ +#ifdef USE_SOLARIS_PROCESS_CONTRACTS + solaris_contract_post_fork_child(); +#endif +#ifdef LINUX_OOM_ADJUST + oom_adjust_restore(); +#endif +} + +/* return 1 if we are running with privilege to swap UIDs, 0 otherwise */ +int +platform_privileged_uidswap(void) +{ +#ifdef HAVE_CYGWIN + /* uid 0 is not special on Cygwin so always try */ + return 1; +#else + return (getuid() == 0 || geteuid() == 0); +#endif +} + +/* + * This gets called before switching UIDs, and is called even when sshd is + * not running as root. + */ +void +platform_setusercontext(struct passwd *pw) +{ +#ifdef WITH_SELINUX + /* Cache selinux status for later use */ + (void)ssh_selinux_enabled(); +#endif + +#ifdef USE_SOLARIS_PROJECTS + /* if solaris projects were detected, set the default now */ + if (getuid() == 0 || geteuid() == 0) + solaris_set_default_project(pw); +#endif + +#if defined(HAVE_LOGIN_CAP) && defined (__bsdi__) + if (getuid() == 0 || geteuid() == 0) + setpgid(0, 0); +# endif + +#if defined(HAVE_LOGIN_CAP) && defined(USE_PAM) + /* + * If we have both LOGIN_CAP and PAM, we want to establish creds + * before calling setusercontext (in session.c:do_setusercontext). + */ + if (getuid() == 0 || geteuid() == 0) { + if (options.use_pam) { + do_pam_setcred(use_privsep); + } + } +# endif /* USE_PAM */ + +#if !defined(HAVE_LOGIN_CAP) && defined(HAVE_GETLUID) && defined(HAVE_SETLUID) + if (getuid() == 0 || geteuid() == 0) { + /* Sets login uid for accounting */ + if (getluid() == -1 && setluid(pw->pw_uid) == -1) + ssh_error("setluid: %s", strerror(errno)); + } +#endif +} + +/* + * This gets called after we've established the user's groups, and is only + * called if sshd is running as root. + */ +void +platform_setusercontext_post_groups(struct passwd *pw) +{ +#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) + /* + * PAM credentials may take the form of supplementary groups. + * These will have been wiped by the above initgroups() call. + * Reestablish them here. + */ + if (options.use_pam) { + do_pam_setcred(use_privsep); + } +#endif /* USE_PAM */ + +#if !defined(HAVE_LOGIN_CAP) && (defined(WITH_IRIX_PROJECT) || \ + defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)) + irix_setusercontext(pw); +#endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ + +#ifdef _AIX + aix_usrinfo(pw); +#endif /* _AIX */ + +#ifdef HAVE_SETPCRED + /* + * If we have a chroot directory, we set all creds except real + * uid which we will need for chroot. If we don't have a + * chroot directory, we don't override anything. + */ + { + char **creds = NULL, *chroot_creds[] = + { "REAL_USER=root", NULL }; + + if (options.chroot_directory != NULL && + strcasecmp(options.chroot_directory, "none") != 0) + creds = chroot_creds; + + if (setpcred(pw->pw_name, creds) == -1) + fatal("Failed to set process credentials"); + } +#endif /* HAVE_SETPCRED */ +#ifdef WITH_SELINUX + ssh_selinux_setup_exec_context(pw->pw_name); +#endif +} + +char * +platform_krb5_get_principal_name(const char *pw_name) +{ +#ifdef USE_AIX_KRB_NAME + return aix_krb5_get_principal_name(pw_name); +#else + return NULL; +#endif +} + +/* + * return 1 if the specified uid is a uid that may own a system directory + * otherwise 0. + */ +int +platform_sys_dir_uid(uid_t uid) +{ + if (uid == 0) + return 1; +#ifdef PLATFORM_SYS_DIR_UID + if (uid == PLATFORM_SYS_DIR_UID) + return 1; +#endif + return 0; +} diff --git a/include/DomainExec/opensshlib/platform.h b/include/DomainExec/opensshlib/platform.h new file mode 100644 index 00000000..f331ae1b --- /dev/null +++ b/include/DomainExec/opensshlib/platform.h @@ -0,0 +1,34 @@ +/* $Id: platform.h,v 1.9 2013/09/22 09:02:40 dtucker Exp $ */ + +/* + * Copyright (c) 2006 Darren Tucker. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#ifndef WIN32 +#include + +#include +#endif + +void platform_pre_listen(void); +void platform_pre_fork(void); +void platform_pre_restart(void); +void platform_post_fork_parent(pid_t child_pid); +void platform_post_fork_child(void); +int platform_privileged_uidswap(void); +void platform_setusercontext(struct passwd *); +void platform_setusercontext_post_groups(struct passwd *); +char *platform_get_krb5_client(const char *); +char *platform_krb5_get_principal_name(const char *); +int platform_sys_dir_uid(uid_t); diff --git a/include/DomainExec/opensshlib/poly1305.c b/include/DomainExec/opensshlib/poly1305.c new file mode 100644 index 00000000..6fd1fc8c --- /dev/null +++ b/include/DomainExec/opensshlib/poly1305.c @@ -0,0 +1,160 @@ +/* + * Public Domain poly1305 from Andrew Moon + * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna + */ + +/* $OpenBSD: poly1305.c,v 1.3 2013/12/19 22:57:13 djm Exp $ */ + +#include "includes.h" + +#include +#ifdef HAVE_STDINT_H +# include +#endif + +#include "poly1305.h" + +#define mul32x32_64(a,b) ((uint64_t)(a) * (b)) + +#define U8TO32_LE(p) \ + (((uint32_t)((p)[0])) | \ + ((uint32_t)((p)[1]) << 8) | \ + ((uint32_t)((p)[2]) << 16) | \ + ((uint32_t)((p)[3]) << 24)) + +#define U32TO8_LE(p, v) \ + do { \ + (p)[0] = (uint8_t)((v)); \ + (p)[1] = (uint8_t)((v) >> 8); \ + (p)[2] = (uint8_t)((v) >> 16); \ + (p)[3] = (uint8_t)((v) >> 24); \ + } while (0) + +void +poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN]) { + uint32_t t0,t1,t2,t3; + uint32_t h0,h1,h2,h3,h4; + uint32_t r0,r1,r2,r3,r4; + uint32_t s1,s2,s3,s4; + uint32_t b, nb; + size_t j; + uint64_t t[5]; + uint64_t f0,f1,f2,f3; + uint32_t g0,g1,g2,g3,g4; + uint64_t c; + unsigned char mp[16]; + + /* clamp key */ + t0 = U8TO32_LE(key+0); + t1 = U8TO32_LE(key+4); + t2 = U8TO32_LE(key+8); + t3 = U8TO32_LE(key+12); + + /* precompute multipliers */ + r0 = t0 & 0x3ffffff; t0 >>= 26; t0 |= t1 << 6; + r1 = t0 & 0x3ffff03; t1 >>= 20; t1 |= t2 << 12; + r2 = t1 & 0x3ffc0ff; t2 >>= 14; t2 |= t3 << 18; + r3 = t2 & 0x3f03fff; t3 >>= 8; + r4 = t3 & 0x00fffff; + + s1 = r1 * 5; + s2 = r2 * 5; + s3 = r3 * 5; + s4 = r4 * 5; + + /* init state */ + h0 = 0; + h1 = 0; + h2 = 0; + h3 = 0; + h4 = 0; + + /* full blocks */ + if (inlen < 16) goto poly1305_donna_atmost15bytes; +poly1305_donna_16bytes: + m += 16; + inlen -= 16; + + t0 = U8TO32_LE(m-16); + t1 = U8TO32_LE(m-12); + t2 = U8TO32_LE(m-8); + t3 = U8TO32_LE(m-4); + + h0 += t0 & 0x3ffffff; + h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; + h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; + h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; + h4 += (t3 >> 8) | (1 << 24); + + +poly1305_donna_mul: + t[0] = mul32x32_64(h0,r0) + mul32x32_64(h1,s4) + mul32x32_64(h2,s3) + mul32x32_64(h3,s2) + mul32x32_64(h4,s1); + t[1] = mul32x32_64(h0,r1) + mul32x32_64(h1,r0) + mul32x32_64(h2,s4) + mul32x32_64(h3,s3) + mul32x32_64(h4,s2); + t[2] = mul32x32_64(h0,r2) + mul32x32_64(h1,r1) + mul32x32_64(h2,r0) + mul32x32_64(h3,s4) + mul32x32_64(h4,s3); + t[3] = mul32x32_64(h0,r3) + mul32x32_64(h1,r2) + mul32x32_64(h2,r1) + mul32x32_64(h3,r0) + mul32x32_64(h4,s4); + t[4] = mul32x32_64(h0,r4) + mul32x32_64(h1,r3) + mul32x32_64(h2,r2) + mul32x32_64(h3,r1) + mul32x32_64(h4,r0); + + h0 = (uint32_t)t[0] & 0x3ffffff; c = (t[0] >> 26); + t[1] += c; h1 = (uint32_t)t[1] & 0x3ffffff; b = (uint32_t)(t[1] >> 26); + t[2] += b; h2 = (uint32_t)t[2] & 0x3ffffff; b = (uint32_t)(t[2] >> 26); + t[3] += b; h3 = (uint32_t)t[3] & 0x3ffffff; b = (uint32_t)(t[3] >> 26); + t[4] += b; h4 = (uint32_t)t[4] & 0x3ffffff; b = (uint32_t)(t[4] >> 26); + h0 += b * 5; + + if (inlen >= 16) goto poly1305_donna_16bytes; + + /* final bytes */ +poly1305_donna_atmost15bytes: + if (!inlen) goto poly1305_donna_finish; + + for (j = 0; j < inlen; j++) mp[j] = m[j]; + mp[j++] = 1; + for (; j < 16; j++) mp[j] = 0; + inlen = 0; + + t0 = U8TO32_LE(mp+0); + t1 = U8TO32_LE(mp+4); + t2 = U8TO32_LE(mp+8); + t3 = U8TO32_LE(mp+12); + + h0 += t0 & 0x3ffffff; + h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; + h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; + h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; + h4 += (t3 >> 8); + + goto poly1305_donna_mul; + +poly1305_donna_finish: + b = h0 >> 26; h0 = h0 & 0x3ffffff; + h1 += b; b = h1 >> 26; h1 = h1 & 0x3ffffff; + h2 += b; b = h2 >> 26; h2 = h2 & 0x3ffffff; + h3 += b; b = h3 >> 26; h3 = h3 & 0x3ffffff; + h4 += b; b = h4 >> 26; h4 = h4 & 0x3ffffff; + h0 += b * 5; b = h0 >> 26; h0 = h0 & 0x3ffffff; + h1 += b; + + g0 = h0 + 5; b = g0 >> 26; g0 &= 0x3ffffff; + g1 = h1 + b; b = g1 >> 26; g1 &= 0x3ffffff; + g2 = h2 + b; b = g2 >> 26; g2 &= 0x3ffffff; + g3 = h3 + b; b = g3 >> 26; g3 &= 0x3ffffff; + g4 = h4 + b - (1 << 26); + + b = (g4 >> 31) - 1; + nb = ~b; + h0 = (h0 & nb) | (g0 & b); + h1 = (h1 & nb) | (g1 & b); + h2 = (h2 & nb) | (g2 & b); + h3 = (h3 & nb) | (g3 & b); + h4 = (h4 & nb) | (g4 & b); + + f0 = ((h0 ) | (h1 << 26)) + (uint64_t)U8TO32_LE(&key[16]); + f1 = ((h1 >> 6) | (h2 << 20)) + (uint64_t)U8TO32_LE(&key[20]); + f2 = ((h2 >> 12) | (h3 << 14)) + (uint64_t)U8TO32_LE(&key[24]); + f3 = ((h3 >> 18) | (h4 << 8)) + (uint64_t)U8TO32_LE(&key[28]); + + U32TO8_LE(&out[ 0], f0); f1 += (f0 >> 32); + U32TO8_LE(&out[ 4], f1); f2 += (f1 >> 32); + U32TO8_LE(&out[ 8], f2); f3 += (f2 >> 32); + U32TO8_LE(&out[12], f3); +} diff --git a/include/DomainExec/opensshlib/poly1305.h b/include/DomainExec/opensshlib/poly1305.h new file mode 100644 index 00000000..f7db5f8d --- /dev/null +++ b/include/DomainExec/opensshlib/poly1305.h @@ -0,0 +1,22 @@ +/* $OpenBSD: poly1305.h,v 1.4 2014/05/02 03:27:54 djm Exp $ */ + +/* + * Public Domain poly1305 from Andrew Moon + * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna + */ + +#ifndef POLY1305_H +#define POLY1305_H + +#include + +#define POLY1305_KEYLEN 32 +#define POLY1305_TAGLEN 16 + +void poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen, + const u_char key[POLY1305_KEYLEN]) + __attribute__((__bounded__(__minbytes__, 1, POLY1305_TAGLEN))) + __attribute__((__bounded__(__buffer__, 2, 3))) + __attribute__((__bounded__(__minbytes__, 4, POLY1305_KEYLEN))); + +#endif /* POLY1305_H */ diff --git a/include/DomainExec/opensshlib/port-aix.h b/include/DomainExec/opensshlib/port-aix.h new file mode 100644 index 00000000..53e4e88a --- /dev/null +++ b/include/DomainExec/opensshlib/port-aix.h @@ -0,0 +1,127 @@ +/* $Id: port-aix.h,v 1.32 2009/12/20 23:49:22 dtucker Exp $ */ + +/* + * + * Copyright (c) 2001 Gert Doering. All rights reserved. + * Copyright (c) 2004,2005,2006 Darren Tucker. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef _AIX + +#ifdef HAVE_SYS_SOCKET_H +# include +#endif + +#include "buffer.h" + +/* These should be in the system headers but are not. */ +int usrinfo(int, char *, int); +#if defined(HAVE_DECL_SETAUTHDB) && (HAVE_DECL_SETAUTHDB == 0) +int setauthdb(const char *, char *); +#endif +/* these may or may not be in the headers depending on the version */ +#if defined(HAVE_DECL_AUTHENTICATE) && (HAVE_DECL_AUTHENTICATE == 0) +int authenticate(char *, char *, int *, char **); +#endif +#if defined(HAVE_DECL_LOGINFAILED) && (HAVE_DECL_LOGINFAILED == 0) +int loginfailed(char *, char *, char *); +#endif +#if defined(HAVE_DECL_LOGINRESTRICTIONS) && (HAVE_DECL_LOGINRESTRICTIONS == 0) +int loginrestrictions(char *, int, char *, char **); +#endif +#if defined(HAVE_DECL_LOGINSUCCESS) && (HAVE_DECL_LOGINSUCCESS == 0) +int loginsuccess(char *, char *, char *, char **); +#endif +#if defined(HAVE_DECL_PASSWDEXPIRED) && (HAVE_DECL_PASSWDEXPIRED == 0) +int passwdexpired(char *, char **); +#endif + +/* Some versions define r_type in the above headers, which causes a conflict */ +#ifdef r_type +# undef r_type +#endif + +/* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */ +#if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP) +# define nanosleep(a,b) nsleep(a,b) +#endif + +/* For struct timespec on AIX 4.2.x */ +#ifdef HAVE_SYS_TIMERS_H +# include +#endif + +/* for setpcred and friends */ +#ifdef HAVE_USERSEC_H +# include +#endif + +/* + * According to the setauthdb man page, AIX password registries must be 15 + * chars or less plus terminating NUL. + */ +#ifdef HAVE_SETAUTHDB +# define REGISTRY_SIZE 16 +#endif + +void aix_usrinfo(struct passwd *); + +#ifdef WITH_AIXAUTHENTICATE +# define CUSTOM_SYS_AUTH_PASSWD 1 +# define CUSTOM_SYS_AUTH_ALLOWED_USER 1 +int sys_auth_allowed_user(struct passwd *, Buffer *); +# define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 +int sys_auth_record_login(const char *, const char *, const char *, Buffer *); +# define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG +char *sys_auth_get_lastlogin_msg(const char *, uid_t); +# define CUSTOM_FAILED_LOGIN 1 +# if defined(S_AUTHDOMAIN) && defined (S_AUTHNAME) +# define USE_AIX_KRB_NAME +char *aix_krb5_get_principal_name(char *); +# endif +#endif + +void aix_setauthdb(const char *); +void aix_restoreauthdb(void); +void aix_remove_embedded_newlines(char *); + +#if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_GETADDRINFO) +# ifdef getnameinfo +# undef getnameinfo +# endif +int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, + char *, size_t, int); +# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) +#endif + +/* + * We use getgrset in preference to multiple getgrent calls for efficiency + * plus it supports NIS and LDAP groups. + */ +#if !defined(HAVE_GETGROUPLIST) && defined(HAVE_GETGRSET) +# define HAVE_GETGROUPLIST +# define USE_GETGRSET +int getgrouplist(const char *, gid_t, gid_t *, int *); +#endif + +#endif /* _AIX */ diff --git a/include/DomainExec/opensshlib/port-irix.h b/include/DomainExec/opensshlib/port-irix.h new file mode 100644 index 00000000..67c48630 --- /dev/null +++ b/include/DomainExec/opensshlib/port-irix.h @@ -0,0 +1,39 @@ +/* $Id: port-irix.h,v 1.4 2003/08/29 16:59:52 mouring Exp $ */ + +/* + * Copyright (c) 2000 Denis Parker. All rights reserved. + * Copyright (c) 2000 Michael Stone. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _PORT_IRIX_H +#define _PORT_IRIX_H + +#if defined(WITH_IRIX_PROJECT) || \ + defined(WITH_IRIX_JOBS) || \ + defined(WITH_IRIX_ARRAY) + +void irix_setusercontext(struct passwd *pw); + +#endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ + +#endif /* ! _PORT_IRIX_H */ diff --git a/include/DomainExec/opensshlib/port-linux.h b/include/DomainExec/opensshlib/port-linux.h new file mode 100644 index 00000000..e3d1004a --- /dev/null +++ b/include/DomainExec/opensshlib/port-linux.h @@ -0,0 +1,35 @@ +/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */ + +/* + * Copyright (c) 2006 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _PORT_LINUX_H +#define _PORT_LINUX_H + +#ifdef WITH_SELINUX +int ssh_selinux_enabled(void); +void ssh_selinux_setup_pty(char *, const char *); +void ssh_selinux_setup_exec_context(char *); +void ssh_selinux_change_context(const char *); +void ssh_selinux_setfscreatecon(const char *); +#endif + +#ifdef LINUX_OOM_ADJUST +void oom_adjust_restore(void); +void oom_adjust_setup(void); +#endif + +#endif /* ! _PORT_LINUX_H */ diff --git a/include/DomainExec/opensshlib/port-net.c b/include/DomainExec/opensshlib/port-net.c new file mode 100644 index 00000000..bb535626 --- /dev/null +++ b/include/DomainExec/opensshlib/port-net.c @@ -0,0 +1,374 @@ +/* + * Copyright (c) 2005 Reyk Floeter + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "openbsd-compat/sys-queue.h" +#include "log.h" +#include "misc.h" +#include "sshbuf.h" +#include "channels.h" +#include "ssherr.h" + +/* + * This file contains various portability code for network support, + * including tun/tap forwarding and routing domains. + */ + +#if defined(SYS_RDOMAIN_LINUX) || defined(SSH_TUN_LINUX) +#include +#endif + +#if defined(SYS_RDOMAIN_LINUX) +char * +sys_get_rdomain(int fd) +{ + char dev[IFNAMSIZ + 1]; + socklen_t len = sizeof(dev) - 1; + + if (getsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, dev, &len) == -1) { + error("%s: cannot determine VRF for fd=%d : %s", + __func__, fd, strerror(errno)); + return NULL; + } + dev[len] = '\0'; + return strdup(dev); +} + +int +sys_set_rdomain(int fd, const char *name) +{ + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, + name, strlen(name)) == -1) { + error("%s: setsockopt(%d, SO_BINDTODEVICE, %s): %s", + __func__, fd, name, strerror(errno)); + return -1; + } + return 0; +} + +int +sys_valid_rdomain(const char *name) +{ + int fd; + + /* + * This is a pretty crappy way to test. It would be better to + * check whether "name" represents a VRF device, but apparently + * that requires an rtnetlink transaction. + */ + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) + return 0; + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, + name, strlen(name)) == -1) { + close(fd); + return 0; + } + close(fd); + return 1; +} +#elif defined(SYS_RDOMAIN_XXX) +/* XXX examples */ +char * +sys_get_rdomain(int fd) +{ + return NULL; +} + +int +sys_set_rdomain(int fd, const char *name) +{ + return -1; +} + +int +valid_rdomain(const char *name) +{ + return 0; +} + +void +sys_set_process_rdomain(const char *name) +{ + fatal("%s: not supported", __func__); +} +#endif /* defined(SYS_RDOMAIN_XXX) */ + +/* + * This is the portable version of the SSH tunnel forwarding, it + * uses some preprocessor definitions for various platform-specific + * settings. + * + * SSH_TUN_LINUX Use the (newer) Linux tun/tap device + * SSH_TUN_FREEBSD Use the FreeBSD tun/tap device + * SSH_TUN_COMPAT_AF Translate the OpenBSD address family + * SSH_TUN_PREPEND_AF Prepend/remove the address family + */ + +/* + * System-specific tunnel open function + */ + +#if defined(SSH_TUN_LINUX) +#include + +int +sys_tun_open(int tun, int mode, char **ifname) +{ + struct ifreq ifr; + int fd = -1; + const char *name = NULL; + + if (ifname != NULL) + *ifname = NULL; + + if ((fd = open("/dev/net/tun", O_RDWR)) == -1) { + debug("%s: failed to open tunnel control interface: %s", + __func__, strerror(errno)); + return (-1); + } + + bzero(&ifr, sizeof(ifr)); + + if (mode == SSH_TUNMODE_ETHERNET) { + ifr.ifr_flags = IFF_TAP; + name = "tap%d"; + } else { + ifr.ifr_flags = IFF_TUN; + name = "tun%d"; + } + ifr.ifr_flags |= IFF_NO_PI; + + if (tun != SSH_TUNID_ANY) { + if (tun > SSH_TUNID_MAX) { + debug("%s: invalid tunnel id %x: %s", __func__, + tun, strerror(errno)); + goto failed; + } + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun); + } + + if (ioctl(fd, TUNSETIFF, &ifr) == -1) { + debug("%s: failed to configure tunnel (mode %d): %s", __func__, + mode, strerror(errno)); + goto failed; + } + + if (tun == SSH_TUNID_ANY) + debug("%s: tunnel mode %d fd %d", __func__, mode, fd); + else + debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); + + if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL) + goto failed; + + return (fd); + + failed: + close(fd); + return (-1); +} +#endif /* SSH_TUN_LINUX */ + +#ifdef SSH_TUN_FREEBSD +#include +#include + +#ifdef HAVE_NET_IF_TUN_H +#include +#endif + +int +sys_tun_open(int tun, int mode, char **ifname) +{ + struct ifreq ifr; + char name[100]; + int fd = -1, sock, flag; + const char *tunbase = "tun"; + + if (ifname != NULL) + *ifname = NULL; + + if (mode == SSH_TUNMODE_ETHERNET) { +#ifdef SSH_TUN_NO_L2 + debug("%s: no layer 2 tunnelling support", __func__); + return (-1); +#else + tunbase = "tap"; +#endif + } + + /* Open the tunnel device */ + if (tun <= SSH_TUNID_MAX) { + snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); + fd = open(name, O_RDWR); + } else if (tun == SSH_TUNID_ANY) { + for (tun = 100; tun >= 0; tun--) { + snprintf(name, sizeof(name), "/dev/%s%d", + tunbase, tun); + if ((fd = open(name, O_RDWR)) >= 0) + break; + } + } else { + debug("%s: invalid tunnel %u\n", __func__, tun); + return (-1); + } + + if (fd < 0) { + debug("%s: %s open failed: %s", __func__, name, + strerror(errno)); + return (-1); + } + + /* Turn on tunnel headers */ + flag = 1; +#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF) + if (mode != SSH_TUNMODE_ETHERNET && + ioctl(fd, TUNSIFHEAD, &flag) == -1) { + debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd, + strerror(errno)); + close(fd); + } +#endif + + debug("%s: %s mode %d fd %d", __func__, name, mode, fd); + + /* Set the tunnel device operation mode */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) + goto failed; + + if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) + goto failed; + if ((ifr.ifr_flags & IFF_UP) == 0) { + ifr.ifr_flags |= IFF_UP; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; + } + + if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL) + goto failed; + + close(sock); + return (fd); + + failed: + if (fd >= 0) + close(fd); + if (sock >= 0) + close(sock); + debug("%s: failed to set %s mode %d: %s", __func__, name, + mode, strerror(errno)); + return (-1); +} +#endif /* SSH_TUN_FREEBSD */ + +/* + * System-specific channel filters + */ + +#if defined(SSH_TUN_FILTER) +/* + * The tunnel forwarding protocol prepends the address family of forwarded + * IP packets using OpenBSD's numbers. + */ +#define OPENBSD_AF_INET 2 +#define OPENBSD_AF_INET6 24 + +int +sys_tun_infilter(struct ssh *ssh, struct Channel *c, char *buf, int _len) +{ + int r; + size_t len; + char *ptr = buf; +#if defined(SSH_TUN_PREPEND_AF) + char rbuf[CHAN_RBUF]; + struct ip iph; +#endif +#if defined(SSH_TUN_PREPEND_AF) || defined(SSH_TUN_COMPAT_AF) + u_int32_t af; +#endif + + /* XXX update channel input filter API to use unsigned length */ + if (_len < 0) + return -1; + len = _len; + +#if defined(SSH_TUN_PREPEND_AF) + if (len <= sizeof(iph) || len > sizeof(rbuf) - 4) + return -1; + /* Determine address family from packet IP header. */ + memcpy(&iph, buf, sizeof(iph)); + af = iph.ip_v == 6 ? OPENBSD_AF_INET6 : OPENBSD_AF_INET; + /* Prepend address family to packet using OpenBSD constants */ + memcpy(rbuf + 4, buf, len); + len += 4; + POKE_U32(rbuf, af); + ptr = rbuf; +#elif defined(SSH_TUN_COMPAT_AF) + /* Convert existing address family header to OpenBSD value */ + if (len <= 4) + return -1; + af = PEEK_U32(buf); + /* Put it back */ + POKE_U32(buf, af == AF_INET6 ? OPENBSD_AF_INET6 : OPENBSD_AF_INET); +#endif + + if ((r = sshbuf_put_string(c->input, ptr, len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + return (0); +} + +u_char * +sys_tun_outfilter(struct ssh *ssh, struct Channel *c, + u_char **data, size_t *dlen) +{ + u_char *buf; + u_int32_t af; + int r; + + /* XXX new API is incompatible with this signature. */ + if ((r = sshbuf_get_string(c->output, data, dlen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (*dlen < sizeof(af)) + return (NULL); + buf = *data; + +#if defined(SSH_TUN_PREPEND_AF) + /* skip address family */ + *dlen -= sizeof(af); + buf = *data + sizeof(af); +#elif defined(SSH_TUN_COMPAT_AF) + /* translate address family */ + af = (PEEK_U32(buf) == OPENBSD_AF_INET6) ? AF_INET6 : AF_INET; + POKE_U32(buf, af); +#endif + return (buf); +} +#endif /* SSH_TUN_FILTER */ diff --git a/include/DomainExec/opensshlib/port-net.h b/include/DomainExec/opensshlib/port-net.h new file mode 100644 index 00000000..3a0d1104 --- /dev/null +++ b/include/DomainExec/opensshlib/port-net.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2005 Reyk Floeter + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _PORT_TUN_H +#define _PORT_TUN_H + +struct Channel; +struct ssh; + +#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) +# define CUSTOM_SYS_TUN_OPEN +int sys_tun_open(int, int, char **); +#endif + +#if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) +# define SSH_TUN_FILTER +int sys_tun_infilter(struct ssh *, struct Channel *, char *, int); +u_char *sys_tun_outfilter(struct ssh *, struct Channel *, u_char **, size_t *); +#endif + +#if defined(SYS_RDOMAIN_LINUX) +# define HAVE_SYS_GET_RDOMAIN +# define HAVE_SYS_SET_RDOMAIN +# define HAVE_SYS_VALID_RDOMAIN +char *sys_get_rdomain(int fd); +int sys_set_rdomain(int fd, const char *name); +int sys_valid_rdomain(const char *name); +#endif + +#if defined(SYS_RDOMAIN_XXX) +# define HAVE_SYS_SET_PROCESS_RDOMAIN +void sys_set_process_rdomain(const char *name); +#endif + +#endif diff --git a/include/DomainExec/opensshlib/port-solaris.h b/include/DomainExec/opensshlib/port-solaris.h new file mode 100644 index 00000000..9140d1b4 --- /dev/null +++ b/include/DomainExec/opensshlib/port-solaris.h @@ -0,0 +1,32 @@ +/* $Id: port-solaris.h,v 1.2 2010/11/05 01:03:05 dtucker Exp $ */ + +/* + * Copyright (c) 2006 Chad Mynhier. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _PORT_SOLARIS_H + +#include + +#ifndef WIN32 +#include +#endif + +void solaris_contract_pre_fork(void); +void solaris_contract_post_fork_child(void); +void solaris_contract_post_fork_parent(pid_t pid); +void solaris_set_default_project(struct passwd *); + +#endif diff --git a/include/DomainExec/opensshlib/port-tun.h b/include/DomainExec/opensshlib/port-tun.h new file mode 100644 index 00000000..c53df01f --- /dev/null +++ b/include/DomainExec/opensshlib/port-tun.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2005 Reyk Floeter + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _PORT_TUN_H +#define _PORT_TUN_H + +struct Channel; + +#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) +# define CUSTOM_SYS_TUN_OPEN +int sys_tun_open(int, int); +#endif + +#if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) +# define SSH_TUN_FILTER +int sys_tun_infilter(struct Channel *, char *, int); +u_char *sys_tun_outfilter(struct Channel *, u_char **, u_int *); +#endif + +#endif diff --git a/include/DomainExec/opensshlib/port-uw.h b/include/DomainExec/opensshlib/port-uw.h new file mode 100644 index 00000000..263d8b5a --- /dev/null +++ b/include/DomainExec/opensshlib/port-uw.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2005 Tim Rice. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef USE_LIBIAF +char * get_iaf_password(struct passwd *pw); +#endif + diff --git a/include/DomainExec/opensshlib/readconf.h b/include/DomainExec/opensshlib/readconf.h new file mode 100644 index 00000000..bb2d5528 --- /dev/null +++ b/include/DomainExec/opensshlib/readconf.h @@ -0,0 +1,198 @@ +/* $OpenBSD: readconf.h,v 1.110 2015/07/10 06:21:53 markus Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * Functions for reading the configuration file. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#ifndef READCONF_H +#define READCONF_H + +/* Data structure for representing option data. */ + +#define MAX_SEND_ENV 256 +#define SSH_MAX_HOSTS_FILES 32 +#define MAX_CANON_DOMAINS 32 +#define PATH_MAX_SUN (sizeof((struct sockaddr_un *)0)->sun_path) + +struct allowed_cname { + char *source_list; + char *target_list; +}; + +typedef struct { + int forward_agent; /* Forward authentication agent. */ + int forward_x11; /* Forward X11 display. */ + int forward_x11_timeout; /* Expiration for Cookies */ + int forward_x11_trusted; /* Trust Forward X11 display. */ + int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */ + char *xauth_location; /* Location for xauth program */ + struct ForwardOptions fwd_opts; /* forwarding options */ + int use_privileged_port; /* Don't use privileged port if false. */ + int rhosts_rsa_authentication; /* Try rhosts with RSA + * authentication. */ + int rsa_authentication; /* Try RSA authentication. */ + int pubkey_authentication; /* Try ssh2 pubkey authentication. */ + int hostbased_authentication; /* ssh2's rhosts_rsa */ + int challenge_response_authentication; + /* Try S/Key or TIS, authentication. */ + int gss_authentication; /* Try GSS authentication */ + int gss_deleg_creds; /* Delegate GSS credentials */ + int password_authentication; /* Try password + * authentication. */ + int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ + char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ + int batch_mode; /* Batch mode: do not ask for passwords. */ + int check_host_ip; /* Also keep track of keys for IP address */ + int strict_host_key_checking; /* Strict host key checking. */ + int compression; /* Compress packets in both directions. */ + int compression_level; /* Compression level 1 (fast) to 9 + * (best). */ + int tcp_keep_alive; /* Set SO_KEEPALIVE. */ + int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ + LogLevel log_level; /* Level for logging. */ + + int port; /* Port to connect. */ + int address_family; + int connection_attempts; /* Max attempts (seconds) before + * giving up */ + int connection_timeout; /* Max time (seconds) before + * aborting connection attempt */ + int number_of_password_prompts; /* Max number of password + * prompts. */ + int cipher; /* Cipher to use. */ + char *ciphers; /* SSH2 ciphers in order of preference. */ + char *macs; /* SSH2 macs in order of preference. */ + char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ + char *kex_algorithms; /* SSH2 kex methods in order of preference. */ + int protocol; /* Protocol in order of preference. */ + char *hostname; /* Real host to connect. */ + char *host_key_alias; /* hostname alias for .ssh/known_hosts */ + char *proxy_command; /* Proxy command for connecting the host. */ + char *user; /* User to log in as. */ + int escape_char; /* Escape character; -2 = none */ + + u_int num_system_hostfiles; /* Paths for /etc/ssh/ssh_known_hosts */ + char *system_hostfiles[SSH_MAX_HOSTS_FILES]; + u_int num_user_hostfiles; /* Path for $HOME/.ssh/known_hosts */ + char *user_hostfiles[SSH_MAX_HOSTS_FILES]; + char *preferred_authentications; + char *bind_address; /* local socket address for connection to sshd */ + char *pkcs11_provider; /* PKCS#11 provider */ + int verify_host_key_dns; /* Verify host key using DNS */ + + int num_identity_files; /* Number of files for RSA/DSA identities. */ + char *identity_files[SSH_MAX_IDENTITY_FILES]; + int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; + struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES]; + + /* Local TCP/IP forward requests. */ + int num_local_forwards; + struct Forward *local_forwards; + + /* Remote TCP/IP forward requests. */ + int num_remote_forwards; + struct Forward *remote_forwards; + int clear_forwardings; + + int enable_ssh_keysign; + int64_t rekey_limit; + int rekey_interval; + int no_host_authentication_for_localhost; + int identities_only; + int server_alive_interval; + int server_alive_count_max; + + int num_send_env; + char *send_env[MAX_SEND_ENV]; + + char *control_path; + int control_master; + int control_persist; /* ControlPersist flag */ + int control_persist_timeout; /* ControlPersist timeout (seconds) */ + + int hash_known_hosts; + + int tun_open; /* tun(4) */ + int tun_local; /* force tun device (optional) */ + int tun_remote; /* force tun device (optional) */ + + char *local_command; + int permit_local_command; + int visual_host_key; + + int use_roaming; + + int request_tty; + + int proxy_use_fdpass; + + int num_canonical_domains; + char *canonical_domains[MAX_CANON_DOMAINS]; + int canonicalize_hostname; + int canonicalize_max_dots; + int canonicalize_fallback_local; + int num_permitted_cnames; + struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS]; + + char *revoked_host_keys; + + int fingerprint_hash; + + int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */ + + char *hostbased_key_types; + char *pubkey_key_types; + + char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ +} Options; + +#define SSH_CANONICALISE_NO 0 +#define SSH_CANONICALISE_YES 1 +#define SSH_CANONICALISE_ALWAYS 2 + +#define SSHCTL_MASTER_NO 0 +#define SSHCTL_MASTER_YES 1 +#define SSHCTL_MASTER_AUTO 2 +#define SSHCTL_MASTER_ASK 3 +#define SSHCTL_MASTER_AUTO_ASK 4 + +#define REQUEST_TTY_AUTO 0 +#define REQUEST_TTY_NO 1 +#define REQUEST_TTY_YES 2 +#define REQUEST_TTY_FORCE 3 + +#define SSHCONF_CHECKPERM 1 /* check permissions on config file */ +#define SSHCONF_USERCONF 2 /* user provided config file not system */ +#define SSHCONF_POSTCANON 4 /* After hostname canonicalisation */ + +#define SSH_UPDATE_HOSTKEYS_NO 0 +#define SSH_UPDATE_HOSTKEYS_YES 1 +#define SSH_UPDATE_HOSTKEYS_ASK 2 + +void initialize_options(Options *); +void fill_default_options(Options *); +void fill_default_options_for_canonicalization(Options *); +int process_config_line(Options *, struct passwd *, const char *, + const char *, char *, const char *, int, int *, int); +int read_config_file(const char *, struct passwd *, const char *, + const char *, Options *, int); +int parse_forward(struct Forward *, const char *, int, int); +int default_ssh_port(void); +int option_clear_or_none(const char *); +void dump_client_config(Options *o, const char *host); + +void add_local_forward(Options *, const struct Forward *); +void add_remote_forward(Options *, const struct Forward *); +void add_identity_file(Options *, const char *, const char *, int); + +#endif /* READCONF_H */ diff --git a/include/DomainExec/opensshlib/readpassphrase.h b/include/DomainExec/opensshlib/readpassphrase.h new file mode 100644 index 00000000..5fd7c5d7 --- /dev/null +++ b/include/DomainExec/opensshlib/readpassphrase.h @@ -0,0 +1,44 @@ +/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */ + +/* + * Copyright (c) 2000, 2002 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +/* OPENBSD ORIGINAL: include/readpassphrase.h */ + +#ifndef _READPASSPHRASE_H_ +#define _READPASSPHRASE_H_ + +#include "includes.h" + +#ifndef HAVE_READPASSPHRASE + +#define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */ +#define RPP_ECHO_ON 0x01 /* Leave echo on. */ +#define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */ +#define RPP_FORCELOWER 0x04 /* Force input to lower case. */ +#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */ +#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */ +#define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */ + +char * readpassphrase(const char *, char *, size_t, int); + +#endif /* HAVE_READPASSPHRASE */ + +#endif /* !_READPASSPHRASE_H_ */ diff --git a/include/DomainExec/opensshlib/reallocarray.c b/include/DomainExec/opensshlib/reallocarray.c new file mode 100644 index 00000000..1a52acc6 --- /dev/null +++ b/include/DomainExec/opensshlib/reallocarray.c @@ -0,0 +1,46 @@ +/* $OpenBSD: reallocarray.c,v 1.2 2014/12/08 03:45:00 bcook Exp $ */ +/* + * Copyright (c) 2008 Otto Moerbeek + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/stdlib/reallocarray.c */ + +#include "includes.h" +#ifndef HAVE_REALLOCARRAY + +#include +#include +#ifdef HAVE_STDINT_H +#include +#endif +#include + +/* + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW + */ +#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) + +void * +reallocarray(void *optr, size_t nmemb, size_t size) +{ + if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + nmemb > 0 && SIZE_MAX / nmemb < size) { + errno = ENOMEM; + return NULL; + } + return realloc(optr, size * nmemb); +} +#endif /* HAVE_REALLOCARRAY */ diff --git a/include/DomainExec/opensshlib/recallocarray.c b/include/DomainExec/opensshlib/recallocarray.c new file mode 100644 index 00000000..1902263f --- /dev/null +++ b/include/DomainExec/opensshlib/recallocarray.c @@ -0,0 +1,93 @@ +/* $OpenBSD: recallocarray.c,v 1.1 2017/03/06 18:44:21 otto Exp $ */ +/* + * Copyright (c) 2008, 2017 Otto Moerbeek + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/stdlib/recallocarray.c */ + +#include "includes.h" +#ifndef HAVE_RECALLOCARRAY + +#include +#include +#ifdef HAVE_STDINT_H +#include +#endif +#include + +#ifndef WIN32 +#include +#endif + +/* + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW + */ +#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) + +void * +recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size) +{ + size_t oldsize, newsize; + void *newptr; + + if (ptr == NULL) + return calloc(newnmemb, size); + + if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + newnmemb > 0 && SIZE_MAX / newnmemb < size) { + errno = ENOMEM; + return NULL; + } + newsize = newnmemb * size; + + if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + oldnmemb > 0 && SIZE_MAX / oldnmemb < size) { + errno = EINVAL; + return NULL; + } + oldsize = oldnmemb * size; + + /* + * Don't bother too much if we're shrinking just a bit, + * we do not shrink for series of small steps, oh well. + */ + if (newsize <= oldsize) { + size_t d = oldsize - newsize; + + if (d < oldsize / 2 && d < (size_t)getpagesize()) { + memset((char *)ptr + newsize, 0, d); + return ptr; + } + } + + newptr = malloc(newsize); + if (newptr == NULL) + return NULL; + + if (newsize > oldsize) { + memcpy(newptr, ptr, oldsize); + memset((char *)newptr + oldsize, 0, newsize - oldsize); + } else + memcpy(newptr, ptr, newsize); + + explicit_bzero(ptr, oldsize); + free(ptr); + + return newptr; +} +/* DEF_WEAK(recallocarray); */ + +#endif /* HAVE_RECALLOCARRAY */ diff --git a/include/DomainExec/opensshlib/rijndael.c b/include/DomainExec/opensshlib/rijndael.c new file mode 100644 index 00000000..40ab7b1f --- /dev/null +++ b/include/DomainExec/opensshlib/rijndael.c @@ -0,0 +1,1129 @@ +/* $OpenBSD: rijndael.c,v 1.20 2015/03/16 11:09:52 djm Exp $ */ + +/** + * rijndael-alg-fst.c + * + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include +#include + +#include "rijndael.h" + +#undef FULL_UNROLL + +/* +Te0[x] = S [x].[02, 01, 01, 03]; +Te1[x] = S [x].[03, 02, 01, 01]; +Te2[x] = S [x].[01, 03, 02, 01]; +Te3[x] = S [x].[01, 01, 03, 02]; + +Td0[x] = Si[x].[0e, 09, 0d, 0b]; +Td1[x] = Si[x].[0b, 0e, 09, 0d]; +Td2[x] = Si[x].[0d, 0b, 0e, 09]; +Td3[x] = Si[x].[09, 0d, 0b, 0e]; +Td4[x] = Si[x].[01]; +*/ + +static const u32 Te0[256] = { + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}; +static const u32 Te1[256] = { + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}; +static const u32 Te2[256] = { + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}; +static const u32 Te3[256] = { + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +}; +#if 0 +static const u32 Td0[256] = { + 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, + 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, + 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, + 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, + 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, + 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, + 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, + 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, + 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, + 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, + 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, + 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, + 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, + 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, + 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, + 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, + 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, + 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, + 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, + 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, + 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, + 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, + 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, + 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, + 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, + 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, + 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, + 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, + 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, + 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, + 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, + 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, + 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, + 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, + 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, + 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, + 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, + 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, + 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, + 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, + 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, + 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, + 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, + 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, + 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, + 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, + 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, + 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, + 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, + 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, + 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, + 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, + 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, + 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, + 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, + 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, + 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, + 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, + 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, + 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, + 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, + 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, + 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, + 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, +}; +static const u32 Td1[256] = { + 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, + 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, + 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, + 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, + 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, + 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, + 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, + 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, + 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, + 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, + 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, + 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, + 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, + 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, + 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, + 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, + 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, + 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, + 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, + 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, + 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, + 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, + 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, + 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, + 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, + 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, + 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, + 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, + 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, + 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, + 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, + 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, + 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, + 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, + 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, + 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, + 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, + 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, + 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, + 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, + 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, + 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, + 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, + 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, + 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, + 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, + 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, + 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, + 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, + 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, + 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, + 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, + 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, + 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, + 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, + 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, + 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, + 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, + 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, + 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, + 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, + 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, + 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, + 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, +}; +static const u32 Td2[256] = { + 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, + 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, + 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, + 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, + 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, + 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, + 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, + 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, + 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, + 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, + 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, + 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, + 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, + 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, + 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, + 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, + 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, + 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, + 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, + 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, + 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, + 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, + 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, + 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, + 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, + 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, + 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, + 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, + 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, + 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, + 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, + 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, + 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, + 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, + 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, + 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, + 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, + 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, + 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, + 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, + 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, + 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, + 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, + 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, + 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, + 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, + 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, + 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, + 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, + 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, + 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, + 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, + 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, + 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, + 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, + 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, + 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, + 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, + 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, + 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, + 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, + 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, + 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, + 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, +}; +static const u32 Td3[256] = { + 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, + 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, + 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, + 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, + 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, + 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, + 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, + 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, + 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, + 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, + 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, + 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, + 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, + 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, + 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, + 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, + 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, + 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, + 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, + 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, + 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, + 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, + 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, + 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, + 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, + 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, + 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, + 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, + 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, + 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, + 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, + 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, + 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, + 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, + 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, + 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, + 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, + 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, + 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, + 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, + 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, + 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, + 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, + 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, + 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, + 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, + 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, + 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, + 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, + 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, + 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, + 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, + 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, + 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, + 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, + 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, + 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, + 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, + 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, + 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, + 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, + 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, + 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, + 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, +}; +static const u8 Td4[256] = { + 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, + 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, + 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, + 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, + 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, + 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, + 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, + 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, + 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, + 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, + 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, + 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, + 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, + 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, + 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, + 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, + 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, + 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, + 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, + 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, + 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, + 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, + 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, + 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, + 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, + 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, + 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, + 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, + 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, + 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, + 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, + 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, +}; +#endif +static const u32 rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; + +#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } + +/** + * Expand the cipher key into the encryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +int +rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) +{ + int i = 0; + u32 temp; + + rk[0] = GETU32(cipherKey ); + rk[1] = GETU32(cipherKey + 4); + rk[2] = GETU32(cipherKey + 8); + rk[3] = GETU32(cipherKey + 12); + if (keyBits == 128) { + for (;;) { + temp = rk[3]; + rk[4] = rk[0] ^ + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp ) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 10; + } + rk += 4; + } + } + rk[4] = GETU32(cipherKey + 16); + rk[5] = GETU32(cipherKey + 20); + if (keyBits == 192) { + for (;;) { + temp = rk[ 5]; + rk[ 6] = rk[ 0] ^ + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp ) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 7] = rk[ 1] ^ rk[ 6]; + rk[ 8] = rk[ 2] ^ rk[ 7]; + rk[ 9] = rk[ 3] ^ rk[ 8]; + if (++i == 8) { + return 12; + } + rk[10] = rk[ 4] ^ rk[ 9]; + rk[11] = rk[ 5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(cipherKey + 24); + rk[7] = GETU32(cipherKey + 28); + if (keyBits == 256) { + for (;;) { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp ) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; + rk[11] = rk[ 3] ^ rk[10]; + if (++i == 7) { + return 14; + } + temp = rk[11]; + rk[12] = rk[ 4] ^ + (Te2[(temp >> 24) ] & 0xff000000) ^ + (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(temp ) & 0xff] & 0x000000ff); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; + rk += 8; + } + } + return 0; +} + +#if 0 +/** + * Expand the cipher key into the decryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +int +rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) +{ + int Nr, i, j; + u32 temp; + + /* expand the cipher key: */ + Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); + + /* invert the order of the round keys: */ + for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { + temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + for (i = 1; i < Nr; i++) { + rk += 4; + rk[0] = + Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[0] ) & 0xff] & 0xff]; + rk[1] = + Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[1] ) & 0xff] & 0xff]; + rk[2] = + Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[2] ) & 0xff] & 0xff]; + rk[3] = + Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ + Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[3] ) & 0xff] & 0xff]; + } + return Nr; +} +#endif + +void +rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], + u8 ct[16]) +{ + u32 s0, s1, s2, s3, t0, t1, t2, t3; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(pt ) ^ rk[0]; + s1 = GETU32(pt + 4) ^ rk[1]; + s2 = GETU32(pt + 8) ^ rk[2]; + s3 = GETU32(pt + 12) ^ rk[3]; +#ifdef FULL_UNROLL + /* round 1: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; + /* round 3: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; + /* round 5: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; + /* round 7: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; + /* round 9: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + if (Nr > 10) { + /* round 10: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; + if (Nr > 12) { + /* round 12: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; + } + } + rk += Nr << 2; +#else /* !FULL_UNROLL */ + /* + * Nr - 1 full rounds: + */ + r = Nr >> 1; + for (;;) { + t0 = + Te0[(s0 >> 24) ] ^ + Te1[(s1 >> 16) & 0xff] ^ + Te2[(s2 >> 8) & 0xff] ^ + Te3[(s3 ) & 0xff] ^ + rk[4]; + t1 = + Te0[(s1 >> 24) ] ^ + Te1[(s2 >> 16) & 0xff] ^ + Te2[(s3 >> 8) & 0xff] ^ + Te3[(s0 ) & 0xff] ^ + rk[5]; + t2 = + Te0[(s2 >> 24) ] ^ + Te1[(s3 >> 16) & 0xff] ^ + Te2[(s0 >> 8) & 0xff] ^ + Te3[(s1 ) & 0xff] ^ + rk[6]; + t3 = + Te0[(s3 >> 24) ] ^ + Te1[(s0 >> 16) & 0xff] ^ + Te2[(s1 >> 8) & 0xff] ^ + Te3[(s2 ) & 0xff] ^ + rk[7]; + + rk += 8; + if (--r == 0) { + break; + } + + s0 = + Te0[(t0 >> 24) ] ^ + Te1[(t1 >> 16) & 0xff] ^ + Te2[(t2 >> 8) & 0xff] ^ + Te3[(t3 ) & 0xff] ^ + rk[0]; + s1 = + Te0[(t1 >> 24) ] ^ + Te1[(t2 >> 16) & 0xff] ^ + Te2[(t3 >> 8) & 0xff] ^ + Te3[(t0 ) & 0xff] ^ + rk[1]; + s2 = + Te0[(t2 >> 24) ] ^ + Te1[(t3 >> 16) & 0xff] ^ + Te2[(t0 >> 8) & 0xff] ^ + Te3[(t1 ) & 0xff] ^ + rk[2]; + s3 = + Te0[(t3 >> 24) ] ^ + Te1[(t0 >> 16) & 0xff] ^ + Te2[(t1 >> 8) & 0xff] ^ + Te3[(t2 ) & 0xff] ^ + rk[3]; + } +#endif /* ?FULL_UNROLL */ + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Te2[(t0 >> 24) ] & 0xff000000) ^ + (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t3 ) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(ct , s0); + s1 = + (Te2[(t1 >> 24) ] & 0xff000000) ^ + (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t0 ) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(ct + 4, s1); + s2 = + (Te2[(t2 >> 24) ] & 0xff000000) ^ + (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t1 ) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(ct + 8, s2); + s3 = + (Te2[(t3 >> 24) ] & 0xff000000) ^ + (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t2 ) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(ct + 12, s3); +} + +#if 0 +static void +rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], + u8 pt[16]) +{ + u32 s0, s1, s2, s3, t0, t1, t2, t3; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(ct ) ^ rk[0]; + s1 = GETU32(ct + 4) ^ rk[1]; + s2 = GETU32(ct + 8) ^ rk[2]; + s3 = GETU32(ct + 12) ^ rk[3]; +#ifdef FULL_UNROLL + /* round 1: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; + /* round 3: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; + /* round 5: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; + /* round 7: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; + /* round 9: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; + if (Nr > 10) { + /* round 10: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; + if (Nr > 12) { + /* round 12: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; + } + } + rk += Nr << 2; +#else /* !FULL_UNROLL */ + /* + * Nr - 1 full rounds: + */ + r = Nr >> 1; + for (;;) { + t0 = + Td0[(s0 >> 24) ] ^ + Td1[(s3 >> 16) & 0xff] ^ + Td2[(s2 >> 8) & 0xff] ^ + Td3[(s1 ) & 0xff] ^ + rk[4]; + t1 = + Td0[(s1 >> 24) ] ^ + Td1[(s0 >> 16) & 0xff] ^ + Td2[(s3 >> 8) & 0xff] ^ + Td3[(s2 ) & 0xff] ^ + rk[5]; + t2 = + Td0[(s2 >> 24) ] ^ + Td1[(s1 >> 16) & 0xff] ^ + Td2[(s0 >> 8) & 0xff] ^ + Td3[(s3 ) & 0xff] ^ + rk[6]; + t3 = + Td0[(s3 >> 24) ] ^ + Td1[(s2 >> 16) & 0xff] ^ + Td2[(s1 >> 8) & 0xff] ^ + Td3[(s0 ) & 0xff] ^ + rk[7]; + + rk += 8; + if (--r == 0) { + break; + } + + s0 = + Td0[(t0 >> 24) ] ^ + Td1[(t3 >> 16) & 0xff] ^ + Td2[(t2 >> 8) & 0xff] ^ + Td3[(t1 ) & 0xff] ^ + rk[0]; + s1 = + Td0[(t1 >> 24) ] ^ + Td1[(t0 >> 16) & 0xff] ^ + Td2[(t3 >> 8) & 0xff] ^ + Td3[(t2 ) & 0xff] ^ + rk[1]; + s2 = + Td0[(t2 >> 24) ] ^ + Td1[(t1 >> 16) & 0xff] ^ + Td2[(t0 >> 8) & 0xff] ^ + Td3[(t3 ) & 0xff] ^ + rk[2]; + s3 = + Td0[(t3 >> 24) ] ^ + Td1[(t2 >> 16) & 0xff] ^ + Td2[(t1 >> 8) & 0xff] ^ + Td3[(t0 ) & 0xff] ^ + rk[3]; + } +#endif /* ?FULL_UNROLL */ + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Td4[(t0 >> 24) ] << 24) ^ + (Td4[(t3 >> 16) & 0xff] << 16) ^ + (Td4[(t2 >> 8) & 0xff] << 8) ^ + (Td4[(t1 ) & 0xff]) ^ + rk[0]; + PUTU32(pt , s0); + s1 = + (Td4[(t1 >> 24) ] << 24) ^ + (Td4[(t0 >> 16) & 0xff] << 16) ^ + (Td4[(t3 >> 8) & 0xff] << 8) ^ + (Td4[(t2 ) & 0xff]) ^ + rk[1]; + PUTU32(pt + 4, s1); + s2 = + (Td4[(t2 >> 24) ] << 24) ^ + (Td4[(t1 >> 16) & 0xff] << 16) ^ + (Td4[(t0 >> 8) & 0xff] << 8) ^ + (Td4[(t3 ) & 0xff]) ^ + rk[2]; + PUTU32(pt + 8, s2); + s3 = + (Td4[(t3 >> 24) ] << 24) ^ + (Td4[(t2 >> 16) & 0xff] << 16) ^ + (Td4[(t1 >> 8) & 0xff] << 8) ^ + (Td4[(t0 ) & 0xff]) ^ + rk[3]; + PUTU32(pt + 12, s3); +} +#endif diff --git a/include/DomainExec/opensshlib/rijndael.h b/include/DomainExec/opensshlib/rijndael.h new file mode 100644 index 00000000..53e74e0a --- /dev/null +++ b/include/DomainExec/opensshlib/rijndael.h @@ -0,0 +1,56 @@ +/* $OpenBSD: rijndael.h,v 1.14 2014/04/29 15:42:07 markus Exp $ */ + +/** + * rijndael-alg-fst.h + * + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _PRIVATE_RIJNDAEL_H +#define _PRIVATE_RIJNDAEL_H + +#define AES_MAXKEYBITS (256) +#define AES_MAXKEYBYTES (AES_MAXKEYBITS/8) +/* for 256-bit keys, fewer for less */ +#define AES_MAXROUNDS 14 + +typedef unsigned char u8; +typedef unsigned short u16; +typedef unsigned int u32; + +int rijndaelKeySetupEnc(unsigned int [], const unsigned char [], int); +void rijndaelEncrypt(const unsigned int [], int, const unsigned char [], + unsigned char []); + +/* The structure for key information */ +typedef struct { + int decrypt; + int Nr; /* key-length-dependent number of rounds */ + u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */ + u32 dk[4*(AES_MAXROUNDS + 1)]; /* decrypt key schedule */ +} rijndael_ctx; + +void rijndael_set_key(rijndael_ctx *, u_char *, int, int); +void rijndael_decrypt(rijndael_ctx *, u_char *, u_char *); +void rijndael_encrypt(rijndael_ctx *, u_char *, u_char *); + +#endif /* _PRIVATE_RIJNDAEL_H */ diff --git a/include/DomainExec/opensshlib/rmd160.h b/include/DomainExec/opensshlib/rmd160.h new file mode 100644 index 00000000..99c1dcdc --- /dev/null +++ b/include/DomainExec/opensshlib/rmd160.h @@ -0,0 +1,61 @@ +/* $OpenBSD: rmd160.h,v 1.17 2012/12/05 23:19:57 deraadt Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _RMD160_H +#define _RMD160_H + +#ifndef WITH_OPENSSL + +#define RMD160_BLOCK_LENGTH 64 +#define RMD160_DIGEST_LENGTH 20 +#define RMD160_DIGEST_STRING_LENGTH (RMD160_DIGEST_LENGTH * 2 + 1) + +/* RMD160 context. */ +typedef struct RMD160Context { + u_int32_t state[5]; /* state */ + u_int64_t count; /* number of bits, mod 2^64 */ + u_int8_t buffer[RMD160_BLOCK_LENGTH]; /* input buffer */ +} RMD160_CTX; + +void RMD160Init(RMD160_CTX *); +void RMD160Transform(u_int32_t [5], const u_int8_t [RMD160_BLOCK_LENGTH]) + __attribute__((__bounded__(__minbytes__,1,5))) + __attribute__((__bounded__(__minbytes__,2,RMD160_BLOCK_LENGTH))); +void RMD160Update(RMD160_CTX *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void RMD160Pad(RMD160_CTX *); +void RMD160Final(u_int8_t [RMD160_DIGEST_LENGTH], RMD160_CTX *) + __attribute__((__bounded__(__minbytes__,1,RMD160_DIGEST_LENGTH))); +char *RMD160End(RMD160_CTX *, char *) + __attribute__((__bounded__(__minbytes__,2,RMD160_DIGEST_STRING_LENGTH))); +char *RMD160File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,RMD160_DIGEST_STRING_LENGTH))); +char *RMD160FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,RMD160_DIGEST_STRING_LENGTH))); +char *RMD160Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,RMD160_DIGEST_STRING_LENGTH))); + +#endif /* !WITH_OPENSSL */ +#endif /* _RMD160_H */ diff --git a/include/DomainExec/opensshlib/rsa.c b/include/DomainExec/opensshlib/rsa.c new file mode 100644 index 00000000..1d0178ad --- /dev/null +++ b/include/DomainExec/opensshlib/rsa.c @@ -0,0 +1,200 @@ +/* $OpenBSD: rsa.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */ +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + * + * + * Copyright (c) 1999 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * + * Description of the RSA algorithm can be found e.g. from the following + * sources: + * + * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994. + * + * Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to + * Computer Security. Prentice-Hall, 1989. + * + * Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill, + * 1994. + * + * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications + * System and Method. US Patent 4,405,829, 1983. + * + * Hans Riesel: Prime Numbers and Computer Methods for Factorization. + * Birkhauser, 1994. + * + * The RSA Frequently Asked Questions document by RSA Data Security, + * Inc., 1995. + * + * RSA in 3 lines of perl by Adam Back , 1995, as + * included below: + * + * [gone - had to be deleted - what a pity] + */ + +#include "includes.h" + +#include + +#include +#include + +#include "rsa.h" +#include "log.h" +#include "ssherr.h" + +int +rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) +{ + u_char *inbuf = NULL, *outbuf = NULL; + int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; + + const BIGNUM *key_n, *key_e, *key_d; + RSA_get0_key(key, &key_n, &key_e, &key_d); + + if (BN_num_bits(key_e) < 2 || !BN_is_odd(key_e)) + return SSH_ERR_INVALID_ARGUMENT; + + olen = BN_num_bytes(key_n); + if ((outbuf = malloc(olen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + ilen = BN_num_bytes(in); + if ((inbuf = malloc(ilen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + BN_bn2bin(in, inbuf); + + if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key, + RSA_PKCS1_PADDING)) <= 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + if (BN_bin2bn(outbuf, len, out) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + r = 0; + + out: + if (outbuf != NULL) { + explicit_bzero(outbuf, olen); + free(outbuf); + } + if (inbuf != NULL) { + explicit_bzero(inbuf, ilen); + free(inbuf); + } + return r; +} + +int +rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) +{ + u_char *inbuf = NULL, *outbuf = NULL; + int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; + + const BIGNUM *key_n, *key_e, *key_d; + RSA_get0_key(key, &key_n, &key_e, &key_d); + + olen = BN_num_bytes(key_n); + if ((outbuf = malloc(olen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + ilen = BN_num_bytes(in); + if ((inbuf = malloc(ilen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + BN_bn2bin(in, inbuf); + + if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key, + RSA_PKCS1_PADDING)) <= 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } else if (BN_bin2bn(outbuf, len, out) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + r = 0; + out: + if (outbuf != NULL) { + explicit_bzero(outbuf, olen); + free(outbuf); + } + if (inbuf != NULL) { + explicit_bzero(inbuf, ilen); + free(inbuf); + } + return r; +} + +/* calculate p-1 and q-1 */ +int +rsa_generate_additional_parameters(RSA *rsa) +{ + BIGNUM *aux = NULL; + BN_CTX *ctx = NULL; + int r; + + BIGNUM *rsa_d, *rsa_p, *rsa_q; + BIGNUM *rsa_dmp1, *rsa_dmq1; + RSA_get0_key(rsa, NULL, NULL, (const BIGNUM**)&rsa_d); + RSA_get0_factors(rsa, (const BIGNUM**)&rsa_p, (const BIGNUM**)&rsa_q); + RSA_get0_crt_params(rsa, (const BIGNUM**)&rsa_dmp1, (const BIGNUM**)&rsa_dmq1, NULL); + + if ((ctx = BN_CTX_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((aux = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if ((BN_sub(aux, rsa_q, BN_value_one()) == 0) || + (BN_mod(rsa_dmq1, rsa_d, aux, ctx) == 0) || + (BN_sub(aux, rsa_p, BN_value_one()) == 0) || + (BN_mod(rsa_dmp1, rsa_d, aux, ctx) == 0)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + r = 0; + out: + BN_clear_free(aux); + BN_CTX_free(ctx); + return r; +} + diff --git a/include/DomainExec/opensshlib/rsa.h b/include/DomainExec/opensshlib/rsa.h new file mode 100644 index 00000000..c476707d --- /dev/null +++ b/include/DomainExec/opensshlib/rsa.h @@ -0,0 +1,26 @@ +/* $OpenBSD: rsa.h,v 1.17 2014/06/24 01:13:21 djm Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * RSA key generation, encryption and decryption. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#ifndef RSA_H +#define RSA_H + +#include +#include + +int rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); +int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *); +int rsa_generate_additional_parameters(RSA *); + +#endif /* RSA_H */ diff --git a/include/DomainExec/opensshlib/sc25519.c b/include/DomainExec/opensshlib/sc25519.c new file mode 100644 index 00000000..1568d9a5 --- /dev/null +++ b/include/DomainExec/opensshlib/sc25519.c @@ -0,0 +1,308 @@ +/* $OpenBSD: sc25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c + */ + +#include "includes.h" + +#include "sc25519.h" + +/*Arithmetic modulo the group order m = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */ + +static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; + +static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, + 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; + +static crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ +{ + unsigned int x = a; + x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */ + x >>= 31; /* 0: no; 1: yes */ + return x; +} + +/* Reduce coefficients of r before calling reduce_add_sub */ +static void reduce_add_sub(sc25519 *r) +{ + crypto_uint32 pb = 0; + crypto_uint32 b; + crypto_uint32 mask; + int i; + unsigned char t[32]; + + for(i=0;i<32;i++) + { + pb += m[i]; + b = lt(r->v[i],pb); + t[i] = r->v[i]-pb+(b<<8); + pb = b; + } + mask = b - 1; + for(i=0;i<32;i++) + r->v[i] ^= mask & (r->v[i] ^ t[i]); +} + +/* Reduce coefficients of x before calling barrett_reduce */ +static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64]) +{ + /* See HAC, Alg. 14.42 */ + int i,j; + crypto_uint32 q2[66]; + crypto_uint32 *q3 = q2 + 33; + crypto_uint32 r1[33]; + crypto_uint32 r2[33]; + crypto_uint32 carry; + crypto_uint32 pb = 0; + crypto_uint32 b; + + for (i = 0;i < 66;++i) q2[i] = 0; + for (i = 0;i < 33;++i) r2[i] = 0; + + for(i=0;i<33;i++) + for(j=0;j<33;j++) + if(i+j >= 31) q2[i+j] += mu[i]*x[j+31]; + carry = q2[31] >> 8; + q2[32] += carry; + carry = q2[32] >> 8; + q2[33] += carry; + + for(i=0;i<33;i++)r1[i] = x[i]; + for(i=0;i<32;i++) + for(j=0;j<33;j++) + if(i+j < 33) r2[i+j] += m[i]*q3[j]; + + for(i=0;i<32;i++) + { + carry = r2[i] >> 8; + r2[i+1] += carry; + r2[i] &= 0xff; + } + + for(i=0;i<32;i++) + { + pb += r2[i]; + b = lt(r1[i],pb); + r->v[i] = r1[i]-pb+(b<<8); + pb = b; + } + + /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 + * If so: Handle it here! + */ + + reduce_add_sub(r); + reduce_add_sub(r); +} + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]) +{ + int i; + crypto_uint32 t[64]; + for(i=0;i<32;i++) t[i] = x[i]; + for(i=32;i<64;++i) t[i] = 0; + barrett_reduce(r, t); +} + +void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]) +{ + int i; + for(i=0;i<16;i++) r->v[i] = x[i]; +} + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]) +{ + int i; + crypto_uint32 t[64]; + for(i=0;i<64;i++) t[i] = x[i]; + barrett_reduce(r, t); +} + +void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x) +{ + int i; + for(i=0;i<16;i++) + r->v[i] = x->v[i]; + for(i=0;i<16;i++) + r->v[16+i] = 0; +} + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) +{ + int i; + for(i=0;i<32;i++) r[i] = x->v[i]; +} + +int sc25519_iszero_vartime(const sc25519 *x) +{ + int i; + for(i=0;i<32;i++) + if(x->v[i] != 0) return 0; + return 1; +} + +int sc25519_isshort_vartime(const sc25519 *x) +{ + int i; + for(i=31;i>15;i--) + if(x->v[i] != 0) return 0; + return 1; +} + +int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y) +{ + int i; + for(i=31;i>=0;i--) + { + if(x->v[i] < y->v[i]) return 1; + if(x->v[i] > y->v[i]) return 0; + } + return 0; +} + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i, carry; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + for(i=0;i<31;i++) + { + carry = r->v[i] >> 8; + r->v[i+1] += carry; + r->v[i] &= 0xff; + } + reduce_add_sub(r); +} + +void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + crypto_uint32 b = 0; + crypto_uint32 t; + int i; + for(i=0;i<32;i++) + { + t = x->v[i] - y->v[i] - b; + r->v[i] = t & 255; + b = (t >> 8) & 1; + } +} + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i,j,carry; + crypto_uint32 t[64]; + for(i=0;i<64;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + /* Reduce coefficients */ + for(i=0;i<63;i++) + { + carry = t[i] >> 8; + t[i+1] += carry; + t[i] &= 0xff; + } + + barrett_reduce(r, t); +} + +void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y) +{ + sc25519 t; + sc25519_from_shortsc(&t, y); + sc25519_mul(r, x, &t); +} + +void sc25519_window3(signed char r[85], const sc25519 *s) +{ + char carry; + int i; + for(i=0;i<10;i++) + { + r[8*i+0] = s->v[3*i+0] & 7; + r[8*i+1] = (s->v[3*i+0] >> 3) & 7; + r[8*i+2] = (s->v[3*i+0] >> 6) & 7; + r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; + r[8*i+3] = (s->v[3*i+1] >> 1) & 7; + r[8*i+4] = (s->v[3*i+1] >> 4) & 7; + r[8*i+5] = (s->v[3*i+1] >> 7) & 7; + r[8*i+5] ^= (s->v[3*i+2] << 1) & 7; + r[8*i+6] = (s->v[3*i+2] >> 2) & 7; + r[8*i+7] = (s->v[3*i+2] >> 5) & 7; + } + r[8*i+0] = s->v[3*i+0] & 7; + r[8*i+1] = (s->v[3*i+0] >> 3) & 7; + r[8*i+2] = (s->v[3*i+0] >> 6) & 7; + r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; + r[8*i+3] = (s->v[3*i+1] >> 1) & 7; + r[8*i+4] = (s->v[3*i+1] >> 4) & 7; + + /* Making it signed */ + carry = 0; + for(i=0;i<84;i++) + { + r[i] += carry; + r[i+1] += r[i] >> 3; + r[i] &= 7; + carry = r[i] >> 2; + r[i] -= carry<<3; + } + r[84] += carry; +} + +void sc25519_window5(signed char r[51], const sc25519 *s) +{ + char carry; + int i; + for(i=0;i<6;i++) + { + r[8*i+0] = s->v[5*i+0] & 31; + r[8*i+1] = (s->v[5*i+0] >> 5) & 31; + r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; + r[8*i+2] = (s->v[5*i+1] >> 2) & 31; + r[8*i+3] = (s->v[5*i+1] >> 7) & 31; + r[8*i+3] ^= (s->v[5*i+2] << 1) & 31; + r[8*i+4] = (s->v[5*i+2] >> 4) & 31; + r[8*i+4] ^= (s->v[5*i+3] << 4) & 31; + r[8*i+5] = (s->v[5*i+3] >> 1) & 31; + r[8*i+6] = (s->v[5*i+3] >> 6) & 31; + r[8*i+6] ^= (s->v[5*i+4] << 2) & 31; + r[8*i+7] = (s->v[5*i+4] >> 3) & 31; + } + r[8*i+0] = s->v[5*i+0] & 31; + r[8*i+1] = (s->v[5*i+0] >> 5) & 31; + r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; + r[8*i+2] = (s->v[5*i+1] >> 2) & 31; + + /* Making it signed */ + carry = 0; + for(i=0;i<50;i++) + { + r[i] += carry; + r[i+1] += r[i] >> 5; + r[i] &= 31; + carry = r[i] >> 4; + r[i] -= carry<<5; + } + r[50] += carry; +} + +void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2) +{ + int i; + for(i=0;i<31;i++) + { + r[4*i] = ( s1->v[i] & 3) ^ (( s2->v[i] & 3) << 2); + r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2); + r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2); + r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2); + } + r[124] = ( s1->v[31] & 3) ^ (( s2->v[31] & 3) << 2); + r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2); + r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2); +} diff --git a/include/DomainExec/opensshlib/sc25519.h b/include/DomainExec/opensshlib/sc25519.h new file mode 100644 index 00000000..a2c15d5f --- /dev/null +++ b/include/DomainExec/opensshlib/sc25519.h @@ -0,0 +1,80 @@ +/* $OpenBSD: sc25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, + * Peter Schwabe, Bo-Yin Yang. + * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.h + */ + +#ifndef SC25519_H +#define SC25519_H + +#include "crypto_api.h" + +#define sc25519 crypto_sign_ed25519_ref_sc25519 +#define shortsc25519 crypto_sign_ed25519_ref_shortsc25519 +#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes +#define shortsc25519_from16bytes crypto_sign_ed25519_ref_shortsc25519_from16bytes +#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes +#define sc25519_from_shortsc crypto_sign_ed25519_ref_sc25519_from_shortsc +#define sc25519_to32bytes crypto_sign_ed25519_ref_sc25519_to32bytes +#define sc25519_iszero_vartime crypto_sign_ed25519_ref_sc25519_iszero_vartime +#define sc25519_isshort_vartime crypto_sign_ed25519_ref_sc25519_isshort_vartime +#define sc25519_lt_vartime crypto_sign_ed25519_ref_sc25519_lt_vartime +#define sc25519_add crypto_sign_ed25519_ref_sc25519_add +#define sc25519_sub_nored crypto_sign_ed25519_ref_sc25519_sub_nored +#define sc25519_mul crypto_sign_ed25519_ref_sc25519_mul +#define sc25519_mul_shortsc crypto_sign_ed25519_ref_sc25519_mul_shortsc +#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3 +#define sc25519_window5 crypto_sign_ed25519_ref_sc25519_window5 +#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2 + +typedef struct +{ + crypto_uint32 v[32]; +} +sc25519; + +typedef struct +{ + crypto_uint32 v[16]; +} +shortsc25519; + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); + +void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]); + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); + +void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x); + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); + +int sc25519_iszero_vartime(const sc25519 *x); + +int sc25519_isshort_vartime(const sc25519 *x); + +int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y); + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y); + +/* Convert s into a representation of the form \sum_{i=0}^{84}r[i]2^3 + * with r[i] in {-4,...,3} + */ +void sc25519_window3(signed char r[85], const sc25519 *s); + +/* Convert s into a representation of the form \sum_{i=0}^{50}r[i]2^5 + * with r[i] in {-16,...,15} + */ +void sc25519_window5(signed char r[51], const sc25519 *s); + +void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); + +#endif diff --git a/include/DomainExec/opensshlib/sha1.h b/include/DomainExec/opensshlib/sha1.h new file mode 100644 index 00000000..327d94cd --- /dev/null +++ b/include/DomainExec/opensshlib/sha1.h @@ -0,0 +1,58 @@ +/* $OpenBSD: sha1.h,v 1.24 2012/12/05 23:19:57 deraadt Exp $ */ + +/* + * SHA-1 in C + * By Steve Reid + * 100% Public Domain + */ + +#ifndef _SHA1_H +#define _SHA1_H + +#ifndef WITH_OPENSSL + +#define SHA1_BLOCK_LENGTH 64 +#define SHA1_DIGEST_LENGTH 20 +#define SHA1_DIGEST_STRING_LENGTH (SHA1_DIGEST_LENGTH * 2 + 1) + +typedef struct { + u_int32_t state[5]; + u_int64_t count; + u_int8_t buffer[SHA1_BLOCK_LENGTH]; +} SHA1_CTX; + +void SHA1Init(SHA1_CTX *); +void SHA1Pad(SHA1_CTX *); +void SHA1Transform(u_int32_t [5], const u_int8_t [SHA1_BLOCK_LENGTH]) + __attribute__((__bounded__(__minbytes__,1,5))) + __attribute__((__bounded__(__minbytes__,2,SHA1_BLOCK_LENGTH))); +void SHA1Update(SHA1_CTX *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void SHA1Final(u_int8_t [SHA1_DIGEST_LENGTH], SHA1_CTX *) + __attribute__((__bounded__(__minbytes__,1,SHA1_DIGEST_LENGTH))); +char *SHA1End(SHA1_CTX *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA1_DIGEST_STRING_LENGTH))); +char *SHA1File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA1_DIGEST_STRING_LENGTH))); +char *SHA1FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,SHA1_DIGEST_STRING_LENGTH))); +char *SHA1Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,SHA1_DIGEST_STRING_LENGTH))); + +#define HTONDIGEST(x) do { \ + x[0] = htonl(x[0]); \ + x[1] = htonl(x[1]); \ + x[2] = htonl(x[2]); \ + x[3] = htonl(x[3]); \ + x[4] = htonl(x[4]); } while (0) + +#define NTOHDIGEST(x) do { \ + x[0] = ntohl(x[0]); \ + x[1] = ntohl(x[1]); \ + x[2] = ntohl(x[2]); \ + x[3] = ntohl(x[3]); \ + x[4] = ntohl(x[4]); } while (0) + +#endif /* !WITH_OPENSSL */ +#endif /* _SHA1_H */ diff --git a/include/DomainExec/opensshlib/sha2.c b/include/DomainExec/opensshlib/sha2.c new file mode 100644 index 00000000..545ba886 --- /dev/null +++ b/include/DomainExec/opensshlib/sha2.c @@ -0,0 +1,897 @@ +/* $OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp $ */ + +/* + * FILE: sha2.c + * AUTHOR: Aaron D. Gifford + * + * Copyright (c) 2000-2001, Aaron D. Gifford + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ + */ + +/* OPENBSD ORIGINAL: lib/libc/hash/sha2.c */ + +#include "includes.h" + +#include + +#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \ + (OPENSSL_VERSION_NUMBER >= 0x00907000L) +#include +#include +#include "sha2.h" + +/* + * UNROLLED TRANSFORM LOOP NOTE: + * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform + * loop version for the hash transform rounds (defined using macros + * later in this file). Either define on the command line, for example: + * + * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c + * + * or define below: + * + * #define SHA2_UNROLL_TRANSFORM + * + */ + +/*** SHA-256/384/512 Machine Architecture Definitions *****************/ +/* + * BYTE_ORDER NOTE: + * + * Please make sure that your system defines BYTE_ORDER. If your + * architecture is little-endian, make sure it also defines + * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are + * equivilent. + * + * If your system does not define the above, then you can do so by + * hand like this: + * + * #define LITTLE_ENDIAN 1234 + * #define BIG_ENDIAN 4321 + * + * And for little-endian machines, add: + * + * #define BYTE_ORDER LITTLE_ENDIAN + * + * Or for big-endian machines: + * + * #define BYTE_ORDER BIG_ENDIAN + * + * The FreeBSD machine this was written on defines BYTE_ORDER + * appropriately by including (which in turn includes + * where the appropriate definitions are actually + * made). + */ +#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) +#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN +#endif + + +/*** SHA-256/384/512 Various Length Definitions ***********************/ +/* NOTE: Most of these are in sha2.h */ +#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) +#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) +#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) + +/*** ENDIAN SPECIFIC COPY MACROS **************************************/ +#define BE_8_TO_32(dst, cp) do { \ + (dst) = (u_int32_t)(cp)[3] | ((u_int32_t)(cp)[2] << 8) | \ + ((u_int32_t)(cp)[1] << 16) | ((u_int32_t)(cp)[0] << 24); \ +} while(0) + +#define BE_8_TO_64(dst, cp) do { \ + (dst) = (u_int64_t)(cp)[7] | ((u_int64_t)(cp)[6] << 8) | \ + ((u_int64_t)(cp)[5] << 16) | ((u_int64_t)(cp)[4] << 24) | \ + ((u_int64_t)(cp)[3] << 32) | ((u_int64_t)(cp)[2] << 40) | \ + ((u_int64_t)(cp)[1] << 48) | ((u_int64_t)(cp)[0] << 56); \ +} while (0) + +#define BE_64_TO_8(cp, src) do { \ + (cp)[0] = (src) >> 56; \ + (cp)[1] = (src) >> 48; \ + (cp)[2] = (src) >> 40; \ + (cp)[3] = (src) >> 32; \ + (cp)[4] = (src) >> 24; \ + (cp)[5] = (src) >> 16; \ + (cp)[6] = (src) >> 8; \ + (cp)[7] = (src); \ +} while (0) + +#define BE_32_TO_8(cp, src) do { \ + (cp)[0] = (src) >> 24; \ + (cp)[1] = (src) >> 16; \ + (cp)[2] = (src) >> 8; \ + (cp)[3] = (src); \ +} while (0) + +/* + * Macro for incrementally adding the unsigned 64-bit integer n to the + * unsigned 128-bit integer (represented using a two-element array of + * 64-bit words): + */ +#define ADDINC128(w,n) do { \ + (w)[0] += (u_int64_t)(n); \ + if ((w)[0] < (n)) { \ + (w)[1]++; \ + } \ +} while (0) + +/*** THE SIX LOGICAL FUNCTIONS ****************************************/ +/* + * Bit shifting and rotation (used by the six SHA-XYZ logical functions: + * + * NOTE: The naming of R and S appears backwards here (R is a SHIFT and + * S is a ROTATION) because the SHA-256/384/512 description document + * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this + * same "backwards" definition. + */ +/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ +#define R(b,x) ((x) >> (b)) +/* 32-bit Rotate-right (used in SHA-256): */ +#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) +/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ +#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) + +/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +/* Four of six logical functions used in SHA-256: */ +#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) +#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) +#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) +#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) + +/* Four of six logical functions used in SHA-384 and SHA-512: */ +#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) +#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) +#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) +#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) + + +/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ +/* Hash constant words K for SHA-256: */ +const static u_int32_t K256[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, + 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, + 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, + 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, + 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, + 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, + 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, + 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, + 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, + 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, + 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, + 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; + +/* Initial hash value H for SHA-256: */ +const static u_int32_t sha256_initial_hash_value[8] = { + 0x6a09e667UL, + 0xbb67ae85UL, + 0x3c6ef372UL, + 0xa54ff53aUL, + 0x510e527fUL, + 0x9b05688cUL, + 0x1f83d9abUL, + 0x5be0cd19UL +}; + +/* Hash constant words K for SHA-384 and SHA-512: */ +const static u_int64_t K512[80] = { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, + 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, + 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, + 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, + 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, + 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, + 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, + 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, + 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, + 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, + 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, + 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, + 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, + 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +/* Initial hash value H for SHA-384 */ +const static u_int64_t sha384_initial_hash_value[8] = { + 0xcbbb9d5dc1059ed8ULL, + 0x629a292a367cd507ULL, + 0x9159015a3070dd17ULL, + 0x152fecd8f70e5939ULL, + 0x67332667ffc00b31ULL, + 0x8eb44a8768581511ULL, + 0xdb0c2e0d64f98fa7ULL, + 0x47b5481dbefa4fa4ULL +}; + +/* Initial hash value H for SHA-512 */ +const static u_int64_t sha512_initial_hash_value[8] = { + 0x6a09e667f3bcc908ULL, + 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, + 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, + 0x5be0cd19137e2179ULL +}; + + +/*** SHA-256: *********************************************************/ +void +ssh_SHA256_Init(SHA256_CTX_struct *context) +{ + if (context == NULL) + return; + memcpy(context->state, sha256_initial_hash_value, + sizeof(sha256_initial_hash_value)); + memset(context->buffer, 0, sizeof(context->buffer)); + context->bitcount = 0; +} + +#ifdef SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-256 round macros: */ + +#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) do { \ + BE_8_TO_32(W256[j], data); \ + data += 4; \ + T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + W256[j]; \ + (d) += T1; \ + (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + +#define ROUND256(a,b,c,d,e,f,g,h) do { \ + s0 = W256[(j+1)&0x0f]; \ + s0 = sigma0_256(s0); \ + s1 = W256[(j+14)&0x0f]; \ + s1 = sigma1_256(s1); \ + T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + \ + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + +void +SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) +{ + u_int32_t a, b, c, d, e, f, g, h, s0, s1; + u_int32_t T1, W256[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + /* Rounds 0 to 15 (unrolled): */ + ROUND256_0_TO_15(a,b,c,d,e,f,g,h); + ROUND256_0_TO_15(h,a,b,c,d,e,f,g); + ROUND256_0_TO_15(g,h,a,b,c,d,e,f); + ROUND256_0_TO_15(f,g,h,a,b,c,d,e); + ROUND256_0_TO_15(e,f,g,h,a,b,c,d); + ROUND256_0_TO_15(d,e,f,g,h,a,b,c); + ROUND256_0_TO_15(c,d,e,f,g,h,a,b); + ROUND256_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds up to 63: */ + do { + ROUND256(a,b,c,d,e,f,g,h); + ROUND256(h,a,b,c,d,e,f,g); + ROUND256(g,h,a,b,c,d,e,f); + ROUND256(f,g,h,a,b,c,d,e); + ROUND256(e,f,g,h,a,b,c,d); + ROUND256(d,e,f,g,h,a,b,c); + ROUND256(c,d,e,f,g,h,a,b); + ROUND256(b,c,d,e,f,g,h,a); + } while (j < 64); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* SHA2_UNROLL_TRANSFORM */ + +void +SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) +{ + u_int32_t a, b, c, d, e, f, g, h, s0, s1; + u_int32_t T1, T2, W256[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + BE_8_TO_32(W256[j], data); + data += 4; + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W256[(j+1)&0x0f]; + s0 = sigma0_256(s0); + s1 = W256[(j+14)&0x0f]; + s1 = sigma1_256(s1); + + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 64); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* SHA2_UNROLL_TRANSFORM */ + +void +ssh_SHA256_Update(SHA256_CTX_struct *context, const u_int8_t *data, size_t len) +{ + size_t freespace, usedspace; + + /* Calling with no data is valid (we do nothing) */ + if (len == 0) + return; + + usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = SHA256_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + memcpy(&context->buffer[usedspace], data, freespace); + context->bitcount += freespace << 3; + len -= freespace; + data += freespace; + SHA256_Transform(context->state, context->buffer); + } else { + /* The buffer is not yet full */ + memcpy(&context->buffer[usedspace], data, len); + context->bitcount += len << 3; + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= SHA256_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + SHA256_Transform(context->state, data); + context->bitcount += SHA256_BLOCK_LENGTH << 3; + len -= SHA256_BLOCK_LENGTH; + data += SHA256_BLOCK_LENGTH; + } + if (len > 0) { + /* There's left-overs, so save 'em */ + memcpy(context->buffer, data, len); + context->bitcount += len << 3; + } + /* Clean up: */ + usedspace = freespace = 0; +} + +#if defined(_MSC_VER) +# pragma warning(push) + /* Disable warning C4244: '=' : + * conversion from 'u_int64_t' to 'u_int32_t', possible loss of data + * as we are not really having these issues + */ +# pragma warning(disable: 4244) +#endif + + +void +SHA256_Pad(SHA256_CTX_struct *context) +{ + unsigned int usedspace; + + usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + memset(&context->buffer[usedspace], 0, + SHA256_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < SHA256_BLOCK_LENGTH) { + memset(&context->buffer[usedspace], 0, + SHA256_BLOCK_LENGTH - usedspace); + } + /* Do second-to-last transform: */ + SHA256_Transform(context->state, context->buffer); + + /* Prepare for last transform: */ + memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); + } + } else { + /* Set-up for the last transform: */ + memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Store the length of input data (in bits) in big endian format: */ + BE_64_TO_8(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], + context->bitcount); + + /* Final transform: */ + SHA256_Transform(context->state, context->buffer); + + /* Clean up: */ + usedspace = 0; +} + +void +ssh_SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA256_CTX_struct *context) +{ + SHA256_Pad(context); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != NULL) { +#if BYTE_ORDER == LITTLE_ENDIAN + int i; + + /* Convert TO host byte order */ + for (i = 0; i < 8; i++) + BE_32_TO_8(digest + i * 4, context->state[i]); +#else + memcpy(digest, context->state, SHA256_DIGEST_LENGTH); +#endif + memset(context, 0, sizeof(*context)); + } +} + + +/*** SHA-512: *********************************************************/ +void +ssh_SHA512_Init(SHA512_CTX_struct *context) +{ + if (context == NULL) + return; + memcpy(context->state, sha512_initial_hash_value, + sizeof(sha512_initial_hash_value)); + memset(context->buffer, 0, sizeof(context->buffer)); + context->bitcount[0] = context->bitcount[1] = 0; +} + +#ifdef SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-512 round macros: */ + +#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) do { \ + BE_8_TO_64(W512[j], data); \ + data += 8; \ + T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + W512[j]; \ + (d) += T1; \ + (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + + +#define ROUND512(a,b,c,d,e,f,g,h) do { \ + s0 = W512[(j+1)&0x0f]; \ + s0 = sigma0_512(s0); \ + s1 = W512[(j+14)&0x0f]; \ + s1 = sigma1_512(s1); \ + T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + \ + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + +void +SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) +{ + u_int64_t a, b, c, d, e, f, g, h, s0, s1; + u_int64_t T1, W512[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + /* Rounds 0 to 15 (unrolled): */ + ROUND512_0_TO_15(a,b,c,d,e,f,g,h); + ROUND512_0_TO_15(h,a,b,c,d,e,f,g); + ROUND512_0_TO_15(g,h,a,b,c,d,e,f); + ROUND512_0_TO_15(f,g,h,a,b,c,d,e); + ROUND512_0_TO_15(e,f,g,h,a,b,c,d); + ROUND512_0_TO_15(d,e,f,g,h,a,b,c); + ROUND512_0_TO_15(c,d,e,f,g,h,a,b); + ROUND512_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds up to 79: */ + do { + ROUND512(a,b,c,d,e,f,g,h); + ROUND512(h,a,b,c,d,e,f,g); + ROUND512(g,h,a,b,c,d,e,f); + ROUND512(f,g,h,a,b,c,d,e); + ROUND512(e,f,g,h,a,b,c,d); + ROUND512(d,e,f,g,h,a,b,c); + ROUND512(c,d,e,f,g,h,a,b); + ROUND512(b,c,d,e,f,g,h,a); + } while (j < 80); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* SHA2_UNROLL_TRANSFORM */ + +void +SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) +{ + u_int64_t a, b, c, d, e, f, g, h, s0, s1; + u_int64_t T1, T2, W512[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + BE_8_TO_64(W512[j], data); + data += 8; + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W512[(j+1)&0x0f]; + s0 = sigma0_512(s0); + s1 = W512[(j+14)&0x0f]; + s1 = sigma1_512(s1); + + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 80); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* SHA2_UNROLL_TRANSFORM */ + +void +ssh_SHA512_Update(SHA512_CTX_struct *context, const u_int8_t *data, size_t len) +{ + size_t freespace, usedspace; + + /* Calling with no data is valid (we do nothing) */ + if (len == 0) + return; + + usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = SHA512_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + memcpy(&context->buffer[usedspace], data, freespace); + ADDINC128(context->bitcount, freespace << 3); + len -= freespace; + data += freespace; + SHA512_Transform(context->state, context->buffer); + } else { + /* The buffer is not yet full */ + memcpy(&context->buffer[usedspace], data, len); + ADDINC128(context->bitcount, len << 3); + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= SHA512_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + SHA512_Transform(context->state, data); + ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); + len -= SHA512_BLOCK_LENGTH; + data += SHA512_BLOCK_LENGTH; + } + if (len > 0) { + /* There's left-overs, so save 'em */ + memcpy(context->buffer, data, len); + ADDINC128(context->bitcount, len << 3); + } + /* Clean up: */ + usedspace = freespace = 0; +} + +void +SHA512_Pad(SHA512_CTX_struct *context) +{ + unsigned int usedspace; + + usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + memset(&context->buffer[usedspace], 0, SHA512_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < SHA512_BLOCK_LENGTH) { + memset(&context->buffer[usedspace], 0, SHA512_BLOCK_LENGTH - usedspace); + } + /* Do second-to-last transform: */ + SHA512_Transform(context->state, context->buffer); + + /* And set-up for the last transform: */ + memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2); + } + } else { + /* Prepare for final transform: */ + memset(context->buffer, 0, SHA512_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Store the length of input data (in bits) in big endian format: */ + BE_64_TO_8(&context->buffer[SHA512_SHORT_BLOCK_LENGTH], + context->bitcount[1]); + BE_64_TO_8(&context->buffer[SHA512_SHORT_BLOCK_LENGTH + 8], + context->bitcount[0]); + + /* Final transform: */ + SHA512_Transform(context->state, context->buffer); + + /* Clean up: */ + usedspace = 0; +} + +void +ssh_SHA512_Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA512_CTX_struct *context) +{ + SHA512_Pad(context); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != NULL) { +#if BYTE_ORDER == LITTLE_ENDIAN + int i; + + /* Convert TO host byte order */ + for (i = 0; i < 8; i++) + BE_64_TO_8(digest + i * 8, context->state[i]); +#else + memcpy(digest, context->state, SHA512_DIGEST_LENGTH); +#endif + memset(context, 0, sizeof(*context)); + } +} + +#if defined(_MSC_VER) +# pragma warning(pop) +#endif + + + +#if 0 +/*** SHA-384: *********************************************************/ +void +ssh_SHA384_Init(SHA384_CTX *context) +{ + if (context == NULL) + return; + memcpy(context->state, sha384_initial_hash_value, + sizeof(sha384_initial_hash_value)); + memset(context->buffer, 0, sizeof(context->buffer)); + context->bitcount[0] = context->bitcount[1] = 0; +} + +__weak_alias(SHA384_Transform, SHA512_Transform); +__weak_alias(SHA384_Update, SHA512_Update); +__weak_alias(SHA384_Pad, SHA512_Pad); + +void +ssh_SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context) +{ + SHA384_Pad(context); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != NULL) { +#if BYTE_ORDER == LITTLE_ENDIAN + int i; + + /* Convert TO host byte order */ + for (i = 0; i < 6; i++) + BE_64_TO_8(digest + i * 8, context->state[i]); +#else + memcpy(digest, context->state, SHA384_DIGEST_LENGTH); +#endif + } + + /* Zero out state data */ + memset(context, 0, sizeof(*context)); +} +#endif + +#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \ + (OPENSSL_VERSION_NUMBER >= 0x00907000L) */ diff --git a/include/DomainExec/opensshlib/sha2.h b/include/DomainExec/opensshlib/sha2.h new file mode 100644 index 00000000..cc5093ad --- /dev/null +++ b/include/DomainExec/opensshlib/sha2.h @@ -0,0 +1,142 @@ +/* OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp */ + +/* + * FILE: sha2.h + * AUTHOR: Aaron D. Gifford + * + * Copyright (c) 2000-2001, Aaron D. Gifford + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ + */ + +/* OPENBSD ORIGINAL: include/sha2.h */ + +#ifndef _SSHSHA2_H +#define _SSHSHA2_H + +#include "includes.h" + +#ifdef WITH_OPENSSL +# include +# if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) +# define _NEED_SHA2 1 +# endif +#else +# define _NEED_SHA2 1 +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) + +/*** SHA-256/384/512 Various Length Definitions ***********************/ +#define SHA256_BLOCK_LENGTH 64 +#define SHA256_DIGEST_LENGTH 32 +#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) +#define SHA384_BLOCK_LENGTH 128 +#define SHA384_DIGEST_LENGTH 48 +#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) +#define SHA512_BLOCK_LENGTH 128 +#define SHA512_DIGEST_LENGTH 64 +#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) + + +/*** SHA-256/384/512 Context Structures *******************************/ +typedef struct _SHA256_CTX { + u_int32_t state[8]; + u_int64_t bitcount; + u_int8_t buffer[SHA256_BLOCK_LENGTH]; +} SHA256_CTX_struct; +typedef struct _SHA512_CTX { + u_int64_t state[8]; + u_int64_t bitcount[2]; + u_int8_t buffer[SHA512_BLOCK_LENGTH]; +} SHA512_CTX_struct; + +typedef SHA512_CTX_struct SHA384_CTX; + +void ssh_SHA256_Init(SHA256_CTX_struct *); +void SHA256_Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]); +void ssh_SHA256_Update(SHA256_CTX_struct *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void SHA256_Pad(SHA256_CTX_struct *); +void ssh_SHA256_Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA256_CTX_struct *) + __attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH))); +char *SHA256_End(SHA256_CTX_struct *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); +char *SHA256_File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); +char *SHA256_FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); +char *SHA256_Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH))); + +void ssh_SHA384_Init(SHA384_CTX *); +void SHA384_Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]); +void ssh_SHA384_Update(SHA384_CTX *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void SHA384_Pad(SHA384_CTX *); +void ssh_SHA384_Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA384_CTX *) + __attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH))); +char *SHA384_End(SHA384_CTX *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); +char *SHA384_File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); +char *SHA384_FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); +char *SHA384_Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH))); + +void ssh_SHA512_Init(SHA512_CTX_struct *); +void SHA512_Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]); +void ssh_SHA512_Update(SHA512_CTX_struct *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void SHA512_Pad(SHA512_CTX_struct *); +void ssh_SHA512_Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA512_CTX_struct *) + __attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH))); +char *SHA512_End(SHA512_CTX_struct *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); +char *SHA512_File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); +char *SHA512_FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); +char *SHA512_Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH))); + +#endif /* defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) */ + +#ifdef __cplusplus +} +#endif + +#endif /* _SSHSHA2_H */ diff --git a/include/DomainExec/opensshlib/sigact.h b/include/DomainExec/opensshlib/sigact.h new file mode 100644 index 00000000..db96d0a5 --- /dev/null +++ b/include/DomainExec/opensshlib/sigact.h @@ -0,0 +1,90 @@ +/* $OpenBSD: SigAction.h,v 1.3 2001/01/22 18:01:32 millert Exp $ */ + +/**************************************************************************** + * Copyright (c) 1998,2000 Free Software Foundation, Inc. * + * * + * Permission is hereby granted, free of charge, to any person obtaining a * + * copy of this software and associated documentation files (the * + * "Software"), to deal in the Software without restriction, including * + * without limitation the rights to use, copy, modify, merge, publish, * + * distribute, distribute with modifications, sublicense, and/or sell * + * copies of the Software, and to permit persons to whom the Software is * + * furnished to do so, subject to the following conditions: * + * * + * The above copyright notice and this permission notice shall be included * + * in all copies or substantial portions of the Software. * + * * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * + * IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, * + * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR * + * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR * + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. * + * * + * Except as contained in this notice, the name(s) of the above copyright * + * holders shall not be used in advertising or otherwise to promote the * + * sale, use or other dealings in this Software without prior written * + * authorization. * + ****************************************************************************/ + +/**************************************************************************** + * Author: Zeyd M. Ben-Halim 1992,1995 * + * and: Eric S. Raymond * + ****************************************************************************/ + +/* + * $From: SigAction.h,v 1.6 2000/12/10 02:36:10 tom Exp $ + * + * This file exists to handle non-POSIX systems which don't have , + * and usually no sigaction() nor + */ + +/* OPENBSD ORIGINAL: lib/libcurses/SigAction.h */ + +#ifndef _SIGACTION_H +#define _SIGACTION_H + +#if !defined(HAVE_SIGACTION) && defined(HAVE_SIGVEC) + +#undef SIG_BLOCK +#define SIG_BLOCK 00 + +#undef SIG_UNBLOCK +#define SIG_UNBLOCK 01 + +#undef SIG_SETMASK +#define SIG_SETMASK 02 + +/* + * is in the Linux 1.2.8 + gcc 2.7.0 configuration, + * and is useful for testing this header file. + */ +#if HAVE_BSD_SIGNAL_H +# include +#endif + +struct sigaction +{ + struct sigvec sv; +}; + +typedef unsigned long sigset_t; + +#undef sa_mask +#define sa_mask sv.sv_mask +#undef sa_handler +#define sa_handler sv.sv_handler +#undef sa_flags +#define sa_flags sv.sv_flags + +int sigaction(int sig, struct sigaction *sigact, struct sigaction *osigact); +int sigprocmask (int how, sigset_t *mask, sigset_t *omask); +int sigemptyset (sigset_t *mask); +int sigsuspend (sigset_t *mask); +int sigdelset (sigset_t *mask, int sig); +int sigaddset (sigset_t *mask, int sig); + +#endif /* !defined(HAVE_SIGACTION) && defined(HAVE_SIGVEC) */ + +#endif /* !defined(_SIGACTION_H) */ diff --git a/include/DomainExec/opensshlib/smult_curve25519_ref.c b/include/DomainExec/opensshlib/smult_curve25519_ref.c new file mode 100644 index 00000000..2e69934d --- /dev/null +++ b/include/DomainExec/opensshlib/smult_curve25519_ref.c @@ -0,0 +1,265 @@ +/* $OpenBSD: smult_curve25519_ref.c,v 1.2 2013/11/02 22:02:14 markus Exp $ */ +/* +version 20081011 +Matthew Dempsky +Public domain. +Derived from public domain code by D. J. Bernstein. +*/ + +int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *); + +static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 31;++j) { u += a[j] + b[j]; out[j] = u & 255; u >>= 8; } + u += a[31] + b[31]; out[31] = u; +} + +static void sub(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int j; + unsigned int u; + u = 218; + for (j = 0;j < 31;++j) { + u += a[j] + 65280 - b[j]; + out[j] = u & 255; + u >>= 8; + } + u += a[31] - b[31]; + out[31] = u; +} + +static void squeeze(unsigned int a[32]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; } + u += a[31]; a[31] = u & 127; + u = 19 * (u >> 7); + for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; } + u += a[31]; a[31] = u; +} + +static const unsigned int minusp[32] = { + 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128 +} ; + +static void freeze(unsigned int a[32]) +{ + unsigned int aorig[32]; + unsigned int j; + unsigned int negative; + + for (j = 0;j < 32;++j) aorig[j] = a[j]; + add(a,a,minusp); + negative = -((a[31] >> 7) & 1); + for (j = 0;j < 32;++j) a[j] ^= negative & (aorig[j] ^ a[j]); +} + +static void mult(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int i; + unsigned int j; + unsigned int u; + + for (i = 0;i < 32;++i) { + u = 0; + for (j = 0;j <= i;++j) u += a[j] * b[i - j]; + for (j = i + 1;j < 32;++j) u += 38 * a[j] * b[i + 32 - j]; + out[i] = u; + } + squeeze(out); +} + +static void mult121665(unsigned int out[32],const unsigned int a[32]) +{ + unsigned int j; + unsigned int u; + + u = 0; + for (j = 0;j < 31;++j) { u += 121665 * a[j]; out[j] = u & 255; u >>= 8; } + u += 121665 * a[31]; out[31] = u & 127; + u = 19 * (u >> 7); + for (j = 0;j < 31;++j) { u += out[j]; out[j] = u & 255; u >>= 8; } + u += out[j]; out[j] = u; +} + +static void square(unsigned int out[32],const unsigned int a[32]) +{ + unsigned int i; + unsigned int j; + unsigned int u; + + for (i = 0;i < 32;++i) { + u = 0; + for (j = 0;j < i - j;++j) u += a[j] * a[i - j]; + for (j = i + 1;j < i + 32 - j;++j) u += 38 * a[j] * a[i + 32 - j]; + u *= 2; + if ((i & 1) == 0) { + u += a[i / 2] * a[i / 2]; + u += 38 * a[i / 2 + 16] * a[i / 2 + 16]; + } + out[i] = u; + } + squeeze(out); +} + +static void select(unsigned int p[64],unsigned int q[64],const unsigned int r[64],const unsigned int s[64],unsigned int b) +{ + unsigned int j; + unsigned int t; + unsigned int bminus1; + + bminus1 = b - 1; + for (j = 0;j < 64;++j) { + t = bminus1 & (r[j] ^ s[j]); + p[j] = s[j] ^ t; + q[j] = r[j] ^ t; + } +} + +static void mainloop(unsigned int work[64],const unsigned char e[32]) +{ + unsigned int xzm1[64]; + unsigned int xzm[64]; + unsigned int xzmb[64]; + unsigned int xzm1b[64]; + unsigned int xznb[64]; + unsigned int xzn1b[64]; + unsigned int a0[64]; + unsigned int a1[64]; + unsigned int b0[64]; + unsigned int b1[64]; + unsigned int c1[64]; + unsigned int r[32]; + unsigned int s[32]; + unsigned int t[32]; + unsigned int u[32]; + unsigned int j; + unsigned int b; + int pos; + + for (j = 0;j < 32;++j) xzm1[j] = work[j]; + xzm1[32] = 1; + for (j = 33;j < 64;++j) xzm1[j] = 0; + + xzm[0] = 1; + for (j = 1;j < 64;++j) xzm[j] = 0; + + for (pos = 254;pos >= 0;--pos) { + b = e[pos / 8] >> (pos & 7); + b &= 1; + select(xzmb,xzm1b,xzm,xzm1,b); + add(a0,xzmb,xzmb + 32); + sub(a0 + 32,xzmb,xzmb + 32); + add(a1,xzm1b,xzm1b + 32); + sub(a1 + 32,xzm1b,xzm1b + 32); + square(b0,a0); + square(b0 + 32,a0 + 32); + mult(b1,a1,a0 + 32); + mult(b1 + 32,a1 + 32,a0); + add(c1,b1,b1 + 32); + sub(c1 + 32,b1,b1 + 32); + square(r,c1 + 32); + sub(s,b0,b0 + 32); + mult121665(t,s); + add(u,t,b0); + mult(xznb,b0,b0 + 32); + mult(xznb + 32,s,u); + square(xzn1b,c1); + mult(xzn1b + 32,r,work); + select(xzm,xzm1,xznb,xzn1b,b); + } + + for (j = 0;j < 64;++j) work[j] = xzm[j]; +} + +static void recip(unsigned int out[32],const unsigned int z[32]) +{ + unsigned int z2[32]; + unsigned int z9[32]; + unsigned int z11[32]; + unsigned int z2_5_0[32]; + unsigned int z2_10_0[32]; + unsigned int z2_20_0[32]; + unsigned int z2_50_0[32]; + unsigned int z2_100_0[32]; + unsigned int t0[32]; + unsigned int t1[32]; + int i; + + /* 2 */ square(z2,z); + /* 4 */ square(t1,z2); + /* 8 */ square(t0,t1); + /* 9 */ mult(z9,t0,z); + /* 11 */ mult(z11,z9,z2); + /* 22 */ square(t0,z11); + /* 2^5 - 2^0 = 31 */ mult(z2_5_0,t0,z9); + + /* 2^6 - 2^1 */ square(t0,z2_5_0); + /* 2^7 - 2^2 */ square(t1,t0); + /* 2^8 - 2^3 */ square(t0,t1); + /* 2^9 - 2^4 */ square(t1,t0); + /* 2^10 - 2^5 */ square(t0,t1); + /* 2^10 - 2^0 */ mult(z2_10_0,t0,z2_5_0); + + /* 2^11 - 2^1 */ square(t0,z2_10_0); + /* 2^12 - 2^2 */ square(t1,t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^20 - 2^0 */ mult(z2_20_0,t1,z2_10_0); + + /* 2^21 - 2^1 */ square(t0,z2_20_0); + /* 2^22 - 2^2 */ square(t1,t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^40 - 2^0 */ mult(t0,t1,z2_20_0); + + /* 2^41 - 2^1 */ square(t1,t0); + /* 2^42 - 2^2 */ square(t0,t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t1,t0); square(t0,t1); } + /* 2^50 - 2^0 */ mult(z2_50_0,t0,z2_10_0); + + /* 2^51 - 2^1 */ square(t0,z2_50_0); + /* 2^52 - 2^2 */ square(t1,t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^100 - 2^0 */ mult(z2_100_0,t1,z2_50_0); + + /* 2^101 - 2^1 */ square(t1,z2_100_0); + /* 2^102 - 2^2 */ square(t0,t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { square(t1,t0); square(t0,t1); } + /* 2^200 - 2^0 */ mult(t1,t0,z2_100_0); + + /* 2^201 - 2^1 */ square(t0,t1); + /* 2^202 - 2^2 */ square(t1,t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^250 - 2^0 */ mult(t0,t1,z2_50_0); + + /* 2^251 - 2^1 */ square(t1,t0); + /* 2^252 - 2^2 */ square(t0,t1); + /* 2^253 - 2^3 */ square(t1,t0); + /* 2^254 - 2^4 */ square(t0,t1); + /* 2^255 - 2^5 */ square(t1,t0); + /* 2^255 - 21 */ mult(out,t1,z11); +} + +int crypto_scalarmult_curve25519(unsigned char *q, + const unsigned char *n, + const unsigned char *p) +{ + unsigned int work[96]; + unsigned char e[32]; + unsigned int i; + for (i = 0;i < 32;++i) e[i] = n[i]; + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + for (i = 0;i < 32;++i) work[i] = p[i]; + mainloop(work,e); + recip(work + 32,work + 32); + mult(work + 64,work,work + 32); + freeze(work + 64); + for (i = 0;i < 32;++i) q[i] = work[64 + i]; + return 0; +} diff --git a/include/DomainExec/opensshlib/ssh-dss.c b/include/DomainExec/opensshlib/ssh-dss.c new file mode 100644 index 00000000..2eb49bba --- /dev/null +++ b/include/DomainExec/opensshlib/ssh-dss.c @@ -0,0 +1,233 @@ +/* $OpenBSD: ssh-dss.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef WITH_OPENSSL + +#include + +#include +#include +#include + +#include +#include + +#include "sshbuf.h" +#include "compat.h" +#include "ssherr.h" +#include "digest.h" +#define SSHKEY_INTERNAL +#include "sshkey.h" + +#define INTBLOB_LEN 20 +#define SIGBLOB_LEN (2*INTBLOB_LEN) + +int +ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) +{ + DSA_SIG *sig = NULL; + const BIGNUM *sig_r, *sig_s; + + u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; + size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); + struct sshbuf *b = NULL; + int ret = SSH_ERR_INVALID_ARGUMENT; + + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (key == NULL || key->dsa == NULL || + sshkey_type_plain(key->type) != KEY_DSA) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen == 0) + return SSH_ERR_INTERNAL_ERROR; + + if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + DSA_SIG_get0(sig, &sig_r, &sig_s); + rlen = BN_num_bytes(sig_r); + slen = BN_num_bytes(sig_s); + if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { + ret = SSH_ERR_INTERNAL_ERROR; + goto out; + } + explicit_bzero(sigblob, SIGBLOB_LEN); + BN_bn2bin(sig_r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(sig_s, sigblob + SIGBLOB_LEN - slen); + + if (compat & SSH_BUG_SIGBLOB) { + if (sigp != NULL) { + if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sigblob, SIGBLOB_LEN); + } + if (lenp != NULL) + *lenp = SIGBLOB_LEN; + ret = 0; + } else { + /* ietf-drafts */ + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || + (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) + goto out; + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); + } + if (lenp != NULL) + *lenp = len; + ret = 0; + } + out: + explicit_bzero(digest, sizeof(digest)); + if (sig != NULL) + DSA_SIG_free(sig); + if (b != NULL) + sshbuf_free(b); + return ret; +} + +int +ssh_dss_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) +{ + DSA_SIG *sig = NULL; + const BIGNUM *sig_r, *sig_s; + + u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL; + size_t len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL; + char *ktype = NULL; + + if (key == NULL || key->dsa == NULL || + sshkey_type_plain(key->type) != KEY_DSA) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen == 0) + return SSH_ERR_INTERNAL_ERROR; + + /* fetch signature */ + if (compat & SSH_BUG_SIGBLOB) { + if ((sigblob = malloc(signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + memcpy(sigblob, signature, signaturelen); + len = signaturelen; + } else { + /* ietf-drafts */ + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || + sshbuf_get_string(b, &sigblob, &len) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (strcmp("ssh-dss", ktype) != 0) { + ret = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_len(b) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + } + + if (len != SIGBLOB_LEN) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + + if ((sig = DSA_SIG_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + DSA_SIG_get0(sig, &sig_r, &sig_s); + + /* parse signature */ + if ((sig_r = BN_new()) == NULL || + (sig_s = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((BN_bin2bn(sigblob, INTBLOB_LEN, (BIGNUM*)sig_r) == NULL) || + (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, (BIGNUM*)sig_s) == NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + /* sha1 the data */ + if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + switch (DSA_do_verify(digest, dlen, sig, key->dsa)) { + case 1: + ret = 0; + break; + case 0: + ret = SSH_ERR_SIGNATURE_INVALID; + goto out; + default: + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + out: + explicit_bzero(digest, sizeof(digest)); + if (sig != NULL) + DSA_SIG_free(sig); + if (b != NULL) + sshbuf_free(b); + if (ktype != NULL) + free(ktype); + if (sigblob != NULL) { + explicit_bzero(sigblob, len); + free(sigblob); + } + return ret; +} +#endif /* WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/ssh-ecdsa.c b/include/DomainExec/opensshlib/ssh-ecdsa.c new file mode 100644 index 00000000..87b5c847 --- /dev/null +++ b/include/DomainExec/opensshlib/ssh-ecdsa.c @@ -0,0 +1,196 @@ +/* $OpenBSD: ssh-ecdsa.c,v 1.11 2014/06/24 01:13:21 djm Exp $ */ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + +#include + +#include +#include +#include +#include + +#include + +#include "sshbuf.h" +#include "ssherr.h" +#include "digest.h" +#define SSHKEY_INTERNAL +#include "sshkey.h" + +/* ARGSUSED */ +int +ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) +{ + ECDSA_SIG *sig = NULL; + int hash_alg; + u_char digest[SSH_DIGEST_MAX_LENGTH]; + size_t len, dlen; + struct sshbuf *b = NULL, *bb = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; + const BIGNUM *r, *s; + + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (key == NULL || key->ecdsa == NULL || + sshkey_type_plain(key->type) != KEY_ECDSA) + return SSH_ERR_INVALID_ARGUMENT; + + if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || + (dlen = ssh_digest_bytes(hash_alg)) == 0) + return SSH_ERR_INTERNAL_ERROR; + if ((ret = ssh_digest_memory(hash_alg, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + if ((sig = ECDSA_do_sign(digest, dlen, key->ecdsa)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + if ((bb = sshbuf_new()) == NULL || (b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + ECDSA_SIG_get0(sig, &r, &s); + if ((ret = sshbuf_put_bignum2(bb, r)) != 0 || + (ret = sshbuf_put_bignum2(bb, s)) != 0) + goto out; + if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || + (ret = sshbuf_put_stringb(b, bb)) != 0) + goto out; + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); + } + if (lenp != NULL) + *lenp = len; + ret = 0; + out: + explicit_bzero(digest, sizeof(digest)); + if (b != NULL) + sshbuf_free(b); + if (bb != NULL) + sshbuf_free(bb); + if (sig != NULL) + ECDSA_SIG_free(sig); + return ret; +} + +/* ARGSUSED */ +int +ssh_ecdsa_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) +{ + ECDSA_SIG *sig = NULL; + int hash_alg; + u_char digest[SSH_DIGEST_MAX_LENGTH]; + size_t dlen; + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL, *sigbuf = NULL; + char *ktype = NULL; + BIGNUM *r = BN_new(), *s = BN_new(); + + if (key == NULL || key->ecdsa == NULL || + sshkey_type_plain(key->type) != KEY_ECDSA) + return SSH_ERR_INVALID_ARGUMENT; + + if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || + (dlen = ssh_digest_bytes(hash_alg)) == 0) + return SSH_ERR_INTERNAL_ERROR; + + /* fetch signature */ + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || + sshbuf_froms(b, &sigbuf) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (strcmp(sshkey_ssh_name_plain(key), ktype) != 0) { + ret = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_len(b) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + + /* parse signature */ + if ((sig = ECDSA_SIG_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (sshbuf_get_bignum2(sigbuf, r) != 0 || + sshbuf_get_bignum2(sigbuf, s) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + ECDSA_SIG_set0(sig, r, s); + if (sshbuf_len(sigbuf) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + if ((ret = ssh_digest_memory(hash_alg, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + switch (ECDSA_do_verify(digest, dlen, sig, key->ecdsa)) { + case 1: + ret = 0; + break; + case 0: + ret = SSH_ERR_SIGNATURE_INVALID; + goto out; + default: + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + out: + explicit_bzero(digest, sizeof(digest)); + if (sigbuf != NULL) + sshbuf_free(sigbuf); + if (b != NULL) + sshbuf_free(b); + if (sig != NULL) + ECDSA_SIG_free(sig); + free(ktype); + return ret; +} + +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ diff --git a/include/DomainExec/opensshlib/ssh-ed25519.c b/include/DomainExec/opensshlib/ssh-ed25519.c new file mode 100644 index 00000000..b159ff5e --- /dev/null +++ b/include/DomainExec/opensshlib/ssh-ed25519.c @@ -0,0 +1,166 @@ +/* $OpenBSD: ssh-ed25519.c,v 1.6 2015/01/15 21:38:50 markus Exp $ */ +/* + * Copyright (c) 2013 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include + +#include "crypto_api.h" + +#include +#include + +#include "log.h" +#include "sshbuf.h" +#define SSHKEY_INTERNAL +#include "sshkey.h" +#include "ssherr.h" +#include "ssh.h" + +int +ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) +{ + u_char *sig = NULL; + size_t slen = 0, len; + unsigned long long smlen; + int r, ret; + struct sshbuf *b = NULL; + + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (key == NULL || + sshkey_type_plain(key->type) != KEY_ED25519 || + key->ed25519_sk == NULL || + datalen >= INT_MAX - crypto_sign_ed25519_BYTES) + return SSH_ERR_INVALID_ARGUMENT; + smlen = slen = datalen + crypto_sign_ed25519_BYTES; + if ((sig = malloc(slen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + + if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen, + key->ed25519_sk)) != 0 || smlen <= datalen) { + r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */ + goto out; + } + /* encode signature */ + if ((b = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put_cstring(b, "ssh-ed25519")) != 0 || + (r = sshbuf_put_string(b, sig, smlen - datalen)) != 0) + goto out; + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); + } + if (lenp != NULL) + *lenp = len; + /* success */ + r = 0; + out: + sshbuf_free(b); + if (sig != NULL) { + explicit_bzero(sig, slen); + free(sig); + } + + return r; +} + +int +ssh_ed25519_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) +{ + struct sshbuf *b = NULL; + char *ktype = NULL; + const u_char *sigblob; + u_char *sm = NULL, *m = NULL; + size_t len; + unsigned long long smlen = 0, mlen = 0; + int r, ret; + + if (key == NULL || + sshkey_type_plain(key->type) != KEY_ED25519 || + key->ed25519_pk == NULL || + datalen >= INT_MAX - crypto_sign_ed25519_BYTES) + return SSH_ERR_INVALID_ARGUMENT; + + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 || + (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0) + goto out; + if (strcmp("ssh-ed25519", ktype) != 0) { + r = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_len(b) != 0) { + r = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + if (len > crypto_sign_ed25519_BYTES) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (datalen >= SIZE_MAX - len) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + smlen = len + datalen; + mlen = smlen; + if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(sm, sigblob, len); + memcpy(sm+len, data, datalen); + if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen, + key->ed25519_pk)) != 0) { + debug2("%s: crypto_sign_ed25519_open failed: %d", + __func__, ret); + } + if (ret != 0 || mlen != datalen) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + /* XXX compare 'm' and 'data' ? */ + /* success */ + r = 0; + out: + if (sm != NULL) { + explicit_bzero(sm, smlen); + free(sm); + } + if (m != NULL) { + explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ + free(m); + } + sshbuf_free(b); + free(ktype); + return r; +} diff --git a/include/DomainExec/opensshlib/ssh-rsa.c b/include/DomainExec/opensshlib/ssh-rsa.c new file mode 100644 index 00000000..69f079c8 --- /dev/null +++ b/include/DomainExec/opensshlib/ssh-rsa.c @@ -0,0 +1,273 @@ +/* $OpenBSD: ssh-rsa.c,v 1.53 2015/06/15 01:32:50 djm Exp $ */ +/* + * Copyright (c) 2000, 2003 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifdef WITH_OPENSSL + +#include + +#include +#include + +#include +#include + +#include "sshbuf.h" +#include "compat.h" +#include "ssherr.h" +#define SSHKEY_INTERNAL +#include "sshkey.h" +#include "digest.h" + +static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); + +/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ +int +ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) +{ + int hash_alg; + u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; + size_t slen; + u_int dlen, len; + int nid, ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL; + + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (key == NULL || key->rsa == NULL || + sshkey_type_plain(key->type) != KEY_RSA) + return SSH_ERR_INVALID_ARGUMENT; + slen = RSA_size(key->rsa); + if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) + return SSH_ERR_INVALID_ARGUMENT; + + /* hash the data */ + hash_alg = SSH_DIGEST_SHA1; + nid = NID_sha1; + if ((dlen = ssh_digest_bytes(hash_alg)) == 0) + return SSH_ERR_INTERNAL_ERROR; + if ((ret = ssh_digest_memory(hash_alg, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + if ((sig = malloc(slen)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if (RSA_sign(nid, digest, dlen, sig, &len, key->rsa) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (len < slen) { + size_t diff = slen - len; + memmove(sig + diff, sig, len); + explicit_bzero(sig, diff); + } else if (len > slen) { + ret = SSH_ERR_INTERNAL_ERROR; + goto out; + } + /* encode signature */ + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshbuf_put_cstring(b, "ssh-rsa")) != 0 || + (ret = sshbuf_put_string(b, sig, slen)) != 0) + goto out; + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); + } + if (lenp != NULL) + *lenp = len; + ret = 0; + out: + explicit_bzero(digest, sizeof(digest)); + if (sig != NULL) { + explicit_bzero(sig, slen); + free(sig); + } + if (b != NULL) + sshbuf_free(b); + return ret; +} + +int +ssh_rsa_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) +{ + char *ktype = NULL; + int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; + size_t len, diff, modlen, dlen; + struct sshbuf *b = NULL; + u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; + const BIGNUM* rsa_n; + + if (key == NULL || key->rsa == NULL || + sshkey_type_plain(key->type) != KEY_RSA) + return SSH_ERR_INVALID_ARGUMENT; + + RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); + + if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_INVALID_ARGUMENT; + + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (strcmp("ssh-rsa", ktype) != 0) { + ret = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_get_string(b, &sigblob, &len) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (sshbuf_len(b) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + /* RSA_verify expects a signature of RSA_size */ + modlen = RSA_size(key->rsa); + if (len > modlen) { + ret = SSH_ERR_KEY_BITS_MISMATCH; + goto out; + } else if (len < modlen) { + diff = modlen - len; + osigblob = sigblob; + if ((sigblob = realloc(sigblob, modlen)) == NULL) { + sigblob = osigblob; /* put it back for clear/free */ + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memmove(sigblob + diff, sigblob, len); + explicit_bzero(sigblob, diff); + len = modlen; + } + hash_alg = SSH_DIGEST_SHA1; + if ((dlen = ssh_digest_bytes(hash_alg)) == 0) { + ret = SSH_ERR_INTERNAL_ERROR; + goto out; + } + if ((ret = ssh_digest_memory(hash_alg, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, + key->rsa); + out: + if (sigblob != NULL) { + explicit_bzero(sigblob, len); + free(sigblob); + } + if (ktype != NULL) + free(ktype); + if (b != NULL) + sshbuf_free(b); + explicit_bzero(digest, sizeof(digest)); + return ret; +} + +/* + * See: + * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ + * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn + */ +/* + * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) + * oiw(14) secsig(3) algorithms(2) 26 } + */ +static const u_char id_sha1[] = { + 0x30, 0x21, /* type Sequence, length 0x21 (33) */ + 0x30, 0x09, /* type Sequence, length 0x09 */ + 0x06, 0x05, /* type OID, length 0x05 */ + 0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */ + 0x05, 0x00, /* NULL */ + 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */ +}; + +static int +openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, + u_char *sigbuf, size_t siglen, RSA *rsa) +{ + size_t ret, rsasize = 0, oidlen = 0, hlen = 0; + int len, oidmatch, hashmatch; + const u_char *oid = NULL; + u_char *decrypted = NULL; + + ret = SSH_ERR_INTERNAL_ERROR; + switch (hash_alg) { + case SSH_DIGEST_SHA1: + oid = id_sha1; + oidlen = sizeof(id_sha1); + hlen = 20; + break; + default: + goto done; + } + if (hashlen != hlen) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto done; + } + rsasize = RSA_size(rsa); + if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM || + siglen == 0 || siglen > rsasize) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto done; + } + if ((decrypted = malloc(rsasize)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto done; + } + if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa, + RSA_PKCS1_PADDING)) < 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto done; + } + if (len < 0 || (size_t)len != hlen + oidlen) { + ret = SSH_ERR_INVALID_FORMAT; + goto done; + } + oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0; + hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0; + if (!oidmatch || !hashmatch) { + ret = SSH_ERR_SIGNATURE_INVALID; + goto done; + } + ret = 0; +done: + if (decrypted) { + explicit_bzero(decrypted, rsasize); + free(decrypted); + } + return ret; +} +#endif /* WITH_OPENSSL */ diff --git a/include/DomainExec/opensshlib/ssh.c b/include/DomainExec/opensshlib/ssh.c new file mode 100644 index 00000000..99f91c84 --- /dev/null +++ b/include/DomainExec/opensshlib/ssh.c @@ -0,0 +1,2058 @@ +/* $OpenBSD: ssh.c,v 1.420 2015/07/30 00:01:34 djm Exp $ */ +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * Ssh client program. This program can be used to log into a remote machine. + * The software supports strong authentication, encryption, and forwarding + * of X11, TCP/IP, and authentication connections. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + * + * Copyright (c) 1999 Niels Provos. All rights reserved. + * Copyright (c) 2000, 2001, 2002, 2003 Markus Friedl. All rights reserved. + * + * Modified to work with SSL by Niels Provos + * in Canada (German citizen). + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#include +#include +#include +#include + +#include +#include +#include +#include +#ifdef HAVE_PATHS_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#ifdef WITH_OPENSSL +#include +#include +#endif +#include "openbsd-compat/openssl-compat.h" +#include "openbsd-compat/sys-queue.h" + +#include "xmalloc.h" +#include "ssh.h" +#include "ssh1.h" +#include "ssh2.h" +#include "canohost.h" +#include "compat.h" +#include "cipher.h" +#include "digest.h" +#include "packet.h" +#include "buffer.h" +#include "channels.h" +#include "key.h" +#include "authfd.h" +#include "authfile.h" +#include "pathnames.h" +#include "dispatch.h" +#include "clientloop.h" +#include "log.h" +#include "misc.h" +#include "readconf.h" +#include "sshconnect.h" +#include "kex.h" +#include "mac.h" +#include "sshpty.h" +#include "match.h" +#include "msg.h" +#include "uidswap.h" +#include "roaming.h" +#include "version.h" +#include "ssherr.h" +#include "myproposal.h" + +#ifdef ENABLE_PKCS11 +#include "ssh-pkcs11.h" +#endif + +extern char *__progname; + +/* Saves a copy of argv for setproctitle emulation */ +#ifndef HAVE_SETPROCTITLE +static char **saved_av; +#endif + +/* Flag indicating whether debug mode is on. May be set on the command line. */ +int debug_flag = 0; + +/* Flag indicating whether a tty should be requested */ +int tty_flag = 0; + +/* don't exec a shell */ +int no_shell_flag = 0; + +/* + * Flag indicating that nothing should be read from stdin. This can be set + * on the command line. + */ +int stdin_null_flag = 0; + +/* + * Flag indicating that the current process should be backgrounded and + * a new slave launched in the foreground for ControlPersist. + */ +int need_controlpersist_detach = 0; + +/* Copies of flags for ControlPersist foreground slave */ +int ostdin_null_flag, ono_shell_flag, otty_flag, orequest_tty; + +/* + * Flag indicating that ssh should fork after authentication. This is useful + * so that the passphrase can be entered manually, and then ssh goes to the + * background. + */ +int fork_after_authentication_flag = 0; + +/* forward stdio to remote host and port */ +char *stdio_forward_host = NULL; +int stdio_forward_port = 0; + +/* + * General data structure for command line options and options configurable + * in configuration files. See readconf.h. + */ +Options options; + +/* optional user configfile */ +char *config = NULL; + +/* + * Name of the host we are connecting to. This is the name given on the + * command line, or the HostName specified for the user-supplied name in a + * configuration file. + */ +char *host; + +/* socket address the host resolves to */ +struct sockaddr_storage hostaddr; + +/* Private host keys. */ +Sensitive sensitive_data; + +/* Original real UID. */ +uid_t original_real_uid; +uid_t original_effective_uid; + +/* command to be executed */ +Buffer command; + +/* Should we execute a command or invoke a subsystem? */ +int subsystem_flag = 0; + +/* # of replies received for global requests */ +static int remote_forward_confirms_received = 0; + +/* mux.c */ +extern int muxserver_sock; +extern u_int muxclient_command; + +/* Prints a help message to the user. This function never returns. */ + +static void +usage(void) +{ + fprintf(stderr, +"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" +" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" +" [-F configfile] [-I pkcs11] [-i identity_file]\n" +" [-L address] [-l login_name] [-m mac_spec]\n" +" [-O ctl_cmd] [-o option] [-p port]\n" +" [-Q cipher | cipher-auth | mac | kex | key]\n" +" [-R address] [-S ctl_path] [-W host:port]\n" +" [-w local_tun[:remote_tun]] [user@]hostname [command]\n" + ); + exit(255); +} + +static int ssh_session(void); +static int ssh_session2(void); +static void load_public_identity_files(void); +static void main_sigchld_handler(int); + +/* from muxclient.c */ +void muxclient(const char *); +void muxserver_listen(void); + +/* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */ +static void +tilde_expand_paths(char **paths, u_int num_paths) +{ + u_int i; + char *cp; + + for (i = 0; i < num_paths; i++) { + cp = tilde_expand_filename(paths[i], original_real_uid); + free(paths[i]); + paths[i] = cp; + } +} + +/* + * Attempt to resolve a host name / port to a set of addresses and + * optionally return any CNAMEs encountered along the way. + * Returns NULL on failure. + * NB. this function must operate with a options having undefined members. + */ +static struct addrinfo * +resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) +{ + char strport[NI_MAXSERV]; + struct addrinfo hints, *res; + int gaierr, loglevel = SYSLOG_LEVEL_DEBUG1; + + if (port <= 0) + port = default_ssh_port(); + + snprintf(strport, sizeof strport, "%u", port); + memset(&hints, 0, sizeof(hints)); + hints.ai_family = options.address_family == -1 ? + AF_UNSPEC : options.address_family; + hints.ai_socktype = SOCK_STREAM; + if (cname != NULL) + hints.ai_flags = AI_CANONNAME; + if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) { + if (logerr || (gaierr != EAI_NONAME && gaierr != EAI_NODATA)) + loglevel = SYSLOG_LEVEL_ERROR; + do_log2(loglevel, "%s: Could not resolve hostname %.100s: %s", + __progname, name, ssh_gai_strerror(gaierr)); + return NULL; + } + if (cname != NULL && res->ai_canonname != NULL) { + if (strlcpy(cname, res->ai_canonname, clen) >= clen) { + ssh_error("%s: host \"%s\" cname \"%s\" too long (max %lu)", + __func__, name, res->ai_canonname, (u_long)clen); + if (clen > 0) + *cname = '\0'; + } + } + return res; +} + +/* + * Attempt to resolve a numeric host address / port to a single address. + * Returns a canonical address string. + * Returns NULL on failure. + * NB. this function must operate with a options having undefined members. + */ +static struct addrinfo * +resolve_addr(const char *name, int port, char *caddr, size_t clen) +{ + char addr[NI_MAXHOST], strport[NI_MAXSERV]; + struct addrinfo hints, *res; + int gaierr; + + if (port <= 0) + port = default_ssh_port(); + snprintf(strport, sizeof strport, "%u", port); + memset(&hints, 0, sizeof(hints)); + hints.ai_family = options.address_family == -1 ? + AF_UNSPEC : options.address_family; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV; + if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) { + debug2("%s: could not resolve name %.100s as address: %s", + __func__, name, ssh_gai_strerror(gaierr)); + return NULL; + } + if (res == NULL) { + debug("%s: getaddrinfo %.100s returned no addresses", + __func__, name); + return NULL; + } + if (res->ai_next != NULL) { + debug("%s: getaddrinfo %.100s returned multiple addresses", + __func__, name); + goto fail; + } + if ((gaierr = getnameinfo(res->ai_addr, res->ai_addrlen, + addr, sizeof(addr), NULL, 0, NI_NUMERICHOST)) != 0) { + debug("%s: Could not format address for name %.100s: %s", + __func__, name, ssh_gai_strerror(gaierr)); + goto fail; + } + if (strlcpy(caddr, addr, clen) >= clen) { + ssh_error("%s: host \"%s\" addr \"%s\" too long (max %lu)", + __func__, name, addr, (u_long)clen); + if (clen > 0) + *caddr = '\0'; + fail: + freeaddrinfo(res); + return NULL; + } + return res; +} + +/* + * Check whether the cname is a permitted replacement for the hostname + * and perform the replacement if it is. + * NB. this function must operate with a options having undefined members. + */ +static int +check_follow_cname(char **namep, const char *cname) +{ + int i; + struct allowed_cname *rule; + + if (*cname == '\0' || options.num_permitted_cnames == 0 || + strcmp(*namep, cname) == 0) + return 0; + if (options.canonicalize_hostname == SSH_CANONICALISE_NO) + return 0; + /* + * Don't attempt to canonicalize names that will be interpreted by + * a proxy unless the user specifically requests so. + */ + if (!option_clear_or_none(options.proxy_command) && + options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS) + return 0; + debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname); + for (i = 0; i < options.num_permitted_cnames; i++) { + rule = options.permitted_cnames + i; + if (match_pattern_list(*namep, rule->source_list, 1) != 1 || + match_pattern_list(cname, rule->target_list, 1) != 1) + continue; + verbose("Canonicalized DNS aliased hostname " + "\"%s\" => \"%s\"", *namep, cname); + free(*namep); + *namep = xstrdup(cname); + return 1; + } + return 0; +} + +/* + * Attempt to resolve the supplied hostname after applying the user's + * canonicalization rules. Returns the address list for the host or NULL + * if no name was found after canonicalization. + * NB. this function must operate with a options having undefined members. + */ +#if 0 +static struct addrinfo * +resolve_canonicalize(char **hostp, int port) +{ + int i, ndots; + char *cp, *fullhost, newname[NI_MAXHOST]; + struct addrinfo *addrs; + + if (options.canonicalize_hostname == SSH_CANONICALISE_NO) + return NULL; + + /* + * Don't attempt to canonicalize names that will be interpreted by + * a proxy unless the user specifically requests so. + */ + if (!option_clear_or_none(options.proxy_command) && + options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS) + return NULL; + + /* Try numeric hostnames first */ + if ((addrs = resolve_addr(*hostp, port, + newname, sizeof(newname))) != NULL) { + debug2("%s: hostname %.100s is address", __func__, *hostp); + if (strcasecmp(*hostp, newname) != 0) { + debug2("%s: canonicalised address \"%s\" => \"%s\"", + __func__, *hostp, newname); + free(*hostp); + *hostp = xstrdup(newname); + } + return addrs; + } + + /* Don't apply canonicalization to sufficiently-qualified hostnames */ + ndots = 0; + for (cp = *hostp; *cp != '\0'; cp++) { + if (*cp == '.') + ndots++; + } + if (ndots > options.canonicalize_max_dots) { + debug3("%s: not canonicalizing hostname \"%s\" (max dots %d)", + __func__, *hostp, options.canonicalize_max_dots); + return NULL; + } + /* Attempt each supplied suffix */ + for (i = 0; i < options.num_canonical_domains; i++) { + *newname = '\0'; + xasprintf(&fullhost, "%s.%s.", *hostp, + options.canonical_domains[i]); + debug3("%s: attempting \"%s\" => \"%s\"", __func__, + *hostp, fullhost); + if ((addrs = resolve_host(fullhost, port, 0, + newname, sizeof(newname))) == NULL) { + free(fullhost); + continue; + } + /* Remove trailing '.' */ + fullhost[strlen(fullhost) - 1] = '\0'; + /* Follow CNAME if requested */ + if (!check_follow_cname(&fullhost, newname)) { + debug("Canonicalized hostname \"%s\" => \"%s\"", + *hostp, fullhost); + } + free(*hostp); + *hostp = fullhost; + return addrs; + } + if (!options.canonicalize_fallback_local) + fatal("%s: Could not resolve host \"%s\"", __progname, *hostp); + debug2("%s: host %s not found in any suffix", __func__, *hostp); + return NULL; +} +#endif + +/* + * Read per-user configuration file. Ignore the system wide config + * file if the user specifies a config file on the command line. + */ +static void +process_config_files(const char *host_arg, struct passwd *pw, int post_canon) +{ + char buf[PATH_MAX]; + int r; + + if (config != NULL) { + if (strcasecmp(config, "none") != 0 && + !read_config_file(config, pw, host, host_arg, &options, + SSHCONF_USERCONF | (post_canon ? SSHCONF_POSTCANON : 0))) + fatal("Can't open user config file %.100s: " + "%.100s", config, strerror(errno)); + } else { + r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, + _PATH_SSH_USER_CONFFILE); + if (r > 0 && (size_t)r < sizeof(buf)) + (void)read_config_file(buf, pw, host, host_arg, + &options, SSHCONF_CHECKPERM | SSHCONF_USERCONF | + (post_canon ? SSHCONF_POSTCANON : 0)); + + /* Read systemwide configuration file after user config. */ + (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, + host, host_arg, &options, + post_canon ? SSHCONF_POSTCANON : 0); + } +} + +/* Rewrite the port number in an addrinfo list of addresses */ +static void +set_addrinfo_port(struct addrinfo *addrs, int port) +{ + struct addrinfo *addr; + + for (addr = addrs; addr != NULL; addr = addr->ai_next) { + switch (addr->ai_family) { + case AF_INET: + ((struct sockaddr_in *)addr->ai_addr)-> + sin_port = htons(port); + break; + case AF_INET6: + ((struct sockaddr_in6 *)addr->ai_addr)-> + sin6_port = htons(port); + break; + } + } +} + +/* + * Main program for the ssh client. + */ +int +main(int ac, char **av) +{ + int i, r, opt, exit_status, use_syslog, config_test = 0; + char *p, *cp, *line, *argv0, buf[PATH_MAX], *host_arg, *logfile; + char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; + char cname[NI_MAXHOST]; + struct stat st; + struct passwd *pw; + int timeout_ms; + extern int optind, optreset; + extern char *optarg; + struct Forward fwd; + struct addrinfo *addrs = NULL; + struct ssh_digest_ctx *md; + u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; + char *conn_hash_hex; + + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + + __progname = ssh_get_progname(av[0]); + +#ifndef HAVE_SETPROCTITLE + /* Prepare for later setproctitle emulation */ + /* Save argv so it isn't clobbered by setproctitle() emulation */ + saved_av = xcalloc(ac + 1, sizeof(*saved_av)); + for (i = 0; i < ac; i++) + saved_av[i] = xstrdup(av[i]); + saved_av[i] = NULL; + compat_init_setproctitle(ac, av); + av = saved_av; +#endif + + /* + * Discard other fds that are hanging around. These can cause problem + * with backgrounded ssh processes started by ControlPersist. + */ + closefrom(STDERR_FILENO + 1); + + /* + * Save the original real uid. It will be needed later (uid-swapping + * may clobber the real uid). + */ + original_real_uid = getuid(); + original_effective_uid = geteuid(); + + /* + * Use uid-swapping to give up root privileges for the duration of + * option processing. We will re-instantiate the rights when we are + * ready to create the privileged port, and will permanently drop + * them when the port has been created (actually, when the connection + * has been made, as we may need to create the port several times). + */ + PRIV_END; + +#ifdef HAVE_SETRLIMIT + /* If we are installed setuid root be careful to not drop core. */ + if (original_real_uid != original_effective_uid) { + struct rlimit rlim; + rlim.rlim_cur = rlim.rlim_max = 0; + if (setrlimit(RLIMIT_CORE, &rlim) < 0) + fatal("setrlimit failed: %.100s", strerror(errno)); + } +#endif + /* Get user data. */ + pw = getpwuid(original_real_uid); + if (!pw) { + logit("No user exists for uid %lu", (u_long)original_real_uid); + exit(255); + } + /* Take a copy of the returned structure. */ + pw = pwcopy(pw); + + /* + * Set our umask to something reasonable, as some files are created + * with the default umask. This will make them world-readable but + * writable only by the owner, which is ok for all files for which we + * don't set the modes explicitly. + */ + umask(022); + + /* + * Initialize option structure to indicate that no values have been + * set. + */ + initialize_options(&options); + + /* Parse command-line arguments. */ + host = NULL; + use_syslog = 0; + logfile = NULL; + argv0 = av[0]; + + again: + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" + "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { + switch (opt) { + case '1': + options.protocol = SSH_PROTO_1; + break; + case '2': + options.protocol = SSH_PROTO_2; + break; + case '4': + options.address_family = AF_INET; + break; + case '6': + options.address_family = AF_INET6; + break; + case 'n': + stdin_null_flag = 1; + break; + case 'f': + fork_after_authentication_flag = 1; + stdin_null_flag = 1; + break; + case 'x': + options.forward_x11 = 0; + break; + case 'X': + options.forward_x11 = 1; + break; + case 'y': + use_syslog = 1; + break; + case 'E': + logfile = xstrdup(optarg); + break; + case 'G': + config_test = 1; + break; + case 'Y': + options.forward_x11 = 1; + options.forward_x11_trusted = 1; + break; + case 'g': + options.fwd_opts.gateway_ports = 1; + break; + case 'O': + if (stdio_forward_host != NULL) + fatal("Cannot specify multiplexing " + "command with -W"); + else if (muxclient_command != 0) + fatal("Multiplexing command already specified"); + if (strcmp(optarg, "check") == 0) + muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK; + else if (strcmp(optarg, "forward") == 0) + muxclient_command = SSHMUX_COMMAND_FORWARD; + else if (strcmp(optarg, "exit") == 0) + muxclient_command = SSHMUX_COMMAND_TERMINATE; + else if (strcmp(optarg, "stop") == 0) + muxclient_command = SSHMUX_COMMAND_STOP; + else if (strcmp(optarg, "cancel") == 0) + muxclient_command = SSHMUX_COMMAND_CANCEL_FWD; + else + fatal("Invalid multiplex command."); + break; + case 'P': /* deprecated */ + options.use_privileged_port = 0; + break; + case 'Q': + cp = NULL; + if (strcmp(optarg, "cipher") == 0) + cp = cipher_alg_list('\n', 0); + else if (strcmp(optarg, "cipher-auth") == 0) + cp = cipher_alg_list('\n', 1); + else if (strcmp(optarg, "mac") == 0) + cp = mac_alg_list('\n'); + else if (strcmp(optarg, "kex") == 0) + cp = kex_alg_list('\n'); + else if (strcmp(optarg, "key") == 0) + cp = key_alg_list(0, 0); + else if (strcmp(optarg, "key-cert") == 0) + cp = key_alg_list(1, 0); + else if (strcmp(optarg, "key-plain") == 0) + cp = key_alg_list(0, 1); + else if (strcmp(optarg, "protocol-version") == 0) { +#ifdef WITH_SSH1 + cp = xstrdup("1\n2"); +#else + cp = xstrdup("2"); +#endif + } + if (cp == NULL) + fatal("Unsupported query \"%s\"", optarg); + printf("%s\n", cp); + free(cp); + exit(0); + break; + case 'a': + options.forward_agent = 0; + break; + case 'A': + options.forward_agent = 1; + break; + case 'k': + options.gss_deleg_creds = 0; + break; + case 'K': + options.gss_authentication = 1; + options.gss_deleg_creds = 1; + break; + case 'i': + if (stat(optarg, &st) < 0) { + fprintf(stderr, "Warning: Identity file %s " + "not accessible: %s.\n", optarg, + strerror(errno)); + break; + } + add_identity_file(&options, NULL, optarg, 1); + break; + case 'I': +#ifdef ENABLE_PKCS11 + options.pkcs11_provider = xstrdup(optarg); +#else + fprintf(stderr, "no support for PKCS#11.\n"); +#endif + break; + case 't': + if (options.request_tty == REQUEST_TTY_YES) + options.request_tty = REQUEST_TTY_FORCE; + else + options.request_tty = REQUEST_TTY_YES; + break; + case 'v': + if (debug_flag == 0) { + debug_flag = 1; + options.log_level = SYSLOG_LEVEL_DEBUG1; + } else { + if (options.log_level < SYSLOG_LEVEL_DEBUG3) + options.log_level++; + } + break; + case 'V': + fprintf(stderr, "%s, %s\n", + SSH_RELEASE, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); + if (opt == 'V') + exit(0); + break; + case 'w': + if (options.tun_open == -1) + options.tun_open = SSH_TUNMODE_DEFAULT; + options.tun_local = a2tun(optarg, &options.tun_remote); + if (options.tun_local == SSH_TUNID_ERR) { + fprintf(stderr, + "Bad tun device '%s'\n", optarg); + exit(255); + } + break; + case 'W': + if (stdio_forward_host != NULL) + fatal("stdio forward already specified"); + if (muxclient_command != 0) + fatal("Cannot specify stdio forward with -O"); + if (parse_forward(&fwd, optarg, 1, 0)) { + stdio_forward_host = fwd.listen_host; + stdio_forward_port = fwd.listen_port; + free(fwd.connect_host); + } else { + fprintf(stderr, + "Bad stdio forwarding specification '%s'\n", + optarg); + exit(255); + } + options.request_tty = REQUEST_TTY_NO; + no_shell_flag = 1; + options.clear_forwardings = 1; + options.exit_on_forward_failure = 1; + break; + case 'q': + options.log_level = SYSLOG_LEVEL_QUIET; + break; + case 'e': + if (optarg[0] == '^' && optarg[2] == 0 && + (u_char) optarg[1] >= 64 && + (u_char) optarg[1] < 128) + options.escape_char = (u_char) optarg[1] & 31; + else if (strlen(optarg) == 1) + options.escape_char = (u_char) optarg[0]; + else if (strcmp(optarg, "none") == 0) + options.escape_char = SSH_ESCAPECHAR_NONE; + else { + fprintf(stderr, "Bad escape character '%s'.\n", + optarg); + exit(255); + } + break; + case 'c': + if (ciphers_valid(*optarg == '+' ? + optarg + 1 : optarg)) { + /* SSH2 only */ + options.ciphers = xstrdup(optarg); + options.cipher = SSH_CIPHER_INVALID; + break; + } + /* SSH1 only */ + options.cipher = cipher_number(optarg); + if (options.cipher == -1) { + fprintf(stderr, "Unknown cipher type '%s'\n", + optarg); + exit(255); + } + if (options.cipher == SSH_CIPHER_3DES) + options.ciphers = xstrdup("3des-cbc"); + else if (options.cipher == SSH_CIPHER_BLOWFISH) + options.ciphers = xstrdup("blowfish-cbc"); + else + options.ciphers = xstrdup(KEX_CLIENT_ENCRYPT); + break; + case 'm': + if (mac_valid(optarg)) + options.macs = xstrdup(optarg); + else { + fprintf(stderr, "Unknown mac type '%s'\n", + optarg); + exit(255); + } + break; + case 'M': + if (options.control_master == SSHCTL_MASTER_YES) + options.control_master = SSHCTL_MASTER_ASK; + else + options.control_master = SSHCTL_MASTER_YES; + break; + case 'p': + options.port = a2port(optarg); + if (options.port <= 0) { + fprintf(stderr, "Bad port '%s'\n", optarg); + exit(255); + } + break; + case 'l': + options.user = optarg; + break; + + case 'L': + if (parse_forward(&fwd, optarg, 0, 0)) + add_local_forward(&options, &fwd); + else { + fprintf(stderr, + "Bad local forwarding specification '%s'\n", + optarg); + exit(255); + } + break; + + case 'R': + if (parse_forward(&fwd, optarg, 0, 1)) { + add_remote_forward(&options, &fwd); + } else { + fprintf(stderr, + "Bad remote forwarding specification " + "'%s'\n", optarg); + exit(255); + } + break; + + case 'D': + if (parse_forward(&fwd, optarg, 1, 0)) { + add_local_forward(&options, &fwd); + } else { + fprintf(stderr, + "Bad dynamic forwarding specification " + "'%s'\n", optarg); + exit(255); + } + break; + + case 'C': + options.compression = 1; + break; + case 'N': + no_shell_flag = 1; + options.request_tty = REQUEST_TTY_NO; + break; + case 'T': + options.request_tty = REQUEST_TTY_NO; + break; + case 'o': + line = xstrdup(optarg); + if (process_config_line(&options, pw, + host ? host : "", host ? host : "", line, + "command-line", 0, NULL, SSHCONF_USERCONF) != 0) + exit(255); + free(line); + break; + case 's': + subsystem_flag = 1; + break; + case 'S': + if (options.control_path != NULL) + free(options.control_path); + options.control_path = xstrdup(optarg); + break; + case 'b': + options.bind_address = optarg; + break; + case 'F': + config = optarg; + break; + default: + usage(); + } + } + + ac -= optind; + av += optind; + + if (ac > 0 && !host) { + if (strrchr(*av, '@')) { + p = xstrdup(*av); + cp = strrchr(p, '@'); + if (cp == NULL || cp == p) + usage(); + options.user = p; + *cp = '\0'; + host = xstrdup(++cp); + } else + host = xstrdup(*av); + if (ac > 1) { + optind = optreset = 1; + goto again; + } + ac--, av++; + } + + /* Check that we got a host name. */ + if (!host) + usage(); + + host_arg = xstrdup(host); + +#ifdef WITH_OPENSSL + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); +#endif + + /* Initialize the command to execute on remote host. */ + buffer_init(&command); + + /* + * Save the command to execute on the remote host in a buffer. There + * is no limit on the length of the command, except by the maximum + * packet size. Also sets the tty flag if there is no command. + */ + if (!ac) { + /* No command specified - execute shell on a tty. */ + if (subsystem_flag) { + fprintf(stderr, + "You must specify a subsystem to invoke.\n"); + usage(); + } + } else { + /* A command has been specified. Store it into the buffer. */ + for (i = 0; i < ac; i++) { + if (i) + buffer_append(&command, " ", 1); + buffer_append(&command, av[i], strlen(av[i])); + } + } + + /* Cannot fork to background if no command. */ + if (fork_after_authentication_flag && buffer_len(&command) == 0 && + !no_shell_flag) + fatal("Cannot fork into background without a command " + "to execute."); + + /* + * Initialize "log" output. Since we are the client all output + * goes to stderr unless otherwise specified by -y or -E. + */ + if (use_syslog && logfile != NULL) + fatal("Can't specify both -y and -E"); + if (logfile != NULL) { + log_redirect_stderr_to(logfile); + free(logfile); + } + log_init(argv0, + options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, + SYSLOG_FACILITY_USER, !use_syslog); + + if (debug_flag) + logit("%s, %s", SSH_RELEASE, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); + + /* Parse the configuration files */ + process_config_files(host_arg, pw, 0); + + /* Hostname canonicalisation needs a few options filled. */ + fill_default_options_for_canonicalization(&options); + + /* If the user has replaced the hostname then take it into use now */ + if (options.hostname != NULL) { + /* NB. Please keep in sync with readconf.c:match_cfg_line() */ + cp = percent_expand(options.hostname, + "h", host, (char *)NULL); + free(host); + host = cp; + free(options.hostname); + options.hostname = xstrdup(host); + } + + /* If canonicalization requested then try to apply it */ + lowercase(host); + if (options.canonicalize_hostname != SSH_CANONICALISE_NO) + addrs = resolve_canonicalize(&host, options.port); + + /* + * If CanonicalizePermittedCNAMEs have been specified but + * other canonicalization did not happen (by not being requested + * or by failing with fallback) then the hostname may still be changed + * as a result of CNAME following. + * + * Try to resolve the bare hostname name using the system resolver's + * usual search rules and then apply the CNAME follow rules. + * + * Skip the lookup if a ProxyCommand is being used unless the user + * has specifically requested canonicalisation for this case via + * CanonicalizeHostname=always + */ + if (addrs == NULL && options.num_permitted_cnames != 0 && + (option_clear_or_none(options.proxy_command) || + options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) { + if ((addrs = resolve_host(host, options.port, + option_clear_or_none(options.proxy_command), + cname, sizeof(cname))) == NULL) { + /* Don't fatal proxied host names not in the DNS */ + if (option_clear_or_none(options.proxy_command)) + cleanup_exit(255); /* logged in resolve_host */ + } else + check_follow_cname(&host, cname); + } + + /* + * If canonicalisation is enabled then re-parse the configuration + * files as new stanzas may match. + */ + if (options.canonicalize_hostname != 0) { + debug("Re-reading configuration after hostname " + "canonicalisation"); + free(options.hostname); + options.hostname = xstrdup(host); + process_config_files(host_arg, pw, 1); + /* + * Address resolution happens early with canonicalisation + * enabled and the port number may have changed since, so + * reset it in address list + */ + if (addrs != NULL && options.port > 0) + set_addrinfo_port(addrs, options.port); + } + + /* Fill configuration defaults. */ + fill_default_options(&options); + + if (options.port == 0) + options.port = default_ssh_port(); + channel_set_af(options.address_family); + + /* Tidy and check options */ + if (options.host_key_alias != NULL) + lowercase(options.host_key_alias); + if (options.proxy_command != NULL && + strcmp(options.proxy_command, "-") == 0 && + options.proxy_use_fdpass) + fatal("ProxyCommand=- and ProxyUseFDPass are incompatible"); + if (options.control_persist && + options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) { + debug("UpdateHostKeys=ask is incompatible with ControlPersist; " + "disabling"); + options.update_hostkeys = 0; + } +#ifndef HAVE_CYGWIN + if (original_effective_uid != 0) + options.use_privileged_port = 0; +#endif + + /* reinit */ + log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog); + + if (options.request_tty == REQUEST_TTY_YES || + options.request_tty == REQUEST_TTY_FORCE) + tty_flag = 1; + + /* Allocate a tty by default if no command specified. */ + if (buffer_len(&command) == 0) + tty_flag = options.request_tty != REQUEST_TTY_NO; + + /* Force no tty */ + if (options.request_tty == REQUEST_TTY_NO || muxclient_command != 0) + tty_flag = 0; + /* Do not allocate a tty if stdin is not a tty. */ + if ((!isatty(fileno(stdin)) || stdin_null_flag) && + options.request_tty != REQUEST_TTY_FORCE) { + if (tty_flag) + logit("Pseudo-terminal will not be allocated because " + "stdin is not a terminal."); + tty_flag = 0; + } + + seed_rng(); + + if (options.user == NULL) + options.user = xstrdup(pw->pw_name); + + if (gethostname(thishost, sizeof(thishost)) == -1) + fatal("gethostname: %s", strerror(errno)); + strlcpy(shorthost, thishost, sizeof(shorthost)); + shorthost[strcspn(thishost, ".")] = '\0'; + snprintf(portstr, sizeof(portstr), "%d", options.port); + + if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || + ssh_digest_update(md, thishost, strlen(thishost)) < 0 || + ssh_digest_update(md, host, strlen(host)) < 0 || + ssh_digest_update(md, portstr, strlen(portstr)) < 0 || + ssh_digest_update(md, options.user, strlen(options.user)) < 0 || + ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) + fatal("%s: mux digest failed", __func__); + ssh_digest_free(md); + conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); + + if (options.local_command != NULL) { + debug3("expanding LocalCommand: %s", options.local_command); + cp = options.local_command; + options.local_command = percent_expand(cp, + "C", conn_hash_hex, + "L", shorthost, + "d", pw->pw_dir, + "h", host, + "l", thishost, + "n", host_arg, + "p", portstr, + "r", options.user, + "u", pw->pw_name, + (char *)NULL); + debug3("expanded LocalCommand: %s", options.local_command); + free(cp); + } + + if (options.control_path != NULL) { + cp = tilde_expand_filename(options.control_path, + original_real_uid); + free(options.control_path); + options.control_path = percent_expand(cp, + "C", conn_hash_hex, + "L", shorthost, + "h", host, + "l", thishost, + "n", host_arg, + "p", portstr, + "r", options.user, + "u", pw->pw_name, + (char *)NULL); + free(cp); + } + free(conn_hash_hex); + + if (config_test) { + dump_client_config(&options, host); + exit(0); + } + + if (muxclient_command != 0 && options.control_path == NULL) + fatal("No ControlPath specified for \"-O\" command"); + if (options.control_path != NULL) + muxclient(options.control_path); + + /* + * If hostname canonicalisation was not enabled, then we may not + * have yet resolved the hostname. Do so now. + */ + if (addrs == NULL && options.proxy_command == NULL) { + if ((addrs = resolve_host(host, options.port, 1, + cname, sizeof(cname))) == NULL) + cleanup_exit(255); /* resolve_host logs the error */ + } + + timeout_ms = options.connection_timeout * 1000; + + /* Open a connection to the remote host. */ + if (ssh_connect(host, addrs, &hostaddr, options.port, + options.address_family, options.connection_attempts, + &timeout_ms, options.tcp_keep_alive, + options.use_privileged_port) != 0) + exit(255); + + if (addrs != NULL) + freeaddrinfo(addrs); + + packet_set_timeout(options.server_alive_interval, + options.server_alive_count_max); + + if (timeout_ms > 0) + debug3("timeout: %d ms remain after connect", timeout_ms); + + /* + * If we successfully made the connection, load the host private key + * in case we will need it later for combined rsa-rhosts + * authentication. This must be done before releasing extra + * privileges, because the file is only readable by root. + * If we cannot access the private keys, load the public keys + * instead and try to execute the ssh-keysign helper instead. + */ + sensitive_data.nkeys = 0; + sensitive_data.keys = NULL; + sensitive_data.external_keysign = 0; + if (options.rhosts_rsa_authentication || + options.hostbased_authentication) { + sensitive_data.nkeys = 9; + sensitive_data.keys = xcalloc(sensitive_data.nkeys, + sizeof(Key)); + for (i = 0; i < sensitive_data.nkeys; i++) + sensitive_data.keys[i] = NULL; + + PRIV_START; + sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, + _PATH_HOST_KEY_FILE, "", NULL, NULL); +#ifdef OPENSSL_HAS_ECC + sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, + _PATH_HOST_ECDSA_KEY_FILE, "", NULL); +#endif + sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519, + _PATH_HOST_ED25519_KEY_FILE, "", NULL); + sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, + _PATH_HOST_RSA_KEY_FILE, "", NULL); + sensitive_data.keys[4] = key_load_private_cert(KEY_DSA, + _PATH_HOST_DSA_KEY_FILE, "", NULL); +#ifdef OPENSSL_HAS_ECC + sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, + _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); +#endif + sensitive_data.keys[6] = key_load_private_type(KEY_ED25519, + _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); + sensitive_data.keys[7] = key_load_private_type(KEY_RSA, + _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); + sensitive_data.keys[8] = key_load_private_type(KEY_DSA, + _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); + PRIV_END; + + if (options.hostbased_authentication == 1 && + sensitive_data.keys[0] == NULL && + sensitive_data.keys[5] == NULL && + sensitive_data.keys[6] == NULL && + sensitive_data.keys[7] == NULL && + sensitive_data.keys[8] == NULL) { +#ifdef OPENSSL_HAS_ECC + sensitive_data.keys[1] = key_load_cert( + _PATH_HOST_ECDSA_KEY_FILE); +#endif + sensitive_data.keys[2] = key_load_cert( + _PATH_HOST_ED25519_KEY_FILE); + sensitive_data.keys[3] = key_load_cert( + _PATH_HOST_RSA_KEY_FILE); + sensitive_data.keys[4] = key_load_cert( + _PATH_HOST_DSA_KEY_FILE); +#ifdef OPENSSL_HAS_ECC + sensitive_data.keys[5] = key_load_public( + _PATH_HOST_ECDSA_KEY_FILE, NULL); +#endif + sensitive_data.keys[6] = key_load_public( + _PATH_HOST_ED25519_KEY_FILE, NULL); + sensitive_data.keys[7] = key_load_public( + _PATH_HOST_RSA_KEY_FILE, NULL); + sensitive_data.keys[8] = key_load_public( + _PATH_HOST_DSA_KEY_FILE, NULL); + sensitive_data.external_keysign = 1; + } + } + /* + * Get rid of any extra privileges that we may have. We will no + * longer need them. Also, extra privileges could make it very hard + * to read identity files and other non-world-readable files from the + * user's home directory if it happens to be on a NFS volume where + * root is mapped to nobody. + */ + if (original_effective_uid == 0) { + PRIV_START; + permanently_set_uid(pw); + } + + /* + * Now that we are back to our own permissions, create ~/.ssh + * directory if it doesn't already exist. + */ + if (config == NULL) { + r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, + strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); + if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { +#ifdef WITH_SELINUX + ssh_selinux_setfscreatecon(buf); +#endif + if (mkdir(buf, 0700) < 0) + ssh_error("Could not create directory '%.200s'.", + buf); +#ifdef WITH_SELINUX + ssh_selinux_setfscreatecon(NULL); +#endif + } + } + /* load options.identity_files */ + load_public_identity_files(); + + /* Expand ~ in known host file names. */ + tilde_expand_paths(options.system_hostfiles, + options.num_system_hostfiles); + tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles); + + signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ + signal(SIGCHLD, main_sigchld_handler); + + /* Log into the remote system. Never returns if the login fails. */ + ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, + options.port, pw, timeout_ms); + + if (packet_connection_is_on_socket()) { + verbose("Authenticated to %s ([%s]:%d).", host, + get_remote_ipaddr(), get_remote_port()); + } else { + verbose("Authenticated to %s (via proxy).", host); + } + + /* We no longer need the private host keys. Clear them now. */ + if (sensitive_data.nkeys != 0) { + for (i = 0; i < sensitive_data.nkeys; i++) { + if (sensitive_data.keys[i] != NULL) { + /* Destroys contents safely */ + debug3("clear hostkey %d", i); + key_free(sensitive_data.keys[i]); + sensitive_data.keys[i] = NULL; + } + } + free(sensitive_data.keys); + } + for (i = 0; i < options.num_identity_files; i++) { + free(options.identity_files[i]); + options.identity_files[i] = NULL; + if (options.identity_keys[i]) { + key_free(options.identity_keys[i]); + options.identity_keys[i] = NULL; + } + } + + exit_status = compat20 ? ssh_session2() : ssh_session(); + packet_close(); + + if (options.control_path != NULL && muxserver_sock != -1) + unlink(options.control_path); + + /* Kill ProxyCommand if it is running. */ + ssh_kill_proxy_command(); + + return exit_status; +} + +static void +control_persist_detach(void) +{ + pid_t pid; + int devnull; + + debug("%s: backgrounding master process", __func__); + + /* + * master (current process) into the background, and make the + * foreground process a client of the backgrounded master. + */ + switch ((pid = fork())) { + case -1: + fatal("%s: fork: %s", __func__, strerror(errno)); + case 0: + /* Child: master process continues mainloop */ + break; + default: + /* Parent: set up mux slave to connect to backgrounded master */ + debug2("%s: background process is %ld", __func__, (long)pid); + stdin_null_flag = ostdin_null_flag; + options.request_tty = orequest_tty; + tty_flag = otty_flag; + close(muxserver_sock); + muxserver_sock = -1; + options.control_master = SSHCTL_MASTER_NO; + muxclient(options.control_path); + /* muxclient() doesn't return on success. */ + fatal("Failed to connect to new control master"); + } + if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { + ssh_error("%s: open(\"/dev/null\"): %s", __func__, + strerror(errno)); + } else { + if (dup2(devnull, STDIN_FILENO) == -1 || + dup2(devnull, STDOUT_FILENO) == -1) + ssh_error("%s: dup2: %s", __func__, strerror(errno)); + if (devnull > STDERR_FILENO) + close(devnull); + } + daemon(1, 1); + setproctitle("%s [mux]", options.control_path); +} + +/* Do fork() after authentication. Used by "ssh -f" */ +static void +fork_postauth(void) +{ + if (need_controlpersist_detach) + control_persist_detach(); + debug("forking to background"); + fork_after_authentication_flag = 0; + if (daemon(1, 1) < 0) + fatal("daemon() failed: %.200s", strerror(errno)); +} + +/* Callback for remote forward global requests */ +static void +ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) +{ + struct Forward *rfwd = (struct Forward *)ctxt; + + /* XXX verbose() on failure? */ + debug("remote forward %s for: listen %s%s%d, connect %s:%d", + type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", + rfwd->listen_path ? rfwd->listen_path : + rfwd->listen_host ? rfwd->listen_host : "", + (rfwd->listen_path || rfwd->listen_host) ? ":" : "", + rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path : + rfwd->connect_host, rfwd->connect_port); + if (rfwd->listen_path == NULL && rfwd->listen_port == 0) { + if (type == SSH2_MSG_REQUEST_SUCCESS) { + rfwd->allocated_port = packet_get_int(); + logit("Allocated port %u for remote forward to %s:%d", + rfwd->allocated_port, + rfwd->connect_host, rfwd->connect_port); + channel_update_permitted_opens(rfwd->handle, + rfwd->allocated_port); + } else { + channel_update_permitted_opens(rfwd->handle, -1); + } + } + + if (type == SSH2_MSG_REQUEST_FAILURE) { + if (options.exit_on_forward_failure) { + if (rfwd->listen_path != NULL) + fatal("Error: remote port forwarding failed " + "for listen path %s", rfwd->listen_path); + else + fatal("Error: remote port forwarding failed " + "for listen port %d", rfwd->listen_port); + } else { + if (rfwd->listen_path != NULL) + logit("Warning: remote port forwarding failed " + "for listen path %s", rfwd->listen_path); + else + logit("Warning: remote port forwarding failed " + "for listen port %d", rfwd->listen_port); + } + } + if (++remote_forward_confirms_received == options.num_remote_forwards) { + debug("All remote forwarding requests processed"); + if (fork_after_authentication_flag) + fork_postauth(); + } +} + +static void +client_cleanup_stdio_fwd(int id, void *arg) +{ + debug("stdio forwarding: done"); + cleanup_exit(0); +} + +static void +ssh_stdio_confirm(int id, int success, void *arg) +{ + if (!success) + fatal("stdio forwarding failed"); +} + +static void +ssh_init_stdio_forwarding(void) +{ + Channel *c; + int in, out; + + if (stdio_forward_host == NULL) + return; + if (!compat20) + fatal("stdio forwarding require Protocol 2"); + + debug3("%s: %s:%d", __func__, stdio_forward_host, stdio_forward_port); + + if ((in = dup(STDIN_FILENO)) < 0 || + (out = dup(STDOUT_FILENO)) < 0) + fatal("channel_connect_stdio_fwd: dup() in/out failed"); + if ((c = channel_connect_stdio_fwd(stdio_forward_host, + stdio_forward_port, in, out)) == NULL) + fatal("%s: channel_connect_stdio_fwd failed", __func__); + channel_register_cleanup(c->self, client_cleanup_stdio_fwd, 0); + channel_register_open_confirm(c->self, ssh_stdio_confirm, NULL); +} + +static void +ssh_init_forwarding(void) +{ + int success = 0; + int i; + + /* Initiate local TCP/IP port forwardings. */ + for (i = 0; i < options.num_local_forwards; i++) { + debug("Local connections to %.200s:%d forwarded to remote " + "address %.200s:%d", + (options.local_forwards[i].listen_path != NULL) ? + options.local_forwards[i].listen_path : + (options.local_forwards[i].listen_host == NULL) ? + (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") : + options.local_forwards[i].listen_host, + options.local_forwards[i].listen_port, + (options.local_forwards[i].connect_path != NULL) ? + options.local_forwards[i].connect_path : + options.local_forwards[i].connect_host, + options.local_forwards[i].connect_port); + success += channel_setup_local_fwd_listener( + &options.local_forwards[i], &options.fwd_opts); + } + if (i > 0 && success != i && options.exit_on_forward_failure) + fatal("Could not request local forwarding."); + if (i > 0 && success == 0) + ssh_error("Could not request local forwarding."); + + /* Initiate remote TCP/IP port forwardings. */ + for (i = 0; i < options.num_remote_forwards; i++) { + debug("Remote connections from %.200s:%d forwarded to " + "local address %.200s:%d", + (options.remote_forwards[i].listen_path != NULL) ? + options.remote_forwards[i].listen_path : + (options.remote_forwards[i].listen_host == NULL) ? + "LOCALHOST" : options.remote_forwards[i].listen_host, + options.remote_forwards[i].listen_port, + (options.remote_forwards[i].connect_path != NULL) ? + options.remote_forwards[i].connect_path : + options.remote_forwards[i].connect_host, + options.remote_forwards[i].connect_port); + options.remote_forwards[i].handle = + channel_request_remote_forwarding( + &options.remote_forwards[i]); + if (options.remote_forwards[i].handle < 0) { + if (options.exit_on_forward_failure) + fatal("Could not request remote forwarding."); + else + logit("Warning: Could not request remote " + "forwarding."); + } else { + client_register_global_confirm(ssh_confirm_remote_forward, + &options.remote_forwards[i]); + } + } + + /* Initiate tunnel forwarding. */ + if (options.tun_open != SSH_TUNMODE_NO) { + if (client_request_tun_fwd(options.tun_open, + options.tun_local, options.tun_remote) == -1) { + if (options.exit_on_forward_failure) + fatal("Could not request tunnel forwarding."); + else + ssh_error("Could not request tunnel forwarding."); + } + } +} + +static void +check_agent_present(void) +{ + int r; + + if (options.forward_agent) { + /* Clear agent forwarding if we don't have an agent. */ + if ((r = ssh_get_authentication_socket(NULL)) != 0) { + options.forward_agent = 0; + if (r != SSH_ERR_AGENT_NOT_PRESENT) + debug("ssh_get_authentication_socket: %s", + ssh_err(r)); + } + } +} + +static int +ssh_session(void) +{ + int type; + int interactive = 0; + int have_tty = 0; + struct winsize ws; + char *cp; + const char *display; + + /* Enable compression if requested. */ + if (options.compression) { + debug("Requesting compression at level %d.", + options.compression_level); + + if (options.compression_level < 1 || + options.compression_level > 9) + fatal("Compression level must be from 1 (fast) to " + "9 (slow, best)."); + + /* Send the request. */ + packet_start(SSH_CMSG_REQUEST_COMPRESSION); + packet_put_int(options.compression_level); + packet_send(); + packet_write_wait(); + type = packet_read(); + if (type == SSH_SMSG_SUCCESS) + packet_start_compression(options.compression_level); + else if (type == SSH_SMSG_FAILURE) + logit("Warning: Remote host refused compression."); + else + packet_disconnect("Protocol error waiting for " + "compression response."); + } + /* Allocate a pseudo tty if appropriate. */ + if (tty_flag) { + debug("Requesting pty."); + + /* Start the packet. */ + packet_start(SSH_CMSG_REQUEST_PTY); + + /* Store TERM in the packet. There is no limit on the + length of the string. */ + cp = getenv("TERM"); + if (!cp) + cp = ""; + packet_put_cstring(cp); + + /* Store window size in the packet. */ + if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) + memset(&ws, 0, sizeof(ws)); + packet_put_int((u_int)ws.ws_row); + packet_put_int((u_int)ws.ws_col); + packet_put_int((u_int)ws.ws_xpixel); + packet_put_int((u_int)ws.ws_ypixel); + + /* Store tty modes in the packet. */ + tty_make_modes(fileno(stdin), NULL); + + /* Send the packet, and wait for it to leave. */ + packet_send(); + packet_write_wait(); + + /* Read response from the server. */ + type = packet_read(); + if (type == SSH_SMSG_SUCCESS) { + interactive = 1; + have_tty = 1; + } else if (type == SSH_SMSG_FAILURE) + logit("Warning: Remote host failed or refused to " + "allocate a pseudo tty."); + else + packet_disconnect("Protocol error waiting for pty " + "request response."); + } + /* Request X11 forwarding if enabled and DISPLAY is set. */ + display = getenv("DISPLAY"); + if (display == NULL && options.forward_x11) + debug("X11 forwarding requested but DISPLAY not set"); + if (options.forward_x11 && display != NULL) { + char *proto, *data; + /* Get reasonable local authentication information. */ + client_x11_get_proto(display, options.xauth_location, + options.forward_x11_trusted, + options.forward_x11_timeout, + &proto, &data); + /* Request forwarding with authentication spoofing. */ + debug("Requesting X11 forwarding with authentication " + "spoofing."); + x11_request_forwarding_with_spoofing(0, display, proto, + data, 0); + /* Read response from the server. */ + type = packet_read(); + if (type == SSH_SMSG_SUCCESS) { + interactive = 1; + } else if (type == SSH_SMSG_FAILURE) { + logit("Warning: Remote host denied X11 forwarding."); + } else { + packet_disconnect("Protocol error waiting for X11 " + "forwarding"); + } + } + /* Tell the packet module whether this is an interactive session. */ + packet_set_interactive(interactive, + options.ip_qos_interactive, options.ip_qos_bulk); + + /* Request authentication agent forwarding if appropriate. */ + check_agent_present(); + + if (options.forward_agent) { + debug("Requesting authentication agent forwarding."); + auth_request_forwarding(); + + /* Read response from the server. */ + type = packet_read(); + packet_check_eom(); + if (type != SSH_SMSG_SUCCESS) + logit("Warning: Remote host denied authentication agent forwarding."); + } + + /* Initiate port forwardings. */ + ssh_init_stdio_forwarding(); + ssh_init_forwarding(); + + /* Execute a local command */ + if (options.local_command != NULL && + options.permit_local_command) + ssh_local_cmd(options.local_command); + + /* + * If requested and we are not interested in replies to remote + * forwarding requests, then let ssh continue in the background. + */ + if (fork_after_authentication_flag) { + if (options.exit_on_forward_failure && + options.num_remote_forwards > 0) { + debug("deferring postauth fork until remote forward " + "confirmation received"); + } else + fork_postauth(); + } + + /* + * If a command was specified on the command line, execute the + * command now. Otherwise request the server to start a shell. + */ + if (buffer_len(&command) > 0) { + int len = buffer_len(&command); + if (len > 900) + len = 900; + debug("Sending command: %.*s", len, + (u_char *)buffer_ptr(&command)); + packet_start(SSH_CMSG_EXEC_CMD); + packet_put_string(buffer_ptr(&command), buffer_len(&command)); + packet_send(); + packet_write_wait(); + } else { + debug("Requesting shell."); + packet_start(SSH_CMSG_EXEC_SHELL); + packet_send(); + packet_write_wait(); + } + + /* Enter the interactive session. */ + return client_loop(have_tty, tty_flag ? + options.escape_char : SSH_ESCAPECHAR_NONE, 0); +} + +/* request pty/x11/agent/tcpfwd/shell for channel */ +static void +ssh_session2_setup(int id, int success, void *arg) +{ + extern char **environ; + const char *display; + int interactive = tty_flag; + + if (!success) + return; /* No need for error message, channels code sens one */ + + display = getenv("DISPLAY"); + if (display == NULL && options.forward_x11) + debug("X11 forwarding requested but DISPLAY not set"); + if (options.forward_x11 && display != NULL) { + char *proto, *data; + /* Get reasonable local authentication information. */ + client_x11_get_proto(display, options.xauth_location, + options.forward_x11_trusted, + options.forward_x11_timeout, &proto, &data); + /* Request forwarding with authentication spoofing. */ + debug("Requesting X11 forwarding with authentication " + "spoofing."); + x11_request_forwarding_with_spoofing(id, display, proto, + data, 1); + client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); + /* XXX exit_on_forward_failure */ + interactive = 1; + } + + check_agent_present(); + if (options.forward_agent) { + debug("Requesting authentication agent forwarding."); + channel_request_start(id, "auth-agent-req@openssh.com", 0); + packet_send(); + } + + /* Tell the packet module whether this is an interactive session. */ + packet_set_interactive(interactive, + options.ip_qos_interactive, options.ip_qos_bulk); + + client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), + NULL, fileno(stdin), &command, environ); +} + +/* open new channel for a session */ +static int +ssh_session2_open(void) +{ + Channel *c; + int window, packetmax, in, out, err; + + if (stdin_null_flag) { + in = open(_PATH_DEVNULL, O_RDONLY); + } else { + in = dup(STDIN_FILENO); + } + out = dup(STDOUT_FILENO); + err = dup(STDERR_FILENO); + + if (in < 0 || out < 0 || err < 0) + fatal("dup() in/out/err failed"); + + /* enable nonblocking unless tty */ + if (!isatty(in)) + set_nonblock(in); + if (!isatty(out)) + set_nonblock(out); + if (!isatty(err)) + set_nonblock(err); + + window = CHAN_SES_WINDOW_DEFAULT; + packetmax = CHAN_SES_PACKET_DEFAULT; + if (tty_flag) { + window >>= 1; + packetmax >>= 1; + } + c = channel_new( + "session", SSH_CHANNEL_OPENING, in, out, err, + window, packetmax, CHAN_EXTENDED_WRITE, + "client-session", /*nonblock*/0); + + debug3("ssh_session2_open: channel_new: %d", c->self); + + channel_send_open(c->self); + if (!no_shell_flag) + channel_register_open_confirm(c->self, + ssh_session2_setup, NULL); + + return c->self; +} + +static int +ssh_session2(void) +{ + int id = -1; + + /* XXX should be pre-session */ + if (!options.control_persist) + ssh_init_stdio_forwarding(); + ssh_init_forwarding(); + + /* Start listening for multiplex clients */ + muxserver_listen(); + + /* + * If we are in control persist mode and have a working mux listen + * socket, then prepare to background ourselves and have a foreground + * client attach as a control slave. + * NB. we must save copies of the flags that we override for + * the backgrounding, since we defer attachment of the slave until + * after the connection is fully established (in particular, + * async rfwd replies have been received for ExitOnForwardFailure). + */ + if (options.control_persist && muxserver_sock != -1) { + ostdin_null_flag = stdin_null_flag; + ono_shell_flag = no_shell_flag; + orequest_tty = options.request_tty; + otty_flag = tty_flag; + stdin_null_flag = 1; + no_shell_flag = 1; + tty_flag = 0; + if (!fork_after_authentication_flag) + need_controlpersist_detach = 1; + fork_after_authentication_flag = 1; + } + /* + * ControlPersist mux listen socket setup failed, attempt the + * stdio forward setup that we skipped earlier. + */ + if (options.control_persist && muxserver_sock == -1) + ssh_init_stdio_forwarding(); + + if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) + id = ssh_session2_open(); + else { + packet_set_interactive( + options.control_master == SSHCTL_MASTER_NO, + options.ip_qos_interactive, options.ip_qos_bulk); + } + + /* If we don't expect to open a new session, then disallow it */ + if (options.control_master == SSHCTL_MASTER_NO && + (datafellows & SSH_NEW_OPENSSH)) { + debug("Requesting no-more-sessions@openssh.com"); + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring("no-more-sessions@openssh.com"); + packet_put_char(0); + packet_send(); + } + + /* Execute a local command */ + if (options.local_command != NULL && + options.permit_local_command) + ssh_local_cmd(options.local_command); + + /* + * If requested and we are not interested in replies to remote + * forwarding requests, then let ssh continue in the background. + */ + if (fork_after_authentication_flag) { + if (options.exit_on_forward_failure && + options.num_remote_forwards > 0) { + debug("deferring postauth fork until remote forward " + "confirmation received"); + } else + fork_postauth(); + } + + if (options.use_roaming) + request_roaming(); + + return client_loop(tty_flag, tty_flag ? + options.escape_char : SSH_ESCAPECHAR_NONE, id); +} + +#if 0 +static void +load_public_identity_files(void) +{ + char *filename, *cp, thishost[NI_MAXHOST]; + char *pwdir = NULL, *pwname = NULL; + int i = 0; + Key *public; + struct passwd *pw; + u_int n_ids; + char *identity_files[SSH_MAX_IDENTITY_FILES]; + Key *identity_keys[SSH_MAX_IDENTITY_FILES]; +#ifdef ENABLE_PKCS11 + Key **keys; + int nkeys; +#endif /* PKCS11 */ + + n_ids = 0; + memset(identity_files, 0, sizeof(identity_files)); + memset(identity_keys, 0, sizeof(identity_keys)); + +#ifdef ENABLE_PKCS11 + if (options.pkcs11_provider != NULL && + options.num_identity_files < SSH_MAX_IDENTITY_FILES && + (pkcs11_init(!options.batch_mode) == 0) && + (nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL, + &keys)) > 0) { + for (i = 0; i < nkeys; i++) { + if (n_ids >= SSH_MAX_IDENTITY_FILES) { + key_free(keys[i]); + continue; + } + identity_keys[n_ids] = keys[i]; + identity_files[n_ids] = + xstrdup(options.pkcs11_provider); /* XXX */ + n_ids++; + } + free(keys); + } +#endif /* ENABLE_PKCS11 */ + if ((pw = getpwuid(original_real_uid)) == NULL) + fatal("load_public_identity_files: getpwuid failed"); + pwname = xstrdup(pw->pw_name); + pwdir = xstrdup(pw->pw_dir); + if (gethostname(thishost, sizeof(thishost)) == -1) + fatal("load_public_identity_files: gethostname: %s", + strerror(errno)); + for (i = 0; i < options.num_identity_files; i++) { + if (n_ids >= SSH_MAX_IDENTITY_FILES || + strcasecmp(options.identity_files[i], "none") == 0) { + free(options.identity_files[i]); + continue; + } + cp = tilde_expand_filename(options.identity_files[i], + original_real_uid); + filename = percent_expand(cp, "d", pwdir, + "u", pwname, "l", thishost, "h", host, + "r", options.user, (char *)NULL); + free(cp); + public = key_load_public(filename, NULL); + debug("identity file %s type %d", filename, + public ? public->type : -1); + free(options.identity_files[i]); + identity_files[n_ids] = filename; + identity_keys[n_ids] = public; + + if (++n_ids >= SSH_MAX_IDENTITY_FILES) + continue; + + /* Try to add the certificate variant too */ + xasprintf(&cp, "%s-cert", filename); + public = key_load_public(cp, NULL); + debug("identity file %s type %d", cp, + public ? public->type : -1); + if (public == NULL) { + free(cp); + continue; + } + if (!key_is_cert(public)) { + debug("%s: key %s type %s is not a certificate", + __func__, cp, key_type(public)); + key_free(public); + free(cp); + continue; + } + identity_keys[n_ids] = public; + /* point to the original path, most likely the private key */ + identity_files[n_ids] = xstrdup(filename); + n_ids++; + } + options.num_identity_files = n_ids; + memcpy(options.identity_files, identity_files, sizeof(identity_files)); + memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); + + explicit_bzero(pwname, strlen(pwname)); + free(pwname); + explicit_bzero(pwdir, strlen(pwdir)); + free(pwdir); +} +#endif + +static void +main_sigchld_handler(int sig) +{ + int save_errno = errno; + pid_t pid; + int status; + + while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || + (pid < 0 && errno == EINTR)) + ; + + signal(sig, main_sigchld_handler); + errno = save_errno; +} diff --git a/include/DomainExec/opensshlib/ssh.h b/include/DomainExec/opensshlib/ssh.h new file mode 100644 index 00000000..186cfff9 --- /dev/null +++ b/include/DomainExec/opensshlib/ssh.h @@ -0,0 +1,102 @@ +/* $OpenBSD: ssh.h,v 1.78 2006/08/03 03:34:42 deraadt Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +/* Cipher used for encrypting authentication files. */ +#define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES + +/* Default port number. */ +#define SSH_DEFAULT_PORT 22 + +/* Maximum number of TCP/IP ports forwarded per direction. */ +#define SSH_MAX_FORWARDS_PER_DIRECTION 100 + +/* + * Maximum number of RSA authentication identity files that can be specified + * in configuration files or on the command line. + */ +#define SSH_MAX_IDENTITY_FILES 100 + +/* + * Maximum length of lines in authorized_keys file. + * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with + * some room for options and comments. + */ +#define SSH_MAX_PUBKEY_BYTES 8192 + +/* + * Major protocol version. Different version indicates major incompatibility + * that prevents communication. + * + * Minor protocol version. Different version indicates minor incompatibility + * that does not prevent interoperation. + */ +#define PROTOCOL_MAJOR_1 1 +#define PROTOCOL_MINOR_1 5 + +/* We support both SSH1 and SSH2 */ +#define PROTOCOL_MAJOR_2 2 +#define PROTOCOL_MINOR_2 0 + +/* + * Name for the service. The port named by this service overrides the + * default port if present. + */ +#define SSH_SERVICE_NAME "ssh" + +/* + * Name of the environment variable containing the process ID of the + * authentication agent. + */ +#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" + +/* + * Name of the environment variable containing the pathname of the + * authentication socket. + */ +#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" + +/* + * Environment variable for overwriting the default location of askpass + */ +#define SSH_ASKPASS_ENV "SSH_ASKPASS" + +/* + * Force host key length and server key length to differ by at least this + * many bits. This is to make double encryption with rsaref work. + */ +#define SSH_KEY_BITS_RESERVED 128 + +/* + * Length of the session key in bytes. (Specified as 256 bits in the + * protocol.) + */ +#define SSH_SESSION_KEY_LENGTH 32 + +/* Used to identify ``EscapeChar none'' */ +#define SSH_ESCAPECHAR_NONE -2 + +/* + * unprivileged user when UsePrivilegeSeparation=yes; + * sshd will change its privileges to this user and its + * primary group. + */ +#ifndef SSH_PRIVSEP_USER +#define SSH_PRIVSEP_USER "sshd" +#endif + +/* Minimum modulus size (n) for RSA keys. */ +#define SSH_RSA_MINIMUM_MODULUS_SIZE 768 + +/* Listen backlog for sshd, ssh-agent and forwarding sockets */ +#define SSH_LISTEN_BACKLOG 128 diff --git a/include/DomainExec/opensshlib/ssh1.h b/include/DomainExec/opensshlib/ssh1.h new file mode 100644 index 00000000..353d9304 --- /dev/null +++ b/include/DomainExec/opensshlib/ssh1.h @@ -0,0 +1,92 @@ +/* $OpenBSD: ssh1.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +/* + * Definition of message types. New values can be added, but old values + * should not be removed or without careful consideration of the consequences + * for compatibility. The maximum value is 254; value 255 is reserved for + * future extension. + */ +/* Ranges */ +#define SSH_MSG_MIN 1 +#define SSH_MSG_MAX 254 +/* Message name */ /* msg code */ /* arguments */ +#define SSH_MSG_NONE 0 /* no message */ +#define SSH_MSG_DISCONNECT 1 /* cause (string) */ +#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */ +#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */ +#define SSH_CMSG_USER 4 /* user (string) */ +#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */ +#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */ +#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */ +#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */ +#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */ +#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */ +#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */ +#define SSH_CMSG_EXEC_SHELL 12 /* */ +#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */ +#define SSH_SMSG_SUCCESS 14 /* */ +#define SSH_SMSG_FAILURE 15 /* */ +#define SSH_CMSG_STDIN_DATA 16 /* data (string) */ +#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */ +#define SSH_SMSG_STDERR_DATA 18 /* data (string) */ +#define SSH_CMSG_EOF 19 /* */ +#define SSH_SMSG_EXITSTATUS 20 /* status (int) */ +#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */ +#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */ +#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */ +#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */ +#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */ +/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */ +#define SSH_SMSG_X11_OPEN 27 /* channel (int) */ +#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */ +#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */ +#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */ +#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */ +#define SSH_MSG_IGNORE 32 /* string */ +#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */ +#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */ +#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */ +#define SSH_MSG_DEBUG 36 /* string */ +#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */ +#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */ +#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */ +#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */ +#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */ +#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */ +#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */ +#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */ +#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ + +/* protocol version 1.5 overloads some version 1.3 message types */ +#define SSH_MSG_CHANNEL_INPUT_EOF SSH_MSG_CHANNEL_CLOSE +#define SSH_MSG_CHANNEL_OUTPUT_CLOSE SSH_MSG_CHANNEL_CLOSE_CONFIRMATION + +/* + * Authentication methods. New types can be added, but old types should not + * be removed for compatibility. The maximum allowed value is 31. + */ +#define SSH_AUTH_RHOSTS 1 +#define SSH_AUTH_RSA 2 +#define SSH_AUTH_PASSWORD 3 +#define SSH_AUTH_RHOSTS_RSA 4 +#define SSH_AUTH_TIS 5 +#define SSH_AUTH_KERBEROS 6 +#define SSH_PASS_KERBEROS_TGT 7 + /* 8 to 15 are reserved */ +#define SSH_PASS_AFS_TOKEN 21 + +/* Protocol flags. These are bit masks. */ +#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ +#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */ diff --git a/include/DomainExec/opensshlib/ssh2.h b/include/DomainExec/opensshlib/ssh2.h new file mode 100644 index 00000000..59417e61 --- /dev/null +++ b/include/DomainExec/opensshlib/ssh2.h @@ -0,0 +1,176 @@ +/* $OpenBSD: ssh2.h,v 1.15 2014/01/29 06:18:35 djm Exp $ */ + +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * draft-ietf-secsh-architecture-05.txt + * + * Transport layer protocol: + * + * 1-19 Transport layer generic (e.g. disconnect, ignore, debug, + * etc) + * 20-29 Algorithm negotiation + * 30-49 Key exchange method specific (numbers can be reused for + * different authentication methods) + * + * User authentication protocol: + * + * 50-59 User authentication generic + * 60-79 User authentication method specific (numbers can be reused + * for different authentication methods) + * + * Connection protocol: + * + * 80-89 Connection protocol generic + * 90-127 Channel related messages + * + * Reserved for client protocols: + * + * 128-191 Reserved + * + * Local extensions: + * + * 192-255 Local extensions + */ + +/* ranges */ + +#define SSH2_MSG_TRANSPORT_MIN 1 +#define SSH2_MSG_TRANSPORT_MAX 49 +#define SSH2_MSG_USERAUTH_MIN 50 +#define SSH2_MSG_USERAUTH_MAX 79 +#define SSH2_MSG_USERAUTH_PER_METHOD_MIN 60 +#define SSH2_MSG_USERAUTH_PER_METHOD_MAX SSH2_MSG_USERAUTH_MAX +#define SSH2_MSG_CONNECTION_MIN 80 +#define SSH2_MSG_CONNECTION_MAX 127 +#define SSH2_MSG_RESERVED_MIN 128 +#define SSH2_MSG_RESERVED_MAX 191 +#define SSH2_MSG_LOCAL_MIN 192 +#define SSH2_MSG_LOCAL_MAX 255 +#define SSH2_MSG_MIN 1 +#define SSH2_MSG_MAX 255 + +/* transport layer: generic */ + +#define SSH2_MSG_DISCONNECT 1 +#define SSH2_MSG_IGNORE 2 +#define SSH2_MSG_UNIMPLEMENTED 3 +#define SSH2_MSG_DEBUG 4 +#define SSH2_MSG_SERVICE_REQUEST 5 +#define SSH2_MSG_SERVICE_ACCEPT 6 + +/* transport layer: alg negotiation */ + +#define SSH2_MSG_KEXINIT 20 +#define SSH2_MSG_NEWKEYS 21 + +/* transport layer: kex specific messages, can be reused */ + +#define SSH2_MSG_KEXDH_INIT 30 +#define SSH2_MSG_KEXDH_REPLY 31 + +/* dh-group-exchange */ +#define SSH2_MSG_KEX_DH_GEX_REQUEST_OLD 30 +#define SSH2_MSG_KEX_DH_GEX_GROUP 31 +#define SSH2_MSG_KEX_DH_GEX_INIT 32 +#define SSH2_MSG_KEX_DH_GEX_REPLY 33 +#define SSH2_MSG_KEX_DH_GEX_REQUEST 34 + +/* ecdh */ +#define SSH2_MSG_KEX_ECDH_INIT 30 +#define SSH2_MSG_KEX_ECDH_REPLY 31 + +/* user authentication: generic */ + +#define SSH2_MSG_USERAUTH_REQUEST 50 +#define SSH2_MSG_USERAUTH_FAILURE 51 +#define SSH2_MSG_USERAUTH_SUCCESS 52 +#define SSH2_MSG_USERAUTH_BANNER 53 + +/* user authentication: method specific, can be reused */ + +#define SSH2_MSG_USERAUTH_PK_OK 60 +#define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 +#define SSH2_MSG_USERAUTH_INFO_REQUEST 60 +#define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 + +/* connection protocol: generic */ + +#define SSH2_MSG_GLOBAL_REQUEST 80 +#define SSH2_MSG_REQUEST_SUCCESS 81 +#define SSH2_MSG_REQUEST_FAILURE 82 + +/* channel related messages */ + +#define SSH2_MSG_CHANNEL_OPEN 90 +#define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 +#define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 +#define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 +#define SSH2_MSG_CHANNEL_DATA 94 +#define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 +#define SSH2_MSG_CHANNEL_EOF 96 +#define SSH2_MSG_CHANNEL_CLOSE 97 +#define SSH2_MSG_CHANNEL_REQUEST 98 +#define SSH2_MSG_CHANNEL_SUCCESS 99 +#define SSH2_MSG_CHANNEL_FAILURE 100 + +/* disconnect reason code */ + +#define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 +#define SSH2_DISCONNECT_PROTOCOL_ERROR 2 +#define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 +#define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 +#define SSH2_DISCONNECT_RESERVED 4 +#define SSH2_DISCONNECT_MAC_ERROR 5 +#define SSH2_DISCONNECT_COMPRESSION_ERROR 6 +#define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 +#define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 +#define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 +#define SSH2_DISCONNECT_CONNECTION_LOST 10 +#define SSH2_DISCONNECT_BY_APPLICATION 11 +#define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 +#define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 +#define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 +#define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 + +/* misc */ + +#define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 +#define SSH2_OPEN_CONNECT_FAILED 2 +#define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 +#define SSH2_OPEN_RESOURCE_SHORTAGE 4 + +#define SSH2_EXTENDED_DATA_STDERR 1 + +/* kex messages for resume@appgate.com */ +#define SSH2_MSG_KEX_ROAMING_RESUME 30 +#define SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED 31 +#define SSH2_MSG_KEX_ROAMING_AUTH 32 +#define SSH2_MSG_KEX_ROAMING_AUTH_OK 33 +#define SSH2_MSG_KEX_ROAMING_AUTH_FAIL 34 + +/* Certificate types for OpenSSH certificate keys extension */ +#define SSH2_CERT_TYPE_USER 1 +#define SSH2_CERT_TYPE_HOST 2 diff --git a/include/DomainExec/opensshlib/sshbuf-getput-basic.c b/include/DomainExec/opensshlib/sshbuf-getput-basic.c new file mode 100644 index 00000000..8ff8a0a2 --- /dev/null +++ b/include/DomainExec/opensshlib/sshbuf-getput-basic.c @@ -0,0 +1,462 @@ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define SSHBUF_INTERNAL +#include "includes.h" + +#include +#include +#include +#include + +#include "ssherr.h" +#include "sshbuf.h" + +int +sshbuf_get(struct sshbuf *buf, void *v, size_t len) +{ + const u_char *p = sshbuf_ptr(buf); + int r; + + if ((r = sshbuf_consume(buf, len)) < 0) + return r; + if (v != NULL && len != 0) + memcpy(v, p, len); + return 0; +} + +int +sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp) +{ + const u_char *p = sshbuf_ptr(buf); + int r; + + if ((r = sshbuf_consume(buf, 8)) < 0) + return r; + if (valp != NULL) + *valp = PEEK_U64(p); + return 0; +} + +int +sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp) +{ + const u_char *p = sshbuf_ptr(buf); + int r; + + if ((r = sshbuf_consume(buf, 4)) < 0) + return r; + if (valp != NULL) + *valp = PEEK_U32(p); + return 0; +} + +int +sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp) +{ + const u_char *p = sshbuf_ptr(buf); + int r; + + if ((r = sshbuf_consume(buf, 2)) < 0) + return r; + if (valp != NULL) + *valp = PEEK_U16(p); + return 0; +} + +int +sshbuf_get_u8(struct sshbuf *buf, u_char *valp) +{ + const u_char *p = sshbuf_ptr(buf); + int r; + + if ((r = sshbuf_consume(buf, 1)) < 0) + return r; + if (valp != NULL) + *valp = (u_int8_t)*p; + return 0; +} + +int +sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp) +{ + const u_char *val; + size_t len; + int r; + + if (valp != NULL) + *valp = NULL; + if (lenp != NULL) + *lenp = 0; + if ((r = sshbuf_get_string_direct(buf, &val, &len)) < 0) + return r; + if (valp != NULL) { + if ((*valp = malloc(len + 1)) == NULL) { + SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); + return SSH_ERR_ALLOC_FAIL; + } + if (len != 0) + memcpy(*valp, val, len); + (*valp)[len] = '\0'; + } + if (lenp != NULL) + *lenp = len; + return 0; +} + +int +sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, size_t *lenp) +{ + size_t len; + const u_char *p; + int r; + + if (valp != NULL) + *valp = NULL; + if (lenp != NULL) + *lenp = 0; + if ((r = sshbuf_peek_string_direct(buf, &p, &len)) < 0) + return r; + if (valp != 0) + *valp = p; + if (lenp != NULL) + *lenp = len; + if (sshbuf_consume(buf, len + 4) != 0) { + /* Shouldn't happen */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} + +int +sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, + size_t *lenp) +{ + u_int32_t len; + const u_char *p = sshbuf_ptr(buf); + + if (valp != NULL) + *valp = NULL; + if (lenp != NULL) + *lenp = 0; + if (sshbuf_len(buf) < 4) { + SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE")); + return SSH_ERR_MESSAGE_INCOMPLETE; + } + len = PEEK_U32(p); + if (len > SSHBUF_SIZE_MAX - 4) { + SSHBUF_DBG(("SSH_ERR_STRING_TOO_LARGE")); + return SSH_ERR_STRING_TOO_LARGE; + } + if (sshbuf_len(buf) - 4 < len) { + SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE")); + return SSH_ERR_MESSAGE_INCOMPLETE; + } + if (valp != 0) + *valp = p + 4; + if (lenp != NULL) + *lenp = len; + return 0; +} + +int +sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp) +{ + size_t len; + const u_char *p, *z; + int r; + + if (valp != NULL) + *valp = NULL; + if (lenp != NULL) + *lenp = 0; + if ((r = sshbuf_peek_string_direct(buf, &p, &len)) != 0) + return r; + /* Allow a \0 only at the end of the string */ + if (len > 0 && + (z = memchr(p , '\0', len)) != NULL && z < p + len - 1) { + SSHBUF_DBG(("SSH_ERR_INVALID_FORMAT")); + return SSH_ERR_INVALID_FORMAT; + } + if ((r = sshbuf_skip_string(buf)) != 0) + return -1; + if (valp != NULL) { + if ((*valp = malloc(len + 1)) == NULL) { + SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); + return SSH_ERR_ALLOC_FAIL; + } + if (len != 0) + memcpy(*valp, p, len); + (*valp)[len] = '\0'; + } + if (lenp != NULL) + *lenp = (size_t)len; + return 0; +} + +int +sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v) +{ + u_int32_t len; + u_char *p; + int r; + + /* + * Use sshbuf_peek_string_direct() to figure out if there is + * a complete string in 'buf' and copy the string directly + * into 'v'. + */ + if ((r = sshbuf_peek_string_direct(buf, NULL, NULL)) != 0 || + (r = sshbuf_get_u32(buf, &len)) != 0 || + (r = sshbuf_reserve(v, len, &p)) != 0 || + (r = sshbuf_get(buf, p, len)) != 0) + return r; + return 0; +} + +int +sshbuf_put(struct sshbuf *buf, const void *v, size_t len) +{ + u_char *p; + int r; + + if ((r = sshbuf_reserve(buf, len, &p)) < 0) + return r; + if (len != 0) + memcpy(p, v, len); + return 0; +} + +int +sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v) +{ + return sshbuf_put(buf, sshbuf_ptr(v), sshbuf_len(v)); +} + +int +sshbuf_putf(struct sshbuf *buf, const char *fmt, ...) +{ + va_list ap; + int r; + + va_start(ap, fmt); + r = sshbuf_putfv(buf, fmt, ap); + va_end(ap); + return r; +} + +int +sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap) +{ + va_list ap2; + int r, len; + u_char *p; + + va_copy(ap2, ap); + if ((len = vsnprintf(NULL, 0, fmt, ap2)) < 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if (len == 0) { + r = 0; + goto out; /* Nothing to do */ + } + va_end(ap2); + va_copy(ap2, ap); + if ((r = sshbuf_reserve(buf, (size_t)len + 1, &p)) < 0) + goto out; + if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; /* Shouldn't happen */ + } + /* Consume terminating \0 */ + if ((r = sshbuf_consume_end(buf, 1)) != 0) + goto out; + r = 0; + out: + va_end(ap2); + return r; +} + +int +sshbuf_put_u64(struct sshbuf *buf, u_int64_t val) +{ + u_char *p; + int r; + + if ((r = sshbuf_reserve(buf, 8, &p)) < 0) + return r; + POKE_U64(p, val); + return 0; +} + +int +sshbuf_put_u32(struct sshbuf *buf, u_int32_t val) +{ + u_char *p; + int r; + + if ((r = sshbuf_reserve(buf, 4, &p)) < 0) + return r; + POKE_U32(p, val); + return 0; +} + +int +sshbuf_put_u16(struct sshbuf *buf, u_int16_t val) +{ + u_char *p; + int r; + + if ((r = sshbuf_reserve(buf, 2, &p)) < 0) + return r; + POKE_U16(p, val); + return 0; +} + +int +sshbuf_put_u8(struct sshbuf *buf, u_char val) +{ + u_char *p; + int r; + + if ((r = sshbuf_reserve(buf, 1, &p)) < 0) + return r; + p[0] = val; + return 0; +} + +int +sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len) +{ + u_char *d; + int r; + + if (len > SSHBUF_SIZE_MAX - 4) { + SSHBUF_DBG(("SSH_ERR_NO_BUFFER_SPACE")); + return SSH_ERR_NO_BUFFER_SPACE; + } + if ((r = sshbuf_reserve(buf, len + 4, &d)) < 0) + return r; + POKE_U32(d, len); + if (len != 0) + memcpy(d + 4, v, len); + return 0; +} + +int +sshbuf_put_cstring(struct sshbuf *buf, const char *v) +{ + return sshbuf_put_string(buf, (u_char *)v, v == NULL ? 0 : strlen(v)); +} + +int +sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v) +{ + return sshbuf_put_string(buf, sshbuf_ptr(v), sshbuf_len(v)); +} + +int +sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp) +{ + const u_char *p; + size_t len; + struct sshbuf *ret; + int r; + + if (buf == NULL || bufp == NULL) + return SSH_ERR_INVALID_ARGUMENT; + *bufp = NULL; + if ((r = sshbuf_peek_string_direct(buf, &p, &len)) != 0) + return r; + if ((ret = sshbuf_from(p, len)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_consume(buf, len + 4)) != 0 || /* Shouldn't happen */ + (r = sshbuf_set_parent(ret, buf)) != 0) { + sshbuf_free(ret); + return r; + } + *bufp = ret; + return 0; +} + +int +sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len) +{ + u_char *d; + const u_char *s = (const u_char *)v; + int r, prepend; + + if (len > SSHBUF_SIZE_MAX - 5) { + SSHBUF_DBG(("SSH_ERR_NO_BUFFER_SPACE")); + return SSH_ERR_NO_BUFFER_SPACE; + } + /* Skip leading zero bytes */ + for (; len > 0 && *s == 0; len--, s++) + ; + /* + * If most significant bit is set then prepend a zero byte to + * avoid interpretation as a negative number. + */ + prepend = len > 0 && (s[0] & 0x80) != 0; + if ((r = sshbuf_reserve(buf, len + 4 + prepend, &d)) < 0) + return r; + POKE_U32(d, len + prepend); + if (prepend) + d[4] = 0; + if (len != 0) + memcpy(d + 4 + prepend, s, len); + return 0; +} + +int +sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, + const u_char **valp, size_t *lenp) +{ + const u_char *d; + size_t len, olen; + int r; + + if ((r = sshbuf_peek_string_direct(buf, &d, &olen)) < 0) + return r; + len = olen; + /* Refuse negative (MSB set) bignums */ + if ((len != 0 && (*d & 0x80) != 0)) + return SSH_ERR_BIGNUM_IS_NEGATIVE; + /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */ + if (len > SSHBUF_MAX_BIGNUM + 1 || + (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0)) + return SSH_ERR_BIGNUM_TOO_LARGE; + /* Trim leading zeros */ + while (len > 0 && *d == 0x00) { + d++; + len--; + } + if (valp != 0) + *valp = d; + if (lenp != NULL) + *lenp = len; + if (sshbuf_consume(buf, olen + 4) != 0) { + /* Shouldn't happen */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} diff --git a/include/DomainExec/opensshlib/sshbuf-getput-crypto.c b/include/DomainExec/opensshlib/sshbuf-getput-crypto.c new file mode 100644 index 00000000..77b86f1b --- /dev/null +++ b/include/DomainExec/opensshlib/sshbuf-getput-crypto.c @@ -0,0 +1,224 @@ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define SSHBUF_INTERNAL +#include "includes.h" + +#include +#include +#include +#include + +#include +#ifdef OPENSSL_HAS_ECC +# include +#endif /* OPENSSL_HAS_ECC */ + +#include "ssherr.h" +#include "sshbuf.h" + +int +sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v) +{ + const u_char *d; + size_t len; + int r; + + if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0) + return r; + if (v != NULL && BN_bin2bn(d, len, v) == NULL) + return SSH_ERR_ALLOC_FAIL; + return 0; +} + +int +sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v) +{ + const u_char *d = sshbuf_ptr(buf); + u_int16_t len_bits; + size_t len_bytes; + + /* Length in bits */ + if (sshbuf_len(buf) < 2) + return SSH_ERR_MESSAGE_INCOMPLETE; + len_bits = PEEK_U16(d); + len_bytes = (len_bits + 7) >> 3; + if (len_bytes > SSHBUF_MAX_BIGNUM) + return SSH_ERR_BIGNUM_TOO_LARGE; + if (sshbuf_len(buf) < 2 + len_bytes) + return SSH_ERR_MESSAGE_INCOMPLETE; + if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_consume(buf, 2 + len_bytes) != 0) { + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} + +#ifdef OPENSSL_HAS_ECC +static int +get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g) +{ + /* Refuse overlong bignums */ + if (len == 0 || len > SSHBUF_MAX_ECPOINT) + return SSH_ERR_ECPOINT_TOO_LARGE; + /* Only handle uncompressed points */ + if (*d != POINT_CONVERSION_UNCOMPRESSED) + return SSH_ERR_INVALID_FORMAT; + if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1) + return SSH_ERR_INVALID_FORMAT; /* XXX assumption */ + return 0; +} + +int +sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g) +{ + const u_char *d; + size_t len; + int r; + + if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) + return r; + if ((r = get_ec(d, len, v, g)) != 0) + return r; + /* Skip string */ + if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { + /* Shouldn't happen */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} + +int +sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v) +{ + EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v)); + int r; + const u_char *d; + size_t len; + + if (pt == NULL) { + SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); + return SSH_ERR_ALLOC_FAIL; + } + if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) { + EC_POINT_free(pt); + return r; + } + if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) { + EC_POINT_free(pt); + return r; + } + if (EC_KEY_set_public_key(v, pt) != 1) { + EC_POINT_free(pt); + return SSH_ERR_ALLOC_FAIL; /* XXX assumption */ + } + EC_POINT_free(pt); + /* Skip string */ + if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { + /* Shouldn't happen */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} +#endif /* OPENSSL_HAS_ECC */ + +int +sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v) +{ + u_char d[SSHBUF_MAX_BIGNUM + 1]; + int len = BN_num_bytes(v), prepend = 0, r; + + if (len < 0 || len > SSHBUF_MAX_BIGNUM) + return SSH_ERR_INVALID_ARGUMENT; + *d = '\0'; + if (BN_bn2bin(v, d + 1) != len) + return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ + /* If MSB is set, prepend a \0 */ + if (len > 0 && (d[1] & 0x80) != 0) + prepend = 1; + if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) { + explicit_bzero(d, sizeof(d)); + return r; + } + explicit_bzero(d, sizeof(d)); + return 0; +} + +int +sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v) +{ + int r, len_bits = BN_num_bits(v); + size_t len_bytes = (len_bits + 7) / 8; + u_char d[SSHBUF_MAX_BIGNUM], *dp; + + if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM) + return SSH_ERR_INVALID_ARGUMENT; + if (BN_bn2bin(v, d) != (int)len_bytes) + return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ + if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) { + explicit_bzero(d, sizeof(d)); + return r; + } + POKE_U16(dp, len_bits); + if (len_bytes != 0) + memcpy(dp + 2, d, len_bytes); + explicit_bzero(d, sizeof(d)); + return 0; +} + +#ifdef OPENSSL_HAS_ECC +int +sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g) +{ + u_char d[SSHBUF_MAX_ECPOINT]; + BN_CTX *bn_ctx; + size_t len; + int ret; + + if ((bn_ctx = BN_CTX_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) { + BN_CTX_free(bn_ctx); + return SSH_ERR_INVALID_ARGUMENT; + } + if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, + d, len, bn_ctx) != len) { + BN_CTX_free(bn_ctx); + return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ + } + BN_CTX_free(bn_ctx); + ret = sshbuf_put_string(buf, d, len); + explicit_bzero(d, len); + return ret; +} + +int +sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v) +{ + return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v), + EC_KEY_get0_group(v)); +} +#endif /* OPENSSL_HAS_ECC */ + diff --git a/include/DomainExec/opensshlib/sshbuf-misc.c b/include/DomainExec/opensshlib/sshbuf-misc.c new file mode 100644 index 00000000..cf61e723 --- /dev/null +++ b/include/DomainExec/opensshlib/sshbuf-misc.c @@ -0,0 +1,142 @@ +/* $OpenBSD: sshbuf-misc.c,v 1.4 2015/03/24 20:03:44 markus Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#ifndef WIN32 +#include +#include +#endif +#include +#include +#ifdef HAVE_STDINT_H +#include +#endif +#include +#include +#include +#ifndef WIN32 +#include +#endif +#include + +#include "ssherr.h" +#define SSHBUF_INTERNAL +#include "sshbuf.h" + +void +sshbuf_dump_data(const void *s, size_t len, FILE *f) +{ + size_t i, j; + const u_char *p = (const u_char *)s; + + for (i = 0; i < len; i += 16) { + fprintf(f, "%.4zu: ", i); + for (j = i; j < i + 16; j++) { + if (j < len) + fprintf(f, "%02x ", p[j]); + else + fprintf(f, " "); + } + fprintf(f, " "); + for (j = i; j < i + 16; j++) { + if (j < len) { + if (isascii(p[j]) && isprint(p[j])) + fprintf(f, "%c", p[j]); + else + fprintf(f, "."); + } + } + fprintf(f, "\n"); + } +} + +void +sshbuf_dump(struct sshbuf *buf, FILE *f) +{ + fprintf(f, "buffer %p len = %zu\n", buf, sshbuf_len(buf)); + sshbuf_dump_data(sshbuf_ptr(buf), sshbuf_len(buf), f); +} + +char * +sshbuf_dtob16(struct sshbuf *buf) +{ + size_t i, j, len = sshbuf_len(buf); + const u_char *p = sshbuf_ptr(buf); + char *ret; + const char hex[] = "0123456789abcdef"; + + if (len == 0) + return strdup(""); + if (SIZE_MAX / 2 <= len || (ret = malloc(len * 2 + 1)) == NULL) + return NULL; + for (i = j = 0; i < len; i++) { + ret[j++] = hex[(p[i] >> 4) & 0xf]; + ret[j++] = hex[p[i] & 0xf]; + } + ret[j] = '\0'; + return ret; +} + +char * +sshbuf_dtob64(struct sshbuf *buf) +{ + size_t len = sshbuf_len(buf), plen; + const u_char *p = sshbuf_ptr(buf); + char *ret; + int r; + + if (len == 0) + return strdup(""); + plen = ((len + 2) / 3) * 4 + 1; + if (SIZE_MAX / 2 <= len || (ret = malloc(plen)) == NULL) + return NULL; + if ((r = b64_ntop(p, len, ret, plen)) == -1) { + explicit_bzero(ret, plen); + free(ret); + return NULL; + } + return ret; +} + +int +sshbuf_b64tod(struct sshbuf *buf, const char *b64) +{ + size_t plen = strlen(b64); + int nlen, r; + u_char *p; + + if (plen == 0) + return 0; + if ((p = malloc(plen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((nlen = b64_pton(b64, p, plen)) < 0) { + explicit_bzero(p, plen); + free(p); + return SSH_ERR_INVALID_FORMAT; + } + if ((r = sshbuf_put(buf, p, nlen)) < 0) { + explicit_bzero(p, plen); + free(p); + return r; + } + explicit_bzero(p, plen); + free(p); + return 0; +} + diff --git a/include/DomainExec/opensshlib/sshbuf.c b/include/DomainExec/opensshlib/sshbuf.c new file mode 100644 index 00000000..1d6802fd --- /dev/null +++ b/include/DomainExec/opensshlib/sshbuf.c @@ -0,0 +1,419 @@ +/* $OpenBSD: sshbuf.c,v 1.3 2015/01/20 23:14:00 deraadt Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define SSHBUF_INTERNAL +#include "includes.h" + +#ifndef WIN32 +#include /* roundup */ +#endif +#include +#include +#include +#include +#include + +#include "ssherr.h" +#include "sshbuf.h" + +#ifdef __cplusplus +extern "C" { +#endif + +static inline int +sshbuf_check_sanity(const struct sshbuf *buf) +{ + SSHBUF_TELL("sanity"); + if (__predict_false(buf == NULL || + (!buf->readonly && buf->d != buf->cd) || + buf->refcount < 1 || buf->refcount > SSHBUF_REFS_MAX || + buf->cd == NULL || + (buf->dont_free && (buf->readonly || buf->parent != NULL)) || + buf->max_size > SSHBUF_SIZE_MAX || + buf->alloc > buf->max_size || + buf->size > buf->alloc || + buf->off > buf->size)) { + /* Do not try to recover from corrupted buffer internals */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + signal(SIGSEGV, SIG_DFL); + raise(SIGSEGV); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} + +static void +sshbuf_maybe_pack(struct sshbuf *buf, int force) +{ + SSHBUF_DBG(("force %d", force)); + SSHBUF_TELL("pre-pack"); + if (buf->off == 0 || buf->readonly || buf->refcount > 1) + return; + if (force || + (buf->off >= SSHBUF_PACK_MIN && buf->off >= buf->size / 2)) { + memmove(buf->d, buf->d + buf->off, buf->size - buf->off); + buf->size -= buf->off; + buf->off = 0; + SSHBUF_TELL("packed"); + } +} + +struct sshbuf * +sshbuf_new(void) +{ + struct sshbuf *ret; + + if ((ret = calloc(sizeof(*ret), 1)) == NULL) + return NULL; + ret->alloc = SSHBUF_SIZE_INIT; + ret->max_size = SSHBUF_SIZE_MAX; + ret->readonly = 0; + ret->refcount = 1; + ret->parent = NULL; + if ((ret->cd = ret->d = calloc(1, ret->alloc)) == NULL) { + free(ret); + return NULL; + } + return ret; +} + +struct sshbuf * +sshbuf_from(const void *blob, size_t len) +{ + struct sshbuf *ret; + + if (blob == NULL || len > SSHBUF_SIZE_MAX || + (ret = calloc(sizeof(*ret), 1)) == NULL) + return NULL; + ret->alloc = ret->size = ret->max_size = len; + ret->readonly = 1; + ret->refcount = 1; + ret->parent = NULL; + ret->cd = blob; + ret->d = NULL; + return ret; +} + +int +sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent) +{ + int r; + + if ((r = sshbuf_check_sanity(child)) != 0 || + (r = sshbuf_check_sanity(parent)) != 0) + return r; + child->parent = parent; + child->parent->refcount++; + return 0; +} + +struct sshbuf * +sshbuf_fromb(struct sshbuf *buf) +{ + struct sshbuf *ret; + + if (sshbuf_check_sanity(buf) != 0) + return NULL; + if ((ret = sshbuf_from(sshbuf_ptr(buf), sshbuf_len(buf))) == NULL) + return NULL; + if (sshbuf_set_parent(ret, buf) != 0) { + sshbuf_free(ret); + return NULL; + } + return ret; +} + +void +sshbuf_init(struct sshbuf *ret) +{ + explicit_bzero(ret, sizeof(*ret)); + ret->alloc = SSHBUF_SIZE_INIT; + ret->max_size = SSHBUF_SIZE_MAX; + ret->readonly = 0; + ret->dont_free = 1; + ret->refcount = 1; + if ((ret->cd = ret->d = calloc(1, ret->alloc)) == NULL) + ret->alloc = 0; +} + +void +sshbuf_free(struct sshbuf *buf) +{ + int dont_free = 0; + + if (buf == NULL) + return; + /* + * The following will leak on insane buffers, but this is the safest + * course of action - an invalid pointer or already-freed pointer may + * have been passed to us and continuing to scribble over memory would + * be bad. + */ + if (sshbuf_check_sanity(buf) != 0) + return; + /* + * If we are a child, the free our parent to decrement its reference + * count and possibly free it. + */ + if (buf->parent != NULL) { + sshbuf_free(buf->parent); + buf->parent = NULL; + } + /* + * If we are a parent with still-extant children, then don't free just + * yet. The last child's call to sshbuf_free should decrement our + * refcount to 0 and trigger the actual free. + */ + buf->refcount--; + if (buf->refcount > 0) + return; + dont_free = buf->dont_free; + if (!buf->readonly) { + explicit_bzero(buf->d, buf->alloc); + free(buf->d); + } + explicit_bzero(buf, sizeof(*buf)); + if (!dont_free) + free(buf); +} + +void +sshbuf_reset(struct sshbuf *buf) +{ + u_char *d; + + //printf("sshbuf reset \n"); + + if (buf->readonly || buf->refcount > 1) { + /* Nonsensical. Just make buffer appear empty */ + buf->off = buf->size; + return; + } + if (sshbuf_check_sanity(buf) == 0) + explicit_bzero(buf->d, buf->alloc); + buf->off = buf->size = 0; + if (buf->alloc != SSHBUF_SIZE_INIT) { + if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) { + buf->cd = buf->d = d; + buf->alloc = SSHBUF_SIZE_INIT; + } + } +} + +size_t +sshbuf_max_size(const struct sshbuf *buf) +{ + return buf->max_size; +} + +size_t +sshbuf_alloc(const struct sshbuf *buf) +{ + return buf->alloc; +} + +const struct sshbuf * +sshbuf_parent(const struct sshbuf *buf) +{ + return buf->parent; +} + +u_int +sshbuf_refcount(const struct sshbuf *buf) +{ + return buf->refcount; +} + +int +sshbuf_set_max_size(struct sshbuf *buf, size_t max_size) +{ + size_t rlen; + u_char *dp; + int r; + + SSHBUF_DBG(("set max buf = %p len = %zu", buf, max_size)); + if ((r = sshbuf_check_sanity(buf)) != 0) + return r; + if (max_size == buf->max_size) + return 0; + if (buf->readonly || buf->refcount > 1) + return SSH_ERR_BUFFER_READ_ONLY; + if (max_size > SSHBUF_SIZE_MAX) + return SSH_ERR_NO_BUFFER_SPACE; + /* pack and realloc if necessary */ + sshbuf_maybe_pack(buf, max_size < buf->size); + if (max_size < buf->alloc && max_size > buf->size) { + if (buf->size < SSHBUF_SIZE_INIT) + rlen = SSHBUF_SIZE_INIT; + else + rlen = roundup(buf->size, SSHBUF_SIZE_INC); + if (rlen > max_size) + rlen = max_size; + explicit_bzero(buf->d + buf->size, buf->alloc - buf->size); + SSHBUF_DBG(("new alloc = %zu", rlen)); + if ((dp = realloc(buf->d, rlen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + buf->cd = buf->d = dp; + buf->alloc = rlen; + } + SSHBUF_TELL("new-max"); + if (max_size < buf->alloc) + return SSH_ERR_NO_BUFFER_SPACE; + buf->max_size = max_size; + return 0; +} + +size_t +sshbuf_len(const struct sshbuf *buf) +{ + if (sshbuf_check_sanity(buf) != 0) + return 0; + return buf->size - buf->off; +} + +size_t +sshbuf_avail(const struct sshbuf *buf) +{ + if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1) + return 0; + return buf->max_size - (buf->size - buf->off); +} + +const u_char * +sshbuf_ptr(const struct sshbuf *buf) +{ + if (sshbuf_check_sanity(buf) != 0) + return NULL; + return buf->cd + buf->off; +} + +u_char * +sshbuf_mutable_ptr(const struct sshbuf *buf) +{ + if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1) + return NULL; + return buf->d + buf->off; +} + +int +sshbuf_check_reserve(const struct sshbuf *buf, size_t len) +{ + int r; + + if ((r = sshbuf_check_sanity(buf)) != 0) + return r; + if (buf->readonly || buf->refcount > 1) + return SSH_ERR_BUFFER_READ_ONLY; + SSHBUF_TELL("check"); + /* Check that len is reasonable and that max_size + available < len */ + if (len > buf->max_size || buf->max_size - len < buf->size - buf->off) + return SSH_ERR_NO_BUFFER_SPACE; + return 0; +} + +int +sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp) +{ + size_t rlen, need; + u_char *dp; + int r; + + if (dpp != NULL) + *dpp = NULL; + + SSHBUF_DBG(("reserve buf = %p len = %zu", buf, len)); + if ((r = sshbuf_check_reserve(buf, len)) != 0) + return r; + /* + * If the requested allocation appended would push us past max_size + * then pack the buffer, zeroing buf->off. + */ + sshbuf_maybe_pack(buf, buf->size + len > buf->max_size); + SSHBUF_TELL("reserve"); + if (len + buf->size > buf->alloc) { + /* + * Prefer to alloc in SSHBUF_SIZE_INC units, but + * allocate less if doing so would overflow max_size. + */ + need = len + buf->size - buf->alloc; + rlen = roundup(buf->alloc + need, SSHBUF_SIZE_INC); + SSHBUF_DBG(("need %zu initial rlen %zu", need, rlen)); + if (rlen > buf->max_size) + rlen = buf->alloc + need; + SSHBUF_DBG(("adjusted rlen %zu", rlen)); + if ((dp = realloc(buf->d, rlen)) == NULL) { + SSHBUF_DBG(("realloc fail")); + if (dpp != NULL) + *dpp = NULL; + return SSH_ERR_ALLOC_FAIL; + } + buf->alloc = rlen; + buf->cd = buf->d = dp; + if ((r = sshbuf_check_reserve(buf, len)) < 0) { + /* shouldn't fail */ + if (dpp != NULL) + *dpp = NULL; + return r; + } + } + dp = buf->d + buf->size; + buf->size += len; + SSHBUF_TELL("done"); + if (dpp != NULL) + *dpp = dp; + return 0; +} + +int +sshbuf_consume(struct sshbuf *buf, size_t len) +{ + int r; + + SSHBUF_DBG(("len = %zu", len)); + if ((r = sshbuf_check_sanity(buf)) != 0) + return r; + if (len == 0) + return 0; + if (len > sshbuf_len(buf)) + return SSH_ERR_MESSAGE_INCOMPLETE; + buf->off += len; + SSHBUF_TELL("done"); + return 0; +} + +int +sshbuf_consume_end(struct sshbuf *buf, size_t len) +{ + int r; + + SSHBUF_DBG(("len = %zu", len)); + if ((r = sshbuf_check_sanity(buf)) != 0) + return r; + if (len == 0) + return 0; + if (len > sshbuf_len(buf)) + return SSH_ERR_MESSAGE_INCOMPLETE; + buf->size -= len; + SSHBUF_TELL("done"); + return 0; +} + + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + diff --git a/include/DomainExec/opensshlib/sshbuf.h b/include/DomainExec/opensshlib/sshbuf.h new file mode 100644 index 00000000..fe2bb63b --- /dev/null +++ b/include/DomainExec/opensshlib/sshbuf.h @@ -0,0 +1,352 @@ +/* $OpenBSD: sshbuf.h,v 1.4 2015/01/14 15:02:39 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _SSHBUF_H +#define _SSHBUF_H + +#ifdef WIN32 +#include "winfixssh.h" +#endif + +#include +#include +#include +#ifdef WITH_OPENSSL +# include +# ifdef OPENSSL_HAS_ECC +# include +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + +#define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */ +#define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */ +#define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ +#define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */ + + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * NB. do not depend on the internals of this. It will be made opaque + * one day. + */ +struct sshbuf { + u_char *d; /* Data */ + const u_char *cd; /* Const data */ + size_t off; /* First available byte is buf->d + buf->off */ + size_t size; /* Last byte is buf->d + buf->size - 1 */ + size_t max_size; /* Maximum size of buffer */ + size_t alloc; /* Total bytes allocated to buf->d */ + int readonly; /* Refers to external, const data */ + int dont_free; /* Kludge to support sshbuf_init */ + u_int refcount; /* Tracks self and number of child buffers */ + struct sshbuf *parent; /* If child, pointer to parent */ +}; + +#ifndef SSHBUF_NO_DEPREACTED +/* + * NB. Please do not use sshbuf_init() in new code. Please use sshbuf_new() + * instead. sshbuf_init() is deprectated and will go away soon (it is + * only included to allow compat with buffer_* in OpenSSH) + */ +void sshbuf_init(struct sshbuf *buf); +#endif + +/* + * Create a new sshbuf buffer. + * Returns pointer to buffer on success, or NULL on allocation failure. + */ +struct sshbuf *sshbuf_new(void); + +/* + * Create a new, read-only sshbuf buffer from existing data. + * Returns pointer to buffer on success, or NULL on allocation failure. + */ +struct sshbuf *sshbuf_from(const void *blob, size_t len); + +/* + * Create a new, read-only sshbuf buffer from the contents of an existing + * buffer. The contents of "buf" must not change in the lifetime of the + * resultant buffer. + * Returns pointer to buffer on success, or NULL on allocation failure. + */ +struct sshbuf *sshbuf_fromb(struct sshbuf *buf); + +/* + * Create a new, read-only sshbuf buffer from the contents of a string in + * an existing buffer (the string is consumed in the process). + * The contents of "buf" must not change in the lifetime of the resultant + * buffer. + * Returns pointer to buffer on success, or NULL on allocation failure. + */ +int sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp); + +/* + * Clear and free buf + */ +void sshbuf_free(struct sshbuf *buf); + +/* + * Reset buf, clearing its contents. NB. max_size is preserved. + */ +void sshbuf_reset(struct sshbuf *buf); + +/* + * Return the maximum size of buf + */ +size_t sshbuf_max_size(const struct sshbuf *buf); + +/* + * Set the maximum size of buf + * Returns 0 on success, or a negative SSH_ERR_* error code on failure. + */ +int sshbuf_set_max_size(struct sshbuf *buf, size_t max_size); + +/* + * Returns the length of data in buf + */ +size_t sshbuf_len(const struct sshbuf *buf); + +/* + * Returns number of bytes left in buffer before hitting max_size. + */ +size_t sshbuf_avail(const struct sshbuf *buf); + +/* + * Returns a read-only pointer to the start of the the data in buf + */ +const u_char *sshbuf_ptr(const struct sshbuf *buf); + +/* + * Returns a mutable pointer to the start of the the data in buf, or + * NULL if the buffer is read-only. + */ +u_char *sshbuf_mutable_ptr(const struct sshbuf *buf); + +/* + * Check whether a reservation of size len will succeed in buf + * Safer to use than direct comparisons again sshbuf_avail as it copes + * with unsigned overflows correctly. + * Returns 0 on success, or a negative SSH_ERR_* error code on failure. + */ +int sshbuf_check_reserve(const struct sshbuf *buf, size_t len); + +/* + * Reserve len bytes in buf. + * Returns 0 on success and a pointer to the first reserved byte via the + * optional dpp parameter or a negative * SSH_ERR_* error code on failure. + */ +int sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp); + +/* + * Consume len bytes from the start of buf + * Returns 0 on success, or a negative SSH_ERR_* error code on failure. + */ +int sshbuf_consume(struct sshbuf *buf, size_t len); + +/* + * Consume len bytes from the end of buf + * Returns 0 on success, or a negative SSH_ERR_* error code on failure. + */ +int sshbuf_consume_end(struct sshbuf *buf, size_t len); + +/* Extract or deposit some bytes */ +int sshbuf_get(struct sshbuf *buf, void *v, size_t len); +int sshbuf_put(struct sshbuf *buf, const void *v, size_t len); +int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v); + +/* Append using a printf(3) format */ +int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...) + __attribute__((format(printf, 2, 3))); +int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap); + +/* Functions to extract or store big-endian words of various sizes */ +int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp); +int sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp); +int sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp); +int sshbuf_get_u8(struct sshbuf *buf, u_char *valp); +int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val); +int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val); +int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val); +int sshbuf_put_u8(struct sshbuf *buf, u_char val); + +/* + * Functions to extract or store SSH wire encoded strings (u32 len || data) + * The "cstring" variants admit no \0 characters in the string contents. + * Caller must free *valp. + */ +int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp); +int sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp); +int sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v); +int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len); +int sshbuf_put_cstring(struct sshbuf *buf, const char *v); +int sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v); + +/* + * "Direct" variant of sshbuf_get_string, returns pointer into the sshbuf to + * avoid an malloc+memcpy. The pointer is guaranteed to be valid until the + * next sshbuf-modifying function call. Caller does not free. + */ +int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, + size_t *lenp); + +/* Skip past a string */ +#define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL) + +/* Another variant: "peeks" into the buffer without modifying it */ +int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, + size_t *lenp); + +/* + * Functions to extract or store SSH wire encoded bignums and elliptic + * curve points. + */ +int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); +int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, + const u_char **valp, size_t *lenp); +#ifdef WITH_OPENSSL +int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); +int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v); +int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); +int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v); +# ifdef OPENSSL_HAS_ECC +int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g); +int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v); +int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g); +int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v); +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + +/* Dump the contents of the buffer in a human-readable format */ +void sshbuf_dump(struct sshbuf *buf, FILE *f); + +/* Dump specified memory in a human-readable format */ +void sshbuf_dump_data(const void *s, size_t len, FILE *f); + +/* Return the hexadecimal representation of the contents of the buffer */ +char *sshbuf_dtob16(struct sshbuf *buf); + +/* Encode the contents of the buffer as base64 */ +char *sshbuf_dtob64(struct sshbuf *buf); + +/* Decode base64 data and append it to the buffer */ +int sshbuf_b64tod(struct sshbuf *buf, const char *b64); + +/* Macros for decoding/encoding integers */ +#define PEEK_U64(p) \ + (((u_int64_t)(((u_char *)(p))[0]) << 56) | \ + ((u_int64_t)(((u_char *)(p))[1]) << 48) | \ + ((u_int64_t)(((u_char *)(p))[2]) << 40) | \ + ((u_int64_t)(((u_char *)(p))[3]) << 32) | \ + ((u_int64_t)(((u_char *)(p))[4]) << 24) | \ + ((u_int64_t)(((u_char *)(p))[5]) << 16) | \ + ((u_int64_t)(((u_char *)(p))[6]) << 8) | \ + (u_int64_t)(((u_char *)(p))[7])) +#define PEEK_U32(p) \ + (((u_int32_t)(((u_char *)(p))[0]) << 24) | \ + ((u_int32_t)(((u_char *)(p))[1]) << 16) | \ + ((u_int32_t)(((u_char *)(p))[2]) << 8) | \ + (u_int32_t)(((u_char *)(p))[3])) +#define PEEK_U16(p) \ + (((u_int16_t)(((u_char *)(p))[0]) << 8) | \ + (u_int16_t)(((u_char *)(p))[1])) + +#define POKE_U64(p, v) \ + do { \ + ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 56) & 0xff; \ + ((u_char *)(p))[1] = (((u_int64_t)(v)) >> 48) & 0xff; \ + ((u_char *)(p))[2] = (((u_int64_t)(v)) >> 40) & 0xff; \ + ((u_char *)(p))[3] = (((u_int64_t)(v)) >> 32) & 0xff; \ + ((u_char *)(p))[4] = (((u_int64_t)(v)) >> 24) & 0xff; \ + ((u_char *)(p))[5] = (((u_int64_t)(v)) >> 16) & 0xff; \ + ((u_char *)(p))[6] = (((u_int64_t)(v)) >> 8) & 0xff; \ + ((u_char *)(p))[7] = ((u_int64_t)(v)) & 0xff; \ + } while (0) +#define POKE_U32(p, v) \ + do { \ + ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 24) & 0xff; \ + ((u_char *)(p))[1] = (((u_int64_t)(v)) >> 16) & 0xff; \ + ((u_char *)(p))[2] = (((u_int64_t)(v)) >> 8) & 0xff; \ + ((u_char *)(p))[3] = ((u_int64_t)(v)) & 0xff; \ + } while (0) +#define POKE_U16(p, v) \ + do { \ + ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 8) & 0xff; \ + ((u_char *)(p))[1] = ((u_int64_t)(v)) & 0xff; \ + } while (0) + +/* Internal definitions follow. Exposed for regress tests */ +#ifdef SSHBUF_INTERNAL + +/* + * Return the allocation size of buf + */ +size_t sshbuf_alloc(const struct sshbuf *buf); + +/* + * Increment the reference count of buf. + */ +int sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent); + +/* + * Return the parent buffer of buf, or NULL if it has no parent. + */ +const struct sshbuf *sshbuf_parent(const struct sshbuf *buf); + +/* + * Return the reference count of buf + */ +u_int sshbuf_refcount(const struct sshbuf *buf); + +# define SSHBUF_SIZE_INIT 256 /* Initial allocation */ +# define SSHBUF_SIZE_INC 256 /* Preferred increment length */ +# define SSHBUF_PACK_MIN 8192 /* Minimim packable offset */ + +/* # define SSHBUF_ABORT abort */ +/* # define SSHBUF_DEBUG */ + +# ifndef SSHBUF_ABORT +# define SSHBUF_ABORT() +# endif + +# ifdef SSHBUF_DEBUG +# define SSHBUF_TELL(what) do { \ + printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \ + __FILE__, __LINE__, __func__, what, \ + buf->size, buf->alloc, buf->off, buf->max_size); \ + fflush(stdout); \ + } while (0) +# define SSHBUF_DBG(x) do { \ + printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \ + printf x; \ + printf("\n"); \ + fflush(stdout); \ + } while (0) +# else +# define SSHBUF_TELL(what) +# define SSHBUF_DBG(x) +# endif +#endif /* SSHBUF_INTERNAL */ + + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif + +#endif /* _SSHBUF_H */ diff --git a/include/DomainExec/opensshlib/sshconnect.c b/include/DomainExec/opensshlib/sshconnect.c new file mode 100644 index 00000000..f4c19a4d --- /dev/null +++ b/include/DomainExec/opensshlib/sshconnect.c @@ -0,0 +1,1519 @@ +/* $OpenBSD: sshconnect.c,v 1.263 2015/08/20 22:32:42 deraadt Exp $ */ +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * Code to connect to a remote host, and to perform the client side of the + * login (authentication) dialog. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#include "includes.h" + +#ifndef WIN32 +#include /* roundup */ +#endif +#include + +#ifndef WIN32 +#include +#endif +#include +#ifndef WIN32 +#include +#endif +#ifdef HAVE_SYS_TIME_H +# include +#endif + +#ifndef WIN32 +#include +#include +#endif + +#include +#include +#include +#ifndef WIN32 +#include +#endif +#ifdef HAVE_PATHS_H +#include +#endif +#ifndef WIN32 +#include +#endif +#include +#include +#include +#include +#include +#ifndef WIN32 +#include +#endif + +#include "xmalloc.h" +#include "key.h" +#include "hostfile.h" +#include "ssh.h" +#include "rsa.h" +#include "buffer.h" +#include "packet.h" +#include "uidswap.h" +#include "compat.h" +#include "key.h" +#include "sshconnect.h" +#include "hostfile.h" +#include "log.h" +#include "misc.h" +#include "readconf.h" +#ifndef WIN32 +#include "atomicio.h" +#endif + +#ifndef WIN32 +#include "dns.h" +#include "roaming.h" +#include "monitor_fdpass.h" +#endif +#include "ssh2.h" +#ifndef WIN32 +#include "version.h" +#endif +#include "authfile.h" +#include "ssherr.h" + +char *client_version_string = NULL; +char *server_version_string = NULL; +Key *previous_host_key = NULL; + +static int matching_host_key_dns = 0; + +static pid_t proxy_command_pid = 0; + +/* import */ +extern Options options; +extern char *__progname; +extern uid_t original_real_uid; +extern uid_t original_effective_uid; + +static int show_other_keys(struct hostkeys *, Key *); +static void warn_changed_key(Key *); + +#if 0 + +/* Expand a proxy command */ +static char * +expand_proxy_command(const char *proxy_command, const char *user, + const char *host, int port) +{ + char *tmp, *ret, strport[NI_MAXSERV]; + + snprintf(strport, sizeof strport, "%d", port); + xasprintf(&tmp, "exec %s", proxy_command); + ret = percent_expand(tmp, "h", host, "p", strport, + "r", options.user, (char *)NULL); + free(tmp); + return ret; +} + +/* + * Connect to the given ssh server using a proxy command that passes a + * a connected fd back to us. + */ +static int +ssh_proxy_fdpass_connect(const char *host, u_short port, + const char *proxy_command) +{ + char *command_string; + int sp[2], sock; + pid_t pid; + char *shell; + + if ((shell = getenv("SHELL")) == NULL) + shell = _PATH_BSHELL; + + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0) + fatal("Could not create socketpair to communicate with " + "proxy dialer: %.100s", strerror(errno)); + + command_string = expand_proxy_command(proxy_command, options.user, + host, port); + debug("Executing proxy dialer command: %.500s", command_string); + + /* Fork and execute the proxy command. */ + if ((pid = fork()) == 0) { + char *argv[10]; + + /* Child. Permanently give up superuser privileges. */ + permanently_drop_suid(original_real_uid); + + close(sp[1]); + /* Redirect stdin and stdout. */ + if (sp[0] != 0) { + if (dup2(sp[0], 0) < 0) + perror("dup2 stdin"); + } + if (sp[0] != 1) { + if (dup2(sp[0], 1) < 0) + perror("dup2 stdout"); + } + if (sp[0] >= 2) + close(sp[0]); + + /* + * Stderr is left as it is so that error messages get + * printed on the user's terminal. + */ + argv[0] = shell; + argv[1] = "-c"; + argv[2] = command_string; + argv[3] = NULL; + + /* + * Execute the proxy command. + * Note that we gave up any extra privileges above. + */ + execv(argv[0], argv); + perror(argv[0]); + exit(1); + } + /* Parent. */ + if (pid < 0) + fatal("fork failed: %.100s", strerror(errno)); + close(sp[0]); + free(command_string); + + if ((sock = mm_receive_fd(sp[1])) == -1) + fatal("proxy dialer did not pass back a connection"); + + while (waitpid(pid, NULL, 0) == -1) + if (errno != EINTR) + fatal("Couldn't wait for child: %s", strerror(errno)); + + /* Set the connection file descriptors. */ + packet_set_connection(sock, sock); + + return 0; +} + +/* + * Connect to the given ssh server using a proxy command. + */ +static int +ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) +{ + char *command_string; + int pin[2], pout[2]; + pid_t pid; + char *shell; + + if ((shell = getenv("SHELL")) == NULL || *shell == '\0') + shell = _PATH_BSHELL; + + /* Create pipes for communicating with the proxy. */ + if (pipe(pin) < 0 || pipe(pout) < 0) + fatal("Could not create pipes to communicate with the proxy: %.100s", + strerror(errno)); + + command_string = expand_proxy_command(proxy_command, options.user, + host, port); + debug("Executing proxy command: %.500s", command_string); + + /* Fork and execute the proxy command. */ + if ((pid = fork()) == 0) { + char *argv[10]; + + /* Child. Permanently give up superuser privileges. */ + permanently_drop_suid(original_real_uid); + + /* Redirect stdin and stdout. */ + close(pin[1]); + if (pin[0] != 0) { + if (dup2(pin[0], 0) < 0) + perror("dup2 stdin"); + close(pin[0]); + } + close(pout[0]); + if (dup2(pout[1], 1) < 0) + perror("dup2 stdout"); + /* Cannot be 1 because pin allocated two descriptors. */ + close(pout[1]); + + /* Stderr is left as it is so that error messages get + printed on the user's terminal. */ + argv[0] = shell; + argv[1] = "-c"; + argv[2] = command_string; + argv[3] = NULL; + + /* Execute the proxy command. Note that we gave up any + extra privileges above. */ + signal(SIGPIPE, SIG_DFL); + execv(argv[0], argv); + perror(argv[0]); + exit(1); + } + /* Parent. */ + if (pid < 0) + fatal("fork failed: %.100s", strerror(errno)); + else + proxy_command_pid = pid; /* save pid to clean up later */ + + /* Close child side of the descriptors. */ + close(pin[0]); + close(pout[1]); + + /* Free the command name. */ + free(command_string); + + /* Set the connection file descriptors. */ + packet_set_connection(pout[0], pin[1]); + + /* Indicate OK return */ + return 0; +} + +void +ssh_kill_proxy_command(void) +{ + /* + * Send SIGHUP to proxy command if used. We don't wait() in + * case it hangs and instead rely on init to reap the child + */ + if (proxy_command_pid > 1) + kill(proxy_command_pid, SIGHUP); +} + +/* + * Creates a (possibly privileged) socket for use as the ssh connection. + */ +static int +ssh_create_socket(int privileged, struct addrinfo *ai) +{ + int sock, r, gaierr; + struct addrinfo hints, *res = NULL; + + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + if (sock < 0) { + ssh_error("socket: %s", strerror(errno)); + return -1; + } + fcntl(sock, F_SETFD, FD_CLOEXEC); + + /* Bind the socket to an alternative local IP address */ + if (options.bind_address == NULL && !privileged) + return sock; + + if (options.bind_address) { + memset(&hints, 0, sizeof(hints)); + hints.ai_family = ai->ai_family; + hints.ai_socktype = ai->ai_socktype; + hints.ai_protocol = ai->ai_protocol; + hints.ai_flags = AI_PASSIVE; + gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); + if (gaierr) { + ssh_error("getaddrinfo: %s: %s", options.bind_address, + ssh_gai_strerror(gaierr)); + close(sock); + return -1; + } + } + /* + * If we are running as root and want to connect to a privileged + * port, bind our own socket to a privileged port. + */ + if (privileged) { + PRIV_START; + r = bindresvport_sa(sock, res ? res->ai_addr : NULL); + PRIV_END; + if (r < 0) { + ssh_error("bindresvport_sa: af=%d %s", ai->ai_family, + strerror(errno)); + goto fail; + } + } else { + if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { + ssh_error("bind: %s: %s", options.bind_address, + strerror(errno)); + fail: + close(sock); + freeaddrinfo(res); + return -1; + } + } + if (res != NULL) + freeaddrinfo(res); + return sock; +} + +static int +timeout_connect(int sockfd, const struct sockaddr *serv_addr, + socklen_t addrlen, int *timeoutp) +{ + fd_set *fdset; + struct timeval tv, t_start; + socklen_t optlen; + int optval, rc, result = -1; + + gettimeofday(&t_start, NULL); + + if (*timeoutp <= 0) { + result = connect(sockfd, serv_addr, addrlen); + goto done; + } + + set_nonblock(sockfd); + rc = connect(sockfd, serv_addr, addrlen); + if (rc == 0) { + unset_nonblock(sockfd); + result = 0; + goto done; + } + if (errno != EINPROGRESS) { + result = -1; + goto done; + } + + fdset = xcalloc(howmany(sockfd + 1, NFDBITS), + sizeof(fd_mask)); + FD_SET(sockfd, fdset); + ms_to_timeval(&tv, *timeoutp); + + for (;;) { + rc = select(sockfd + 1, NULL, fdset, NULL, &tv); + if (rc != -1 || errno != EINTR) + break; + } + + switch (rc) { + case 0: + /* Timed out */ + errno = ETIMEDOUT; + break; + case -1: + /* Select error */ + debug("select: %s", strerror(errno)); + break; + case 1: + /* Completed or failed */ + optval = 0; + optlen = sizeof(optval); + if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, + &optlen) == -1) { + debug("getsockopt: %s", strerror(errno)); + break; + } + if (optval != 0) { + errno = optval; + break; + } + result = 0; + unset_nonblock(sockfd); + break; + default: + /* Should not occur */ + fatal("Bogus return (%d) from select()", rc); + } + + free(fdset); + + done: + if (result == 0 && *timeoutp > 0) { + ms_subtract_diff(&t_start, timeoutp); + if (*timeoutp <= 0) { + errno = ETIMEDOUT; + result = -1; + } + } + + return (result); +} + +/* + * Opens a TCP/IP connection to the remote server on the given host. + * The address of the remote host will be returned in hostaddr. + * If port is 0, the default port will be used. If needpriv is true, + * a privileged port will be allocated to make the connection. + * This requires super-user privileges if needpriv is true. + * Connection_attempts specifies the maximum number of tries (one per + * second). If proxy_command is non-NULL, it specifies the command (with %h + * and %p substituted for host and port, respectively) to use to contact + * the daemon. + */ +static int +ssh_connect_direct(const char *host, struct addrinfo *aitop, + struct sockaddr_storage *hostaddr, u_short port, int family, + int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv) +{ + int on = 1; + int sock = -1, attempt; + char ntop[NI_MAXHOST], strport[NI_MAXSERV]; + struct addrinfo *ai; + + debug2("ssh_connect: needpriv %d", needpriv); + + for (attempt = 0; attempt < connection_attempts; attempt++) { + if (attempt > 0) { + /* Sleep a moment before retrying. */ + sleep(1); + debug("Trying again..."); + } + /* + * Loop through addresses for this host, and try each one in + * sequence until the connection succeeds. + */ + for (ai = aitop; ai; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && + ai->ai_family != AF_INET6) + continue; + if (getnameinfo(ai->ai_addr, ai->ai_addrlen, + ntop, sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV) != 0) { + ssh_error("ssh_connect: getnameinfo failed"); + continue; + } + debug("Connecting to %.200s [%.100s] port %s.", + host, ntop, strport); + + /* Create a socket for connecting. */ + sock = ssh_create_socket(needpriv, ai); + if (sock < 0) + /* Any error is already output */ + continue; + + if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen, + timeout_ms) >= 0) { + /* Successful connection. */ + memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); + break; + } else { + debug("connect to address %s port %s: %s", + ntop, strport, strerror(errno)); + close(sock); + sock = -1; + } + } + if (sock != -1) + break; /* Successful connection. */ + } + + /* Return failure if we didn't get a successful connection. */ + if (sock == -1) { + ssh_error("ssh: connect to host %s port %s: %s", + host, strport, strerror(errno)); + return (-1); + } + + debug("Connection established."); + + /* Set SO_KEEPALIVE if requested. */ + if (want_keepalive && + setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, + sizeof(on)) < 0) + ssh_error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); + + /* Set the connection. */ + packet_set_connection(sock, sock); + + return 0; +} + +int +ssh_connect(const char *host, struct addrinfo *addrs, + struct sockaddr_storage *hostaddr, u_short port, int family, + int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv) +{ + if (options.proxy_command == NULL) { + return ssh_connect_direct(host, addrs, hostaddr, port, family, + connection_attempts, timeout_ms, want_keepalive, needpriv); + } else if (strcmp(options.proxy_command, "-") == 0) { + packet_set_connection(STDIN_FILENO, STDOUT_FILENO); + return 0; /* Always succeeds */ + } else if (options.proxy_use_fdpass) { + return ssh_proxy_fdpass_connect(host, port, + options.proxy_command); + } + return ssh_proxy_connect(host, port, options.proxy_command); +} + +static void +send_client_banner(int connection_out, int minor1) +{ + /* Send our own protocol version identification. */ + if (compat20) { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); + } else { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", + PROTOCOL_MAJOR_1, minor1, SSH_VERSION); + } + if (roaming_atomicio(vwrite, connection_out, client_version_string, + strlen(client_version_string)) != strlen(client_version_string)) + fatal("write: %.100s", strerror(errno)); + chop(client_version_string); + debug("Local version string %.100s", client_version_string); +} + +/* + * Waits for the server identification string, and sends our own + * identification string. + */ +void +ssh_exchange_identification(int timeout_ms) +{ + char buf[256], remote_version[256]; /* must be same size! */ + int remote_major, remote_minor, mismatch; + int connection_in = packet_get_connection_in(); + int connection_out = packet_get_connection_out(); + int minor1 = PROTOCOL_MINOR_1, client_banner_sent = 0; + u_int i, n; + size_t len; + int fdsetsz, remaining, rc; + struct timeval t_start, t_remaining; + fd_set *fdset; + + fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask); + fdset = xcalloc(1, fdsetsz); + + /* + * If we are SSH2-only then we can send the banner immediately and + * save a round-trip. + */ + if (options.protocol == SSH_PROTO_2) { + enable_compat20(); + send_client_banner(connection_out, 0); + client_banner_sent = 1; + } + + /* Read other side's version identification. */ + remaining = timeout_ms; + for (n = 0;;) { + for (i = 0; i < sizeof(buf) - 1; i++) { + if (timeout_ms > 0) { + gettimeofday(&t_start, NULL); + ms_to_timeval(&t_remaining, remaining); + FD_SET(connection_in, fdset); + rc = select(connection_in + 1, fdset, NULL, + fdset, &t_remaining); + ms_subtract_diff(&t_start, &remaining); + if (rc == 0 || remaining <= 0) + fatal("Connection timed out during " + "banner exchange"); + if (rc == -1) { + if (errno == EINTR) + continue; + fatal("ssh_exchange_identification: " + "select: %s", strerror(errno)); + } + } + + len = roaming_atomicio(read, connection_in, &buf[i], 1); + + if (len != 1 && errno == EPIPE) + fatal("ssh_exchange_identification: " + "Connection closed by remote host"); + else if (len != 1) + fatal("ssh_exchange_identification: " + "read: %.100s", strerror(errno)); + if (buf[i] == '\r') { + buf[i] = '\n'; + buf[i + 1] = 0; + continue; /**XXX wait for \n */ + } + if (buf[i] == '\n') { + buf[i + 1] = 0; + break; + } + if (++n > 65536) + fatal("ssh_exchange_identification: " + "No banner received"); + } + buf[sizeof(buf) - 1] = 0; + if (strncmp(buf, "SSH-", 4) == 0) + break; + debug("ssh_exchange_identification: %s", buf); + } + server_version_string = xstrdup(buf); + free(fdset); + + /* + * Check that the versions match. In future this might accept + * several versions and set appropriate flags to handle them. + */ + if (sscanf(server_version_string, "SSH-%d.%d-%[^\n]\n", + &remote_major, &remote_minor, remote_version) != 3) + fatal("Bad remote protocol version identification: '%.100s'", buf); + debug("Remote protocol version %d.%d, remote software version %.100s", + remote_major, remote_minor, remote_version); + + active_state->compat = compat_datafellows(remote_version); + mismatch = 0; + + switch (remote_major) { + case 1: + if (remote_minor == 99 && + (options.protocol & SSH_PROTO_2) && + !(options.protocol & SSH_PROTO_1_PREFERRED)) { + enable_compat20(); + break; + } + if (!(options.protocol & SSH_PROTO_1)) { + mismatch = 1; + break; + } + if (remote_minor < 3) { + fatal("Remote machine has too old SSH software version."); + } else if (remote_minor == 3 || remote_minor == 4) { + /* We speak 1.3, too. */ + enable_compat13(); + minor1 = 3; + if (options.forward_agent) { + logit("Agent forwarding disabled for protocol 1.3"); + options.forward_agent = 0; + } + } + break; + case 2: + if (options.protocol & SSH_PROTO_2) { + enable_compat20(); + break; + } + /* FALLTHROUGH */ + default: + mismatch = 1; + break; + } + if (mismatch) + fatal("Protocol major versions differ: %d vs. %d", + (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, + remote_major); + if ((datafellows & SSH_BUG_DERIVEKEY) != 0) + fatal("Server version \"%.100s\" uses unsafe key agreement; " + "refusing connection", remote_version); + if ((datafellows & SSH_BUG_RSASIGMD5) != 0) + logit("Server version \"%.100s\" uses unsafe RSA signature " + "scheme; disabling use of RSA keys", remote_version); + if (!client_banner_sent) + send_client_banner(connection_out, minor1); + chop(server_version_string); +} + + +#if 0 +/* defaults to 'no' */ +static int +confirm(const char *prompt) +{ + const char *msg, *again = "Please type 'yes' or 'no': "; + char *p; + int ret = -1; + + if (options.batch_mode) + return 0; + for (msg = prompt;;msg = again) { + p = read_passphrase(msg, RP_ECHO); + if (p == NULL || + (p[0] == '\0') || (p[0] == '\n') || + strncasecmp(p, "no", 2) == 0) + ret = 0; + if (p && strncasecmp(p, "yes", 3) == 0) + ret = 1; + free(p); + if (ret != -1) + return ret; + } +} + +static int +check_host_cert(const char *host, const Key *host_key) +{ + const char *reason; + + if (key_cert_check_authority(host_key, 1, 0, host, &reason) != 0) { + ssh_error("%s", reason); + return 0; + } + if (buffer_len(host_key->cert->critical) != 0) { + ssh_error("Certificate for %s contains unsupported " + "critical options(s)", host); + return 0; + } + return 1; +} + +static int +sockaddr_is_local(struct sockaddr *hostaddr) +{ + switch (hostaddr->sa_family) { + case AF_INET: + return (ntohl(((struct sockaddr_in *)hostaddr)-> + sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; + case AF_INET6: + return IN6_IS_ADDR_LOOPBACK( + &(((struct sockaddr_in6 *)hostaddr)->sin6_addr)); + default: + return 0; + } +} + +/* + * Prepare the hostname and ip address strings that are used to lookup + * host keys in known_hosts files. These may have a port number appended. + */ +void +get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, + u_short port, char **hostfile_hostname, char **hostfile_ipaddr) +{ + char ntop[NI_MAXHOST]; + socklen_t addrlen; + + switch (hostaddr == NULL ? -1 : hostaddr->sa_family) { + case -1: + addrlen = 0; + break; + case AF_INET: + addrlen = sizeof(struct sockaddr_in); + break; + case AF_INET6: + addrlen = sizeof(struct sockaddr_in6); + break; + default: + addrlen = sizeof(struct sockaddr); + break; + } + + /* + * We don't have the remote ip-address for connections + * using a proxy command + */ + if (hostfile_ipaddr != NULL) { + if (options.proxy_command == NULL) { + if (getnameinfo(hostaddr, addrlen, + ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) + fatal("%s: getnameinfo failed", __func__); + *hostfile_ipaddr = put_host_port(ntop, port); + } else { + *hostfile_ipaddr = xstrdup(""); + } + } + + /* + * Allow the user to record the key under a different name or + * differentiate a non-standard port. This is useful for ssh + * tunneling over forwarded connections or if you run multiple + * sshd's on different ports on the same machine. + */ + if (hostfile_hostname != NULL) { + if (options.host_key_alias != NULL) { + *hostfile_hostname = xstrdup(options.host_key_alias); + debug("using hostkeyalias: %s", *hostfile_hostname); + } else { + *hostfile_hostname = put_host_port(hostname, port); + } + } +} + +/* + * check whether the supplied host key is valid, return -1 if the key + * is not valid. user_hostfile[0] will not be updated if 'readonly' is true. + */ +#define RDRW 0 +#define RDONLY 1 +#define ROQUIET 2 +static int +check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, + Key *host_key, int readonly, + char **user_hostfiles, u_int num_user_hostfiles, + char **system_hostfiles, u_int num_system_hostfiles) +{ + HostStatus host_status; + HostStatus ip_status; + Key *raw_key = NULL; + char *ip = NULL, *host = NULL; + char hostline[1000], *hostp, *fp, *ra; + char msg[1024]; + const char *type; + const struct hostkey_entry *host_found, *ip_found; + int len, cancelled_forwarding = 0; + int local = sockaddr_is_local(hostaddr); + int r, want_cert = key_is_cert(host_key), host_ip_differ = 0; + int hostkey_trusted = 0; /* Known or explicitly accepted by user */ + struct hostkeys *host_hostkeys, *ip_hostkeys; + u_int i; + + /* + * Force accepting of the host key for loopback/localhost. The + * problem is that if the home directory is NFS-mounted to multiple + * machines, localhost will refer to a different machine in each of + * them, and the user will get bogus HOST_CHANGED warnings. This + * essentially disables host authentication for localhost; however, + * this is probably not a real problem. + */ + if (options.no_host_authentication_for_localhost == 1 && local && + options.host_key_alias == NULL) { + debug("Forcing accepting of host key for " + "loopback/localhost."); + return 0; + } + + /* + * Prepare the hostname and address strings used for hostkey lookup. + * In some cases, these will have a port number appended. + */ + get_hostfile_hostname_ipaddr(hostname, hostaddr, port, &host, &ip); + + /* + * Turn off check_host_ip if the connection is to localhost, via proxy + * command or if we don't have a hostname to compare with + */ + if (options.check_host_ip && (local || + strcmp(hostname, ip) == 0 || options.proxy_command != NULL)) + options.check_host_ip = 0; + + host_hostkeys = init_hostkeys(); + for (i = 0; i < num_user_hostfiles; i++) + load_hostkeys(host_hostkeys, host, user_hostfiles[i]); + for (i = 0; i < num_system_hostfiles; i++) + load_hostkeys(host_hostkeys, host, system_hostfiles[i]); + + ip_hostkeys = NULL; + if (!want_cert && options.check_host_ip) { + ip_hostkeys = init_hostkeys(); + for (i = 0; i < num_user_hostfiles; i++) + load_hostkeys(ip_hostkeys, ip, user_hostfiles[i]); + for (i = 0; i < num_system_hostfiles; i++) + load_hostkeys(ip_hostkeys, ip, system_hostfiles[i]); + } + + retry: + /* Reload these as they may have changed on cert->key downgrade */ + want_cert = key_is_cert(host_key); + type = key_type(host_key); + + /* + * Check if the host key is present in the user's list of known + * hosts or in the systemwide list. + */ + host_status = check_key_in_hostkeys(host_hostkeys, host_key, + &host_found); + + /* + * Also perform check for the ip address, skip the check if we are + * localhost, looking for a certificate, or the hostname was an ip + * address to begin with. + */ + if (!want_cert && ip_hostkeys != NULL) { + ip_status = check_key_in_hostkeys(ip_hostkeys, host_key, + &ip_found); + if (host_status == HOST_CHANGED && + (ip_status != HOST_CHANGED || + (ip_found != NULL && + !key_equal(ip_found->key, host_found->key)))) + host_ip_differ = 1; + } else + ip_status = host_status; + + switch (host_status) { + case HOST_OK: + /* The host is known and the key matches. */ + debug("Host '%.200s' is known and matches the %s host %s.", + host, type, want_cert ? "certificate" : "key"); + debug("Found %s in %s:%lu", want_cert ? "CA key" : "key", + host_found->file, host_found->line); + if (want_cert && !check_host_cert(hostname, host_key)) + goto fail; + if (options.check_host_ip && ip_status == HOST_NEW) { + if (readonly || want_cert) + logit("%s host key for IP address " + "'%.128s' not in list of known hosts.", + type, ip); + else if (!add_host_to_hostfile(user_hostfiles[0], ip, + host_key, options.hash_known_hosts)) + logit("Failed to add the %s host key for IP " + "address '%.128s' to the list of known " + "hosts (%.500s).", type, ip, + user_hostfiles[0]); + else + logit("Warning: Permanently added the %s host " + "key for IP address '%.128s' to the list " + "of known hosts.", type, ip); + } else if (options.visual_host_key) { + fp = sshkey_fingerprint(host_key, + options.fingerprint_hash, SSH_FP_DEFAULT); + ra = sshkey_fingerprint(host_key, + options.fingerprint_hash, SSH_FP_RANDOMART); + if (fp == NULL || ra == NULL) + fatal("%s: sshkey_fingerprint fail", __func__); + logit("Host key fingerprint is %s\n%s\n", fp, ra); + free(ra); + free(fp); + } + hostkey_trusted = 1; + break; + case HOST_NEW: + if (options.host_key_alias == NULL && port != 0 && + port != SSH_DEFAULT_PORT) { + debug("checking without port identifier"); + if (check_host_key(hostname, hostaddr, 0, host_key, + ROQUIET, user_hostfiles, num_user_hostfiles, + system_hostfiles, num_system_hostfiles) == 0) { + debug("found matching key w/out port"); + break; + } + } + if (readonly || want_cert) + goto fail; + /* The host is new. */ + if (options.strict_host_key_checking == 1) { + /* + * User has requested strict host key checking. We + * will not add the host key automatically. The only + * alternative left is to abort. + */ + ssh_error("No %s host key is known for %.200s and you " + "have requested strict checking.", type, host); + goto fail; + } else if (options.strict_host_key_checking == 2) { + char msg1[1024], msg2[1024]; + + if (show_other_keys(host_hostkeys, host_key)) + snprintf(msg1, sizeof(msg1), + "\nbut keys of different type are already" + " known for this host."); + else + snprintf(msg1, sizeof(msg1), "."); + /* The default */ + fp = sshkey_fingerprint(host_key, + options.fingerprint_hash, SSH_FP_DEFAULT); + ra = sshkey_fingerprint(host_key, + options.fingerprint_hash, SSH_FP_RANDOMART); + if (fp == NULL || ra == NULL) + fatal("%s: sshkey_fingerprint fail", __func__); + msg2[0] = '\0'; + if (options.verify_host_key_dns) { + if (matching_host_key_dns) + snprintf(msg2, sizeof(msg2), + "Matching host key fingerprint" + " found in DNS.\n"); + else + snprintf(msg2, sizeof(msg2), + "No matching host key fingerprint" + " found in DNS.\n"); + } + snprintf(msg, sizeof(msg), + "The authenticity of host '%.200s (%s)' can't be " + "established%s\n" + "%s key fingerprint is %s.%s%s\n%s" + "Are you sure you want to continue connecting " + "(yes/no)? ", + host, ip, msg1, type, fp, + options.visual_host_key ? "\n" : "", + options.visual_host_key ? ra : "", + msg2); + free(ra); + free(fp); + if (!confirm(msg)) + goto fail; + hostkey_trusted = 1; /* user explicitly confirmed */ + } + /* + * If not in strict mode, add the key automatically to the + * local known_hosts file. + */ + if (options.check_host_ip && ip_status == HOST_NEW) { + snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); + hostp = hostline; + if (options.hash_known_hosts) { + /* Add hash of host and IP separately */ + r = add_host_to_hostfile(user_hostfiles[0], + host, host_key, options.hash_known_hosts) && + add_host_to_hostfile(user_hostfiles[0], ip, + host_key, options.hash_known_hosts); + } else { + /* Add unhashed "host,ip" */ + r = add_host_to_hostfile(user_hostfiles[0], + hostline, host_key, + options.hash_known_hosts); + } + } else { + r = add_host_to_hostfile(user_hostfiles[0], host, + host_key, options.hash_known_hosts); + hostp = host; + } + + if (!r) + logit("Failed to add the host to the list of known " + "hosts (%.500s).", user_hostfiles[0]); + else + logit("Warning: Permanently added '%.200s' (%s) to the " + "list of known hosts.", hostp, type); + break; + case HOST_REVOKED: + ssh_error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + ssh_error("@ WARNING: REVOKED HOST KEY DETECTED! @"); + ssh_error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + ssh_error("The %s host key for %s is marked as revoked.", type, host); + ssh_error("This could mean that a stolen key is being used to"); + ssh_error("impersonate this host."); + + /* + * If strict host key checking is in use, the user will have + * to edit the key manually and we can only abort. + */ + if (options.strict_host_key_checking) { + ssh_error("%s host key for %.200s was revoked and you have " + "requested strict checking.", type, host); + goto fail; + } + goto continue_unsafe; + + case HOST_CHANGED: + if (want_cert) { + /* + * This is only a debug() since it is valid to have + * CAs with wildcard DNS matches that don't match + * all hosts that one might visit. + */ + debug("Host certificate authority does not " + "match %s in %s:%lu", CA_MARKER, + host_found->file, host_found->line); + goto fail; + } + if (readonly == ROQUIET) + goto fail; + if (options.check_host_ip && host_ip_differ) { + char *key_msg; + if (ip_status == HOST_NEW) + key_msg = "is unknown"; + else if (ip_status == HOST_OK) + key_msg = "is unchanged"; + else + key_msg = "has a different value"; + ssh_error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + ssh_error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); + ssh_error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + ssh_error("The %s host key for %s has changed,", type, host); + ssh_error("and the key for the corresponding IP address %s", ip); + ssh_error("%s. This could either mean that", key_msg); + ssh_error("DNS SPOOFING is happening or the IP address for the host"); + ssh_error("and its host key have changed at the same time."); + if (ip_status != HOST_NEW) + ssh_error("Offending key for IP in %s:%lu", + ip_found->file, ip_found->line); + } + /* The host key has changed. */ + warn_changed_key(host_key); + ssh_error("Add correct host key in %.100s to get rid of this message.", + user_hostfiles[0]); + ssh_error("Offending %s key in %s:%lu", key_type(host_found->key), + host_found->file, host_found->line); + + /* + * If strict host key checking is in use, the user will have + * to edit the key manually and we can only abort. + */ + if (options.strict_host_key_checking) { + ssh_error("%s host key for %.200s has changed and you have " + "requested strict checking.", type, host); + goto fail; + } + + continue_unsafe: + /* + * If strict host key checking has not been requested, allow + * the connection but without MITM-able authentication or + * forwarding. + */ + if (options.password_authentication) { + ssh_error("Password authentication is disabled to avoid " + "man-in-the-middle attacks."); + options.password_authentication = 0; + cancelled_forwarding = 1; + } + if (options.kbd_interactive_authentication) { + ssh_error("Keyboard-interactive authentication is disabled" + " to avoid man-in-the-middle attacks."); + options.kbd_interactive_authentication = 0; + options.challenge_response_authentication = 0; + cancelled_forwarding = 1; + } + if (options.challenge_response_authentication) { + ssh_error("Challenge/response authentication is disabled" + " to avoid man-in-the-middle attacks."); + options.challenge_response_authentication = 0; + cancelled_forwarding = 1; + } + if (options.forward_agent) { + ssh_error("Agent forwarding is disabled to avoid " + "man-in-the-middle attacks."); + options.forward_agent = 0; + cancelled_forwarding = 1; + } + if (options.forward_x11) { + ssh_error("X11 forwarding is disabled to avoid " + "man-in-the-middle attacks."); + options.forward_x11 = 0; + cancelled_forwarding = 1; + } + if (options.num_local_forwards > 0 || + options.num_remote_forwards > 0) { + ssh_error("Port forwarding is disabled to avoid " + "man-in-the-middle attacks."); + options.num_local_forwards = + options.num_remote_forwards = 0; + cancelled_forwarding = 1; + } + if (options.tun_open != SSH_TUNMODE_NO) { + ssh_error("Tunnel forwarding is disabled to avoid " + "man-in-the-middle attacks."); + options.tun_open = SSH_TUNMODE_NO; + cancelled_forwarding = 1; + } + if (options.exit_on_forward_failure && cancelled_forwarding) + fatal("Error: forwarding disabled due to host key " + "check failure"); + + /* + * XXX Should permit the user to change to use the new id. + * This could be done by converting the host key to an + * identifying sentence, tell that the host identifies itself + * by that sentence, and ask the user if he/she wishes to + * accept the authentication. + */ + break; + case HOST_FOUND: + fatal("internal error"); + break; + } + + if (options.check_host_ip && host_status != HOST_CHANGED && + ip_status == HOST_CHANGED) { + snprintf(msg, sizeof(msg), + "Warning: the %s host key for '%.200s' " + "differs from the key for the IP address '%.128s'" + "\nOffending key for IP in %s:%lu", + type, host, ip, ip_found->file, ip_found->line); + if (host_status == HOST_OK) { + len = strlen(msg); + snprintf(msg + len, sizeof(msg) - len, + "\nMatching host key in %s:%lu", + host_found->file, host_found->line); + } + if (options.strict_host_key_checking == 1) { + logit("%s", msg); + ssh_error("Exiting, you have requested strict checking."); + goto fail; + } else if (options.strict_host_key_checking == 2) { + strlcat(msg, "\nAre you sure you want " + "to continue connecting (yes/no)? ", sizeof(msg)); + if (!confirm(msg)) + goto fail; + } else { + logit("%s", msg); + } + } + + if (!hostkey_trusted && options.update_hostkeys) { + debug("%s: hostkey not known or explicitly trusted: " + "disabling UpdateHostkeys", __func__); + options.update_hostkeys = 0; + } + + free(ip); + free(host); + if (host_hostkeys != NULL) + free_hostkeys(host_hostkeys); + if (ip_hostkeys != NULL) + free_hostkeys(ip_hostkeys); + return 0; + +fail: + if (want_cert && host_status != HOST_REVOKED) { + /* + * No matching certificate. Downgrade cert to raw key and + * search normally. + */ + debug("No matching CA found. Retry with plain key"); + raw_key = key_from_private(host_key); + if (key_drop_cert(raw_key) != 0) + fatal("Couldn't drop certificate"); + host_key = raw_key; + goto retry; + } + if (raw_key != NULL) + key_free(raw_key); + free(ip); + free(host); + if (host_hostkeys != NULL) + free_hostkeys(host_hostkeys); + if (ip_hostkeys != NULL) + free_hostkeys(ip_hostkeys); + return -1; +} + +/* returns 0 if key verifies or -1 if key does NOT verify */ +int +verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) +{ + int r = -1, flags = 0; + char *fp = NULL; + struct sshkey *plain = NULL; + + if ((fp = sshkey_fingerprint(host_key, + options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { + ssh_error("%s: fingerprint host key: %s", __func__, ssh_err(r)); + r = -1; + goto out; + } + + debug("Server host key: %s %s", + compat20 ? sshkey_ssh_name(host_key) : sshkey_type(host_key), fp); + + if (sshkey_equal(previous_host_key, host_key)) { + debug2("%s: server host key %s %s matches cached key", + __func__, sshkey_type(host_key), fp); + r = 0; + goto out; + } + + /* Check in RevokedHostKeys file if specified */ + if (options.revoked_host_keys != NULL) { + r = sshkey_check_revoked(host_key, options.revoked_host_keys); + switch (r) { + case 0: + break; /* not revoked */ + case SSH_ERR_KEY_REVOKED: + ssh_error("Host key %s %s revoked by file %s", + sshkey_type(host_key), fp, + options.revoked_host_keys); + r = -1; + goto out; + default: + ssh_error("Error checking host key %s %s in " + "revoked keys file %s: %s", sshkey_type(host_key), + fp, options.revoked_host_keys, ssh_err(r)); + r = -1; + goto out; + } + } + + if (options.verify_host_key_dns) { + /* + * XXX certs are not yet supported for DNS, so downgrade + * them and try the plain key. + */ + if ((r = sshkey_from_private(host_key, &plain)) != 0) + goto out; + if (sshkey_is_cert(plain)) + sshkey_drop_cert(plain); + if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) { + if (flags & DNS_VERIFY_FOUND) { + if (options.verify_host_key_dns == 1 && + flags & DNS_VERIFY_MATCH && + flags & DNS_VERIFY_SECURE) { + r = 0; + goto out; + } + if (flags & DNS_VERIFY_MATCH) { + matching_host_key_dns = 1; + } else { + warn_changed_key(plain); + ssh_error("Update the SSHFP RR in DNS " + "with the new host key to get rid " + "of this message."); + } + } + } + } + r = check_host_key(host, hostaddr, options.port, host_key, RDRW, + options.user_hostfiles, options.num_user_hostfiles, + options.system_hostfiles, options.num_system_hostfiles); + +out: + sshkey_free(plain); + free(fp); + if (r == 0 && host_key != NULL) { + key_free(previous_host_key); + previous_host_key = key_from_private(host_key); + } + + return r; +} + +/* + * Starts a dialog with the server, and authenticates the current user on the + * server. This does not need any extra privileges. The basic connection + * to the server must already have been established before this is called. + * If login fails, this function prints an error and never returns. + * This function does not require super-user privileges. + */ +void +ssh_login(Sensitive *sensitive, const char *orighost, + struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms) +{ + char *host; + char *server_user, *local_user; + + local_user = xstrdup(pw->pw_name); + server_user = options.user ? options.user : local_user; + + /* Convert the user-supplied hostname into all lowercase. */ + host = xstrdup(orighost); + lowercase(host); + + /* Exchange protocol version identification strings with the server. */ + ssh_exchange_identification(timeout_ms); + + /* Put the connection into non-blocking mode. */ + packet_set_nonblocking(); + + /* key exchange */ + /* authenticate user */ + debug("Authenticating to %s:%d as '%s'", host, port, server_user); + if (compat20) { + ssh_kex2(host, hostaddr, port); + ssh_userauth2(local_user, server_user, host, sensitive); + } else { +#ifdef WITH_SSH1 + ssh_kex(host, hostaddr); + ssh_userauth1(local_user, server_user, host, sensitive); +#else + fatal("ssh1 is not supported"); +#endif + } + free(local_user); +} + +void +ssh_put_password(char *password) +{ + int size; + char *padded; + + if (datafellows & SSH_BUG_PASSWORDPAD) { + packet_put_cstring(password); + return; + } + size = roundup(strlen(password) + 1, 32); + padded = xcalloc(1, size); + strlcpy(padded, password, size); + packet_put_string(padded, size); + explicit_bzero(padded, size); + free(padded); +} + +/* print all known host keys for a given host, but skip keys of given type */ +static int +show_other_keys(struct hostkeys *hostkeys, Key *key) +{ + int type[] = { + KEY_RSA1, + KEY_RSA, + KEY_DSA, + KEY_ECDSA, + KEY_ED25519, + -1 + }; + int i, ret = 0; + char *fp, *ra; + const struct hostkey_entry *found; + + for (i = 0; type[i] != -1; i++) { + if (type[i] == key->type) + continue; + if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found)) + continue; + fp = sshkey_fingerprint(found->key, + options.fingerprint_hash, SSH_FP_DEFAULT); + ra = sshkey_fingerprint(found->key, + options.fingerprint_hash, SSH_FP_RANDOMART); + if (fp == NULL || ra == NULL) + fatal("%s: sshkey_fingerprint fail", __func__); + logit("WARNING: %s key found for host %s\n" + "in %s:%lu\n" + "%s key fingerprint %s.", + key_type(found->key), + found->host, found->file, found->line, + key_type(found->key), fp); + if (options.visual_host_key) + logit("%s", ra); + free(ra); + free(fp); + ret = 1; + } + return ret; +} + +static void +warn_changed_key(Key *host_key) +{ + char *fp; + + fp = sshkey_fingerprint(host_key, options.fingerprint_hash, + SSH_FP_DEFAULT); + if (fp == NULL) + fatal("%s: sshkey_fingerprint fail", __func__); + + ssh_error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + ssh_error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); + ssh_error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + ssh_error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); + ssh_error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); + ssh_error("It is also possible that a host key has just been changed."); + ssh_error("The fingerprint for the %s key sent by the remote host is\n%s.", + key_type(host_key), fp); + ssh_error("Please contact your system administrator."); + + free(fp); +} + +/* + * Execute a local command + */ +int +ssh_local_cmd(const char *args) +{ + char *shell; + pid_t pid; + int status; + void (*osighand)(int); + + if (!options.permit_local_command || + args == NULL || !*args) + return (1); + + if ((shell = getenv("SHELL")) == NULL || *shell == '\0') + shell = _PATH_BSHELL; + + osighand = signal(SIGCHLD, SIG_DFL); + pid = fork(); + if (pid == 0) { + signal(SIGPIPE, SIG_DFL); + debug3("Executing %s -c \"%s\"", shell, args); + execl(shell, shell, "-c", args, (char *)NULL); + ssh_error("Couldn't execute %s -c \"%s\": %s", + shell, args, strerror(errno)); + _exit(1); + } else if (pid == -1) + fatal("fork failed: %.100s", strerror(errno)); + while (waitpid(pid, &status, 0) == -1) + if (errno != EINTR) + fatal("Couldn't wait for child: %s", strerror(errno)); + signal(SIGCHLD, osighand); + + if (!WIFEXITED(status)) + return (1); + + return (WEXITSTATUS(status)); +} + +#endif + +#endif diff --git a/include/DomainExec/opensshlib/sshconnect.h b/include/DomainExec/opensshlib/sshconnect.h new file mode 100644 index 00000000..1cd27be7 --- /dev/null +++ b/include/DomainExec/opensshlib/sshconnect.h @@ -0,0 +1,95 @@ +/* $OpenBSD: sshconnect.h,v 1.28 2013/10/16 02:31:47 djm Exp $ */ + +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct Sensitive Sensitive; +struct Sensitive { + Key **keys; + int nkeys; + int external_keysign; +}; + +struct addrinfo; +int ssh_connect(const char *, struct addrinfo *, struct sockaddr_storage *, + u_short, int, int, int *, int, int); +void ssh_kill_proxy_command(void); + +void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short, + struct passwd *, int); + +void ssh_exchange_identification(int); + +int verify_host_key(char *, struct sockaddr *, Key *); + +void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short, + char **, char **); + +void ssh_kex(char *, struct sockaddr *); +void ssh_kex2(char *, struct sockaddr *, u_short); + +void ssh_userauth1(const char *, const char *, char *, Sensitive *); +void ssh_userauth2(const char *, const char *, char *, Sensitive *); + +void ssh_put_password(char *); +int ssh_local_cmd(const char *); + + +void ncrackssh_ssh_kex2(ncrack_ssh_state *nstate, char *client_version_string, + char *server_version_string); +void ncrackssh_ssh_start_userauth2(ncrack_ssh_state *nstate); +int ncrackssh_ssh_userauth2_service_rep(ncrack_ssh_state *nstate); +int ncrackssh_ssh_userauth2(ncrack_ssh_state *nstate, const char *server_user, + const char *password); + + + +/* + * Macros to raise/lower permissions. + */ +#define PRIV_START do { \ + int save_errno = errno; \ + if (seteuid(original_effective_uid) != 0) \ + fatal("PRIV_START: seteuid: %s", \ + strerror(errno)); \ + errno = save_errno; \ +} while (0) + +#define PRIV_END do { \ + int save_errno = errno; \ + if (seteuid(original_real_uid) != 0) \ + fatal("PRIV_END: seteuid: %s", \ + strerror(errno)); \ + errno = save_errno; \ +} while (0) + + +#ifdef __cplusplus +} /* End of 'extern "C"' */ +#endif diff --git a/include/DomainExec/opensshlib/sshconnect2.c b/include/DomainExec/opensshlib/sshconnect2.c new file mode 100644 index 00000000..d1e5459c --- /dev/null +++ b/include/DomainExec/opensshlib/sshconnect2.c @@ -0,0 +1,1858 @@ +/* $OpenBSD: sshconnect2.c,v 1.226 2015/07/30 00:01:34 djm Exp $ */ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2008 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include + +#ifndef WIN32 +#include +#include +#endif + +#include + +#include +#include +#ifndef WIN32 +#include +#include +#endif +#include +#include +#include +#include +#ifndef WIN32 +#include +#endif +#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) +#include +#endif + +#include "sys-queue.h" + +#include "xmalloc.h" +#include "ssh.h" +#include "ssh2.h" +#include "buffer.h" +#include "packet.h" +#include "compat.h" +#include "cipher.h" +#include "key.h" +#include "kex.h" +#include "myproposal.h" +#include "sshconnect.h" +#include "authfile.h" +#include "dh.h" +#include "authfd.h" +#include "log.h" +#include "misc.h" +#include "readconf.h" +#include "match.h" +#include "dispatch.h" +#include "canohost.h" +#include "msg.h" +#include "pathnames.h" +#include "uidswap.h" +#include "hostfile.h" +#include "ssherr.h" + +#ifdef GSSAPI +#include "ssh-gss.h" +#endif + +/* import */ +extern char *client_version_string; +extern char *server_version_string; +extern Options options; + +/* + * SSH2 key exchange + */ + +u_char *session_id2 = NULL; +u_int session_id2_len = 0; + +char *xxx_host; +struct sockaddr *xxx_hostaddr; + +static int +//verify_host_key_callback(Key *hostkey, struct ssh *ssh) +verify_host_key_callback(struct sshkey *hostkey, ncrack_ssh_state *state) +{ + //if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) + // fatal("Host key verification failed."); + return 0; +} + +#if 0 +static char * +order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) +{ + char *oavail, *avail, *first, *last, *alg, *hostname, *ret; + size_t maxlen; + struct hostkeys *hostkeys; + int ktype; + u_int i; + + /* Find all hostkeys for this hostname */ + get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL); + hostkeys = init_hostkeys(); + for (i = 0; i < options.num_user_hostfiles; i++) + load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]); + for (i = 0; i < options.num_system_hostfiles; i++) + load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]); + + oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG); + maxlen = strlen(avail) + 1; + first = xmalloc(maxlen); + last = xmalloc(maxlen); + *first = *last = '\0'; + +#define ALG_APPEND(to, from) \ + do { \ + if (*to != '\0') \ + strlcat(to, ",", maxlen); \ + strlcat(to, from, maxlen); \ + } while (0) + + while ((alg = strsep(&avail, ",")) && *alg != '\0') { + if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC) + fatal("%s: unknown alg %s", __func__, alg); + if (lookup_key_in_hostkeys_by_type(hostkeys, + sshkey_type_plain(ktype), NULL)) + ALG_APPEND(first, alg); + else + ALG_APPEND(last, alg); + } +#undef ALG_APPEND + xasprintf(&ret, "%s%s%s", first, + (*first == '\0' || *last == '\0') ? "" : ",", last); + if (*first != '\0') + debug3("%s: prefer hostkeyalgs: %s", __func__, first); + + free(first); + free(last); + free(hostname); + free(oavail); + free_hostkeys(hostkeys); + + return ret; +} +#endif + +// was ssh_kex2 +void +ncrackssh_ssh_kex2(ncrack_ssh_state *nstate, char *client_version_string, + char *server_version_string) +{ + char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; + struct kex *kex; + int r; + + //printf("ssh_kex2\n"); + + // normally these are defined in Options struct (readconf.h) + char *ciphers = NULL; /* SSH2 ciphers in order of preference. */ + char *macs = NULL; /* SSH2 macs in order of preference. */ + char *kex_algorithms = NULL; /* SSH2 kex methods in order of preference. */ + //char *hostkeyalgorithms = NULL; /* SSH2 server key types in order of preference. */ + + // taken from readconf.c: fill_default_options + if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &ciphers) != 0 || + kex_assemble_names(KEX_CLIENT_MAC, &macs) != 0 || + kex_assemble_names(KEX_CLIENT_KEX, &kex_algorithms) != 0) + debug("%s: kex_assemble_names failed", __func__); + + + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(nstate, kex_algorithms); + myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(nstate, ciphers); + myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(nstate, ciphers); + myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib"; + myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = macs; + + /* Enforce default */ + //hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); + + /* Prefer algorithms that we already have keys for */ + // was: compat_pkalg_proposal(nstate, order_hostkeyalgs(host, hostaddr, port)); + // Ncrack ssh: maybe we could store these preferences and use them between sessions + // of same host + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = xstrdup(KEX_DEFAULT_PK_ALG); + + //printf("before kex setup\n"); + + /* start key exchange */ + if ((r = kex_setup(nstate, myproposal)) != 0) + fatal("kex_setup: %s", ssh_err(r)); + kex = nstate->kex; +#ifdef WITH_OPENSSL + kex->kexm[KEX_DH_GRP1_SHA1] = kexdh_client; + kex->kexm[KEX_DH_GRP14_SHA1] = kexdh_client; + kex->kexm[KEX_DH_GEX_SHA1] = kexgex_client; + kex->kexm[KEX_DH_GEX_SHA256] = kexgex_client; +# ifdef OPENSSL_HAS_ECC + kex->kexm[KEX_ECDH_SHA2] = kexecdh_client; +# endif +#endif + kex->kexm[KEX_C25519_SHA256] = kexc25519_client; + kex->client_version_string = client_version_string; + kex->server_version_string = server_version_string; + kex->verify_host_key = &verify_host_key_callback; + + +#ifdef DEBUG_KEXDH + /* send 1st encrypted/maced/compressed message */ +#if 0 + packet_start(SSH2_MSG_IGNORE); + packet_put_cstring("markus"); + packet_send(); + packet_write_wait(); +#endif +#endif +} + +#if 0 + +/* + * Authenticate user + */ + +typedef struct cauthctxt Authctxt; +typedef struct cauthmethod Authmethod; +typedef struct identity Identity; +typedef struct idlist Idlist; + +struct identity { + TAILQ_ENTRY(identity) next; + int agent_fd; /* >=0 if agent supports key */ + struct sshkey *key; /* public/private key */ + char *filename; /* comment for agent-only keys */ + int tried; + int isprivate; /* key points to the private key */ + int userprovided; +}; +TAILQ_HEAD(idlist, identity); + +struct cauthctxt { + const char *server_user; + const char *local_user; + const char *host; + const char *service; + struct cauthmethod *method; + sig_atomic_t success; + char *authlist; + int attempt; + /* pubkey */ + struct idlist keys; + int agent_fd; + /* hostbased */ + Sensitive *sensitive; + char *oktypes, *ktypes; + const char *active_ktype; + /* kbd-interactive */ + int info_req_seen; + /* generic */ + void *methoddata; +}; + +struct cauthmethod { + char *name; /* string to compare against server's list */ + int (*userauth)(Authctxt *authctxt); + void (*cleanup)(Authctxt *authctxt); + int *enabled; /* flag in option struct that enables method */ + int *batch_flag; /* flag in option struct that disables method */ +}; + +int input_userauth_success(int, u_int32_t, void *); +int input_userauth_success_unexpected(int, u_int32_t, void *); +int input_userauth_failure(int, u_int32_t, void *); +int input_userauth_banner(int, u_int32_t, void *); +int input_userauth_error(int, u_int32_t, void *); +int input_userauth_info_req(int, u_int32_t, void *); +int input_userauth_pk_ok(int, u_int32_t, void *); +int input_userauth_passwd_changereq(int, u_int32_t, void *); + +int userauth_none(Authctxt *); +int userauth_pubkey(Authctxt *); +int userauth_passwd(Authctxt *); +int userauth_kbdint(Authctxt *); +int userauth_hostbased(Authctxt *); + +#ifdef GSSAPI +int userauth_gssapi(Authctxt *authctxt); +int input_gssapi_response(int type, u_int32_t, void *); +int input_gssapi_token(int type, u_int32_t, void *); +int input_gssapi_hash(int type, u_int32_t, void *); +int input_gssapi_error(int, u_int32_t, void *); +int input_gssapi_errtok(int, u_int32_t, void *); +#endif + +void userauth(Authctxt *, char *); + +static int sign_and_send_pubkey(Authctxt *, Identity *); +static void pubkey_prepare(Authctxt *); +static void pubkey_cleanup(Authctxt *); +static Key *load_identity_file(char *, int); + +static Authmethod *authmethod_get(char *authlist); +static Authmethod *authmethod_lookup(const char *name); +static char *authmethods_get(void); + +Authmethod authmethods[] = { +#ifdef GSSAPI + {"gssapi-with-mic", + userauth_gssapi, + NULL, + &options.gss_authentication, + NULL}, +#endif + {"hostbased", + userauth_hostbased, + NULL, + &options.hostbased_authentication, + NULL}, + {"publickey", + userauth_pubkey, + NULL, + &options.pubkey_authentication, + NULL}, + {"keyboard-interactive", + userauth_kbdint, + NULL, + &options.kbd_interactive_authentication, + &options.batch_mode}, + {"password", + userauth_passwd, + NULL, + &options.password_authentication, + &options.batch_mode}, + {"none", + userauth_none, + NULL, + NULL, + NULL}, + {NULL, NULL, NULL, NULL, NULL} +}; + +#endif + +void +ncrackssh_ssh_start_userauth2(ncrack_ssh_state *nstate) +{ + ssh_packet_start(nstate, SSH2_MSG_SERVICE_REQUEST); + ssh_packet_put_cstring(nstate, "ssh-userauth"); + ssh_packet_send(nstate); + debug("SSH2_MSG_SERVICE_REQUEST sent"); +} + +int +ncrackssh_ssh_userauth2_service_rep(ncrack_ssh_state *nstate) +{ + + //printf("nstate type: %d \n", nstate->type); + + if (nstate->type != SSH2_MSG_SERVICE_ACCEPT) + return -1; + //fatal("Server denied authentication request: %d", type); + if (ssh_packet_remaining(nstate) > 0) { + char *reply = ssh_packet_get_string(nstate, NULL); + debug2("service_accept: %s", reply); + free(reply); + } else { + debug2("buggy server: service_accept w/o service"); + } + //ssh_packet_check_eom(nstate); + debug("SSH2_MSG_SERVICE_ACCEPT received"); + return 0; +} + +int +ncrackssh_ssh_userauth2(ncrack_ssh_state *nstate, const char *server_user, + const char *password) +{ + ssh_packet_start(nstate, SSH2_MSG_USERAUTH_REQUEST); + ssh_packet_put_cstring(nstate, server_user); + ssh_packet_put_cstring(nstate, "ssh-connection"); + ssh_packet_put_cstring(nstate, "password"); + ssh_packet_put_char(nstate, 0); + ssh_packet_put_cstring(nstate, password); + sshpkt_add_padding(nstate, 64); + ssh_packet_send(nstate); + return 0; +} + + +#if 0 + + /* setup authentication context */ + memset(&authctxt, 0, sizeof(authctxt)); + pubkey_prepare(&authctxt); + authctxt.server_user = server_user; + authctxt.local_user = local_user; + authctxt.host = host; + authctxt.service = "ssh-connection"; /* service name */ + authctxt.success = 0; + authctxt.method = authmethod_lookup("none"); + authctxt.authlist = NULL; + authctxt.methoddata = NULL; + authctxt.sensitive = sensitive; + authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL; + authctxt.info_req_seen = 0; + authctxt.agent_fd = -1; + if (authctxt.method == NULL) + fatal("ssh_userauth2: internal error: cannot send userauth none request"); + + /* initial userauth request */ + userauth_none(&authctxt); + + dispatch_init(&input_userauth_error); + dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); + dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure); + dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner); + dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ + + pubkey_cleanup(&authctxt); + dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); + + debug("Authentication succeeded (%s).", authctxt.method->name); +} + + + +void +userauth(Authctxt *authctxt, char *authlist) +{ + if (authctxt->method != NULL && authctxt->method->cleanup != NULL) + authctxt->method->cleanup(authctxt); + + free(authctxt->methoddata); + authctxt->methoddata = NULL; + if (authlist == NULL) { + authlist = authctxt->authlist; + } else { + free(authctxt->authlist); + authctxt->authlist = authlist; + } + for (;;) { + Authmethod *method = authmethod_get(authlist); + if (method == NULL) + fatal("Permission denied (%s).", authlist); + authctxt->method = method; + + /* reset the per method handler */ + dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN, + SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL); + + /* and try new method */ + if (method->userauth(authctxt) != 0) { + debug2("we sent a %s packet, wait for reply", method->name); + break; + } else { + debug2("we did not send a packet, disable method"); + method->enabled = NULL; + } + } +} + +/* ARGSUSED */ +int +input_userauth_error(int type, u_int32_t seq, void *ctxt) +{ + fatal("input_userauth_error: bad message during authentication: " + "type %d", type); + return 0; +} + +/* ARGSUSED */ +int +input_userauth_banner(int type, u_int32_t seq, void *ctxt) +{ + char *msg, *raw, *lang; + u_int len; + + debug3("input_userauth_banner"); + raw = packet_get_string(&len); + lang = packet_get_string(NULL); + if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) { + if (len > 65536) + len = 65536; + msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ + strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); + fprintf(stderr, "%s", msg); + free(msg); + } + free(raw); + free(lang); + return 0; +} + +/* ARGSUSED */ +int +input_userauth_success(int type, u_int32_t seq, void *ctxt) +{ + Authctxt *authctxt = ctxt; + + if (authctxt == NULL) + fatal("input_userauth_success: no authentication context"); + free(authctxt->authlist); + authctxt->authlist = NULL; + if (authctxt->method != NULL && authctxt->method->cleanup != NULL) + authctxt->method->cleanup(authctxt); + free(authctxt->methoddata); + authctxt->methoddata = NULL; + authctxt->success = 1; /* break out */ + return 0; +} + +int +input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt) +{ + Authctxt *authctxt = ctxt; + + if (authctxt == NULL) + fatal("%s: no authentication context", __func__); + + fatal("Unexpected authentication success during %s.", + authctxt->method->name); + return 0; +} + +/* ARGSUSED */ +int +input_userauth_failure(int type, u_int32_t seq, void *ctxt) +{ + Authctxt *authctxt = ctxt; + char *authlist = NULL; + int partial; + + if (authctxt == NULL) + fatal("input_userauth_failure: no authentication context"); + + authlist = packet_get_string(NULL); + partial = packet_get_char(); + packet_check_eom(); + + if (partial != 0) { + logit("Authenticated with partial success."); + /* reset state */ + pubkey_cleanup(authctxt); + pubkey_prepare(authctxt); + } + debug("Authentications that can continue: %s", authlist); + + userauth(authctxt, authlist); + return 0; +} + +/* ARGSUSED */ +int +input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) +{ + Authctxt *authctxt = ctxt; + Key *key = NULL; + Identity *id = NULL; + Buffer b; + int pktype, sent = 0; + u_int alen, blen; + char *pkalg, *fp; + u_char *pkblob; + + if (authctxt == NULL) + fatal("input_userauth_pk_ok: no authentication context"); + if (datafellows & SSH_BUG_PKOK) { + /* this is similar to SSH_BUG_PKAUTH */ + debug2("input_userauth_pk_ok: SSH_BUG_PKOK"); + pkblob = packet_get_string(&blen); + buffer_init(&b); + buffer_append(&b, pkblob, blen); + pkalg = buffer_get_string(&b, &alen); + buffer_free(&b); + } else { + pkalg = packet_get_string(&alen); + pkblob = packet_get_string(&blen); + } + packet_check_eom(); + + debug("Server accepts key: pkalg %s blen %u", pkalg, blen); + + if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) { + debug("unknown pkalg %s", pkalg); + goto done; + } + if ((key = key_from_blob(pkblob, blen)) == NULL) { + debug("no key from blob. pkalg %s", pkalg); + goto done; + } + if (key->type != pktype) { + ssh_error("input_userauth_pk_ok: type mismatch " + "for decoded key (received %d, expected %d)", + key->type, pktype); + goto done; + } + if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, + SSH_FP_DEFAULT)) == NULL) + goto done; + debug2("input_userauth_pk_ok: fp %s", fp); + free(fp); + + /* + * search keys in the reverse order, because last candidate has been + * moved to the end of the queue. this also avoids confusion by + * duplicate keys + */ + TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) { + if (key_equal(key, id->key)) { + sent = sign_and_send_pubkey(authctxt, id); + break; + } + } +done: + if (key != NULL) + key_free(key); + free(pkalg); + free(pkblob); + + /* try another method if we did not send a packet */ + if (sent == 0) + userauth(authctxt, NULL); + return 0; +} + + +#if 0 +#ifdef GSSAPI +int +userauth_gssapi(Authctxt *authctxt) +{ + Gssctxt *gssctxt = NULL; + static gss_OID_set gss_supported = NULL; + static u_int mech = 0; + OM_uint32 min; + int ok = 0; + + /* Try one GSSAPI method at a time, rather than sending them all at + * once. */ + + if (gss_supported == NULL) + gss_indicate_mechs(&min, &gss_supported); + + /* Check to see if the mechanism is usable before we offer it */ + while (mech < gss_supported->count && !ok) { + /* My DER encoding requires length<128 */ + if (gss_supported->elements[mech].length < 128 && + ssh_gssapi_check_mechanism(&gssctxt, + &gss_supported->elements[mech], authctxt->host)) { + ok = 1; /* Mechanism works */ + } else { + mech++; + } + } + + if (!ok) + return 0; + + authctxt->methoddata=(void *)gssctxt; + + packet_start(SSH2_MSG_USERAUTH_REQUEST); + packet_put_cstring(authctxt->server_user); + packet_put_cstring(authctxt->service); + packet_put_cstring(authctxt->method->name); + + packet_put_int(1); + + packet_put_int((gss_supported->elements[mech].length) + 2); + packet_put_char(SSH_GSS_OIDTYPE); + packet_put_char(gss_supported->elements[mech].length); + packet_put_raw(gss_supported->elements[mech].elements, + gss_supported->elements[mech].length); + + packet_send(); + + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response); + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error); + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); + + mech++; /* Move along to next candidate */ + + return 1; +} + +static OM_uint32 +process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) +{ + Authctxt *authctxt = ctxt; + Gssctxt *gssctxt = authctxt->methoddata; + gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; + gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; + gss_buffer_desc gssbuf; + OM_uint32 status, ms, flags; + Buffer b; + + status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, + recv_tok, &send_tok, &flags); + + if (send_tok.length > 0) { + if (GSS_ERROR(status)) + packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); + else + packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); + + packet_put_string(send_tok.value, send_tok.length); + packet_send(); + gss_release_buffer(&ms, &send_tok); + } + + if (status == GSS_S_COMPLETE) { + /* send either complete or MIC, depending on mechanism */ + if (!(flags & GSS_C_INTEG_FLAG)) { + packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); + packet_send(); + } else { + ssh_gssapi_buildmic(&b, authctxt->server_user, + authctxt->service, "gssapi-with-mic"); + + gssbuf.value = buffer_ptr(&b); + gssbuf.length = buffer_len(&b); + + status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic); + + if (!GSS_ERROR(status)) { + packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC); + packet_put_string(mic.value, mic.length); + + packet_send(); + } + + buffer_free(&b); + gss_release_buffer(&ms, &mic); + } + } + + return status; +} + +/* ARGSUSED */ +int +input_gssapi_response(int type, u_int32_t plen, void *ctxt) +{ + Authctxt *authctxt = ctxt; + Gssctxt *gssctxt; + int oidlen; + char *oidv; + + if (authctxt == NULL) + fatal("input_gssapi_response: no authentication context"); + gssctxt = authctxt->methoddata; + + /* Setup our OID */ + oidv = packet_get_string(&oidlen); + + if (oidlen <= 2 || + oidv[0] != SSH_GSS_OIDTYPE || + oidv[1] != oidlen - 2) { + free(oidv); + debug("Badly encoded mechanism OID received"); + userauth(authctxt, NULL); + return 0; + } + + if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2)) + fatal("Server returned different OID than expected"); + + packet_check_eom(); + + free(oidv); + + if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { + /* Start again with next method on list */ + debug("Trying to start again"); + userauth(authctxt, NULL); + return 0; + } + return 0; +} + +/* ARGSUSED */ +int +input_gssapi_token(int type, u_int32_t plen, void *ctxt) +{ + Authctxt *authctxt = ctxt; + gss_buffer_desc recv_tok; + OM_uint32 status; + u_int slen; + + if (authctxt == NULL) + fatal("input_gssapi_response: no authentication context"); + + recv_tok.value = packet_get_string(&slen); + recv_tok.length = slen; /* safe typecast */ + + packet_check_eom(); + + status = process_gssapi_token(ctxt, &recv_tok); + + free(recv_tok.value); + + if (GSS_ERROR(status)) { + /* Start again with the next method in the list */ + userauth(authctxt, NULL); + return 0; + } + return 0; +} + +/* ARGSUSED */ +int +input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) +{ + Authctxt *authctxt = ctxt; + Gssctxt *gssctxt; + gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; + gss_buffer_desc recv_tok; + OM_uint32 ms; + u_int len; + + if (authctxt == NULL) + fatal("input_gssapi_response: no authentication context"); + gssctxt = authctxt->methoddata; + + recv_tok.value = packet_get_string(&len); + recv_tok.length = len; + + packet_check_eom(); + + /* Stick it into GSSAPI and see what it says */ + (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, + &recv_tok, &send_tok, NULL); + + free(recv_tok.value); + gss_release_buffer(&ms, &send_tok); + + /* Server will be returning a failed packet after this one */ + return 0; +} + +/* ARGSUSED */ +int +input_gssapi_error(int type, u_int32_t plen, void *ctxt) +{ + char *msg; + char *lang; + + /* maj */(void)packet_get_int(); + /* min */(void)packet_get_int(); + msg=packet_get_string(NULL); + lang=packet_get_string(NULL); + + packet_check_eom(); + + debug("Server GSSAPI Error:\n%s", msg); + free(msg); + free(lang); + return 0; +} +#endif /* GSSAPI */ +#endif + +int +userauth_none(Authctxt *authctxt) +{ + /* initial userauth request */ + packet_start(SSH2_MSG_USERAUTH_REQUEST); + packet_put_cstring(authctxt->server_user); + packet_put_cstring(authctxt->service); + packet_put_cstring(authctxt->method->name); + packet_send(); + return 1; +} + +int +userauth_passwd(Authctxt *authctxt) +{ + static int attempt = 0; + char prompt[150]; + char *password; + const char *host = options.host_key_alias ? options.host_key_alias : + authctxt->host; + + if (attempt++ >= options.number_of_password_prompts) + return 0; + + if (attempt != 1) + ssh_error("Permission denied, please try again."); + + snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", + authctxt->server_user, host); + password = read_passphrase(prompt, 0); + packet_start(SSH2_MSG_USERAUTH_REQUEST); + packet_put_cstring(authctxt->server_user); + packet_put_cstring(authctxt->service); + packet_put_cstring(authctxt->method->name); + packet_put_char(0); + packet_put_cstring(password); + explicit_bzero(password, strlen(password)); + free(password); + packet_add_padding(64); + packet_send(); + + dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, + &input_userauth_passwd_changereq); + + return 1; +} + +/* + * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST + */ +/* ARGSUSED */ +int +input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) +{ + Authctxt *authctxt = ctxt; + char *info, *lang, *password = NULL, *retype = NULL; + char prompt[150]; + const char *host = options.host_key_alias ? options.host_key_alias : + authctxt->host; + + debug2("input_userauth_passwd_changereq"); + + if (authctxt == NULL) + fatal("input_userauth_passwd_changereq: " + "no authentication context"); + + info = packet_get_string(NULL); + lang = packet_get_string(NULL); + if (strlen(info) > 0) + logit("%s", info); + free(info); + free(lang); + packet_start(SSH2_MSG_USERAUTH_REQUEST); + packet_put_cstring(authctxt->server_user); + packet_put_cstring(authctxt->service); + packet_put_cstring(authctxt->method->name); + packet_put_char(1); /* additional info */ + snprintf(prompt, sizeof(prompt), + "Enter %.30s@%.128s's old password: ", + authctxt->server_user, host); + password = read_passphrase(prompt, 0); + packet_put_cstring(password); + explicit_bzero(password, strlen(password)); + free(password); + password = NULL; + while (password == NULL) { + snprintf(prompt, sizeof(prompt), + "Enter %.30s@%.128s's new password: ", + authctxt->server_user, host); + password = read_passphrase(prompt, RP_ALLOW_EOF); + if (password == NULL) { + /* bail out */ + return 0; + } + snprintf(prompt, sizeof(prompt), + "Retype %.30s@%.128s's new password: ", + authctxt->server_user, host); + retype = read_passphrase(prompt, 0); + if (strcmp(password, retype) != 0) { + explicit_bzero(password, strlen(password)); + free(password); + logit("Mismatch; try again, EOF to quit."); + password = NULL; + } + explicit_bzero(retype, strlen(retype)); + free(retype); + } + packet_put_cstring(password); + explicit_bzero(password, strlen(password)); + free(password); + packet_add_padding(64); + packet_send(); + + dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, + &input_userauth_passwd_changereq); + return 0; +} + +static int +identity_sign(struct identity *id, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) +{ + Key *prv; + int ret; + + /* the agent supports this key */ + if (id->agent_fd) + return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, + data, datalen, compat); + + /* + * we have already loaded the private key or + * the private key is stored in external hardware + */ + if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)) + return (sshkey_sign(id->key, sigp, lenp, data, datalen, + compat)); + /* load the private key from the file */ + if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL) + return (-1); /* XXX return decent error code */ + ret = sshkey_sign(prv, sigp, lenp, data, datalen, compat); + sshkey_free(prv); + return (ret); +} + +static int +sign_and_send_pubkey(Authctxt *authctxt, Identity *id) +{ + Buffer b; + u_char *blob, *signature; + u_int bloblen; + size_t slen; + u_int skip = 0; + int ret = -1; + int have_sig = 1; + char *fp; + + if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash, + SSH_FP_DEFAULT)) == NULL) + return 0; + debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); + free(fp); + + if (key_to_blob(id->key, &blob, &bloblen) == 0) { + /* we cannot handle this key */ + debug3("sign_and_send_pubkey: cannot handle key"); + return 0; + } + /* data to be signed */ + buffer_init(&b); + if (datafellows & SSH_OLD_SESSIONID) { + buffer_append(&b, session_id2, session_id2_len); + skip = session_id2_len; + } else { + buffer_put_string(&b, session_id2, session_id2_len); + skip = buffer_len(&b); + } + buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); + buffer_put_cstring(&b, authctxt->server_user); + buffer_put_cstring(&b, + datafellows & SSH_BUG_PKSERVICE ? + "ssh-userauth" : + authctxt->service); + if (datafellows & SSH_BUG_PKAUTH) { + buffer_put_char(&b, have_sig); + } else { + buffer_put_cstring(&b, authctxt->method->name); + buffer_put_char(&b, have_sig); + buffer_put_cstring(&b, key_ssh_name(id->key)); + } + buffer_put_string(&b, blob, bloblen); + + /* generate signature */ + ret = identity_sign(id, &signature, &slen, + buffer_ptr(&b), buffer_len(&b), datafellows); + if (ret != 0) { + free(blob); + buffer_free(&b); + return 0; + } +#ifdef DEBUG_PK + buffer_dump(&b); +#endif + if (datafellows & SSH_BUG_PKSERVICE) { + buffer_clear(&b); + buffer_append(&b, session_id2, session_id2_len); + skip = session_id2_len; + buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); + buffer_put_cstring(&b, authctxt->server_user); + buffer_put_cstring(&b, authctxt->service); + buffer_put_cstring(&b, authctxt->method->name); + buffer_put_char(&b, have_sig); + if (!(datafellows & SSH_BUG_PKAUTH)) + buffer_put_cstring(&b, key_ssh_name(id->key)); + buffer_put_string(&b, blob, bloblen); + } + free(blob); + + /* append signature */ + buffer_put_string(&b, signature, slen); + free(signature); + + /* skip session id and packet type */ + if (buffer_len(&b) < skip + 1) + fatal("userauth_pubkey: internal error"); + buffer_consume(&b, skip + 1); + + /* put remaining data from buffer into packet */ + packet_start(SSH2_MSG_USERAUTH_REQUEST); + packet_put_raw(buffer_ptr(&b), buffer_len(&b)); + buffer_free(&b); + packet_send(); + + return 1; +} + +static int +send_pubkey_test(Authctxt *authctxt, Identity *id) +{ + u_char *blob; + u_int bloblen, have_sig = 0; + + debug3("send_pubkey_test"); + + if (key_to_blob(id->key, &blob, &bloblen) == 0) { + /* we cannot handle this key */ + debug3("send_pubkey_test: cannot handle key"); + return 0; + } + /* register callback for USERAUTH_PK_OK message */ + dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok); + + packet_start(SSH2_MSG_USERAUTH_REQUEST); + packet_put_cstring(authctxt->server_user); + packet_put_cstring(authctxt->service); + packet_put_cstring(authctxt->method->name); + packet_put_char(have_sig); + if (!(datafellows & SSH_BUG_PKAUTH)) + packet_put_cstring(key_ssh_name(id->key)); + packet_put_string(blob, bloblen); + free(blob); + packet_send(); + return 1; +} + +static Key * +load_identity_file(char *filename, int userprovided) +{ + Key *private; + char prompt[300], *passphrase; + int r, perm_ok = 0, quit = 0, i; + struct stat st; + + if (stat(filename, &st) < 0) { + (userprovided ? logit : debug3)("no such identity: %s: %s", + filename, strerror(errno)); + return NULL; + } + snprintf(prompt, sizeof prompt, + "Enter passphrase for key '%.100s': ", filename); + for (i = 0; i <= options.number_of_password_prompts; i++) { + if (i == 0) + passphrase = ""; + else { + passphrase = read_passphrase(prompt, 0); + if (*passphrase == '\0') { + debug2("no passphrase given, try next key"); + free(passphrase); + break; + } + } + switch ((r = sshkey_load_private_type(KEY_UNSPEC, filename, + passphrase, &private, NULL, &perm_ok))) { + case 0: + break; + case SSH_ERR_KEY_WRONG_PASSPHRASE: + if (options.batch_mode) { + quit = 1; + break; + } + if (i != 0) + debug2("bad passphrase given, try again..."); + break; + case SSH_ERR_SYSTEM_ERROR: + if (errno == ENOENT) { + debug2("Load key \"%s\": %s", + filename, ssh_err(r)); + quit = 1; + break; + } + /* FALLTHROUGH */ + default: + ssh_error("Load key \"%s\": %s", filename, ssh_err(r)); + quit = 1; + break; + } + if (i > 0) { + explicit_bzero(passphrase, strlen(passphrase)); + free(passphrase); + } + if (private != NULL || quit) + break; + } + return private; +} + +/* + * try keys in the following order: + * 1. agent keys that are found in the config file + * 2. other agent keys + * 3. keys that are only listed in the config file + */ +static void +pubkey_prepare(Authctxt *authctxt) +{ + struct identity *id, *id2, *tmp; + struct idlist agent, files, *preferred; + struct sshkey *key; + int agent_fd, i, r, found; + size_t j; + struct ssh_identitylist *idlist; + + TAILQ_INIT(&agent); /* keys from the agent */ + TAILQ_INIT(&files); /* keys from the config file */ + preferred = &authctxt->keys; + TAILQ_INIT(preferred); /* preferred order of keys */ + + /* list of keys stored in the filesystem and PKCS#11 */ + for (i = 0; i < options.num_identity_files; i++) { + key = options.identity_keys[i]; + if (key && key->type == KEY_RSA1) + continue; + if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) + continue; + options.identity_keys[i] = NULL; + id = xcalloc(1, sizeof(*id)); + id->key = key; + id->filename = xstrdup(options.identity_files[i]); + id->userprovided = options.identity_file_userprovided[i]; + TAILQ_INSERT_TAIL(&files, id, next); + } + /* Prefer PKCS11 keys that are explicitly listed */ + TAILQ_FOREACH_SAFE(id, &files, next, tmp) { + if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0) + continue; + found = 0; + TAILQ_FOREACH(id2, &files, next) { + if (id2->key == NULL || + (id2->key->flags & SSHKEY_FLAG_EXT) == 0) + continue; + if (sshkey_equal(id->key, id2->key)) { + TAILQ_REMOVE(&files, id, next); + TAILQ_INSERT_TAIL(preferred, id, next); + found = 1; + break; + } + } + /* If IdentitiesOnly set and key not found then don't use it */ + if (!found && options.identities_only) { + TAILQ_REMOVE(&files, id, next); + explicit_bzero(id, sizeof(*id)); + free(id); + } + } + /* list of keys supported by the agent */ + if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { + if (r != SSH_ERR_AGENT_NOT_PRESENT) + debug("%s: ssh_get_authentication_socket: %s", + __func__, ssh_err(r)); + } else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) { + if (r != SSH_ERR_AGENT_NO_IDENTITIES) + debug("%s: ssh_fetch_identitylist: %s", + __func__, ssh_err(r)); + } else { + for (j = 0; j < idlist->nkeys; j++) { + found = 0; + TAILQ_FOREACH(id, &files, next) { + /* + * agent keys from the config file are + * preferred + */ + if (sshkey_equal(idlist->keys[j], id->key)) { + TAILQ_REMOVE(&files, id, next); + TAILQ_INSERT_TAIL(preferred, id, next); + id->agent_fd = agent_fd; + found = 1; + break; + } + } + if (!found && !options.identities_only) { + id = xcalloc(1, sizeof(*id)); + /* XXX "steals" key/comment from idlist */ + id->key = idlist->keys[j]; + id->filename = idlist->comments[j]; + idlist->keys[j] = NULL; + idlist->comments[j] = NULL; + id->agent_fd = agent_fd; + TAILQ_INSERT_TAIL(&agent, id, next); + } + } + ssh_free_identitylist(idlist); + /* append remaining agent keys */ + for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) { + TAILQ_REMOVE(&agent, id, next); + TAILQ_INSERT_TAIL(preferred, id, next); + } + authctxt->agent_fd = agent_fd; + } + /* append remaining keys from the config file */ + for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) { + TAILQ_REMOVE(&files, id, next); + TAILQ_INSERT_TAIL(preferred, id, next); + } + TAILQ_FOREACH(id, preferred, next) { + debug2("key: %s (%p),%s", id->filename, id->key, + id->userprovided ? " explicit" : ""); + } +} + +static void +pubkey_cleanup(Authctxt *authctxt) +{ + Identity *id; + + if (authctxt->agent_fd != -1) + ssh_close_authentication_socket(authctxt->agent_fd); + for (id = TAILQ_FIRST(&authctxt->keys); id; + id = TAILQ_FIRST(&authctxt->keys)) { + TAILQ_REMOVE(&authctxt->keys, id, next); + if (id->key) + sshkey_free(id->key); + free(id->filename); + free(id); + } +} + +static int +try_identity(Identity *id) +{ + if (!id->key) + return (0); + if (match_pattern_list(sshkey_ssh_name(id->key), + options.pubkey_key_types, 0) != 1) { + debug("Skipping %s key %s for not in PubkeyAcceptedKeyTypes", + sshkey_ssh_name(id->key), id->filename); + return (0); + } + if (key_type_plain(id->key->type) == KEY_RSA && + (datafellows & SSH_BUG_RSASIGMD5) != 0) { + debug("Skipped %s key %s for RSA/MD5 server", + key_type(id->key), id->filename); + return (0); + } + return (id->key->type != KEY_RSA1); +} + +int +userauth_pubkey(Authctxt *authctxt) +{ + Identity *id; + int sent = 0; + + while ((id = TAILQ_FIRST(&authctxt->keys))) { + if (id->tried++) + return (0); + /* move key to the end of the queue */ + TAILQ_REMOVE(&authctxt->keys, id, next); + TAILQ_INSERT_TAIL(&authctxt->keys, id, next); + /* + * send a test message if we have the public key. for + * encrypted keys we cannot do this and have to load the + * private key instead + */ + if (id->key != NULL) { + if (try_identity(id)) { + debug("Offering %s public key: %s", + key_type(id->key), id->filename); + sent = send_pubkey_test(authctxt, id); + } + } else { + debug("Trying private key: %s", id->filename); + id->key = load_identity_file(id->filename, + id->userprovided); + if (id->key != NULL) { + if (try_identity(id)) { + id->isprivate = 1; + sent = sign_and_send_pubkey( + authctxt, id); + } + key_free(id->key); + id->key = NULL; + } + } + if (sent) + return (sent); + } + return (0); +} + +/* + * Send userauth request message specifying keyboard-interactive method. + */ +int +userauth_kbdint(Authctxt *authctxt) +{ + static int attempt = 0; + + if (attempt++ >= options.number_of_password_prompts) + return 0; + /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ + if (attempt > 1 && !authctxt->info_req_seen) { + debug3("userauth_kbdint: disable: no info_req_seen"); + dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); + return 0; + } + + debug2("userauth_kbdint"); + packet_start(SSH2_MSG_USERAUTH_REQUEST); + packet_put_cstring(authctxt->server_user); + packet_put_cstring(authctxt->service); + packet_put_cstring(authctxt->method->name); + packet_put_cstring(""); /* lang */ + packet_put_cstring(options.kbd_interactive_devices ? + options.kbd_interactive_devices : ""); + packet_send(); + + dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req); + return 1; +} + +/* + * parse INFO_REQUEST, prompt user and send INFO_RESPONSE + */ +int +input_userauth_info_req(int type, u_int32_t seq, void *ctxt) +{ + Authctxt *authctxt = ctxt; + char *name, *inst, *lang, *prompt, *response; + u_int num_prompts, i; + int echo = 0; + + debug2("input_userauth_info_req"); + + if (authctxt == NULL) + fatal("input_userauth_info_req: no authentication context"); + + authctxt->info_req_seen = 1; + + name = packet_get_string(NULL); + inst = packet_get_string(NULL); + lang = packet_get_string(NULL); + if (strlen(name) > 0) + logit("%s", name); + if (strlen(inst) > 0) + logit("%s", inst); + free(name); + free(inst); + free(lang); + + num_prompts = packet_get_int(); + /* + * Begin to build info response packet based on prompts requested. + * We commit to providing the correct number of responses, so if + * further on we run into a problem that prevents this, we have to + * be sure and clean this up and send a correct error response. + */ + packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE); + packet_put_int(num_prompts); + + debug2("input_userauth_info_req: num_prompts %d", num_prompts); + for (i = 0; i < num_prompts; i++) { + prompt = packet_get_string(NULL); + echo = packet_get_char(); + + response = read_passphrase(prompt, echo ? RP_ECHO : 0); + + packet_put_cstring(response); + explicit_bzero(response, strlen(response)); + free(response); + free(prompt); + } + packet_check_eom(); /* done with parsing incoming message. */ + + packet_add_padding(64); + packet_send(); + return 0; +} + +static int +ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen) +{ + struct sshbuf *b; + struct stat st; + pid_t pid; + int i, r, to[2], from[2], status, sock = packet_get_connection_in(); + u_char rversion = 0, version = 2; + void (*osigchld)(int); + + *sigp = NULL; + *lenp = 0; + + if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { + ssh_error("%s: not installed: %s", __func__, strerror(errno)); + return -1; + } + if (fflush(stdout) != 0) { + ssh_error("%s: fflush: %s", __func__, strerror(errno)); + return -1; + } + if (pipe(to) < 0) { + ssh_error("%s: pipe: %s", __func__, strerror(errno)); + return -1; + } + if (pipe(from) < 0) { + ssh_error("%s: pipe: %s", __func__, strerror(errno)); + return -1; + } + if ((pid = fork()) < 0) { + ssh_error("%s: fork: %s", __func__, strerror(errno)); + return -1; + } + osigchld = signal(SIGCHLD, SIG_DFL); + if (pid == 0) { + /* keep the socket on exec */ + fcntl(sock, F_SETFD, 0); + permanently_drop_suid(getuid()); + close(from[0]); + if (dup2(from[1], STDOUT_FILENO) < 0) + fatal("%s: dup2: %s", __func__, strerror(errno)); + close(to[1]); + if (dup2(to[0], STDIN_FILENO) < 0) + fatal("%s: dup2: %s", __func__, strerror(errno)); + close(from[1]); + close(to[0]); + /* Close everything but stdio and the socket */ + for (i = STDERR_FILENO + 1; i < sock; i++) + close(i); + closefrom(sock + 1); + debug3("%s: [child] pid=%ld, exec %s", + __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); + execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0); + fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN, + strerror(errno)); + } + close(from[1]); + close(to[0]); + + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + /* send # of sock, data to be signed */ + if ((r = sshbuf_put_u32(b, sock) != 0) || + (r = sshbuf_put_string(b, data, datalen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (ssh_msg_send(to[1], version, b) == -1) + fatal("%s: couldn't send request", __func__); + sshbuf_reset(b); + r = ssh_msg_recv(from[0], b); + close(from[0]); + close(to[1]); + if (r < 0) { + ssh_error("%s: no reply", __func__); + goto fail; + } + + errno = 0; + while (waitpid(pid, &status, 0) < 0) { + if (errno != EINTR) { + ssh_error("%s: waitpid %ld: %s", + __func__, (long)pid, strerror(errno)); + goto fail; + } + } + if (!WIFEXITED(status)) { + ssh_error("%s: exited abnormally", __func__); + goto fail; + } + if (WEXITSTATUS(status) != 0) { + ssh_error("%s: exited with status %d", + __func__, WEXITSTATUS(status)); + goto fail; + } + if ((r = sshbuf_get_u8(b, &rversion)) != 0) { + ssh_error("%s: buffer error: %s", __func__, ssh_err(r)); + goto fail; + } + if (rversion != version) { + ssh_error("%s: bad version", __func__); + goto fail; + } + if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) { + ssh_error("%s: buffer error: %s", __func__, ssh_err(r)); + fail: + signal(SIGCHLD, osigchld); + sshbuf_free(b); + return -1; + } + signal(SIGCHLD, osigchld); + sshbuf_free(b); + + return 0; +} + +#if 0 +int +userauth_hostbased(Authctxt *authctxt) +{ + struct ssh *ssh = active_state; + struct sshkey *private = NULL; + struct sshbuf *b = NULL; + const char *service; + u_char *sig = NULL, *keyblob = NULL; + char *fp = NULL, *chost = NULL, *lname = NULL; + size_t siglen = 0, keylen = 0; + int i, r, success = 0; + + if (authctxt->ktypes == NULL) { + authctxt->oktypes = xstrdup(options.hostbased_key_types); + authctxt->ktypes = authctxt->oktypes; + } + + /* + * Work through each listed type pattern in HostbasedKeyTypes, + * trying each hostkey that matches the type in turn. + */ + for (;;) { + if (authctxt->active_ktype == NULL) + authctxt->active_ktype = strsep(&authctxt->ktypes, ","); + if (authctxt->active_ktype == NULL || + *authctxt->active_ktype == '\0') + break; + debug3("%s: trying key type %s", __func__, + authctxt->active_ktype); + + /* check for a useful key */ + private = NULL; + for (i = 0; i < authctxt->sensitive->nkeys; i++) { + if (authctxt->sensitive->keys[i] == NULL || + authctxt->sensitive->keys[i]->type == KEY_RSA1 || + authctxt->sensitive->keys[i]->type == KEY_UNSPEC) + continue; + if (match_pattern_list( + sshkey_ssh_name(authctxt->sensitive->keys[i]), + authctxt->active_ktype, 0) != 1) + continue; + /* we take and free the key */ + private = authctxt->sensitive->keys[i]; + authctxt->sensitive->keys[i] = NULL; + break; + } + /* Found one */ + if (private != NULL) + break; + /* No more keys of this type; advance */ + authctxt->active_ktype = NULL; + } + if (private == NULL) { + free(authctxt->oktypes); + authctxt->oktypes = authctxt->ktypes = NULL; + authctxt->active_ktype = NULL; + debug("No more client hostkeys for hostbased authentication."); + goto out; + } + + if ((fp = sshkey_fingerprint(private, options.fingerprint_hash, + SSH_FP_DEFAULT)) == NULL) { + ssh_error("%s: sshkey_fingerprint failed", __func__); + goto out; + } + debug("%s: trying hostkey %s %s", + __func__, sshkey_ssh_name(private), fp); + + /* figure out a name for the client host */ + if ((lname = get_local_name(packet_get_connection_in())) == NULL) { + ssh_error("%s: cannot get local ipaddr/name", __func__); + goto out; + } + + /* XXX sshbuf_put_stringf? */ + xasprintf(&chost, "%s.", lname); + debug2("%s: chost %s", __func__, chost); + + service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : + authctxt->service; + + /* construct data */ + if ((b = sshbuf_new()) == NULL) { + ssh_error("%s: sshbuf_new failed", __func__); + goto out; + } + if ((r = sshkey_to_blob(private, &keyblob, &keylen)) != 0) { + ssh_error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); + goto out; + } + if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || + (r = sshbuf_put_cstring(b, service)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || + (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || + (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || + (r = sshbuf_put_cstring(b, chost)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->local_user)) != 0) { + ssh_error("%s: buffer error: %s", __func__, ssh_err(r)); + goto out; + } + +#ifdef DEBUG_PK + sshbuf_dump(b, stderr); +#endif + if (authctxt->sensitive->external_keysign) + r = ssh_keysign(private, &sig, &siglen, + sshbuf_ptr(b), sshbuf_len(b)); + else if ((r = sshkey_sign(private, &sig, &siglen, + sshbuf_ptr(b), sshbuf_len(b), datafellows)) != 0) + debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); + if (r != 0) { + ssh_error("sign using hostkey %s %s failed", + sshkey_ssh_name(private), fp); + goto out; + } + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || + (r = sshpkt_put_cstring(ssh, key_ssh_name(private))) != 0 || + (r = sshpkt_put_string(ssh, keyblob, keylen)) != 0 || + (r = sshpkt_put_cstring(ssh, chost)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 || + (r = sshpkt_put_string(ssh, sig, siglen)) != 0 || + (r = sshpkt_send(ssh)) != 0) { + ssh_error("%s: packet error: %s", __func__, ssh_err(r)); + goto out; + } + success = 1; + + out: + if (sig != NULL) { + explicit_bzero(sig, siglen); + free(sig); + } + free(keyblob); + free(lname); + free(fp); + free(chost); + sshkey_free(private); + sshbuf_free(b); + + return success; +} +#endif + +/* find auth method */ + +/* + * given auth method name, if configurable options permit this method fill + * in auth_ident field and return true, otherwise return false. + */ +static int +authmethod_is_enabled(Authmethod *method) +{ + if (method == NULL) + return 0; + /* return false if options indicate this method is disabled */ + if (method->enabled == NULL || *method->enabled == 0) + return 0; + /* return false if batch mode is enabled but method needs interactive mode */ + if (method->batch_flag != NULL && *method->batch_flag != 0) + return 0; + return 1; +} + +static Authmethod * +authmethod_lookup(const char *name) +{ + Authmethod *method = NULL; + if (name != NULL) + for (method = authmethods; method->name != NULL; method++) + if (strcmp(name, method->name) == 0) + return method; + debug2("Unrecognized authentication method name: %s", name ? name : "NULL"); + return NULL; +} + +/* XXX internal state */ +static Authmethod *current = NULL; +static char *supported = NULL; +static char *preferred = NULL; + +/* + * Given the authentication method list sent by the server, return the + * next method we should try. If the server initially sends a nil list, + * use a built-in default list. + */ +static Authmethod * +authmethod_get(char *authlist) +{ + char *name = NULL; + u_int next; + + /* Use a suitable default if we're passed a nil list. */ + if (authlist == NULL || strlen(authlist) == 0) + authlist = options.preferred_authentications; + + if (supported == NULL || strcmp(authlist, supported) != 0) { + debug3("start over, passed a different list %s", authlist); + free(supported); + supported = xstrdup(authlist); + preferred = options.preferred_authentications; + debug3("preferred %s", preferred); + current = NULL; + } else if (current != NULL && authmethod_is_enabled(current)) + return current; + + for (;;) { + if ((name = match_list(preferred, supported, &next)) == NULL) { + debug("No more authentication methods to try."); + current = NULL; + return NULL; + } + preferred += next; + debug3("authmethod_lookup %s", name); + debug3("remaining preferred: %s", preferred); + if ((current = authmethod_lookup(name)) != NULL && + authmethod_is_enabled(current)) { + debug3("authmethod_is_enabled %s", name); + debug("Next authentication method: %s", name); + free(name); + return current; + } + free(name); + } +} + +static char * +authmethods_get(void) +{ + Authmethod *method = NULL; + Buffer b; + char *list; + + buffer_init(&b); + for (method = authmethods; method->name != NULL; method++) { + if (authmethod_is_enabled(method)) { + if (buffer_len(&b) > 0) + buffer_append(&b, ",", 1); + buffer_append(&b, method->name, strlen(method->name)); + } + } + buffer_append(&b, "\0", 1); + list = xstrdup(buffer_ptr(&b)); + buffer_free(&b); + return list; +} + + +#endif diff --git a/include/DomainExec/opensshlib/ssherr.c b/include/DomainExec/opensshlib/ssherr.c new file mode 100644 index 00000000..4ca79399 --- /dev/null +++ b/include/DomainExec/opensshlib/ssherr.c @@ -0,0 +1,141 @@ +/* $OpenBSD: ssherr.c,v 1.4 2015/02/16 22:13:32 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include "ssherr.h" + +const char * +ssh_err(int n) +{ + switch (n) { + case SSH_ERR_SUCCESS: + return "success"; + case SSH_ERR_INTERNAL_ERROR: + return "unexpected internal error"; + case SSH_ERR_ALLOC_FAIL: + return "memory allocation failed"; + case SSH_ERR_MESSAGE_INCOMPLETE: + return "incomplete message"; + case SSH_ERR_INVALID_FORMAT: + return "invalid format"; + case SSH_ERR_BIGNUM_IS_NEGATIVE: + return "bignum is negative"; + case SSH_ERR_STRING_TOO_LARGE: + return "string is too large"; + case SSH_ERR_BIGNUM_TOO_LARGE: + return "bignum is too large"; + case SSH_ERR_ECPOINT_TOO_LARGE: + return "elliptic curve point is too large"; + case SSH_ERR_NO_BUFFER_SPACE: + return "insufficient buffer space"; + case SSH_ERR_INVALID_ARGUMENT: + return "invalid argument"; + case SSH_ERR_KEY_BITS_MISMATCH: + return "key bits do not match"; + case SSH_ERR_EC_CURVE_INVALID: + return "invalid elliptic curve"; + case SSH_ERR_KEY_TYPE_MISMATCH: + return "key type does not match"; + case SSH_ERR_KEY_TYPE_UNKNOWN: + return "unknown or unsupported key type"; + case SSH_ERR_EC_CURVE_MISMATCH: + return "elliptic curve does not match"; + case SSH_ERR_EXPECTED_CERT: + return "plain key provided where certificate required"; + case SSH_ERR_KEY_LACKS_CERTBLOB: + return "key lacks certificate data"; + case SSH_ERR_KEY_CERT_UNKNOWN_TYPE: + return "unknown/unsupported certificate type"; + case SSH_ERR_KEY_CERT_INVALID_SIGN_KEY: + return "invalid certificate signing key"; + case SSH_ERR_KEY_INVALID_EC_VALUE: + return "invalid elliptic curve value"; + case SSH_ERR_SIGNATURE_INVALID: + return "incorrect signature"; + case SSH_ERR_LIBCRYPTO_ERROR: + return "error in libcrypto"; /* XXX fetch and return */ + case SSH_ERR_UNEXPECTED_TRAILING_DATA: + return "unexpected bytes remain after decoding"; + case SSH_ERR_SYSTEM_ERROR: + return strerror(errno); + case SSH_ERR_KEY_CERT_INVALID: + return "invalid certificate"; + case SSH_ERR_AGENT_COMMUNICATION: + return "communication with agent failed"; + case SSH_ERR_AGENT_FAILURE: + return "agent refused operation"; + case SSH_ERR_DH_GEX_OUT_OF_RANGE: + return "DH GEX group out of range"; + case SSH_ERR_DISCONNECTED: + return "disconnected"; + case SSH_ERR_MAC_INVALID: + return "message authentication code incorrect"; + case SSH_ERR_NO_CIPHER_ALG_MATCH: + return "no matching cipher found"; + case SSH_ERR_NO_MAC_ALG_MATCH: + return "no matching MAC found"; + case SSH_ERR_NO_COMPRESS_ALG_MATCH: + return "no matching compression method found"; + case SSH_ERR_NO_KEX_ALG_MATCH: + return "no matching key exchange method found"; + case SSH_ERR_NO_HOSTKEY_ALG_MATCH: + return "no matching host key type found"; + case SSH_ERR_PROTOCOL_MISMATCH: + return "protocol version mismatch"; + case SSH_ERR_NO_PROTOCOL_VERSION: + return "could not read protocol version"; + case SSH_ERR_NO_HOSTKEY_LOADED: + return "could not load host key"; + case SSH_ERR_NEED_REKEY: + return "rekeying not supported by peer"; + case SSH_ERR_PASSPHRASE_TOO_SHORT: + return "passphrase is too short (minimum four characters)"; + case SSH_ERR_FILE_CHANGED: + return "file changed while reading"; + case SSH_ERR_KEY_UNKNOWN_CIPHER: + return "key encrypted using unsupported cipher"; + case SSH_ERR_KEY_WRONG_PASSPHRASE: + return "incorrect passphrase supplied to decrypt private key"; + case SSH_ERR_KEY_BAD_PERMISSIONS: + return "bad permissions"; + case SSH_ERR_KEY_CERT_MISMATCH: + return "certificate does not match key"; + case SSH_ERR_KEY_NOT_FOUND: + return "key not found"; + case SSH_ERR_AGENT_NOT_PRESENT: + return "agent not present"; + case SSH_ERR_AGENT_NO_IDENTITIES: + return "agent contains no identities"; + case SSH_ERR_BUFFER_READ_ONLY: + return "internal error: buffer is read-only"; + case SSH_ERR_KRL_BAD_MAGIC: + return "KRL file has invalid magic number"; + case SSH_ERR_KEY_REVOKED: + return "Key is revoked"; + case SSH_ERR_CONN_CLOSED: + return "Connection closed"; + case SSH_ERR_CONN_TIMEOUT: + return "Connection timed out"; + case SSH_ERR_CONN_CORRUPT: + return "Connection corrupted"; + case SSH_ERR_PROTOCOL_ERROR: + return "Protocol error"; + default: + return "unknown error"; + } +} diff --git a/include/DomainExec/opensshlib/ssherr.h b/include/DomainExec/opensshlib/ssherr.h new file mode 100644 index 00000000..6f771b4b --- /dev/null +++ b/include/DomainExec/opensshlib/ssherr.h @@ -0,0 +1,84 @@ +/* $OpenBSD: ssherr.h,v 1.3 2015/01/30 01:13:33 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _SSHERR_H +#define _SSHERR_H + +/* XXX are these too granular? not granular enough? I can't decide - djm */ + +/* Error codes */ +#define SSH_ERR_SUCCESS 0 +#define SSH_ERR_INTERNAL_ERROR -1 +#define SSH_ERR_ALLOC_FAIL -2 +#define SSH_ERR_MESSAGE_INCOMPLETE -3 +#define SSH_ERR_INVALID_FORMAT -4 +#define SSH_ERR_BIGNUM_IS_NEGATIVE -5 +#define SSH_ERR_STRING_TOO_LARGE -6 +#define SSH_ERR_BIGNUM_TOO_LARGE -7 +#define SSH_ERR_ECPOINT_TOO_LARGE -8 +#define SSH_ERR_NO_BUFFER_SPACE -9 +#define SSH_ERR_INVALID_ARGUMENT -10 +#define SSH_ERR_KEY_BITS_MISMATCH -11 +#define SSH_ERR_EC_CURVE_INVALID -12 +#define SSH_ERR_KEY_TYPE_MISMATCH -13 +#define SSH_ERR_KEY_TYPE_UNKNOWN -14 /* XXX UNSUPPORTED? */ +#define SSH_ERR_EC_CURVE_MISMATCH -15 +#define SSH_ERR_EXPECTED_CERT -16 +#define SSH_ERR_KEY_LACKS_CERTBLOB -17 +#define SSH_ERR_KEY_CERT_UNKNOWN_TYPE -18 +#define SSH_ERR_KEY_CERT_INVALID_SIGN_KEY -19 +#define SSH_ERR_KEY_INVALID_EC_VALUE -20 +#define SSH_ERR_SIGNATURE_INVALID -21 +#define SSH_ERR_LIBCRYPTO_ERROR -22 +#define SSH_ERR_UNEXPECTED_TRAILING_DATA -23 +#define SSH_ERR_SYSTEM_ERROR -24 +#define SSH_ERR_KEY_CERT_INVALID -25 +#define SSH_ERR_AGENT_COMMUNICATION -26 +#define SSH_ERR_AGENT_FAILURE -27 +#define SSH_ERR_DH_GEX_OUT_OF_RANGE -28 +#define SSH_ERR_DISCONNECTED -29 +#define SSH_ERR_MAC_INVALID -30 +#define SSH_ERR_NO_CIPHER_ALG_MATCH -31 +#define SSH_ERR_NO_MAC_ALG_MATCH -32 +#define SSH_ERR_NO_COMPRESS_ALG_MATCH -33 +#define SSH_ERR_NO_KEX_ALG_MATCH -34 +#define SSH_ERR_NO_HOSTKEY_ALG_MATCH -35 +#define SSH_ERR_NO_HOSTKEY_LOADED -36 +#define SSH_ERR_PROTOCOL_MISMATCH -37 +#define SSH_ERR_NO_PROTOCOL_VERSION -38 +#define SSH_ERR_NEED_REKEY -39 +#define SSH_ERR_PASSPHRASE_TOO_SHORT -40 +#define SSH_ERR_FILE_CHANGED -41 +#define SSH_ERR_KEY_UNKNOWN_CIPHER -42 +#define SSH_ERR_KEY_WRONG_PASSPHRASE -43 +#define SSH_ERR_KEY_BAD_PERMISSIONS -44 +#define SSH_ERR_KEY_CERT_MISMATCH -45 +#define SSH_ERR_KEY_NOT_FOUND -46 +#define SSH_ERR_AGENT_NOT_PRESENT -47 +#define SSH_ERR_AGENT_NO_IDENTITIES -48 +#define SSH_ERR_BUFFER_READ_ONLY -49 +#define SSH_ERR_KRL_BAD_MAGIC -50 +#define SSH_ERR_KEY_REVOKED -51 +#define SSH_ERR_CONN_CLOSED -52 +#define SSH_ERR_CONN_TIMEOUT -53 +#define SSH_ERR_CONN_CORRUPT -54 +#define SSH_ERR_PROTOCOL_ERROR -55 + +/* Translate a numeric error code to a human-readable error string */ +const char *ssh_err(int n); + +#endif /* _SSHERR_H */ diff --git a/include/DomainExec/opensshlib/sshkey.c b/include/DomainExec/opensshlib/sshkey.c new file mode 100644 index 00000000..ee619491 --- /dev/null +++ b/include/DomainExec/opensshlib/sshkey.c @@ -0,0 +1,4013 @@ +/* $OpenBSD: sshkey.c,v 1.21 2015/08/19 23:19:01 djm Exp $ */ +/* + * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2008 Alexander von Gernler. All rights reserved. + * Copyright (c) 2010,2011 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifndef WIN32 +#include /* MIN MAX */ +#include +#include +#endif + + +#ifdef WITH_OPENSSL +#include +#include +#include +#endif + +#include "crypto_api.h" + +#include +#include +#include +#include +#ifndef WIN32 +#include +#endif +#ifdef HAVE_UTIL_H +#include +#endif /* HAVE_UTIL_H */ + +#include "openbsd-compat.h" + +#include "ssh2.h" +#include "ssherr.h" +#include "misc.h" +#include "sshbuf.h" +#include "rsa.h" +#include "cipher.h" +#include "digest.h" +#define SSHKEY_INTERNAL +#include "sshkey.h" +#include "match.h" + +/* openssh private key file format */ +#define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n" +#define MARK_END "-----END OPENSSH PRIVATE KEY-----\n" +#define MARK_BEGIN_LEN (sizeof(MARK_BEGIN) - 1) +#define MARK_END_LEN (sizeof(MARK_END) - 1) +#define KDFNAME "bcrypt" +#define AUTH_MAGIC "openssh-key-v1" +#define SALT_LEN 16 +#define DEFAULT_CIPHERNAME "aes256-cbc" +#define DEFAULT_ROUNDS 16 + +/* Version identification string for SSH v1 identity files. */ +#define LEGACY_BEGIN "SSH PRIVATE KEY FILE FORMAT 1.1\n" + +static int sshkey_from_blob_internal(struct sshbuf *buf, + struct sshkey **keyp, int allow_cert); + +/* Supported key types */ +struct keytype { + const char *name; + const char *shortname; + int type; + int nid; + int cert; +}; +static const struct keytype keytypes[] = { + { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, + { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", + KEY_ED25519_CERT, 0, 1 }, +#ifdef WITH_OPENSSL + { NULL, "RSA1", KEY_RSA1, 0, 0 }, + { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, + { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, +# ifdef OPENSSL_HAS_ECC + { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, + { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, +# ifdef OPENSSL_HAS_NISTP521 + { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, +# endif /* OPENSSL_HAS_NISTP521 */ +# endif /* OPENSSL_HAS_ECC */ + { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 }, + { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 }, +# ifdef OPENSSL_HAS_ECC + { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", + KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 }, + { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", + KEY_ECDSA_CERT, NID_secp384r1, 1 }, +# ifdef OPENSSL_HAS_NISTP521 + { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", + KEY_ECDSA_CERT, NID_secp521r1, 1 }, +# endif /* OPENSSL_HAS_NISTP521 */ +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + { NULL, NULL, -1, -1, 0 } +}; + +const char * +sshkey_type(const struct sshkey *k) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->type == k->type) + return kt->shortname; + } + return "unknown"; +} + +static const char * +sshkey_ssh_name_from_type_nid(int type, int nid) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->type == type && (kt->nid == 0 || kt->nid == nid)) + return kt->name; + } + return "ssh-unknown"; +} + +int +sshkey_type_is_cert(int type) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->type == type) + return kt->cert; + } + return 0; +} + +const char * +sshkey_ssh_name(const struct sshkey *k) +{ + return sshkey_ssh_name_from_type_nid(k->type, k->ecdsa_nid); +} + +const char * +sshkey_ssh_name_plain(const struct sshkey *k) +{ + return sshkey_ssh_name_from_type_nid(sshkey_type_plain(k->type), + k->ecdsa_nid); +} + +int +sshkey_type_from_name(const char *name) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + /* Only allow shortname matches for plain key types */ + if ((kt->name != NULL && strcmp(name, kt->name) == 0) || +#ifndef WIN32 + (!kt->cert && strcasecmp(kt->shortname, name) == 0)) +#else + (!kt->cert && stricmp(kt->shortname, name) == 0)) +#endif + return kt->type; + } + return KEY_UNSPEC; +} + +int +sshkey_ecdsa_nid_from_name(const char *name) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT) + continue; + if (kt->name != NULL && strcmp(name, kt->name) == 0) + return kt->nid; + } + return -1; +} + +char * +key_alg_list(int certs_only, int plain_only) +{ + char *tmp, *ret = NULL; + size_t nlen, rlen = 0; + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->name == NULL) + continue; + if ((certs_only && !kt->cert) || (plain_only && kt->cert)) + continue; + if (ret != NULL) + ret[rlen++] = '\n'; + nlen = strlen(kt->name); + if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { + free(ret); + return NULL; + } + ret = tmp; + memcpy(ret + rlen, kt->name, nlen + 1); + rlen += nlen; + } + return ret; +} + +int +sshkey_names_valid2(const char *names, int allow_wildcard) +{ + char *s, *cp, *p; + const struct keytype *kt; + int type; + + if (names == NULL || strcmp(names, "") == 0) + return 0; + if ((s = cp = strdup(names)) == NULL) + return 0; + for ((p = strsep(&cp, ",")); p && *p != '\0'; + (p = strsep(&cp, ","))) { + type = sshkey_type_from_name(p); + if (type == KEY_RSA1) { + free(s); + return 0; + } + if (type == KEY_UNSPEC) { + if (allow_wildcard) { + /* + * Try matching key types against the string. + * If any has a positive or negative match then + * the component is accepted. + */ + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->type == KEY_RSA1) + continue; + if (match_pattern_list(kt->name, + p, 0) != 0) + break; + } + if (kt->type != -1) + continue; + } + free(s); + return 0; + } + } + free(s); + return 1; +} + +u_int +sshkey_size(const struct sshkey *k) +{ + const BIGNUM *n; + + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + case KEY_RSA: + case KEY_RSA_CERT: + RSA_get0_key(k->rsa, &n, NULL, NULL); + return BN_num_bits(n); + case KEY_DSA: + case KEY_DSA_CERT: + DSA_get0_key(k->dsa, &n, NULL); + return BN_num_bits(n); + case KEY_ECDSA: + case KEY_ECDSA_CERT: + return sshkey_curve_nid_to_bits(k->ecdsa_nid); +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + return 256; /* XXX */ + } + return 0; +} + +static int +sshkey_type_is_valid_ca(int type) +{ + switch (type) { + case KEY_RSA: + case KEY_DSA: + case KEY_ECDSA: + case KEY_ED25519: + return 1; + default: + return 0; + } +} + +int +sshkey_is_cert(const struct sshkey *k) +{ + if (k == NULL) + return 0; + return sshkey_type_is_cert(k->type); +} + +/* Return the cert-less equivalent to a certified key type */ +int +sshkey_type_plain(int type) +{ + switch (type) { + case KEY_RSA_CERT: + return KEY_RSA; + case KEY_DSA_CERT: + return KEY_DSA; + case KEY_ECDSA_CERT: + return KEY_ECDSA; + case KEY_ED25519_CERT: + return KEY_ED25519; + default: + return type; + } +} + +#ifdef WITH_OPENSSL +/* XXX: these are really begging for a table-driven approach */ +int +sshkey_curve_name_to_nid(const char *name) +{ + if (strcmp(name, "nistp256") == 0) + return NID_X9_62_prime256v1; + else if (strcmp(name, "nistp384") == 0) + return NID_secp384r1; +# ifdef OPENSSL_HAS_NISTP521 + else if (strcmp(name, "nistp521") == 0) + return NID_secp521r1; +# endif /* OPENSSL_HAS_NISTP521 */ + else + return -1; +} + +u_int +sshkey_curve_nid_to_bits(int nid) +{ + switch (nid) { + case NID_X9_62_prime256v1: + return 256; + case NID_secp384r1: + return 384; +# ifdef OPENSSL_HAS_NISTP521 + case NID_secp521r1: + return 521; +# endif /* OPENSSL_HAS_NISTP521 */ + default: + return 0; + } +} + +int +sshkey_ecdsa_bits_to_nid(int bits) +{ + switch (bits) { + case 256: + return NID_X9_62_prime256v1; + case 384: + return NID_secp384r1; +# ifdef OPENSSL_HAS_NISTP521 + case 521: + return NID_secp521r1; +# endif /* OPENSSL_HAS_NISTP521 */ + default: + return -1; + } +} + +const char * +sshkey_curve_nid_to_name(int nid) +{ + switch (nid) { + case NID_X9_62_prime256v1: + return "nistp256"; + case NID_secp384r1: + return "nistp384"; +# ifdef OPENSSL_HAS_NISTP521 + case NID_secp521r1: + return "nistp521"; +# endif /* OPENSSL_HAS_NISTP521 */ + default: + return NULL; + } +} + +int +sshkey_ec_nid_to_hash_alg(int nid) +{ + int kbits = sshkey_curve_nid_to_bits(nid); + + if (kbits <= 0) + return -1; + + /* RFC5656 section 6.2.1 */ + if (kbits <= 256) + return SSH_DIGEST_SHA256; + else if (kbits <= 384) + return SSH_DIGEST_SHA384; + else + return SSH_DIGEST_SHA512; +} +#endif /* WITH_OPENSSL */ + +static void +cert_free(struct sshkey_cert *cert) +{ + u_int i; + + if (cert == NULL) + return; + if (cert->certblob != NULL) + sshbuf_free(cert->certblob); + if (cert->critical != NULL) + sshbuf_free(cert->critical); + if (cert->extensions != NULL) + sshbuf_free(cert->extensions); + if (cert->key_id != NULL) + free(cert->key_id); + for (i = 0; i < cert->nprincipals; i++) + free(cert->principals[i]); + if (cert->principals != NULL) + free(cert->principals); + if (cert->signature_key != NULL) + sshkey_free(cert->signature_key); + explicit_bzero(cert, sizeof(*cert)); + free(cert); +} + +static struct sshkey_cert * +cert_new(void) +{ + struct sshkey_cert *cert; + + if ((cert = calloc(1, sizeof(*cert))) == NULL) + return NULL; + if ((cert->certblob = sshbuf_new()) == NULL || + (cert->critical = sshbuf_new()) == NULL || + (cert->extensions = sshbuf_new()) == NULL) { + cert_free(cert); + return NULL; + } + cert->key_id = NULL; + cert->principals = NULL; + cert->signature_key = NULL; + return cert; +} + +struct sshkey * +sshkey_new(int type) +{ + struct sshkey *k; +#ifdef WITH_OPENSSL + RSA *rsa; + DSA *dsa; + BIGNUM *n, *e, *p, *q, *g, *pub_key; +#endif /* WITH_OPENSSL */ + + if ((k = calloc(1, sizeof(*k))) == NULL) + return NULL; + k->type = type; + k->ecdsa = NULL; + k->ecdsa_nid = -1; + k->dsa = NULL; + k->rsa = NULL; + k->cert = NULL; + k->ed25519_sk = NULL; + k->ed25519_pk = NULL; + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + case KEY_RSA: + case KEY_RSA_CERT: + + if ((rsa = RSA_new()) == NULL || + (n = BN_new()) == NULL || + (e = BN_new()) == NULL || + RSA_set0_key(rsa, n, e, NULL) == 0) { + if (rsa != NULL) + RSA_free(rsa); + free(k); + return NULL; + } + k->rsa = rsa; + break; + case KEY_DSA: + case KEY_DSA_CERT: + if ((dsa = DSA_new()) == NULL || + (p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (g = BN_new()) == NULL || + (pub_key = BN_new()) == NULL || + DSA_set0_pqg(dsa, p, q, g) == 0 || + DSA_set0_key(dsa, pub_key, NULL) == 0) { + if (dsa != NULL) + DSA_free(dsa); + free(k); + return NULL; + } + k->dsa = dsa; + break; + case KEY_ECDSA: + case KEY_ECDSA_CERT: + /* Cannot do anything until we know the group */ + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + /* no need to prealloc */ + break; + case KEY_UNSPEC: + break; + default: + free(k); + return NULL; + break; + } + + if (sshkey_is_cert(k)) { + if ((k->cert = cert_new()) == NULL) { + sshkey_free(k); + return NULL; + } + } + + return k; +} + +int +sshkey_add_private(struct sshkey *k) +{ + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + case KEY_RSA: + case KEY_RSA_CERT: + if (RSA_set0_key(k->rsa, NULL, NULL, BN_new()) == 0 || + RSA_set0_factors(k->rsa, BN_new(), BN_new()) == 0 || + RSA_set0_crt_params(k->rsa, BN_new(), BN_new(), BN_new()) == 0) + return SSH_ERR_ALLOC_FAIL; + break; + case KEY_DSA: + case KEY_DSA_CERT: + if (DSA_set0_key(k->dsa, NULL, BN_new()) == 0) + return SSH_ERR_ALLOC_FAIL; + break; + case KEY_ECDSA: + case KEY_ECDSA_CERT: + /* Cannot do anything until we know the group */ + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + /* no need to prealloc */ + break; + case KEY_UNSPEC: + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } + return 0; +} + +struct sshkey * +sshkey_new_private(int type) +{ + struct sshkey *k = sshkey_new(type); + + if (k == NULL) + return NULL; + if (sshkey_add_private(k) != 0) { + sshkey_free(k); + return NULL; + } + return k; +} + +void +sshkey_free(struct sshkey *k) +{ + if (k == NULL) + return; + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + case KEY_RSA: + case KEY_RSA_CERT: + if (k->rsa != NULL) + RSA_free(k->rsa); + k->rsa = NULL; + break; + case KEY_DSA: + case KEY_DSA_CERT: + if (k->dsa != NULL) + DSA_free(k->dsa); + k->dsa = NULL; + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + case KEY_ECDSA_CERT: + if (k->ecdsa != NULL) + EC_KEY_free(k->ecdsa); + k->ecdsa = NULL; + break; +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + if (k->ed25519_pk) { + explicit_bzero(k->ed25519_pk, ED25519_PK_SZ); + free(k->ed25519_pk); + k->ed25519_pk = NULL; + } + if (k->ed25519_sk) { + explicit_bzero(k->ed25519_sk, ED25519_SK_SZ); + free(k->ed25519_sk); + k->ed25519_sk = NULL; + } + break; + case KEY_UNSPEC: + break; + default: + break; + } + if (sshkey_is_cert(k)) + cert_free(k->cert); + explicit_bzero(k, sizeof(*k)); + free(k); +} + +static int +cert_compare(struct sshkey_cert *a, struct sshkey_cert *b) +{ + if (a == NULL && b == NULL) + return 1; + if (a == NULL || b == NULL) + return 0; + if (sshbuf_len(a->certblob) != sshbuf_len(b->certblob)) + return 0; + if (timingsafe_bcmp(sshbuf_ptr(a->certblob), sshbuf_ptr(b->certblob), + sshbuf_len(a->certblob)) != 0) + return 0; + return 1; +} + +/* + * Compare public portions of key only, allowing comparisons between + * certificates and plain keys too. + */ +int +sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) +{ +#ifdef WITH_OPENSSL + const BIGNUM *an, *ae; + const BIGNUM *bn, *be; + const BIGNUM *ap, *aq, *ag, *a_pub_key; + const BIGNUM *bp, *bq, *bg, *b_pub_key; +#endif +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + BN_CTX *bnctx; +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ + + if (a == NULL || b == NULL || + sshkey_type_plain(a->type) != sshkey_type_plain(b->type)) + return 0; + + switch (a->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + case KEY_RSA_CERT: + case KEY_RSA: + RSA_get0_key(a->rsa, &an, &ae, NULL); + RSA_get0_key(b->rsa, &bn, &be, NULL); + return a->rsa != NULL && b->rsa != NULL && + BN_cmp(ae, be) == 0 && + BN_cmp(an, bn) == 0; + case KEY_DSA_CERT: + case KEY_DSA: + DSA_get0_pqg(a->dsa, &ap, &aq, &ag); + DSA_get0_pqg(b->dsa, &bp, &bq, &bg); + DSA_get0_key(a->dsa, &a_pub_key, NULL); + DSA_get0_key(b->dsa, &b_pub_key, NULL); + return a->dsa != NULL && b->dsa != NULL && + BN_cmp(ap, bp) == 0 && + BN_cmp(aq, bq) == 0 && + BN_cmp(ag, bg) == 0 && + BN_cmp(a_pub_key, b_pub_key) == 0; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_CERT: + case KEY_ECDSA: + if (a->ecdsa == NULL || b->ecdsa == NULL || + EC_KEY_get0_public_key(a->ecdsa) == NULL || + EC_KEY_get0_public_key(b->ecdsa) == NULL) + return 0; + if ((bnctx = BN_CTX_new()) == NULL) + return 0; + if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa), + EC_KEY_get0_group(b->ecdsa), bnctx) != 0 || + EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa), + EC_KEY_get0_public_key(a->ecdsa), + EC_KEY_get0_public_key(b->ecdsa), bnctx) != 0) { + BN_CTX_free(bnctx); + return 0; + } + BN_CTX_free(bnctx); + return 1; +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + return a->ed25519_pk != NULL && b->ed25519_pk != NULL && + memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0; + default: + return 0; + } + /* NOTREACHED */ +} + +int +sshkey_equal(const struct sshkey *a, const struct sshkey *b) +{ + if (a == NULL || b == NULL || a->type != b->type) + return 0; + if (sshkey_is_cert(a)) { + if (!cert_compare(a->cert, b->cert)) + return 0; + } + return sshkey_equal_public(a, b); +} + +static int +to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain) +{ + int type, ret = SSH_ERR_INTERNAL_ERROR; + const char *typename; +#ifdef WITH_OPENSSL + const BIGNUM *p, *q, *g, *pub_key; + const BIGNUM *n, *e; +#endif + + if (key == NULL) + return SSH_ERR_INVALID_ARGUMENT; + + if (sshkey_is_cert(key)) { + if (key->cert == NULL) + return SSH_ERR_EXPECTED_CERT; + if (sshbuf_len(key->cert->certblob) == 0) + return SSH_ERR_KEY_LACKS_CERTBLOB; + } + type = force_plain ? sshkey_type_plain(key->type) : key->type; + typename = sshkey_ssh_name_from_type_nid(type, key->ecdsa_nid); + + switch (type) { +#ifdef WITH_OPENSSL + case KEY_DSA_CERT: + case KEY_ECDSA_CERT: + case KEY_RSA_CERT: +#endif /* WITH_OPENSSL */ + case KEY_ED25519_CERT: + /* Use the existing blob */ + /* XXX modified flag? */ + if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0) + return ret; + break; +#ifdef WITH_OPENSSL + case KEY_DSA: + DSA_get0_pqg(key->dsa, &p, &q, &g); + DSA_get0_key(key->dsa, &pub_key, NULL); + if (key->dsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((ret = sshbuf_put_cstring(b, typename)) != 0 || + (ret = sshbuf_put_bignum2(b, p)) != 0 || + (ret = sshbuf_put_bignum2(b, q)) != 0 || + (ret = sshbuf_put_bignum2(b, g)) != 0 || + (ret = sshbuf_put_bignum2(b, pub_key)) != 0) + return ret; + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + if (key->ecdsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((ret = sshbuf_put_cstring(b, typename)) != 0 || + (ret = sshbuf_put_cstring(b, + sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || + (ret = sshbuf_put_eckey(b, key->ecdsa)) != 0) + return ret; + break; +# endif + case KEY_RSA: + if (key->rsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + RSA_get0_key(key->rsa, &n, &e, NULL); + if ((ret = sshbuf_put_cstring(b, typename)) != 0 || + (ret = sshbuf_put_bignum2(b, e)) != 0 || + (ret = sshbuf_put_bignum2(b, n)) != 0) + return ret; + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + if (key->ed25519_pk == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((ret = sshbuf_put_cstring(b, typename)) != 0 || + (ret = sshbuf_put_string(b, + key->ed25519_pk, ED25519_PK_SZ)) != 0) + return ret; + break; + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } + return 0; +} + +int +sshkey_putb(const struct sshkey *key, struct sshbuf *b) +{ + return to_blob_buf(key, b, 0); +} + +int +sshkey_puts(const struct sshkey *key, struct sshbuf *b) +{ + struct sshbuf *tmp; + int r; + + if ((tmp = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + r = to_blob_buf(key, tmp, 0); + if (r == 0) + r = sshbuf_put_stringb(b, tmp); + sshbuf_free(tmp); + return r; +} + +int +sshkey_putb_plain(const struct sshkey *key, struct sshbuf *b) +{ + return to_blob_buf(key, b, 1); +} + +static int +to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp, int force_plain) +{ + int ret = SSH_ERR_INTERNAL_ERROR; + size_t len; + struct sshbuf *b = NULL; + + if (lenp != NULL) + *lenp = 0; + if (blobp != NULL) + *blobp = NULL; + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((ret = to_blob_buf(key, b, force_plain)) != 0) + goto out; + len = sshbuf_len(b); + if (lenp != NULL) + *lenp = len; + if (blobp != NULL) { + if ((*blobp = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*blobp, sshbuf_ptr(b), len); + } + ret = 0; + out: + sshbuf_free(b); + return ret; +} + +int +sshkey_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp) +{ + return to_blob(key, blobp, lenp, 0); +} + +int +sshkey_plain_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp) +{ + return to_blob(key, blobp, lenp, 1); +} + +int +sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, + u_char **retp, size_t *lenp) +{ + u_char *blob = NULL, *ret = NULL; + size_t blob_len = 0; + int r = SSH_ERR_INTERNAL_ERROR; +#ifdef WITH_OPENSSL + const BIGNUM *n, *e; +#endif + + if (retp != NULL) + *retp = NULL; + if (lenp != NULL) + *lenp = 0; + if (ssh_digest_bytes(dgst_alg) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + + if (k->type == KEY_RSA1) { +#ifdef WITH_OPENSSL + RSA_get0_key(k->rsa, &n, &e, NULL); + int nlen = BN_num_bytes(n); + int elen = BN_num_bytes(e); + + blob_len = nlen + elen; + if (nlen >= INT_MAX - elen || + (blob = malloc(blob_len)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + BN_bn2bin(n, blob); + BN_bn2bin(e, blob + nlen); +#endif /* WITH_OPENSSL */ + } else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) + goto out; + if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = ssh_digest_memory(dgst_alg, blob, blob_len, + ret, SSH_DIGEST_MAX_LENGTH)) != 0) + goto out; + /* success */ + if (retp != NULL) { + *retp = ret; + ret = NULL; + } + if (lenp != NULL) + *lenp = ssh_digest_bytes(dgst_alg); + r = 0; + out: + free(ret); + if (blob != NULL) { + explicit_bzero(blob, blob_len); + free(blob); + } + return r; +} + +static char * +fingerprint_b64(const char *alg, u_char *dgst_raw, size_t dgst_raw_len) +{ + char *ret; + size_t plen = strlen(alg) + 1; + size_t rlen = ((dgst_raw_len + 2) / 3) * 4 + plen + 1; + int r; + + if (dgst_raw_len > 65536 || (ret = calloc(1, rlen)) == NULL) + return NULL; + strlcpy(ret, alg, rlen); + strlcat(ret, ":", rlen); + if (dgst_raw_len == 0) + return ret; + if ((r = b64_ntop(dgst_raw, dgst_raw_len, + ret + plen, rlen - plen)) == -1) { + explicit_bzero(ret, rlen); + free(ret); + return NULL; + } + /* Trim padding characters from end */ + ret[strcspn(ret, "=")] = '\0'; + return ret; +} + +static char * +fingerprint_hex(const char *alg, u_char *dgst_raw, size_t dgst_raw_len) +{ + char *retval, hex[5]; + size_t i, rlen = dgst_raw_len * 3 + strlen(alg) + 2; + + if (dgst_raw_len > 65536 || (retval = calloc(1, rlen)) == NULL) + return NULL; + strlcpy(retval, alg, rlen); + strlcat(retval, ":", rlen); + for (i = 0; i < dgst_raw_len; i++) { + snprintf(hex, sizeof(hex), "%s%02x", + i > 0 ? ":" : "", dgst_raw[i]); + strlcat(retval, hex, rlen); + } + return retval; +} + +static char * +fingerprint_bubblebabble(u_char *dgst_raw, size_t dgst_raw_len) +{ + char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; + char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', + 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' }; + u_int i, j = 0, rounds, seed = 1; + char *retval; + + rounds = (dgst_raw_len / 2) + 1; + if ((retval = calloc(rounds, 6)) == NULL) + return NULL; + retval[j++] = 'x'; + for (i = 0; i < rounds; i++) { + u_int idx0, idx1, idx2, idx3, idx4; + if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) { + idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) + + seed) % 6; + idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15; + idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) + + (seed / 6)) % 6; + retval[j++] = vowels[idx0]; + retval[j++] = consonants[idx1]; + retval[j++] = vowels[idx2]; + if ((i + 1) < rounds) { + idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15; + idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15; + retval[j++] = consonants[idx3]; + retval[j++] = '-'; + retval[j++] = consonants[idx4]; + seed = ((seed * 5) + + ((((u_int)(dgst_raw[2 * i])) * 7) + + ((u_int)(dgst_raw[(2 * i) + 1])))) % 36; + } + } else { + idx0 = seed % 6; + idx1 = 16; + idx2 = seed / 6; + retval[j++] = vowels[idx0]; + retval[j++] = consonants[idx1]; + retval[j++] = vowels[idx2]; + } + } + retval[j++] = 'x'; + retval[j++] = '\0'; + return retval; +} + +/* + * Draw an ASCII-Art representing the fingerprint so human brain can + * profit from its built-in pattern recognition ability. + * This technique is called "random art" and can be found in some + * scientific publications like this original paper: + * + * "Hash Visualization: a New Technique to improve Real-World Security", + * Perrig A. and Song D., 1999, International Workshop on Cryptographic + * Techniques and E-Commerce (CrypTEC '99) + * sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf + * + * The subject came up in a talk by Dan Kaminsky, too. + * + * If you see the picture is different, the key is different. + * If the picture looks the same, you still know nothing. + * + * The algorithm used here is a worm crawling over a discrete plane, + * leaving a trace (augmenting the field) everywhere it goes. + * Movement is taken from dgst_raw 2bit-wise. Bumping into walls + * makes the respective movement vector be ignored for this turn. + * Graphs are not unambiguous, because circles in graphs can be + * walked in either direction. + */ + +/* + * Field sizes for the random art. Have to be odd, so the starting point + * can be in the exact middle of the picture, and FLDBASE should be >=8 . + * Else pictures would be too dense, and drawing the frame would + * fail, too, because the key type would not fit in anymore. + */ +#define FLDBASE 8 +#define FLDSIZE_Y (FLDBASE + 1) +#define FLDSIZE_X (FLDBASE * 2 + 1) +static char * +fingerprint_randomart(const char *alg, u_char *dgst_raw, size_t dgst_raw_len, + const struct sshkey *k) +{ + /* + * Chars to be used after each other every time the worm + * intersects with itself. Matter of taste. + */ + char *augmentation_string = " .o+=*BOX@%&#/^SE"; + char *retval, *p, title[FLDSIZE_X], hash[FLDSIZE_X]; + u_char field[FLDSIZE_X][FLDSIZE_Y]; + size_t i, tlen, hlen; + u_int b; + int x, y, r; + size_t len = strlen(augmentation_string) - 1; + + if ((retval = calloc((FLDSIZE_X + 3), (FLDSIZE_Y + 2))) == NULL) + return NULL; + + /* initialize field */ + memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char)); + x = FLDSIZE_X / 2; + y = FLDSIZE_Y / 2; + + /* process raw key */ + for (i = 0; i < dgst_raw_len; i++) { + int input; + /* each byte conveys four 2-bit move commands */ + input = dgst_raw[i]; + for (b = 0; b < 4; b++) { + /* evaluate 2 bit, rest is shifted later */ + x += (input & 0x1) ? 1 : -1; + y += (input & 0x2) ? 1 : -1; + + /* assure we are still in bounds */ + x = MAX(x, 0); + y = MAX(y, 0); + x = MIN(x, FLDSIZE_X - 1); + y = MIN(y, FLDSIZE_Y - 1); + + /* augment the field */ + if (field[x][y] < len - 2) + field[x][y]++; + input = input >> 2; + } + } + + /* mark starting point and end point*/ + field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1; + field[x][y] = len; + + /* assemble title */ + r = snprintf(title, sizeof(title), "[%s %u]", + sshkey_type(k), sshkey_size(k)); + /* If [type size] won't fit, then try [type]; fits "[ED25519-CERT]" */ + if (r < 0 || r > (int)sizeof(title)) + r = snprintf(title, sizeof(title), "[%s]", sshkey_type(k)); + tlen = (r <= 0) ? 0 : strlen(title); + + /* assemble hash ID. */ + r = snprintf(hash, sizeof(hash), "[%s]", alg); + hlen = (r <= 0) ? 0 : strlen(hash); + + /* output upper border */ + p = retval; + *p++ = '+'; + for (i = 0; i < (FLDSIZE_X - tlen) / 2; i++) + *p++ = '-'; + memcpy(p, title, tlen); + p += tlen; + for (i += tlen; i < FLDSIZE_X; i++) + *p++ = '-'; + *p++ = '+'; + *p++ = '\n'; + + /* output content */ + for (y = 0; y < FLDSIZE_Y; y++) { + *p++ = '|'; + for (x = 0; x < FLDSIZE_X; x++) + *p++ = augmentation_string[MIN(field[x][y], len)]; + *p++ = '|'; + *p++ = '\n'; + } + + /* output lower border */ + *p++ = '+'; + for (i = 0; i < (FLDSIZE_X - hlen) / 2; i++) + *p++ = '-'; + memcpy(p, hash, hlen); + p += hlen; + for (i += hlen; i < FLDSIZE_X; i++) + *p++ = '-'; + *p++ = '+'; + + return retval; +} + +char * +sshkey_fingerprint(const struct sshkey *k, int dgst_alg, + enum sshkey_fp_rep dgst_rep) +{ + char *retval = NULL; + u_char *dgst_raw; + size_t dgst_raw_len; + + if (sshkey_fingerprint_raw(k, dgst_alg, &dgst_raw, &dgst_raw_len) != 0) + return NULL; + switch (dgst_rep) { + case SSH_FP_DEFAULT: + if (dgst_alg == SSH_DIGEST_MD5) { + retval = fingerprint_hex(ssh_digest_alg_name(dgst_alg), + dgst_raw, dgst_raw_len); + } else { + retval = fingerprint_b64(ssh_digest_alg_name(dgst_alg), + dgst_raw, dgst_raw_len); + } + break; + case SSH_FP_HEX: + retval = fingerprint_hex(ssh_digest_alg_name(dgst_alg), + dgst_raw, dgst_raw_len); + break; + case SSH_FP_BASE64: + retval = fingerprint_b64(ssh_digest_alg_name(dgst_alg), + dgst_raw, dgst_raw_len); + break; + case SSH_FP_BUBBLEBABBLE: + retval = fingerprint_bubblebabble(dgst_raw, dgst_raw_len); + break; + case SSH_FP_RANDOMART: + retval = fingerprint_randomart(ssh_digest_alg_name(dgst_alg), + dgst_raw, dgst_raw_len, k); + break; + default: + explicit_bzero(dgst_raw, dgst_raw_len); + free(dgst_raw); + return NULL; + } + explicit_bzero(dgst_raw, dgst_raw_len); + free(dgst_raw); + return retval; +} + +#ifdef WITH_SSH1 +/* + * Reads a multiple-precision integer in decimal from the buffer, and advances + * the pointer. The integer must already be initialized. This function is + * permitted to modify the buffer. This leaves *cpp to point just beyond the + * last processed character. + */ +static int +read_decimal_bignum(char **cpp, BIGNUM *v) +{ + char *cp; + size_t e; + int skip = 1; /* skip white space */ + + cp = *cpp; + while (*cp == ' ' || *cp == '\t') + cp++; + e = strspn(cp, "0123456789"); + if (e == 0) + return SSH_ERR_INVALID_FORMAT; + if (e > SSHBUF_MAX_BIGNUM * 3) + return SSH_ERR_BIGNUM_TOO_LARGE; + if (cp[e] == '\0') + skip = 0; +#ifndef WIN32 + else if (index(" \t\r\n", cp[e]) == NULL) +#else + else if (cp[e] != ' ' && cp[e] != '\t' && cp[e] != '\r' && cp[e] != '\n') +#endif + return SSH_ERR_INVALID_FORMAT; + cp[e] = '\0'; + if (BN_dec2bn(&v, cp) <= 0) + return SSH_ERR_INVALID_FORMAT; + *cpp = cp + e + skip; + return 0; +} +#endif /* WITH_SSH1 */ + +#if 0 +/* returns 0 ok, and < 0 error */ +int +sshkey_read(struct sshkey *ret, char **cpp) +{ + struct sshkey *k; + int retval = SSH_ERR_INVALID_FORMAT; + char *cp, *space; + int r, type, curve_nid = -1; + struct sshbuf *blob; +#ifdef WITH_SSH1 + char *ep; + u_long bits; +#endif /* WITH_SSH1 */ + + cp = *cpp; + + switch (ret->type) { + case KEY_RSA1: +#ifdef WITH_SSH1 + /* Get number of bits. */ + bits = strtoul(cp, &ep, 10); + if (*cp == '\0' || +#ifndef WIN32 + index(" \t\r\n", *ep) == NULL +#else + (*ep != ' ' && *ep != '\t' && *ep != '\r' && *ep != '\n') +#endif + || bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) + return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ + /* Get public exponent, public modulus. */ + if ((r = read_decimal_bignum(&ep, ret->rsa->e)) < 0) + return r; + if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0) + return r; + *cpp = ep; + /* validate the claimed number of bits */ + if (BN_num_bits(ret->rsa->n) != (int)bits) + return SSH_ERR_KEY_BITS_MISMATCH; + retval = 0; +#endif /* WITH_SSH1 */ + break; + case KEY_UNSPEC: + case KEY_RSA: + case KEY_DSA: + case KEY_ECDSA: + case KEY_ED25519: + case KEY_DSA_CERT: + case KEY_ECDSA_CERT: + case KEY_RSA_CERT: + case KEY_ED25519_CERT: + space = strchr(cp, ' '); + if (space == NULL) + return SSH_ERR_INVALID_FORMAT; + *space = '\0'; + type = sshkey_type_from_name(cp); + if (sshkey_type_plain(type) == KEY_ECDSA && + (curve_nid = sshkey_ecdsa_nid_from_name(cp)) == -1) + return SSH_ERR_EC_CURVE_INVALID; + *space = ' '; + if (type == KEY_UNSPEC) + return SSH_ERR_INVALID_FORMAT; + cp = space+1; + if (*cp == '\0') + return SSH_ERR_INVALID_FORMAT; + if (ret->type != KEY_UNSPEC && ret->type != type) + return SSH_ERR_KEY_TYPE_MISMATCH; + if ((blob = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + /* trim comment */ + space = strchr(cp, ' '); + if (space) { + /* advance 'space': skip whitespace */ + *space++ = '\0'; + while (*space == ' ' || *space == '\t') + space++; + *cpp = space; + } else + *cpp = cp + strlen(cp); + if ((r = sshbuf_b64tod(blob, cp)) != 0) { + sshbuf_free(blob); + return r; + } + if ((r = sshkey_from_blob(sshbuf_ptr(blob), + sshbuf_len(blob), &k)) != 0) { + sshbuf_free(blob); + return r; + } + sshbuf_free(blob); + if (k->type != type) { + sshkey_free(k); + return SSH_ERR_KEY_TYPE_MISMATCH; + } + if (sshkey_type_plain(type) == KEY_ECDSA && + curve_nid != k->ecdsa_nid) { + sshkey_free(k); + return SSH_ERR_EC_CURVE_MISMATCH; + } + ret->type = type; + if (sshkey_is_cert(ret)) { + if (!sshkey_is_cert(k)) { + sshkey_free(k); + return SSH_ERR_EXPECTED_CERT; + } + if (ret->cert != NULL) + cert_free(ret->cert); + ret->cert = k->cert; + k->cert = NULL; + } +#ifdef WITH_OPENSSL + if (sshkey_type_plain(ret->type) == KEY_RSA) { + if (ret->rsa != NULL) + RSA_free(ret->rsa); + ret->rsa = k->rsa; + k->rsa = NULL; +#ifdef DEBUG_PK + RSA_print_fp(stderr, ret->rsa, 8); +#endif + } + if (sshkey_type_plain(ret->type) == KEY_DSA) { + if (ret->dsa != NULL) + DSA_free(ret->dsa); + ret->dsa = k->dsa; + k->dsa = NULL; +#ifdef DEBUG_PK + DSA_print_fp(stderr, ret->dsa, 8); +#endif + } +# ifdef OPENSSL_HAS_ECC + if (sshkey_type_plain(ret->type) == KEY_ECDSA) { + if (ret->ecdsa != NULL) + EC_KEY_free(ret->ecdsa); + ret->ecdsa = k->ecdsa; + ret->ecdsa_nid = k->ecdsa_nid; + k->ecdsa = NULL; + k->ecdsa_nid = -1; +#ifdef DEBUG_PK + sshkey_dump_ec_key(ret->ecdsa); +#endif + } +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + if (sshkey_type_plain(ret->type) == KEY_ED25519) { + free(ret->ed25519_pk); + ret->ed25519_pk = k->ed25519_pk; + k->ed25519_pk = NULL; +#ifdef DEBUG_PK + /* XXX */ +#endif + } + retval = 0; +/*XXXX*/ + sshkey_free(k); + if (retval != 0) + break; + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } + return retval; +} + +#endif + +int +sshkey_to_base64(const struct sshkey *key, char **b64p) +{ + int r = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL; + char *uu = NULL; + + if (b64p != NULL) + *b64p = NULL; + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshkey_putb(key, b)) != 0) + goto out; + if ((uu = sshbuf_dtob64(b)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + /* Success */ + if (b64p != NULL) { + *b64p = uu; + uu = NULL; + } + r = 0; + out: + sshbuf_free(b); + free(uu); + return r; +} + +#if 0 +static int +sshkey_format_rsa1(const struct sshkey *key, struct sshbuf *b) +{ + int r = SSH_ERR_INTERNAL_ERROR; +#ifdef WITH_SSH1 + u_int bits = 0; + char *dec_e = NULL, *dec_n = NULL; + + if (key->rsa == NULL || key->rsa->e == NULL || + key->rsa->n == NULL) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((dec_e = BN_bn2dec(key->rsa->e)) == NULL || + (dec_n = BN_bn2dec(key->rsa->n)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + /* size of modulus 'n' */ + if ((bits = BN_num_bits(key->rsa->n)) <= 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_putf(b, "%u %s %s", bits, dec_e, dec_n)) != 0) + goto out; + + /* Success */ + r = 0; + out: + if (dec_e != NULL) + OPENSSL_free(dec_e); + if (dec_n != NULL) + OPENSSL_free(dec_n); +#endif /* WITH_SSH1 */ + + return r; +} + +static int +sshkey_format_text(const struct sshkey *key, struct sshbuf *b) +{ + int r = SSH_ERR_INTERNAL_ERROR; + char *uu = NULL; + + if (key->type == KEY_RSA1) { + if ((r = sshkey_format_rsa1(key, b)) != 0) + goto out; + } else { + /* Unsupported key types handled in sshkey_to_base64() */ + if ((r = sshkey_to_base64(key, &uu)) != 0) + goto out; + if ((r = sshbuf_putf(b, "%s %s", + sshkey_ssh_name(key), uu)) != 0) + goto out; + } + r = 0; + out: + free(uu); + return r; +} + +int +sshkey_write(const struct sshkey *key, FILE *f) +{ + struct sshbuf *b = NULL; + int r = SSH_ERR_INTERNAL_ERROR; + + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshkey_format_text(key, b)) != 0) + goto out; + if (fwrite(sshbuf_ptr(b), sshbuf_len(b), 1, f) != 1) { + if (feof(f)) + errno = EPIPE; + r = SSH_ERR_SYSTEM_ERROR; + goto out; + } + /* Success */ + r = 0; + out: + sshbuf_free(b); + return r; +} +#endif + +const char * +sshkey_cert_type(const struct sshkey *k) +{ + switch (k->cert->type) { + case SSH2_CERT_TYPE_USER: + return "user"; + case SSH2_CERT_TYPE_HOST: + return "host"; + default: + return "unknown"; + } +} + +#ifdef WITH_OPENSSL +static int +rsa_generate_private_key(u_int bits, RSA **rsap) +{ + RSA *private = NULL; + BIGNUM *f4 = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (rsap == NULL || + bits < SSH_RSA_MINIMUM_MODULUS_SIZE || + bits > SSHBUF_MAX_BIGNUM * 8) + return SSH_ERR_INVALID_ARGUMENT; + *rsap = NULL; + if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (!BN_set_word(f4, RSA_F4) || + !RSA_generate_key_ex(private, bits, f4, NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + *rsap = private; + private = NULL; + ret = 0; + out: + if (private != NULL) + RSA_free(private); + if (f4 != NULL) + BN_free(f4); + return ret; +} + +static int +dsa_generate_private_key(u_int bits, DSA **dsap) +{ + DSA *private; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (dsap == NULL || bits != 1024) + return SSH_ERR_INVALID_ARGUMENT; + if ((private = DSA_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + *dsap = NULL; + if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL, + NULL, NULL) || !DSA_generate_key(private)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + *dsap = private; + private = NULL; + ret = 0; + out: + if (private != NULL) + DSA_free(private); + return ret; +} + +# ifdef OPENSSL_HAS_ECC +int +sshkey_ecdsa_key_to_nid(EC_KEY *k) +{ + EC_GROUP *eg; + int nids[] = { + NID_X9_62_prime256v1, + NID_secp384r1, +# ifdef OPENSSL_HAS_NISTP521 + NID_secp521r1, +# endif /* OPENSSL_HAS_NISTP521 */ + -1 + }; + int nid; + u_int i; + BN_CTX *bnctx; + const EC_GROUP *g = EC_KEY_get0_group(k); + + /* + * The group may be stored in a ASN.1 encoded private key in one of two + * ways: as a "named group", which is reconstituted by ASN.1 object ID + * or explicit group parameters encoded into the key blob. Only the + * "named group" case sets the group NID for us, but we can figure + * it out for the other case by comparing against all the groups that + * are supported. + */ + if ((nid = EC_GROUP_get_curve_name(g)) > 0) + return nid; + if ((bnctx = BN_CTX_new()) == NULL) + return -1; + for (i = 0; nids[i] != -1; i++) { + if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) { + BN_CTX_free(bnctx); + return -1; + } + if (EC_GROUP_cmp(g, eg, bnctx) == 0) + break; + EC_GROUP_free(eg); + } + BN_CTX_free(bnctx); + if (nids[i] != -1) { + /* Use the group with the NID attached */ + EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(k, eg) != 1) { + EC_GROUP_free(eg); + return -1; + } + } + return nids[i]; +} + +static int +ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap) +{ + EC_KEY *private; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (nid == NULL || ecdsap == NULL || + (*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) + return SSH_ERR_INVALID_ARGUMENT; + *ecdsap = NULL; + if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (EC_KEY_generate_key(private) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); + *ecdsap = private; + private = NULL; + ret = 0; + out: + if (private != NULL) + EC_KEY_free(private); + return ret; +} +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + +int +sshkey_generate(int type, u_int bits, struct sshkey **keyp) +{ + struct sshkey *k; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (keyp == NULL) + return SSH_ERR_INVALID_ARGUMENT; + *keyp = NULL; + if ((k = sshkey_new(KEY_UNSPEC)) == NULL) + return SSH_ERR_ALLOC_FAIL; + switch (type) { + case KEY_ED25519: + if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL || + (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + break; + } + crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); + ret = 0; + break; +#ifdef WITH_OPENSSL + case KEY_DSA: + ret = dsa_generate_private_key(bits, &k->dsa); + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + ret = ecdsa_generate_private_key(bits, &k->ecdsa_nid, + &k->ecdsa); + break; +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA: + case KEY_RSA1: + ret = rsa_generate_private_key(bits, &k->rsa); + break; +#endif /* WITH_OPENSSL */ + default: + ret = SSH_ERR_INVALID_ARGUMENT; + } + if (ret == 0) { + k->type = type; + *keyp = k; + } else + sshkey_free(k); + return ret; +} + +int +sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key) +{ + u_int i; + const struct sshkey_cert *from; + struct sshkey_cert *to; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (to_key->cert != NULL) { + cert_free(to_key->cert); + to_key->cert = NULL; + } + + if ((from = from_key->cert) == NULL) + return SSH_ERR_INVALID_ARGUMENT; + + if ((to = to_key->cert = cert_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + + if ((ret = sshbuf_putb(to->certblob, from->certblob)) != 0 || + (ret = sshbuf_putb(to->critical, from->critical)) != 0 || + (ret = sshbuf_putb(to->extensions, from->extensions) != 0)) + return ret; + + to->serial = from->serial; + to->type = from->type; + if (from->key_id == NULL) + to->key_id = NULL; + else if ((to->key_id = strdup(from->key_id)) == NULL) + return SSH_ERR_ALLOC_FAIL; + to->valid_after = from->valid_after; + to->valid_before = from->valid_before; + if (from->signature_key == NULL) + to->signature_key = NULL; + else if ((ret = sshkey_from_private(from->signature_key, + &to->signature_key)) != 0) + return ret; + + if (from->nprincipals > SSHKEY_CERT_MAX_PRINCIPALS) + return SSH_ERR_INVALID_ARGUMENT; + if (from->nprincipals > 0) { + if ((to->principals = calloc(from->nprincipals, + sizeof(*to->principals))) == NULL) + return SSH_ERR_ALLOC_FAIL; + for (i = 0; i < from->nprincipals; i++) { + to->principals[i] = strdup(from->principals[i]); + if (to->principals[i] == NULL) { + to->nprincipals = i; + return SSH_ERR_ALLOC_FAIL; + } + } + } + to->nprincipals = from->nprincipals; + return 0; +} + +int +sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) +{ + struct sshkey *n = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; +#ifdef WITH_OPENSSL + BIGNUM *p, *q, *g, *pub_key; + BIGNUM *rsa_n, *rsa_e; +#endif + if (pkp != NULL) + *pkp = NULL; + + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_DSA: + case KEY_DSA_CERT: + if ((n = sshkey_new(k->type)) == NULL) + return SSH_ERR_ALLOC_FAIL; + DSA_get0_pqg(k->dsa, (const BIGNUM**)&p, (const BIGNUM**)&q, (const BIGNUM**)&g); + DSA_get0_key(k->dsa, (const BIGNUM**)&pub_key, NULL); + if (DSA_set0_pqg(n->dsa, p, q, g) == 0 || + DSA_set0_key(n->dsa, pub_key, NULL) == 0) { + sshkey_free(n); + return SSH_ERR_ALLOC_FAIL; + } + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + case KEY_ECDSA_CERT: + if ((n = sshkey_new(k->type)) == NULL) + return SSH_ERR_ALLOC_FAIL; + n->ecdsa_nid = k->ecdsa_nid; + n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); + if (n->ecdsa == NULL) { + sshkey_free(n); + return SSH_ERR_ALLOC_FAIL; + } + if (EC_KEY_set_public_key(n->ecdsa, + EC_KEY_get0_public_key(k->ecdsa)) != 1) { + sshkey_free(n); + return SSH_ERR_LIBCRYPTO_ERROR; + } + break; +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA: + case KEY_RSA1: + case KEY_RSA_CERT: + if ((n = sshkey_new(k->type)) == NULL) + return SSH_ERR_ALLOC_FAIL; + RSA_get0_key(k->rsa, (const BIGNUM**)&rsa_n, (const BIGNUM**)&rsa_e, NULL); + if (RSA_set0_key(n->rsa, rsa_n, rsa_e, NULL) == 0) { + sshkey_free(n); + return SSH_ERR_ALLOC_FAIL; + } + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + if ((n = sshkey_new(k->type)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (k->ed25519_pk != NULL) { + if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { + sshkey_free(n); + return SSH_ERR_ALLOC_FAIL; + } + memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); + } + break; + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } + if (sshkey_is_cert(k)) { + if ((ret = sshkey_cert_copy(k, n)) != 0) { + sshkey_free(n); + return ret; + } + } + *pkp = n; + return 0; +} + +static int +cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) +{ + struct sshbuf *principals = NULL, *crit = NULL; + struct sshbuf *exts = NULL, *ca = NULL; + u_char *sig = NULL; + size_t signed_len = 0, slen = 0, kidlen = 0; + int ret = SSH_ERR_INTERNAL_ERROR; + + /* Copy the entire key blob for verification and later serialisation */ + if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0) + return ret; + + /* Parse body of certificate up to signature */ + if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 || + (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 || + (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 || + (ret = sshbuf_froms(b, &principals)) != 0 || + (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 || + (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 || + (ret = sshbuf_froms(b, &crit)) != 0 || + (ret = sshbuf_froms(b, &exts)) != 0 || + (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 || + (ret = sshbuf_froms(b, &ca)) != 0) { + /* XXX debug print error for ret */ + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* Signature is left in the buffer so we can calculate this length */ + signed_len = sshbuf_len(key->cert->certblob) - sshbuf_len(b); + + if ((ret = sshbuf_get_string(b, &sig, &slen)) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + + if (key->cert->type != SSH2_CERT_TYPE_USER && + key->cert->type != SSH2_CERT_TYPE_HOST) { + ret = SSH_ERR_KEY_CERT_UNKNOWN_TYPE; + goto out; + } + + /* Parse principals section */ + while (sshbuf_len(principals) > 0) { + char *principal = NULL; + char **oprincipals = NULL; + + if (key->cert->nprincipals >= SSHKEY_CERT_MAX_PRINCIPALS) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if ((ret = sshbuf_get_cstring(principals, &principal, + NULL)) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + oprincipals = key->cert->principals; + key->cert->principals = reallocarray(key->cert->principals, + key->cert->nprincipals + 1, sizeof(*key->cert->principals)); + if (key->cert->principals == NULL) { + free(principal); + key->cert->principals = oprincipals; + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + key->cert->principals[key->cert->nprincipals++] = principal; + } + + /* + * Stash a copies of the critical options and extensions sections + * for later use. + */ + if ((ret = sshbuf_putb(key->cert->critical, crit)) != 0 || + (exts != NULL && + (ret = sshbuf_putb(key->cert->extensions, exts)) != 0)) + goto out; + + /* + * Validate critical options and extensions sections format. + */ + while (sshbuf_len(crit) != 0) { + if ((ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0 || + (ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0) { + sshbuf_reset(key->cert->critical); + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + } + while (exts != NULL && sshbuf_len(exts) != 0) { + if ((ret = sshbuf_get_string_direct(exts, NULL, NULL)) != 0 || + (ret = sshbuf_get_string_direct(exts, NULL, NULL)) != 0) { + sshbuf_reset(key->cert->extensions); + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + } + + /* Parse CA key and check signature */ + if (sshkey_from_blob_internal(ca, &key->cert->signature_key, 0) != 0) { + ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + goto out; + } + if (!sshkey_type_is_valid_ca(key->cert->signature_key->type)) { + ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + goto out; + } + if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, + sshbuf_ptr(key->cert->certblob), signed_len, 0)) != 0) + goto out; + + /* Success */ + ret = 0; + out: + sshbuf_free(ca); + sshbuf_free(crit); + sshbuf_free(exts); + sshbuf_free(principals); + free(sig); + return ret; +} + +static int +sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, + int allow_cert) +{ + int type, ret = SSH_ERR_INTERNAL_ERROR; + char *ktype = NULL, *curve = NULL; + struct sshkey *key = NULL; + size_t len; + u_char *pk = NULL; + struct sshbuf *copy; +#if defined(WITH_OPENSSL) + BIGNUM *n, *e; + BIGNUM *dsa_p, *dsa_q, *dsa_g, *pub_key; +#if defined(OPENSSL_HAS_ECC) + EC_POINT *q = NULL; +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + +#ifdef DEBUG_PK /* XXX */ + sshbuf_dump(b, stderr); +#endif + *keyp = NULL; + if ((copy = sshbuf_fromb(b)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + + type = sshkey_type_from_name(ktype); + if (!allow_cert && sshkey_type_is_cert(type)) { + ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + goto out; + } + switch (type) { +#ifdef WITH_OPENSSL + case KEY_RSA_CERT: + /* Skip nonce */ + if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* FALLTHROUGH */ + case KEY_RSA: + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((e = BN_new()) == NULL || + (n = BN_new()) == NULL || + sshbuf_get_bignum2(b, e) != 0 || + sshbuf_get_bignum2(b, n) != 0 || + RSA_set0_key(key->rsa, n, e, NULL) == 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } +#ifdef DEBUG_PK + RSA_print_fp(stderr, key->rsa, 8); +#endif + break; + case KEY_DSA_CERT: + /* Skip nonce */ + if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* FALLTHROUGH */ + case KEY_DSA: + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + DSA_get0_pqg(key->dsa, (const BIGNUM**)&dsa_p, (const BIGNUM**)&dsa_q, (const BIGNUM**)&dsa_g); + DSA_get0_key(key->dsa, (const BIGNUM**)&pub_key, NULL); + if (sshbuf_get_bignum2(b, dsa_p) != 0 || + sshbuf_get_bignum2(b, dsa_q) != 0 || + sshbuf_get_bignum2(b, dsa_g) != 0 || + sshbuf_get_bignum2(b, pub_key) != 0 || + DSA_set0_pqg(key->dsa, dsa_p, dsa_p, dsa_g) == 0 || + DSA_set0_key(key->dsa, pub_key, NULL) == 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } +#ifdef DEBUG_PK + DSA_print_fp(stderr, key->dsa, 8); +#endif + break; + case KEY_ECDSA_CERT: + /* Skip nonce */ + if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* FALLTHROUGH */ +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + key->ecdsa_nid = sshkey_ecdsa_nid_from_name(ktype); + if (sshbuf_get_cstring(b, &curve, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (key->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { + ret = SSH_ERR_EC_CURVE_MISMATCH; + goto out; + } + if (key->ecdsa != NULL) + EC_KEY_free(key->ecdsa); + if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) + == NULL) { + ret = SSH_ERR_EC_CURVE_INVALID; + goto out; + } + if ((q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa)) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), + q) != 0) { + ret = SSH_ERR_KEY_INVALID_EC_VALUE; + goto out; + } + if (EC_KEY_set_public_key(key->ecdsa, q) != 1) { + /* XXX assume it is a allocation error */ + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } +#ifdef DEBUG_PK + sshkey_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); +#endif + break; +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + case KEY_ED25519_CERT: + /* Skip nonce */ + if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* FALLTHROUGH */ + case KEY_ED25519: + if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) + goto out; + if (len != ED25519_PK_SZ) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + key->ed25519_pk = pk; + pk = NULL; + break; + case KEY_UNSPEC: + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + break; + default: + ret = SSH_ERR_KEY_TYPE_UNKNOWN; + goto out; + } + + /* Parse certificate potion */ + if (sshkey_is_cert(key) && (ret = cert_parse(b, key, copy)) != 0) + goto out; + + if (key != NULL && sshbuf_len(b) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + ret = 0; + *keyp = key; + key = NULL; + out: + sshbuf_free(copy); + sshkey_free(key); + free(ktype); + free(curve); + free(pk); +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + if (q != NULL) + EC_POINT_free(q); +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ + return ret; +} + +int +sshkey_from_blob(const u_char *blob, size_t blen, struct sshkey **keyp) +{ + struct sshbuf *b; + int r; + + if ((b = sshbuf_from(blob, blen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + r = sshkey_from_blob_internal(b, keyp, 1); + sshbuf_free(b); + return r; +} + +int +sshkey_fromb(struct sshbuf *b, struct sshkey **keyp) +{ + return sshkey_from_blob_internal(b, keyp, 1); +} + +int +sshkey_froms(struct sshbuf *buf, struct sshkey **keyp) +{ + struct sshbuf *b; + int r; + + if ((r = sshbuf_froms(buf, &b)) != 0) + return r; + r = sshkey_from_blob_internal(b, keyp, 1); + sshbuf_free(b); + return r; +} + +int +sshkey_sign(const struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) +{ + if (sigp != NULL) + *sigp = NULL; + if (lenp != NULL) + *lenp = 0; + if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) + return SSH_ERR_INVALID_ARGUMENT; + switch (key->type) { +#ifdef WITH_OPENSSL + case KEY_DSA_CERT: + case KEY_DSA: + return ssh_dss_sign(key, sigp, lenp, data, datalen, compat); +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_CERT: + case KEY_ECDSA: + return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA_CERT: + case KEY_RSA: + return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat); +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } +} + +/* + * ssh_key_verify returns 0 for a correct signature and < 0 on error. + */ +int +sshkey_verify(const struct sshkey *key, + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, u_int compat) +{ + if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) + return SSH_ERR_INVALID_ARGUMENT; + switch (key->type) { +#ifdef WITH_OPENSSL + case KEY_DSA_CERT: + case KEY_DSA: + return ssh_dss_verify(key, sig, siglen, data, dlen, compat); +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_CERT: + case KEY_ECDSA: + return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA_CERT: + case KEY_RSA: + return ssh_rsa_verify(key, sig, siglen, data, dlen, compat); +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } +} + +/* Converts a private to a public key */ +int +sshkey_demote(const struct sshkey *k, struct sshkey **dkp) +{ + struct sshkey *pk; + int ret = SSH_ERR_INTERNAL_ERROR; +#ifdef WITH_OPENSSL + const BIGNUM *n, *e; + const BIGNUM *p, *q, *g, *pub_key; +#endif + + if (dkp != NULL) + *dkp = NULL; + + if ((pk = calloc(1, sizeof(*pk))) == NULL) + return SSH_ERR_ALLOC_FAIL; + pk->type = k->type; + pk->flags = k->flags; + pk->ecdsa_nid = k->ecdsa_nid; + pk->dsa = NULL; + pk->ecdsa = NULL; + pk->rsa = NULL; + pk->ed25519_pk = NULL; + pk->ed25519_sk = NULL; + + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA_CERT: + if ((ret = sshkey_cert_copy(k, pk)) != 0) + goto fail; + /* FALLTHROUGH */ + case KEY_RSA1: + case KEY_RSA: + RSA_get0_key(k->rsa, &n, &e, NULL); + if ((pk->rsa = RSA_new()) == NULL || + RSA_set0_key(pk->rsa, BN_dup(n), BN_dup(e), NULL) == 0) { + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } + break; + case KEY_DSA_CERT: + if ((ret = sshkey_cert_copy(k, pk)) != 0) + goto fail; + /* FALLTHROUGH */ + case KEY_DSA: + DSA_get0_pqg(k->dsa, &p, &q, &g); + DSA_get0_key(k->dsa, &pub_key, NULL); + if ((pk->dsa = DSA_new()) == NULL || + DSA_set0_pqg(pk->dsa, BN_dup(p), BN_dup(q), BN_dup(g)) == 0 || + DSA_set0_key(pk->dsa, BN_dup(pub_key), NULL) == 0) { + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } + break; + case KEY_ECDSA_CERT: + if ((ret = sshkey_cert_copy(k, pk)) != 0) + goto fail; + /* FALLTHROUGH */ +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + pk->ecdsa = EC_KEY_new_by_curve_name(pk->ecdsa_nid); + if (pk->ecdsa == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } + if (EC_KEY_set_public_key(pk->ecdsa, + EC_KEY_get0_public_key(k->ecdsa)) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto fail; + } + break; +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + case KEY_ED25519_CERT: + if ((ret = sshkey_cert_copy(k, pk)) != 0) + goto fail; + /* FALLTHROUGH */ + case KEY_ED25519: + if (k->ed25519_pk != NULL) { + if ((pk->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } + memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); + } + break; + default: + ret = SSH_ERR_KEY_TYPE_UNKNOWN; + fail: + sshkey_free(pk); + return ret; + } + *dkp = pk; + return 0; +} + +/* Convert a plain key to their _CERT equivalent */ +int +sshkey_to_certified(struct sshkey *k) +{ + int newtype; + + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA: + newtype = KEY_RSA_CERT; + break; + case KEY_DSA: + newtype = KEY_DSA_CERT; + break; + case KEY_ECDSA: + newtype = KEY_ECDSA_CERT; + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + newtype = KEY_ED25519_CERT; + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } + if ((k->cert = cert_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + k->type = newtype; + return 0; +} + +/* Convert a certificate to its raw key equivalent */ +int +sshkey_drop_cert(struct sshkey *k) +{ + if (!sshkey_type_is_cert(k->type)) + return SSH_ERR_KEY_TYPE_UNKNOWN; + cert_free(k->cert); + k->cert = NULL; + k->type = sshkey_type_plain(k->type); + return 0; +} + +/* Sign a certified key, (re-)generating the signed certblob. */ +int +sshkey_certify(struct sshkey *k, struct sshkey *ca) +{ + struct sshbuf *principals = NULL; + u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; + size_t i, ca_len, sig_len; + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *cert; +#ifdef WITH_OPENSSL + const BIGNUM *p, *q, *g, *n, *e, *pub_key; +#endif + + if (k == NULL || k->cert == NULL || + k->cert->certblob == NULL || ca == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (!sshkey_is_cert(k)) + return SSH_ERR_KEY_TYPE_UNKNOWN; + if (!sshkey_type_is_valid_ca(ca->type)) + return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + + if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0) + return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + + cert = k->cert->certblob; /* for readability */ + sshbuf_reset(cert); + if ((ret = sshbuf_put_cstring(cert, sshkey_ssh_name(k))) != 0) + goto out; + + /* -v01 certs put nonce first */ + arc4random_buf(&nonce, sizeof(nonce)); + if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0) + goto out; + + /* XXX this substantially duplicates to_blob(); refactor */ + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_DSA_CERT: + DSA_get0_pqg(k->dsa, &p, &q, &g); + DSA_get0_key(k->dsa, &pub_key, NULL); + if ((ret = sshbuf_put_bignum2(cert, p)) != 0 || + (ret = sshbuf_put_bignum2(cert, q)) != 0 || + (ret = sshbuf_put_bignum2(cert, g)) != 0 || + (ret = sshbuf_put_bignum2(cert, pub_key)) != 0) + goto out; + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_CERT: + if ((ret = sshbuf_put_cstring(cert, + sshkey_curve_nid_to_name(k->ecdsa_nid))) != 0 || + (ret = sshbuf_put_ec(cert, + EC_KEY_get0_public_key(k->ecdsa), + EC_KEY_get0_group(k->ecdsa))) != 0) + goto out; + break; +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA_CERT: + RSA_get0_key(k->rsa, &n, &e, NULL); + if ((ret = sshbuf_put_bignum2(cert, e)) != 0 || + (ret = sshbuf_put_bignum2(cert, n)) != 0) + goto out; + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519_CERT: + if ((ret = sshbuf_put_string(cert, + k->ed25519_pk, ED25519_PK_SZ)) != 0) + goto out; + break; + default: + ret = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + + if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 || + (ret = sshbuf_put_u32(cert, k->cert->type)) != 0 || + (ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0) + goto out; + + if ((principals = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + for (i = 0; i < k->cert->nprincipals; i++) { + if ((ret = sshbuf_put_cstring(principals, + k->cert->principals[i])) != 0) + goto out; + } + if ((ret = sshbuf_put_stringb(cert, principals)) != 0 || + (ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 || + (ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 || + (ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 || + (ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 || + (ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */ + (ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0) + goto out; + + /* Sign the whole mess */ + if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), + sshbuf_len(cert), 0)) != 0) + goto out; + + /* Append signature and we are done */ + if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0) + goto out; + ret = 0; + out: + if (ret != 0) + sshbuf_reset(cert); + if (sig_blob != NULL) + free(sig_blob); + if (ca_blob != NULL) + free(ca_blob); + if (principals != NULL) + sshbuf_free(principals); + return ret; +} + +int +sshkey_cert_check_authority(const struct sshkey *k, + int want_host, int require_principal, + const char *name, const char **reason) +{ + u_int i, principal_matches; + time_t now = time(NULL); + + if (reason != NULL) + *reason = NULL; + + if (want_host) { + if (k->cert->type != SSH2_CERT_TYPE_HOST) { + *reason = "Certificate invalid: not a host certificate"; + return SSH_ERR_KEY_CERT_INVALID; + } + } else { + if (k->cert->type != SSH2_CERT_TYPE_USER) { + *reason = "Certificate invalid: not a user certificate"; + return SSH_ERR_KEY_CERT_INVALID; + } + } + if (now < 0) { + /* yikes - system clock before epoch! */ + *reason = "Certificate invalid: not yet valid"; + return SSH_ERR_KEY_CERT_INVALID; + } + if ((u_int64_t)now < k->cert->valid_after) { + *reason = "Certificate invalid: not yet valid"; + return SSH_ERR_KEY_CERT_INVALID; + } + if ((u_int64_t)now >= k->cert->valid_before) { + *reason = "Certificate invalid: expired"; + return SSH_ERR_KEY_CERT_INVALID; + } + if (k->cert->nprincipals == 0) { + if (require_principal) { + *reason = "Certificate lacks principal list"; + return SSH_ERR_KEY_CERT_INVALID; + } + } else if (name != NULL) { + principal_matches = 0; + for (i = 0; i < k->cert->nprincipals; i++) { + if (strcmp(name, k->cert->principals[i]) == 0) { + principal_matches = 1; + break; + } + } + if (!principal_matches) { + *reason = "Certificate invalid: name is not a listed " + "principal"; + return SSH_ERR_KEY_CERT_INVALID; + } + } + return 0; +} + +int +sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) +{ + int r = SSH_ERR_INTERNAL_ERROR; +#ifdef WITH_OPENSSL + const BIGNUM *n, *e, *d, *p, *q, *g, *iqmp; + const BIGNUM *pub_key, *priv_key; +#endif + + if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0) + goto out; + switch (key->type) { +#ifdef WITH_OPENSSL + case KEY_RSA: + RSA_get0_key(key->rsa, &n, &e, &d); + RSA_get0_factors(key->rsa, &p, &q); + RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); + if ((r = sshbuf_put_bignum2(b, n)) != 0 || + (r = sshbuf_put_bignum2(b, e)) != 0 || + (r = sshbuf_put_bignum2(b, d)) != 0 || + (r = sshbuf_put_bignum2(b, iqmp)) != 0 || + (r = sshbuf_put_bignum2(b, p)) != 0 || + (r = sshbuf_put_bignum2(b, q)) != 0) + goto out; + break; + case KEY_RSA_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + RSA_get0_key(key->rsa, &n, &e, &d); + RSA_get0_factors(key->rsa, &p, &q); + RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || + (r = sshbuf_put_bignum2(b, d)) != 0 || + (r = sshbuf_put_bignum2(b, iqmp)) != 0 || + (r = sshbuf_put_bignum2(b, p)) != 0 || + (r = sshbuf_put_bignum2(b, q)) != 0) + goto out; + break; + case KEY_DSA: + DSA_get0_pqg(key->dsa, &p, &q, &g); + DSA_get0_key(key->dsa, &pub_key, &priv_key); + if ((r = sshbuf_put_bignum2(b, p)) != 0 || + (r = sshbuf_put_bignum2(b, q)) != 0 || + (r = sshbuf_put_bignum2(b, g)) != 0 || + (r = sshbuf_put_bignum2(b, pub_key)) != 0 || + (r = sshbuf_put_bignum2(b, priv_key)) != 0) + goto out; + break; + case KEY_DSA_CERT: + DSA_get0_key(key->dsa, NULL, &priv_key); + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || + (r = sshbuf_put_bignum2(b, priv_key)) != 0) + goto out; + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + if ((r = sshbuf_put_cstring(b, + sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || + (r = sshbuf_put_eckey(b, key->ecdsa)) != 0 || + (r = sshbuf_put_bignum2(b, + EC_KEY_get0_private_key(key->ecdsa))) != 0) + goto out; + break; + case KEY_ECDSA_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || + (r = sshbuf_put_bignum2(b, + EC_KEY_get0_private_key(key->ecdsa))) != 0) + goto out; + break; +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + if ((r = sshbuf_put_string(b, key->ed25519_pk, + ED25519_PK_SZ)) != 0 || + (r = sshbuf_put_string(b, key->ed25519_sk, + ED25519_SK_SZ)) != 0) + goto out; + break; + case KEY_ED25519_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || + (r = sshbuf_put_string(b, key->ed25519_pk, + ED25519_PK_SZ)) != 0 || + (r = sshbuf_put_string(b, key->ed25519_sk, + ED25519_SK_SZ)) != 0) + goto out; + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + /* success */ + r = 0; + out: + return r; +} + +int +sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) +{ + char *tname = NULL, *curve = NULL; + struct sshkey *k = NULL; + size_t pklen = 0, sklen = 0; + int type, r = SSH_ERR_INTERNAL_ERROR; + u_char *ed25519_pk = NULL, *ed25519_sk = NULL; +#ifdef WITH_OPENSSL + BIGNUM *exponent = NULL; + BIGNUM *p, *q, *g, *pub_key, *priv_key; + BIGNUM *n, *e, *d, *iqmp; +#endif /* WITH_OPENSSL */ + + if (kp != NULL) + *kp = NULL; + if ((r = sshbuf_get_cstring(buf, &tname, NULL)) != 0) + goto out; + type = sshkey_type_from_name(tname); + switch (type) { +#ifdef WITH_OPENSSL + case KEY_DSA: + if ((k = sshkey_new_private(type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (g = BN_new()) == NULL || + (pub_key = BN_new()) == NULL || + (priv_key = BN_new()) == NULL || + (r = sshbuf_get_bignum2(buf, p)) != 0 || + (r = sshbuf_get_bignum2(buf, q)) != 0 || + (r = sshbuf_get_bignum2(buf, g)) != 0 || + (r = sshbuf_get_bignum2(buf, pub_key)) != 0 || + (r = sshbuf_get_bignum2(buf, priv_key)) != 0 || + DSA_set0_pqg(k->dsa, p, q, g) == 0 || + DSA_set0_key(k->dsa, pub_key, priv_key) == 0) + goto out; + break; + case KEY_DSA_CERT: + if ((priv_key = BN_new()) == NULL || + (r = sshkey_froms(buf, &k)) != 0 || + (r = sshkey_add_private(k)) != 0 || + (r = sshbuf_get_bignum2(buf, priv_key)) != 0 || + DSA_set0_key(k->dsa, NULL, priv_key) == 0) + goto out; + break; +# ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + if ((k = sshkey_new_private(type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((k->ecdsa_nid = sshkey_ecdsa_nid_from_name(tname)) == -1) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_get_cstring(buf, &curve, NULL)) != 0) + goto out; + if (k->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { + r = SSH_ERR_EC_CURVE_MISMATCH; + goto out; + } + k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); + if (k->ecdsa == NULL || (exponent = BN_new()) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 || + (r = sshbuf_get_bignum2(buf, exponent))) + goto out; + if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), + EC_KEY_get0_public_key(k->ecdsa)) != 0) || + (r = sshkey_ec_validate_private(k->ecdsa)) != 0) + goto out; + break; + case KEY_ECDSA_CERT: + if ((exponent = BN_new()) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshkey_froms(buf, &k)) != 0 || + (r = sshkey_add_private(k)) != 0 || + (r = sshbuf_get_bignum2(buf, exponent)) != 0) + goto out; + if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), + EC_KEY_get0_public_key(k->ecdsa)) != 0) || + (r = sshkey_ec_validate_private(k->ecdsa)) != 0) + goto out; + break; +# endif /* OPENSSL_HAS_ECC */ + case KEY_RSA: + if ((k = sshkey_new_private(type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((n = BN_new()) == NULL || + (e = BN_new()) == NULL || + (d = BN_new()) == NULL || + (iqmp = BN_new()) == NULL || + (p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (r = sshbuf_get_bignum2(buf, n)) != 0 || + (r = sshbuf_get_bignum2(buf, e)) != 0 || + (r = sshbuf_get_bignum2(buf, d)) != 0 || + (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || + (r = sshbuf_get_bignum2(buf, p)) != 0 || + (r = sshbuf_get_bignum2(buf, q)) != 0 || + (r = rsa_generate_additional_parameters(k->rsa)) != 0 || + RSA_set0_key(k->rsa, n, e, d) == 0 || + RSA_set0_factors(k->rsa, p, q) == 0 || + RSA_set0_crt_params(k->rsa, NULL, NULL, iqmp) == 0) + goto out; + break; + case KEY_RSA_CERT: + if ((d = BN_new()) == NULL || + (iqmp = BN_new()) == NULL || + (p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (r = sshkey_froms(buf, &k)) != 0 || + (r = sshkey_add_private(k)) != 0 || + (r = sshbuf_get_bignum2(buf, d) != 0) || + (r = sshbuf_get_bignum2(buf, iqmp) != 0) || + (r = sshbuf_get_bignum2(buf, p) != 0) || + (r = sshbuf_get_bignum2(buf, q) != 0) || + (r = rsa_generate_additional_parameters(k->rsa)) != 0 || + RSA_set0_key(k->rsa, NULL, NULL, d) == 0 || + RSA_set0_factors(k->rsa, p, q) == 0 || + RSA_set0_crt_params(k->rsa, NULL, NULL, iqmp) == 0) + goto out; + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + if ((k = sshkey_new_private(type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || + (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) + goto out; + if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + k->ed25519_pk = ed25519_pk; + k->ed25519_sk = ed25519_sk; + ed25519_pk = ed25519_sk = NULL; + break; + case KEY_ED25519_CERT: + if ((r = sshkey_froms(buf, &k)) != 0 || + (r = sshkey_add_private(k)) != 0 || + (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || + (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) + goto out; + if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + k->ed25519_pk = ed25519_pk; + k->ed25519_sk = ed25519_sk; + ed25519_pk = ed25519_sk = NULL; + break; + default: + r = SSH_ERR_KEY_TYPE_UNKNOWN; + goto out; + } +#ifdef WITH_OPENSSL + /* enable blinding */ + switch (k->type) { + case KEY_RSA: + case KEY_RSA_CERT: + case KEY_RSA1: + if (RSA_blinding_on(k->rsa, NULL) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + break; + } +#endif /* WITH_OPENSSL */ + /* success */ + r = 0; + if (kp != NULL) { + *kp = k; + k = NULL; + } + out: + free(tname); + free(curve); +#ifdef WITH_OPENSSL + if (exponent != NULL) + BN_clear_free(exponent); +#endif /* WITH_OPENSSL */ + sshkey_free(k); + if (ed25519_pk != NULL) { + explicit_bzero(ed25519_pk, pklen); + free(ed25519_pk); + } + if (ed25519_sk != NULL) { + explicit_bzero(ed25519_sk, sklen); + free(ed25519_sk); + } + return r; +} + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) +int +sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) +{ + BN_CTX *bnctx; + EC_POINT *nq = NULL; + BIGNUM *order, *x, *y, *tmp; + int ret = SSH_ERR_KEY_INVALID_EC_VALUE; + + if ((bnctx = BN_CTX_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + BN_CTX_start(bnctx); + + /* + * We shouldn't ever hit this case because bignum_get_ecpoint() + * refuses to load GF2m points. + */ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_prime_field) + goto out; + + /* Q != infinity */ + if (EC_POINT_is_at_infinity(group, public)) + goto out; + + if ((x = BN_CTX_get(bnctx)) == NULL || + (y = BN_CTX_get(bnctx)) == NULL || + (order = BN_CTX_get(bnctx)) == NULL || + (tmp = BN_CTX_get(bnctx)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */ + if (EC_GROUP_get_order(group, order, bnctx) != 1 || + EC_POINT_get_affine_coordinates_GFp(group, public, + x, y, bnctx) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (BN_num_bits(x) <= BN_num_bits(order) / 2 || + BN_num_bits(y) <= BN_num_bits(order) / 2) + goto out; + + /* nQ == infinity (n == order of subgroup) */ + if ((nq = EC_POINT_new(group)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (EC_POINT_mul(group, nq, NULL, public, order, bnctx) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (EC_POINT_is_at_infinity(group, nq) != 1) + goto out; + + /* x < order - 1, y < order - 1 */ + if (!BN_sub(tmp, order, BN_value_one())) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (BN_cmp(x, tmp) >= 0 || BN_cmp(y, tmp) >= 0) + goto out; + ret = 0; + out: + BN_CTX_free(bnctx); + if (nq != NULL) + EC_POINT_free(nq); + return ret; +} + +int +sshkey_ec_validate_private(const EC_KEY *key) +{ + BN_CTX *bnctx; + BIGNUM *order, *tmp; + int ret = SSH_ERR_KEY_INVALID_EC_VALUE; + + if ((bnctx = BN_CTX_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + BN_CTX_start(bnctx); + + if ((order = BN_CTX_get(bnctx)) == NULL || + (tmp = BN_CTX_get(bnctx)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* log2(private) > log2(order)/2 */ + if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (BN_num_bits(EC_KEY_get0_private_key(key)) <= + BN_num_bits(order) / 2) + goto out; + + /* private < order - 1 */ + if (!BN_sub(tmp, order, BN_value_one())) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0) + goto out; + ret = 0; + out: + BN_CTX_free(bnctx); + return ret; +} + +void +sshkey_dump_ec_point(const EC_GROUP *group, const EC_POINT *point) +{ + BIGNUM *x, *y; + BN_CTX *bnctx; + + if (point == NULL) { + fputs("point=(NULL)\n", stderr); + return; + } + if ((bnctx = BN_CTX_new()) == NULL) { + fprintf(stderr, "%s: BN_CTX_new failed\n", __func__); + return; + } + BN_CTX_start(bnctx); + if ((x = BN_CTX_get(bnctx)) == NULL || + (y = BN_CTX_get(bnctx)) == NULL) { + fprintf(stderr, "%s: BN_CTX_get failed\n", __func__); + return; + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_prime_field) { + fprintf(stderr, "%s: group is not a prime field\n", __func__); + return; + } + if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y, + bnctx) != 1) { + fprintf(stderr, "%s: EC_POINT_get_affine_coordinates_GFp\n", + __func__); + return; + } + fputs("x=", stderr); + BN_print_fp(stderr, x); + fputs("\ny=", stderr); + BN_print_fp(stderr, y); + fputs("\n", stderr); + BN_CTX_free(bnctx); +} + +void +sshkey_dump_ec_key(const EC_KEY *key) +{ + const BIGNUM *exponent; + + sshkey_dump_ec_point(EC_KEY_get0_group(key), + EC_KEY_get0_public_key(key)); + fputs("exponent=", stderr); + if ((exponent = EC_KEY_get0_private_key(key)) == NULL) + fputs("(NULL)", stderr); + else + BN_print_fp(stderr, EC_KEY_get0_private_key(key)); + fputs("\n", stderr); +} +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ + +#if 0 +static int +sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, + const char *passphrase, const char *comment, const char *ciphername, + int rounds) +{ + u_char *cp, *key = NULL, *pubkeyblob = NULL; + u_char salt[SALT_LEN]; + char *b64 = NULL; + size_t i, pubkeylen, keylen, ivlen, blocksize, authlen; + u_int check; + int r = SSH_ERR_INTERNAL_ERROR; + struct sshcipher_ctx ciphercontext; + const struct sshcipher *cipher; + const char *kdfname = KDFNAME; + struct sshbuf *encoded = NULL, *encrypted = NULL, *kdf = NULL; + + memset(&ciphercontext, 0, sizeof(ciphercontext)); + + if (rounds <= 0) + rounds = DEFAULT_ROUNDS; + if (passphrase == NULL || !strlen(passphrase)) { + ciphername = "none"; + kdfname = "none"; + } else if (ciphername == NULL) + ciphername = DEFAULT_CIPHERNAME; + else if (cipher_number(ciphername) != SSH_CIPHER_SSH2) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((cipher = cipher_by_name(ciphername)) == NULL) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + + if ((kdf = sshbuf_new()) == NULL || + (encoded = sshbuf_new()) == NULL || + (encrypted = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + blocksize = cipher_blocksize(cipher); + keylen = cipher_keylen(cipher); + ivlen = cipher_ivlen(cipher); + authlen = cipher_authlen(cipher); + if ((key = calloc(1, keylen + ivlen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (strcmp(kdfname, "bcrypt") == 0) { + arc4random_buf(salt, SALT_LEN); + if (bcrypt_pbkdf(passphrase, strlen(passphrase), + salt, SALT_LEN, key, keylen + ivlen, rounds) < 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_string(kdf, salt, SALT_LEN)) != 0 || + (r = sshbuf_put_u32(kdf, rounds)) != 0) + goto out; + } else if (strcmp(kdfname, "none") != 0) { + /* Unsupported KDF type */ + r = SSH_ERR_KEY_UNKNOWN_CIPHER; + goto out; + } + if ((r = cipher_init(&ciphercontext, cipher, key, keylen, + key + keylen, ivlen, 1)) != 0) + goto out; + + if ((r = sshbuf_put(encoded, AUTH_MAGIC, sizeof(AUTH_MAGIC))) != 0 || + (r = sshbuf_put_cstring(encoded, ciphername)) != 0 || + (r = sshbuf_put_cstring(encoded, kdfname)) != 0 || + (r = sshbuf_put_stringb(encoded, kdf)) != 0 || + (r = sshbuf_put_u32(encoded, 1)) != 0 || /* number of keys */ + (r = sshkey_to_blob(prv, &pubkeyblob, &pubkeylen)) != 0 || + (r = sshbuf_put_string(encoded, pubkeyblob, pubkeylen)) != 0) + goto out; + + /* set up the buffer that will be encrypted */ + + /* Random check bytes */ + check = arc4random(); + if ((r = sshbuf_put_u32(encrypted, check)) != 0 || + (r = sshbuf_put_u32(encrypted, check)) != 0) + goto out; + + /* append private key and comment*/ + if ((r = sshkey_private_serialize(prv, encrypted)) != 0 || + (r = sshbuf_put_cstring(encrypted, comment)) != 0) + goto out; + + /* padding */ + i = 0; + while (sshbuf_len(encrypted) % blocksize) { + if ((r = sshbuf_put_u8(encrypted, ++i & 0xff)) != 0) + goto out; + } + + /* length in destination buffer */ + if ((r = sshbuf_put_u32(encoded, sshbuf_len(encrypted))) != 0) + goto out; + + /* encrypt */ + if ((r = sshbuf_reserve(encoded, + sshbuf_len(encrypted) + authlen, &cp)) != 0) + goto out; + if ((r = cipher_crypt(&ciphercontext, 0, cp, + sshbuf_ptr(encrypted), sshbuf_len(encrypted), 0, authlen)) != 0) + goto out; + + /* uuencode */ + if ((b64 = sshbuf_dtob64(encoded)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + sshbuf_reset(blob); + if ((r = sshbuf_put(blob, MARK_BEGIN, MARK_BEGIN_LEN)) != 0) + goto out; + for (i = 0; i < strlen(b64); i++) { + if ((r = sshbuf_put_u8(blob, b64[i])) != 0) + goto out; + /* insert line breaks */ + if (i % 70 == 69 && (r = sshbuf_put_u8(blob, '\n')) != 0) + goto out; + } + if (i % 70 != 69 && (r = sshbuf_put_u8(blob, '\n')) != 0) + goto out; + if ((r = sshbuf_put(blob, MARK_END, MARK_END_LEN)) != 0) + goto out; + + /* success */ + r = 0; + + out: + sshbuf_free(kdf); + sshbuf_free(encoded); + sshbuf_free(encrypted); + cipher_cleanup(&ciphercontext); + explicit_bzero(salt, sizeof(salt)); + if (key != NULL) { + explicit_bzero(key, keylen + ivlen); + free(key); + } + if (pubkeyblob != NULL) { + explicit_bzero(pubkeyblob, pubkeylen); + free(pubkeyblob); + } + if (b64 != NULL) { + explicit_bzero(b64, strlen(b64)); + free(b64); + } + return r; +} + +static int +sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, + struct sshkey **keyp, char **commentp) +{ + char *comment = NULL, *ciphername = NULL, *kdfname = NULL; + const struct sshcipher *cipher = NULL; + const u_char *cp; + int r = SSH_ERR_INTERNAL_ERROR; + size_t encoded_len; + size_t i, keylen = 0, ivlen = 0, authlen = 0, slen = 0; + struct sshbuf *encoded = NULL, *decoded = NULL; + struct sshbuf *kdf = NULL, *decrypted = NULL; + struct sshcipher_ctx ciphercontext; + struct sshkey *k = NULL; + u_char *key = NULL, *salt = NULL, *dp, pad, last; + u_int blocksize, rounds, nkeys, encrypted_len, check1, check2; + + memset(&ciphercontext, 0, sizeof(ciphercontext)); + if (keyp != NULL) + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + if ((encoded = sshbuf_new()) == NULL || + (decoded = sshbuf_new()) == NULL || + (decrypted = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* check preamble */ + cp = sshbuf_ptr(blob); + encoded_len = sshbuf_len(blob); + if (encoded_len < (MARK_BEGIN_LEN + MARK_END_LEN) || + memcmp(cp, MARK_BEGIN, MARK_BEGIN_LEN) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + cp += MARK_BEGIN_LEN; + encoded_len -= MARK_BEGIN_LEN; + + /* Look for end marker, removing whitespace as we go */ + while (encoded_len > 0) { + if (*cp != '\n' && *cp != '\r') { + if ((r = sshbuf_put_u8(encoded, *cp)) != 0) + goto out; + } + last = *cp; + encoded_len--; + cp++; + if (last == '\n') { + if (encoded_len >= MARK_END_LEN && + memcmp(cp, MARK_END, MARK_END_LEN) == 0) { + /* \0 terminate */ + if ((r = sshbuf_put_u8(encoded, 0)) != 0) + goto out; + break; + } + } + } + if (encoded_len == 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* decode base64 */ + if ((r = sshbuf_b64tod(decoded, (char *)sshbuf_ptr(encoded))) != 0) + goto out; + + /* check magic */ + if (sshbuf_len(decoded) < sizeof(AUTH_MAGIC) || + memcmp(sshbuf_ptr(decoded), AUTH_MAGIC, sizeof(AUTH_MAGIC))) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* parse public portion of key */ + if ((r = sshbuf_consume(decoded, sizeof(AUTH_MAGIC))) != 0 || + (r = sshbuf_get_cstring(decoded, &ciphername, NULL)) != 0 || + (r = sshbuf_get_cstring(decoded, &kdfname, NULL)) != 0 || + (r = sshbuf_froms(decoded, &kdf)) != 0 || + (r = sshbuf_get_u32(decoded, &nkeys)) != 0 || + (r = sshbuf_skip_string(decoded)) != 0 || /* pubkey */ + (r = sshbuf_get_u32(decoded, &encrypted_len)) != 0) + goto out; + + if ((cipher = cipher_by_name(ciphername)) == NULL) { + r = SSH_ERR_KEY_UNKNOWN_CIPHER; + goto out; + } + if ((passphrase == NULL || strlen(passphrase) == 0) && + strcmp(ciphername, "none") != 0) { + /* passphrase required */ + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + } + if (strcmp(kdfname, "none") != 0 && strcmp(kdfname, "bcrypt") != 0) { + r = SSH_ERR_KEY_UNKNOWN_CIPHER; + goto out; + } + if (!strcmp(kdfname, "none") && strcmp(ciphername, "none") != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (nkeys != 1) { + /* XXX only one key supported */ + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* check size of encrypted key blob */ + blocksize = cipher_blocksize(cipher); + if (encrypted_len < blocksize || (encrypted_len % blocksize) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* setup key */ + keylen = cipher_keylen(cipher); + ivlen = cipher_ivlen(cipher); + authlen = cipher_authlen(cipher); + if ((key = calloc(1, keylen + ivlen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (strcmp(kdfname, "bcrypt") == 0) { + if ((r = sshbuf_get_string(kdf, &salt, &slen)) != 0 || + (r = sshbuf_get_u32(kdf, &rounds)) != 0) + goto out; + if (bcrypt_pbkdf(passphrase, strlen(passphrase), salt, slen, + key, keylen + ivlen, rounds) < 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + } + + /* check that an appropriate amount of auth data is present */ + if (sshbuf_len(decoded) < encrypted_len + authlen) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* decrypt private portion of key */ + if ((r = sshbuf_reserve(decrypted, encrypted_len, &dp)) != 0 || + (r = cipher_init(&ciphercontext, cipher, key, keylen, + key + keylen, ivlen, 0)) != 0) + goto out; + if ((r = cipher_crypt(&ciphercontext, 0, dp, sshbuf_ptr(decoded), + encrypted_len, 0, authlen)) != 0) { + /* an integrity error here indicates an incorrect passphrase */ + if (r == SSH_ERR_MAC_INVALID) + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + } + if ((r = sshbuf_consume(decoded, encrypted_len + authlen)) != 0) + goto out; + /* there should be no trailing data */ + if (sshbuf_len(decoded) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* check check bytes */ + if ((r = sshbuf_get_u32(decrypted, &check1)) != 0 || + (r = sshbuf_get_u32(decrypted, &check2)) != 0) + goto out; + if (check1 != check2) { + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + } + + /* Load the private key and comment */ + if ((r = sshkey_private_deserialize(decrypted, &k)) != 0 || + (r = sshbuf_get_cstring(decrypted, &comment, NULL)) != 0) + goto out; + + /* Check deterministic padding */ + i = 0; + while (sshbuf_len(decrypted)) { + if ((r = sshbuf_get_u8(decrypted, &pad)) != 0) + goto out; + if (pad != (++i & 0xff)) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + } + + /* XXX decode pubkey and check against private */ + + /* success */ + r = 0; + if (keyp != NULL) { + *keyp = k; + k = NULL; + } + if (commentp != NULL) { + *commentp = comment; + comment = NULL; + } + out: + pad = 0; + cipher_cleanup(&ciphercontext); + free(ciphername); + free(kdfname); + free(comment); + if (salt != NULL) { + explicit_bzero(salt, slen); + free(salt); + } + if (key != NULL) { + explicit_bzero(key, keylen + ivlen); + free(key); + } + sshbuf_free(encoded); + sshbuf_free(decoded); + sshbuf_free(kdf); + sshbuf_free(decrypted); + sshkey_free(k); + return r; +} + +#if WITH_SSH1 +/* + * Serialises the authentication (private) key to a blob, encrypting it with + * passphrase. The identification of the blob (lowest 64 bits of n) will + * precede the key to provide identification of the key without needing a + * passphrase. + */ +static int +sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, + const char *passphrase, const char *comment) +{ + struct sshbuf *buffer = NULL, *encrypted = NULL; + u_char buf[8]; + int r, cipher_num; + struct sshcipher_ctx ciphercontext; + const struct sshcipher *cipher; + u_char *cp; + + /* + * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting + * to another cipher; otherwise use SSH_AUTHFILE_CIPHER. + */ + cipher_num = (strcmp(passphrase, "") == 0) ? + SSH_CIPHER_NONE : SSH_CIPHER_3DES; + if ((cipher = cipher_by_number(cipher_num)) == NULL) + return SSH_ERR_INTERNAL_ERROR; + + /* This buffer is used to build the secret part of the private key. */ + if ((buffer = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + + /* Put checkbytes for checking passphrase validity. */ + if ((r = sshbuf_reserve(buffer, 4, &cp)) != 0) + goto out; + arc4random_buf(cp, 2); + memcpy(cp + 2, cp, 2); + + /* + * Store the private key (n and e will not be stored because they + * will be stored in plain text, and storing them also in encrypted + * format would just give known plaintext). + * Note: q and p are stored in reverse order to SSL. + */ + if ((r = sshbuf_put_bignum1(buffer, key->rsa->d)) != 0 || + (r = sshbuf_put_bignum1(buffer, key->rsa->iqmp)) != 0 || + (r = sshbuf_put_bignum1(buffer, key->rsa->q)) != 0 || + (r = sshbuf_put_bignum1(buffer, key->rsa->p)) != 0) + goto out; + + /* Pad the part to be encrypted to a size that is a multiple of 8. */ + explicit_bzero(buf, 8); + if ((r = sshbuf_put(buffer, buf, 8 - (sshbuf_len(buffer) % 8))) != 0) + goto out; + + /* This buffer will be used to contain the data in the file. */ + if ((encrypted = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* First store keyfile id string. */ + if ((r = sshbuf_put(encrypted, LEGACY_BEGIN, + sizeof(LEGACY_BEGIN))) != 0) + goto out; + + /* Store cipher type and "reserved" field. */ + if ((r = sshbuf_put_u8(encrypted, cipher_num)) != 0 || + (r = sshbuf_put_u32(encrypted, 0)) != 0) + goto out; + + /* Store public key. This will be in plain text. */ + if ((r = sshbuf_put_u32(encrypted, BN_num_bits(key->rsa->n))) != 0 || + (r = sshbuf_put_bignum1(encrypted, key->rsa->n) != 0) || + (r = sshbuf_put_bignum1(encrypted, key->rsa->e) != 0) || + (r = sshbuf_put_cstring(encrypted, comment) != 0)) + goto out; + + /* Allocate space for the private part of the key in the buffer. */ + if ((r = sshbuf_reserve(encrypted, sshbuf_len(buffer), &cp)) != 0) + goto out; + + if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, + CIPHER_ENCRYPT)) != 0) + goto out; + if ((r = cipher_crypt(&ciphercontext, 0, cp, + sshbuf_ptr(buffer), sshbuf_len(buffer), 0, 0)) != 0) + goto out; + if ((r = cipher_cleanup(&ciphercontext)) != 0) + goto out; + + r = sshbuf_putb(blob, encrypted); + + out: + explicit_bzero(&ciphercontext, sizeof(ciphercontext)); + explicit_bzero(buf, sizeof(buf)); + if (buffer != NULL) + sshbuf_free(buffer); + if (encrypted != NULL) + sshbuf_free(encrypted); + + return r; +} +#endif /* WITH_SSH1 */ + +#ifdef WITH_OPENSSL +/* convert SSH v2 key in OpenSSL PEM format */ +static int +sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, + const char *_passphrase, const char *comment) +{ + int success, r; + int blen, len = strlen(_passphrase); + u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; +#if (OPENSSL_VERSION_NUMBER < 0x00907000L) + const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; +#else + const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; +#endif + const u_char *bptr; + BIO *bio = NULL; + + if (len > 0 && len <= 4) + return SSH_ERR_PASSPHRASE_TOO_SHORT; + if ((bio = BIO_new(BIO_s_mem())) == NULL) + return SSH_ERR_ALLOC_FAIL; + + switch (key->type) { + case KEY_DSA: + success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, + cipher, passphrase, len, NULL, NULL); + break; +#ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: + success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, + cipher, passphrase, len, NULL, NULL); + break; +#endif + case KEY_RSA: + success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, + cipher, passphrase, len, NULL, NULL); + break; + default: + success = 0; + break; + } + if (success == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + if ((r = sshbuf_put(blob, bptr, blen)) != 0) + goto out; + r = 0; + out: + BIO_free(bio); + return r; +} +#endif /* WITH_OPENSSL */ + +/* Serialise "key" to buffer "blob" */ +int +sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, + const char *passphrase, const char *comment, + int force_new_format, const char *new_format_cipher, int new_format_rounds) +{ + switch (key->type) { +#ifdef WITH_SSH1 + case KEY_RSA1: + return sshkey_private_rsa1_to_blob(key, blob, + passphrase, comment); +#endif /* WITH_SSH1 */ +#ifdef WITH_OPENSSL + case KEY_DSA: + case KEY_ECDSA: + case KEY_RSA: + if (force_new_format) { + return sshkey_private_to_blob2(key, blob, passphrase, + comment, new_format_cipher, new_format_rounds); + } + return sshkey_private_pem_to_blob(key, blob, + passphrase, comment); +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + return sshkey_private_to_blob2(key, blob, passphrase, + comment, new_format_cipher, new_format_rounds); + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } +} + +#ifdef WITH_SSH1 +/* + * Parse the public, unencrypted portion of a RSA1 key. + */ +int +sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, + struct sshkey **keyp, char **commentp) +{ + int r; + struct sshkey *pub = NULL; + struct sshbuf *copy = NULL; + + if (keyp != NULL) + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + /* Check that it is at least big enough to contain the ID string. */ + if (sshbuf_len(blob) < sizeof(LEGACY_BEGIN)) + return SSH_ERR_INVALID_FORMAT; + + /* + * Make sure it begins with the id string. Consume the id string + * from the buffer. + */ + if (memcmp(sshbuf_ptr(blob), LEGACY_BEGIN, sizeof(LEGACY_BEGIN)) != 0) + return SSH_ERR_INVALID_FORMAT; + /* Make a working copy of the keyblob and skip past the magic */ + if ((copy = sshbuf_fromb(blob)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_consume(copy, sizeof(LEGACY_BEGIN))) != 0) + goto out; + + /* Skip cipher type, reserved data and key bits. */ + if ((r = sshbuf_get_u8(copy, NULL)) != 0 || /* cipher type */ + (r = sshbuf_get_u32(copy, NULL)) != 0 || /* reserved */ + (r = sshbuf_get_u32(copy, NULL)) != 0) /* key bits */ + goto out; + + /* Read the public key from the buffer. */ + if ((pub = sshkey_new(KEY_RSA1)) == NULL || + (r = sshbuf_get_bignum1(copy, pub->rsa->n)) != 0 || + (r = sshbuf_get_bignum1(copy, pub->rsa->e)) != 0) + goto out; + + /* Finally, the comment */ + if ((r = sshbuf_get_string(copy, (u_char**)commentp, NULL)) != 0) + goto out; + + /* The encrypted private part is not parsed by this function. */ + + r = 0; + if (keyp != NULL) + *keyp = pub; + else + sshkey_free(pub); + pub = NULL; + + out: + if (copy != NULL) + sshbuf_free(copy); + if (pub != NULL) + sshkey_free(pub); + return r; +} + +static int +sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, + struct sshkey **keyp, char **commentp) +{ + int r; + u_int16_t check1, check2; + u_int8_t cipher_type; + struct sshbuf *decrypted = NULL, *copy = NULL; + u_char *cp; + char *comment = NULL; + struct sshcipher_ctx ciphercontext; + const struct sshcipher *cipher; + struct sshkey *prv = NULL; + + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + /* Check that it is at least big enough to contain the ID string. */ + if (sshbuf_len(blob) < sizeof(LEGACY_BEGIN)) + return SSH_ERR_INVALID_FORMAT; + + /* + * Make sure it begins with the id string. Consume the id string + * from the buffer. + */ + if (memcmp(sshbuf_ptr(blob), LEGACY_BEGIN, sizeof(LEGACY_BEGIN)) != 0) + return SSH_ERR_INVALID_FORMAT; + + if ((prv = sshkey_new_private(KEY_RSA1)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((copy = sshbuf_fromb(blob)) == NULL || + (decrypted = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_consume(copy, sizeof(LEGACY_BEGIN))) != 0) + goto out; + + /* Read cipher type. */ + if ((r = sshbuf_get_u8(copy, &cipher_type)) != 0 || + (r = sshbuf_get_u32(copy, NULL)) != 0) /* reserved */ + goto out; + + /* Read the public key and comment from the buffer. */ + if ((r = sshbuf_get_u32(copy, NULL)) != 0 || /* key bits */ + (r = sshbuf_get_bignum1(copy, prv->rsa->n)) != 0 || + (r = sshbuf_get_bignum1(copy, prv->rsa->e)) != 0 || + (r = sshbuf_get_cstring(copy, &comment, NULL)) != 0) + goto out; + + /* Check that it is a supported cipher. */ + cipher = cipher_by_number(cipher_type); + if (cipher == NULL) { + r = SSH_ERR_KEY_UNKNOWN_CIPHER; + goto out; + } + /* Initialize space for decrypted data. */ + if ((r = sshbuf_reserve(decrypted, sshbuf_len(copy), &cp)) != 0) + goto out; + + /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ + if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, + CIPHER_DECRYPT)) != 0) + goto out; + if ((r = cipher_crypt(&ciphercontext, 0, cp, + sshbuf_ptr(copy), sshbuf_len(copy), 0, 0)) != 0) { + cipher_cleanup(&ciphercontext); + goto out; + } + if ((r = cipher_cleanup(&ciphercontext)) != 0) + goto out; + + if ((r = sshbuf_get_u16(decrypted, &check1)) != 0 || + (r = sshbuf_get_u16(decrypted, &check2)) != 0) + goto out; + if (check1 != check2) { + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + } + + /* Read the rest of the private key. */ + if ((r = sshbuf_get_bignum1(decrypted, prv->rsa->d)) != 0 || + (r = sshbuf_get_bignum1(decrypted, prv->rsa->iqmp)) != 0 || + (r = sshbuf_get_bignum1(decrypted, prv->rsa->q)) != 0 || + (r = sshbuf_get_bignum1(decrypted, prv->rsa->p)) != 0) + goto out; + + /* calculate p-1 and q-1 */ + if ((r = rsa_generate_additional_parameters(prv->rsa)) != 0) + goto out; + + /* enable blinding */ + if (RSA_blinding_on(prv->rsa, NULL) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + r = 0; + *keyp = prv; + prv = NULL; + if (commentp != NULL) { + *commentp = comment; + comment = NULL; + } + out: + explicit_bzero(&ciphercontext, sizeof(ciphercontext)); + if (comment != NULL) + free(comment); + if (prv != NULL) + sshkey_free(prv); + if (copy != NULL) + sshbuf_free(copy); + if (decrypted != NULL) + sshbuf_free(decrypted); + return r; +} +#endif /* WITH_SSH1 */ + +#ifdef WITH_OPENSSL +static int +sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, + const char *passphrase, struct sshkey **keyp) +{ + EVP_PKEY *pk = NULL; + struct sshkey *prv = NULL; + BIO *bio = NULL; + int r; + + *keyp = NULL; + + if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX) + return SSH_ERR_ALLOC_FAIL; + if (BIO_write(bio, sshbuf_ptr(blob), sshbuf_len(blob)) != + (int)sshbuf_len(blob)) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, + (char *)passphrase)) == NULL) { + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + } + if (EVP_PKEY_id(pk) == EVP_PKEY_RSA && + (type == KEY_UNSPEC || type == KEY_RSA)) { + if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + prv->rsa = EVP_PKEY_get1_RSA(pk); + prv->type = KEY_RSA; +#ifdef DEBUG_PK + RSA_print_fp(stderr, prv->rsa, 8); +#endif + if (RSA_blinding_on(prv->rsa, NULL) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + } else if (EVP_PKEY_id(pk) == EVP_PKEY_DSA && + (type == KEY_UNSPEC || type == KEY_DSA)) { + if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + prv->dsa = EVP_PKEY_get1_DSA(pk); + prv->type = KEY_DSA; +#ifdef DEBUG_PK + DSA_print_fp(stderr, prv->dsa, 8); +#endif +#ifdef OPENSSL_HAS_ECC + } else if (EVP_PKEY_id(pk) == EVP_PKEY_EC && + (type == KEY_UNSPEC || type == KEY_ECDSA)) { + if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk); + prv->type = KEY_ECDSA; + prv->ecdsa_nid = sshkey_ecdsa_key_to_nid(prv->ecdsa); + if (prv->ecdsa_nid == -1 || + sshkey_curve_nid_to_name(prv->ecdsa_nid) == NULL || + sshkey_ec_validate_public(EC_KEY_get0_group(prv->ecdsa), + EC_KEY_get0_public_key(prv->ecdsa)) != 0 || + sshkey_ec_validate_private(prv->ecdsa) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } +# ifdef DEBUG_PK + if (prv != NULL && prv->ecdsa != NULL) + sshkey_dump_ec_key(prv->ecdsa); +# endif +#endif /* OPENSSL_HAS_ECC */ + } else { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + r = 0; + *keyp = prv; + prv = NULL; + out: + BIO_free(bio); + if (pk != NULL) + EVP_PKEY_free(pk); + if (prv != NULL) + sshkey_free(prv); + return r; +} +#endif /* WITH_OPENSSL */ + +int +sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, + const char *passphrase, struct sshkey **keyp, char **commentp) +{ + int r; + + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + + switch (type) { +#ifdef WITH_SSH1 + case KEY_RSA1: + return sshkey_parse_private_rsa1(blob, passphrase, + keyp, commentp); +#endif /* WITH_SSH1 */ +#ifdef WITH_OPENSSL + case KEY_DSA: + case KEY_ECDSA: + case KEY_RSA: + return sshkey_parse_private_pem_fileblob(blob, type, + passphrase, keyp); +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + return sshkey_parse_private2(blob, type, passphrase, + keyp, commentp); + case KEY_UNSPEC: + if ((r = sshkey_parse_private2(blob, type, passphrase, keyp, + commentp)) == 0) + return 0; +#ifdef WITH_OPENSSL + return sshkey_parse_private_pem_fileblob(blob, type, + passphrase, keyp); +#else + return SSH_ERR_INVALID_FORMAT; +#endif /* WITH_OPENSSL */ + default: + return SSH_ERR_KEY_TYPE_UNKNOWN; + } +} + +int +sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, + const char *filename, struct sshkey **keyp, char **commentp) +{ + int r; + + if (keyp != NULL) + *keyp = NULL; + if (commentp != NULL) + *commentp = NULL; + +#ifdef WITH_SSH1 + /* it's a SSH v1 key if the public key part is readable */ + if ((r = sshkey_parse_public_rsa1_fileblob(buffer, NULL, NULL)) == 0) { + return sshkey_parse_private_fileblob_type(buffer, KEY_RSA1, + passphrase, keyp, commentp); + } +#endif /* WITH_SSH1 */ + if ((r = sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, + passphrase, keyp, commentp)) == 0) + return 0; + return r; +} +#endif diff --git a/include/DomainExec/opensshlib/sshkey.h b/include/DomainExec/opensshlib/sshkey.h new file mode 100644 index 00000000..c8d3cddc --- /dev/null +++ b/include/DomainExec/opensshlib/sshkey.h @@ -0,0 +1,229 @@ +/* $OpenBSD: sshkey.h,v 1.9 2015/08/04 05:23:06 djm Exp $ */ + +/* + * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef SSHKEY_H +#define SSHKEY_H + +#include + +#ifdef WITH_OPENSSL +#include +#include +# ifdef OPENSSL_HAS_ECC +# include +# else /* OPENSSL_HAS_ECC */ +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +# endif /* OPENSSL_HAS_ECC */ +#else /* WITH_OPENSSL */ +# define RSA void +# define DSA void +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +#endif /* WITH_OPENSSL */ + +#define SSH_RSA_MINIMUM_MODULUS_SIZE 768 +#define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) + +struct sshbuf; + +/* Key types */ +enum sshkey_types { + KEY_RSA1, + KEY_RSA, + KEY_DSA, + KEY_ECDSA, + KEY_ED25519, + KEY_RSA_CERT, + KEY_DSA_CERT, + KEY_ECDSA_CERT, + KEY_ED25519_CERT, + KEY_UNSPEC +}; + +/* Default fingerprint hash */ +#define SSH_FP_HASH_DEFAULT SSH_DIGEST_SHA256 + +/* Fingerprint representation formats */ +enum sshkey_fp_rep { + SSH_FP_DEFAULT = 0, + SSH_FP_HEX, + SSH_FP_BASE64, + SSH_FP_BUBBLEBABBLE, + SSH_FP_RANDOMART +}; + +/* key is stored in external hardware */ +#define SSHKEY_FLAG_EXT 0x0001 + +#define SSHKEY_CERT_MAX_PRINCIPALS 256 +/* XXX opaquify? */ +struct sshkey_cert { + struct sshbuf *certblob; /* Kept around for use on wire */ + u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ + u_int64_t serial; + char *key_id; + u_int nprincipals; + char **principals; + u_int64_t valid_after, valid_before; + struct sshbuf *critical; + struct sshbuf *extensions; + struct sshkey *signature_key; +}; + +/* XXX opaquify? */ +struct sshkey { + int type; + int flags; + RSA *rsa; + DSA *dsa; + int ecdsa_nid; /* NID of curve */ + EC_KEY *ecdsa; + u_char *ed25519_sk; + u_char *ed25519_pk; + struct sshkey_cert *cert; +}; + +#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES +#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES + +struct sshkey *sshkey_new(int); +int sshkey_add_private(struct sshkey *); +struct sshkey *sshkey_new_private(int); +void sshkey_free(struct sshkey *); +int sshkey_demote(const struct sshkey *, struct sshkey **); +int sshkey_equal_public(const struct sshkey *, + const struct sshkey *); +int sshkey_equal(const struct sshkey *, const struct sshkey *); +char *sshkey_fingerprint(const struct sshkey *, + int, enum sshkey_fp_rep); +int sshkey_fingerprint_raw(const struct sshkey *k, + int, u_char **retp, size_t *lenp); +const char *sshkey_type(const struct sshkey *); +const char *sshkey_cert_type(const struct sshkey *); +int sshkey_write(const struct sshkey *, FILE *); +int sshkey_read(struct sshkey *, char **); +u_int sshkey_size(const struct sshkey *); + +int sshkey_generate(int type, u_int bits, struct sshkey **keyp); +int sshkey_from_private(const struct sshkey *, struct sshkey **); +int sshkey_type_from_name(const char *); +int sshkey_is_cert(const struct sshkey *); +int sshkey_type_is_cert(int); +int sshkey_type_plain(int); +int sshkey_to_certified(struct sshkey *); +int sshkey_drop_cert(struct sshkey *); +int sshkey_certify(struct sshkey *, struct sshkey *); +int sshkey_cert_copy(const struct sshkey *, struct sshkey *); +int sshkey_cert_check_authority(const struct sshkey *, int, int, + const char *, const char **); + +int sshkey_ecdsa_nid_from_name(const char *); +int sshkey_curve_name_to_nid(const char *); +const char * sshkey_curve_nid_to_name(int); +u_int sshkey_curve_nid_to_bits(int); +int sshkey_ecdsa_bits_to_nid(int); +int sshkey_ecdsa_key_to_nid(EC_KEY *); +int sshkey_ec_nid_to_hash_alg(int nid); +int sshkey_ec_validate_public(const EC_GROUP *, const EC_POINT *); +int sshkey_ec_validate_private(const EC_KEY *); +const char *sshkey_ssh_name(const struct sshkey *); +const char *sshkey_ssh_name_plain(const struct sshkey *); +int sshkey_names_valid2(const char *, int); +char *key_alg_list(int, int); + +int sshkey_from_blob(const u_char *, size_t, struct sshkey **); +int sshkey_fromb(struct sshbuf *, struct sshkey **); +int sshkey_froms(struct sshbuf *, struct sshkey **); +int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); +int sshkey_to_base64(const struct sshkey *, char **); +int sshkey_putb(const struct sshkey *, struct sshbuf *); +int sshkey_puts(const struct sshkey *, struct sshbuf *); +int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); +int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); + +int sshkey_sign(const struct sshkey *, u_char **, size_t *, + const u_char *, size_t, u_int); +int sshkey_verify(const struct sshkey *, const u_char *, size_t, + const u_char *, size_t, u_int); + +/* for debug */ +void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); +void sshkey_dump_ec_key(const EC_KEY *); + +/* private key parsing and serialisation */ +int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); +int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); + +/* private key file format parsing and serialisation */ +int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, + const char *passphrase, const char *comment, + int force_new_format, const char *new_format_cipher, int new_format_rounds); +int sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, + struct sshkey **keyp, char **commentp); +int sshkey_parse_private_fileblob(struct sshbuf *buffer, + const char *passphrase, const char *filename, struct sshkey **keyp, + char **commentp); +int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, + const char *passphrase, struct sshkey **keyp, char **commentp); + +#ifdef SSHKEY_INTERNAL +int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat); +int ssh_rsa_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat); +int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat); +int ssh_dss_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat); +int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat); +int ssh_ecdsa_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat); +int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat); +int ssh_ed25519_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat); +#endif + +#if !defined(WITH_OPENSSL) +# undef RSA +# undef DSA +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#elif !defined(OPENSSL_HAS_ECC) +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#endif + +#endif /* SSHKEY_H */ diff --git a/include/DomainExec/opensshlib/strlcat.c b/include/DomainExec/opensshlib/strlcat.c new file mode 100644 index 00000000..bcc1b61a --- /dev/null +++ b/include/DomainExec/opensshlib/strlcat.c @@ -0,0 +1,62 @@ +/* $OpenBSD: strlcat.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */ + +/* + * Copyright (c) 1998 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */ + +#include "includes.h" +#ifndef HAVE_STRLCAT + +#include +#include + +/* + * Appends src to string dst of size siz (unlike strncat, siz is the + * full size of dst, not space left). At most siz-1 characters + * will be copied. Always NUL terminates (unless siz <= strlen(dst)). + * Returns strlen(src) + MIN(siz, strlen(initial dst)). + * If retval >= siz, truncation occurred. + */ +size_t +strlcat(char *dst, const char *src, size_t siz) +{ + char *d = dst; + const char *s = src; + size_t n = siz; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end */ + while (n-- != 0 && *d != '\0') + d++; + dlen = d - dst; + n = siz - dlen; + + if (n == 0) + return(dlen + strlen(s)); + while (*s != '\0') { + if (n != 1) { + *d++ = *s; + n--; + } + s++; + } + *d = '\0'; + + return(dlen + (s - src)); /* count does not include NUL */ +} + +#endif /* !HAVE_STRLCAT */ diff --git a/include/DomainExec/opensshlib/strlcpy.c b/include/DomainExec/opensshlib/strlcpy.c new file mode 100644 index 00000000..b4b1b601 --- /dev/null +++ b/include/DomainExec/opensshlib/strlcpy.c @@ -0,0 +1,58 @@ +/* $OpenBSD: strlcpy.c,v 1.11 2006/05/05 15:27:38 millert Exp $ */ + +/* + * Copyright (c) 1998 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ + +#include "includes.h" +#ifndef HAVE_STRLCPY + +#include +#include + +/* + * Copy src to string dst of size siz. At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns strlen(src); if retval >= siz, truncation occurred. + */ +size_t +strlcpy(char *dst, const char *src, size_t siz) +{ + char *d = dst; + const char *s = src; + size_t n = siz; + + /* Copy as many bytes as will fit */ + if (n != 0) { + while (--n != 0) { + if ((*d++ = *s++) == '\0') + break; + } + } + + /* Not enough room in dst, add NUL and traverse rest of src */ + if (n == 0) { + if (siz != 0) + *d = '\0'; /* NUL-terminate dst */ + while (*s++) + ; + } + + return(s - src - 1); /* count does not include NUL */ +} + +#endif /* !HAVE_STRLCPY */ diff --git a/include/DomainExec/opensshlib/strsep.c b/include/DomainExec/opensshlib/strsep.c new file mode 100644 index 00000000..b36eb8fd --- /dev/null +++ b/include/DomainExec/opensshlib/strsep.c @@ -0,0 +1,79 @@ +/* $OpenBSD: strsep.c,v 1.6 2005/08/08 08:05:37 espie Exp $ */ + +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */ + +#include "includes.h" + +#if !defined(HAVE_STRSEP) + +#include +#include + +/* + * Get next token from string *stringp, where tokens are possibly-empty + * strings separated by characters from delim. + * + * Writes NULs into the string at *stringp to end tokens. + * delim need not remain constant from call to call. + * On return, *stringp points past the last NUL written (if there might + * be further tokens), or is NULL (if there are definitely no more tokens). + * + * If *stringp is NULL, strsep returns NULL. + */ +char * +strsep(char **stringp, const char *delim) +{ + char *s; + const char *spanp; + int c, sc; + char *tok; + + if ((s = *stringp) == NULL) + return (NULL); + for (tok = s;;) { + c = *s++; + spanp = delim; + do { + if ((sc = *spanp++) == c) { + if (c == 0) + s = NULL; + else + s[-1] = 0; + *stringp = s; + return (tok); + } + } while (sc != 0); + } + /* NOTREACHED */ +} + +#endif /* !defined(HAVE_STRSEP) */ diff --git a/include/DomainExec/opensshlib/strtonum.c b/include/DomainExec/opensshlib/strtonum.c new file mode 100644 index 00000000..87f2f24b --- /dev/null +++ b/include/DomainExec/opensshlib/strtonum.c @@ -0,0 +1,72 @@ +/* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */ + +/* + * Copyright (c) 2004 Ted Unangst and Todd Miller + * All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */ + +#include "includes.h" + +#ifndef HAVE_STRTONUM +#include +#include +#include + +#define INVALID 1 +#define TOOSMALL 2 +#define TOOLARGE 3 + +long long +strtonum(const char *numstr, long long minval, long long maxval, + const char **errstrp) +{ + long long ll = 0; + char *ep; + int error = 0; + struct errval { + const char *errstr; + int err; + } ev[4] = { + { NULL, 0 }, + { "invalid", EINVAL }, + { "too small", ERANGE }, + { "too large", ERANGE }, + }; + + ev[0].err = errno; + errno = 0; + if (minval > maxval) + error = INVALID; + else { + ll = strtoll(numstr, &ep, 10); + if (numstr == ep || *ep != '\0') + error = INVALID; + else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) + error = TOOSMALL; + else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) + error = TOOLARGE; + } + if (errstrp != NULL) + *errstrp = ev[error].errstr; + errno = ev[error].err; + if (error) + ll = 0; + + return (ll); +} + +#endif /* HAVE_STRTONUM */ diff --git a/include/DomainExec/opensshlib/sys-queue.h b/include/DomainExec/opensshlib/sys-queue.h new file mode 100644 index 00000000..28aaaa37 --- /dev/null +++ b/include/DomainExec/opensshlib/sys-queue.h @@ -0,0 +1,653 @@ +/* $OpenBSD: queue.h,v 1.36 2012/04/11 13:29:14 naddy Exp $ */ +/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ + +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)queue.h 8.5 (Berkeley) 8/20/94 + */ + +/* OPENBSD ORIGINAL: sys/sys/queue.h */ + +#ifndef _FAKE_QUEUE_H_ +#define _FAKE_QUEUE_H_ + +/* + * Require for OS/X and other platforms that have old/broken/incomplete + * . + */ +#undef SLIST_HEAD +#undef SLIST_HEAD_INITIALIZER +#undef SLIST_ENTRY +#undef SLIST_FOREACH_PREVPTR +#undef SLIST_FIRST +#undef SLIST_END +#undef SLIST_EMPTY +#undef SLIST_NEXT +#undef SLIST_FOREACH +#undef SLIST_INIT +#undef SLIST_INSERT_AFTER +#undef SLIST_INSERT_HEAD +#undef SLIST_REMOVE_HEAD +#undef SLIST_REMOVE +#undef SLIST_REMOVE_NEXT +#undef LIST_HEAD +#undef LIST_HEAD_INITIALIZER +#undef LIST_ENTRY +#undef LIST_FIRST +#undef LIST_END +#undef LIST_EMPTY +#undef LIST_NEXT +#undef LIST_FOREACH +#undef LIST_INIT +#undef LIST_INSERT_AFTER +#undef LIST_INSERT_BEFORE +#undef LIST_INSERT_HEAD +#undef LIST_REMOVE +#undef LIST_REPLACE +#undef SIMPLEQ_HEAD +#undef SIMPLEQ_HEAD_INITIALIZER +#undef SIMPLEQ_ENTRY +#undef SIMPLEQ_FIRST +#undef SIMPLEQ_END +#undef SIMPLEQ_EMPTY +#undef SIMPLEQ_NEXT +#undef SIMPLEQ_FOREACH +#undef SIMPLEQ_INIT +#undef SIMPLEQ_INSERT_HEAD +#undef SIMPLEQ_INSERT_TAIL +#undef SIMPLEQ_INSERT_AFTER +#undef SIMPLEQ_REMOVE_HEAD +#undef TAILQ_HEAD +#undef TAILQ_HEAD_INITIALIZER +#undef TAILQ_ENTRY +#undef TAILQ_FIRST +#undef TAILQ_END +#undef TAILQ_NEXT +#undef TAILQ_LAST +#undef TAILQ_PREV +#undef TAILQ_EMPTY +#undef TAILQ_FOREACH +#undef TAILQ_FOREACH_REVERSE +#undef TAILQ_INIT +#undef TAILQ_INSERT_HEAD +#undef TAILQ_INSERT_TAIL +#undef TAILQ_INSERT_AFTER +#undef TAILQ_INSERT_BEFORE +#undef TAILQ_REMOVE +#undef TAILQ_REPLACE +#undef CIRCLEQ_HEAD +#undef CIRCLEQ_HEAD_INITIALIZER +#undef CIRCLEQ_ENTRY +#undef CIRCLEQ_FIRST +#undef CIRCLEQ_LAST +#undef CIRCLEQ_END +#undef CIRCLEQ_NEXT +#undef CIRCLEQ_PREV +#undef CIRCLEQ_EMPTY +#undef CIRCLEQ_FOREACH +#undef CIRCLEQ_FOREACH_REVERSE +#undef CIRCLEQ_INIT +#undef CIRCLEQ_INSERT_AFTER +#undef CIRCLEQ_INSERT_BEFORE +#undef CIRCLEQ_INSERT_HEAD +#undef CIRCLEQ_INSERT_TAIL +#undef CIRCLEQ_REMOVE +#undef CIRCLEQ_REPLACE + +/* + * This file defines five types of data structures: singly-linked lists, + * lists, simple queues, tail queues, and circular queues. + * + * + * A singly-linked list is headed by a single forward pointer. The elements + * are singly linked for minimum space and pointer manipulation overhead at + * the expense of O(n) removal for arbitrary elements. New elements can be + * added to the list after an existing element or at the head of the list. + * Elements being removed from the head of the list should use the explicit + * macro for this purpose for optimum efficiency. A singly-linked list may + * only be traversed in the forward direction. Singly-linked lists are ideal + * for applications with large datasets and few or no removals or for + * implementing a LIFO queue. + * + * A list is headed by a single forward pointer (or an array of forward + * pointers for a hash table header). The elements are doubly linked + * so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before + * or after an existing element or at the head of the list. A list + * may only be traversed in the forward direction. + * + * A simple queue is headed by a pair of pointers, one the head of the + * list and the other to the tail of the list. The elements are singly + * linked to save space, so elements can only be removed from the + * head of the list. New elements can be added to the list before or after + * an existing element, at the head of the list, or at the end of the + * list. A simple queue may only be traversed in the forward direction. + * + * A tail queue is headed by a pair of pointers, one to the head of the + * list and the other to the tail of the list. The elements are doubly + * linked so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before or + * after an existing element, at the head of the list, or at the end of + * the list. A tail queue may be traversed in either direction. + * + * A circle queue is headed by a pair of pointers, one to the head of the + * list and the other to the tail of the list. The elements are doubly + * linked so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before or after + * an existing element, at the head of the list, or at the end of the list. + * A circle queue may be traversed in either direction, but has a more + * complex end of list detection. + * + * For details on the use of these macros, see the queue(3) manual page. + */ + +#if defined(QUEUE_MACRO_DEBUG) || (defined(_KERNEL) && defined(DIAGNOSTIC)) +#define _Q_INVALIDATE(a) (a) = ((void *)-1) +#else +#define _Q_INVALIDATE(a) +#endif + +/* + * Singly-linked List definitions. + */ +#define SLIST_HEAD(name, type) \ +struct name { \ + struct type *slh_first; /* first element */ \ +} + +#define SLIST_HEAD_INITIALIZER(head) \ + { NULL } + +#define SLIST_ENTRY(type) \ +struct { \ + struct type *sle_next; /* next element */ \ +} + +/* + * Singly-linked List access methods. + */ +#define SLIST_FIRST(head) ((head)->slh_first) +#define SLIST_END(head) NULL +#define SLIST_EMPTY(head) (SLIST_FIRST(head) == SLIST_END(head)) +#define SLIST_NEXT(elm, field) ((elm)->field.sle_next) + +#define SLIST_FOREACH(var, head, field) \ + for((var) = SLIST_FIRST(head); \ + (var) != SLIST_END(head); \ + (var) = SLIST_NEXT(var, field)) + +#define SLIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = SLIST_FIRST(head); \ + (var) && ((tvar) = SLIST_NEXT(var, field), 1); \ + (var) = (tvar)) + +/* + * Singly-linked List functions. + */ +#define SLIST_INIT(head) { \ + SLIST_FIRST(head) = SLIST_END(head); \ +} + +#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ + (elm)->field.sle_next = (slistelm)->field.sle_next; \ + (slistelm)->field.sle_next = (elm); \ +} while (0) + +#define SLIST_INSERT_HEAD(head, elm, field) do { \ + (elm)->field.sle_next = (head)->slh_first; \ + (head)->slh_first = (elm); \ +} while (0) + +#define SLIST_REMOVE_AFTER(elm, field) do { \ + (elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \ +} while (0) + +#define SLIST_REMOVE_HEAD(head, field) do { \ + (head)->slh_first = (head)->slh_first->field.sle_next; \ +} while (0) + +#define SLIST_REMOVE(head, elm, type, field) do { \ + if ((head)->slh_first == (elm)) { \ + SLIST_REMOVE_HEAD((head), field); \ + } else { \ + struct type *curelm = (head)->slh_first; \ + \ + while (curelm->field.sle_next != (elm)) \ + curelm = curelm->field.sle_next; \ + curelm->field.sle_next = \ + curelm->field.sle_next->field.sle_next; \ + _Q_INVALIDATE((elm)->field.sle_next); \ + } \ +} while (0) + +/* + * List definitions. + */ +#define LIST_HEAD(name, type) \ +struct name { \ + struct type *lh_first; /* first element */ \ +} + +#define LIST_HEAD_INITIALIZER(head) \ + { NULL } + +#define LIST_ENTRY(type) \ +struct { \ + struct type *le_next; /* next element */ \ + struct type **le_prev; /* address of previous next element */ \ +} + +/* + * List access methods + */ +#define LIST_FIRST(head) ((head)->lh_first) +#define LIST_END(head) NULL +#define LIST_EMPTY(head) (LIST_FIRST(head) == LIST_END(head)) +#define LIST_NEXT(elm, field) ((elm)->field.le_next) + +#define LIST_FOREACH(var, head, field) \ + for((var) = LIST_FIRST(head); \ + (var)!= LIST_END(head); \ + (var) = LIST_NEXT(var, field)) + +#define LIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = LIST_FIRST(head); \ + (var) && ((tvar) = LIST_NEXT(var, field), 1); \ + (var) = (tvar)) + +/* + * List functions. + */ +#define LIST_INIT(head) do { \ + LIST_FIRST(head) = LIST_END(head); \ +} while (0) + +#define LIST_INSERT_AFTER(listelm, elm, field) do { \ + if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \ + (listelm)->field.le_next->field.le_prev = \ + &(elm)->field.le_next; \ + (listelm)->field.le_next = (elm); \ + (elm)->field.le_prev = &(listelm)->field.le_next; \ +} while (0) + +#define LIST_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.le_prev = (listelm)->field.le_prev; \ + (elm)->field.le_next = (listelm); \ + *(listelm)->field.le_prev = (elm); \ + (listelm)->field.le_prev = &(elm)->field.le_next; \ +} while (0) + +#define LIST_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.le_next = (head)->lh_first) != NULL) \ + (head)->lh_first->field.le_prev = &(elm)->field.le_next;\ + (head)->lh_first = (elm); \ + (elm)->field.le_prev = &(head)->lh_first; \ +} while (0) + +#define LIST_REMOVE(elm, field) do { \ + if ((elm)->field.le_next != NULL) \ + (elm)->field.le_next->field.le_prev = \ + (elm)->field.le_prev; \ + *(elm)->field.le_prev = (elm)->field.le_next; \ + _Q_INVALIDATE((elm)->field.le_prev); \ + _Q_INVALIDATE((elm)->field.le_next); \ +} while (0) + +#define LIST_REPLACE(elm, elm2, field) do { \ + if (((elm2)->field.le_next = (elm)->field.le_next) != NULL) \ + (elm2)->field.le_next->field.le_prev = \ + &(elm2)->field.le_next; \ + (elm2)->field.le_prev = (elm)->field.le_prev; \ + *(elm2)->field.le_prev = (elm2); \ + _Q_INVALIDATE((elm)->field.le_prev); \ + _Q_INVALIDATE((elm)->field.le_next); \ +} while (0) + +/* + * Simple queue definitions. + */ +#define SIMPLEQ_HEAD(name, type) \ +struct name { \ + struct type *sqh_first; /* first element */ \ + struct type **sqh_last; /* addr of last next element */ \ +} + +#define SIMPLEQ_HEAD_INITIALIZER(head) \ + { NULL, &(head).sqh_first } + +#define SIMPLEQ_ENTRY(type) \ +struct { \ + struct type *sqe_next; /* next element */ \ +} + +/* + * Simple queue access methods. + */ +#define SIMPLEQ_FIRST(head) ((head)->sqh_first) +#define SIMPLEQ_END(head) NULL +#define SIMPLEQ_EMPTY(head) (SIMPLEQ_FIRST(head) == SIMPLEQ_END(head)) +#define SIMPLEQ_NEXT(elm, field) ((elm)->field.sqe_next) + +#define SIMPLEQ_FOREACH(var, head, field) \ + for((var) = SIMPLEQ_FIRST(head); \ + (var) != SIMPLEQ_END(head); \ + (var) = SIMPLEQ_NEXT(var, field)) + +#define SIMPLEQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = SIMPLEQ_FIRST(head); \ + (var) && ((tvar) = SIMPLEQ_NEXT(var, field), 1); \ + (var) = (tvar)) + +/* + * Simple queue functions. + */ +#define SIMPLEQ_INIT(head) do { \ + (head)->sqh_first = NULL; \ + (head)->sqh_last = &(head)->sqh_first; \ +} while (0) + +#define SIMPLEQ_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \ + (head)->sqh_last = &(elm)->field.sqe_next; \ + (head)->sqh_first = (elm); \ +} while (0) + +#define SIMPLEQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.sqe_next = NULL; \ + *(head)->sqh_last = (elm); \ + (head)->sqh_last = &(elm)->field.sqe_next; \ +} while (0) + +#define SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ + if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\ + (head)->sqh_last = &(elm)->field.sqe_next; \ + (listelm)->field.sqe_next = (elm); \ +} while (0) + +#define SIMPLEQ_REMOVE_HEAD(head, field) do { \ + if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \ + (head)->sqh_last = &(head)->sqh_first; \ +} while (0) + +#define SIMPLEQ_REMOVE_AFTER(head, elm, field) do { \ + if (((elm)->field.sqe_next = (elm)->field.sqe_next->field.sqe_next) \ + == NULL) \ + (head)->sqh_last = &(elm)->field.sqe_next; \ +} while (0) + +/* + * Tail queue definitions. + */ +#define TAILQ_HEAD(name, type) \ +struct name { \ + struct type *tqh_first; /* first element */ \ + struct type **tqh_last; /* addr of last next element */ \ +} + +#define TAILQ_HEAD_INITIALIZER(head) \ + { NULL, &(head).tqh_first } + +#define TAILQ_ENTRY(type) \ +struct { \ + struct type *tqe_next; /* next element */ \ + struct type **tqe_prev; /* address of previous next element */ \ +} + +/* + * tail queue access methods + */ +#define TAILQ_FIRST(head) ((head)->tqh_first) +#define TAILQ_END(head) NULL +#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) +#define TAILQ_LAST(head, headname) \ + (*(((struct headname *)((head)->tqh_last))->tqh_last)) +/* XXX */ +#define TAILQ_PREV(elm, headname, field) \ + (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) +#define TAILQ_EMPTY(head) \ + (TAILQ_FIRST(head) == TAILQ_END(head)) + +#define TAILQ_FOREACH(var, head, field) \ + for((var) = TAILQ_FIRST(head); \ + (var) != TAILQ_END(head); \ + (var) = TAILQ_NEXT(var, field)) + +#define TAILQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = TAILQ_FIRST(head); \ + (var) != TAILQ_END(head) && \ + ((tvar) = TAILQ_NEXT(var, field), 1); \ + (var) = (tvar)) + + +#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \ + for((var) = TAILQ_LAST(head, headname); \ + (var) != TAILQ_END(head); \ + (var) = TAILQ_PREV(var, headname, field)) + +#define TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ + for ((var) = TAILQ_LAST(head, headname); \ + (var) != TAILQ_END(head) && \ + ((tvar) = TAILQ_PREV(var, headname, field), 1); \ + (var) = (tvar)) + +/* + * Tail queue functions. + */ +#define TAILQ_INIT(head) do { \ + (head)->tqh_first = NULL; \ + (head)->tqh_last = &(head)->tqh_first; \ +} while (0) + +#define TAILQ_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ + (head)->tqh_first->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (head)->tqh_first = (elm); \ + (elm)->field.tqe_prev = &(head)->tqh_first; \ +} while (0) + +#define TAILQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.tqe_next = NULL; \ + (elm)->field.tqe_prev = (head)->tqh_last; \ + *(head)->tqh_last = (elm); \ + (head)->tqh_last = &(elm)->field.tqe_next; \ +} while (0) + +#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ + if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ + (elm)->field.tqe_next->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (listelm)->field.tqe_next = (elm); \ + (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ +} while (0) + +#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ + (elm)->field.tqe_next = (listelm); \ + *(listelm)->field.tqe_prev = (elm); \ + (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \ +} while (0) + +#define TAILQ_REMOVE(head, elm, field) do { \ + if (((elm)->field.tqe_next) != NULL) \ + (elm)->field.tqe_next->field.tqe_prev = \ + (elm)->field.tqe_prev; \ + else \ + (head)->tqh_last = (elm)->field.tqe_prev; \ + *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ + _Q_INVALIDATE((elm)->field.tqe_prev); \ + _Q_INVALIDATE((elm)->field.tqe_next); \ +} while (0) + +#define TAILQ_REPLACE(head, elm, elm2, field) do { \ + if (((elm2)->field.tqe_next = (elm)->field.tqe_next) != NULL) \ + (elm2)->field.tqe_next->field.tqe_prev = \ + &(elm2)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm2)->field.tqe_next; \ + (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \ + *(elm2)->field.tqe_prev = (elm2); \ + _Q_INVALIDATE((elm)->field.tqe_prev); \ + _Q_INVALIDATE((elm)->field.tqe_next); \ +} while (0) + +/* + * Circular queue definitions. + */ +#define CIRCLEQ_HEAD(name, type) \ +struct name { \ + struct type *cqh_first; /* first element */ \ + struct type *cqh_last; /* last element */ \ +} + +#define CIRCLEQ_HEAD_INITIALIZER(head) \ + { CIRCLEQ_END(&head), CIRCLEQ_END(&head) } + +#define CIRCLEQ_ENTRY(type) \ +struct { \ + struct type *cqe_next; /* next element */ \ + struct type *cqe_prev; /* previous element */ \ +} + +/* + * Circular queue access methods + */ +#define CIRCLEQ_FIRST(head) ((head)->cqh_first) +#define CIRCLEQ_LAST(head) ((head)->cqh_last) +#define CIRCLEQ_END(head) ((void *)(head)) +#define CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next) +#define CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev) +#define CIRCLEQ_EMPTY(head) \ + (CIRCLEQ_FIRST(head) == CIRCLEQ_END(head)) + +#define CIRCLEQ_FOREACH(var, head, field) \ + for((var) = CIRCLEQ_FIRST(head); \ + (var) != CIRCLEQ_END(head); \ + (var) = CIRCLEQ_NEXT(var, field)) + +#define CIRCLEQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = CIRCLEQ_FIRST(head); \ + (var) != CIRCLEQ_END(head) && \ + ((tvar) = CIRCLEQ_NEXT(var, field), 1); \ + (var) = (tvar)) + +#define CIRCLEQ_FOREACH_REVERSE(var, head, field) \ + for((var) = CIRCLEQ_LAST(head); \ + (var) != CIRCLEQ_END(head); \ + (var) = CIRCLEQ_PREV(var, field)) + +#define CIRCLEQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ + for ((var) = CIRCLEQ_LAST(head, headname); \ + (var) != CIRCLEQ_END(head) && \ + ((tvar) = CIRCLEQ_PREV(var, headname, field), 1); \ + (var) = (tvar)) + +/* + * Circular queue functions. + */ +#define CIRCLEQ_INIT(head) do { \ + (head)->cqh_first = CIRCLEQ_END(head); \ + (head)->cqh_last = CIRCLEQ_END(head); \ +} while (0) + +#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ + (elm)->field.cqe_next = (listelm)->field.cqe_next; \ + (elm)->field.cqe_prev = (listelm); \ + if ((listelm)->field.cqe_next == CIRCLEQ_END(head)) \ + (head)->cqh_last = (elm); \ + else \ + (listelm)->field.cqe_next->field.cqe_prev = (elm); \ + (listelm)->field.cqe_next = (elm); \ +} while (0) + +#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \ + (elm)->field.cqe_next = (listelm); \ + (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \ + if ((listelm)->field.cqe_prev == CIRCLEQ_END(head)) \ + (head)->cqh_first = (elm); \ + else \ + (listelm)->field.cqe_prev->field.cqe_next = (elm); \ + (listelm)->field.cqe_prev = (elm); \ +} while (0) + +#define CIRCLEQ_INSERT_HEAD(head, elm, field) do { \ + (elm)->field.cqe_next = (head)->cqh_first; \ + (elm)->field.cqe_prev = CIRCLEQ_END(head); \ + if ((head)->cqh_last == CIRCLEQ_END(head)) \ + (head)->cqh_last = (elm); \ + else \ + (head)->cqh_first->field.cqe_prev = (elm); \ + (head)->cqh_first = (elm); \ +} while (0) + +#define CIRCLEQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.cqe_next = CIRCLEQ_END(head); \ + (elm)->field.cqe_prev = (head)->cqh_last; \ + if ((head)->cqh_first == CIRCLEQ_END(head)) \ + (head)->cqh_first = (elm); \ + else \ + (head)->cqh_last->field.cqe_next = (elm); \ + (head)->cqh_last = (elm); \ +} while (0) + +#define CIRCLEQ_REMOVE(head, elm, field) do { \ + if ((elm)->field.cqe_next == CIRCLEQ_END(head)) \ + (head)->cqh_last = (elm)->field.cqe_prev; \ + else \ + (elm)->field.cqe_next->field.cqe_prev = \ + (elm)->field.cqe_prev; \ + if ((elm)->field.cqe_prev == CIRCLEQ_END(head)) \ + (head)->cqh_first = (elm)->field.cqe_next; \ + else \ + (elm)->field.cqe_prev->field.cqe_next = \ + (elm)->field.cqe_next; \ + _Q_INVALIDATE((elm)->field.cqe_prev); \ + _Q_INVALIDATE((elm)->field.cqe_next); \ +} while (0) + +#define CIRCLEQ_REPLACE(head, elm, elm2, field) do { \ + if (((elm2)->field.cqe_next = (elm)->field.cqe_next) == \ + CIRCLEQ_END(head)) \ + (head).cqh_last = (elm2); \ + else \ + (elm2)->field.cqe_next->field.cqe_prev = (elm2); \ + if (((elm2)->field.cqe_prev = (elm)->field.cqe_prev) == \ + CIRCLEQ_END(head)) \ + (head).cqh_first = (elm2); \ + else \ + (elm2)->field.cqe_prev->field.cqe_next = (elm2); \ + _Q_INVALIDATE((elm)->field.cqe_prev); \ + _Q_INVALIDATE((elm)->field.cqe_next); \ +} while (0) + +#endif /* !_FAKE_QUEUE_H_ */ diff --git a/include/DomainExec/opensshlib/sys-tree.h b/include/DomainExec/opensshlib/sys-tree.h new file mode 100644 index 00000000..7f7546ec --- /dev/null +++ b/include/DomainExec/opensshlib/sys-tree.h @@ -0,0 +1,755 @@ +/* $OpenBSD: tree.h,v 1.13 2011/07/09 00:19:45 pirofti Exp $ */ +/* + * Copyright 2002 Niels Provos + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* OPENBSD ORIGINAL: sys/sys/tree.h */ + +#include "config.h" +#ifdef NO_ATTRIBUTE_ON_RETURN_TYPE +# define __attribute__(x) +#endif + +#ifndef _SYS_TREE_H_ +#define _SYS_TREE_H_ + +/* + * This file defines data structures for different types of trees: + * splay trees and red-black trees. + * + * A splay tree is a self-organizing data structure. Every operation + * on the tree causes a splay to happen. The splay moves the requested + * node to the root of the tree and partly rebalances it. + * + * This has the benefit that request locality causes faster lookups as + * the requested nodes move to the top of the tree. On the other hand, + * every lookup causes memory writes. + * + * The Balance Theorem bounds the total access time for m operations + * and n inserts on an initially empty tree as O((m + n)lg n). The + * amortized cost for a sequence of m accesses to a splay tree is O(lg n); + * + * A red-black tree is a binary search tree with the node color as an + * extra attribute. It fulfills a set of conditions: + * - every search path from the root to a leaf consists of the + * same number of black nodes, + * - each red node (except for the root) has a black parent, + * - each leaf node is black. + * + * Every operation on a red-black tree is bounded as O(lg n). + * The maximum height of a red-black tree is 2lg (n+1). + */ + +#define SPLAY_HEAD(name, type) \ +struct name { \ + struct type *sph_root; /* root of the tree */ \ +} + +#define SPLAY_INITIALIZER(root) \ + { NULL } + +#define SPLAY_INIT(root) do { \ + (root)->sph_root = NULL; \ +} while (0) + +#define SPLAY_ENTRY(type) \ +struct { \ + struct type *spe_left; /* left element */ \ + struct type *spe_right; /* right element */ \ +} + +#define SPLAY_LEFT(elm, field) (elm)->field.spe_left +#define SPLAY_RIGHT(elm, field) (elm)->field.spe_right +#define SPLAY_ROOT(head) (head)->sph_root +#define SPLAY_EMPTY(head) (SPLAY_ROOT(head) == NULL) + +/* SPLAY_ROTATE_{LEFT,RIGHT} expect that tmp hold SPLAY_{RIGHT,LEFT} */ +#define SPLAY_ROTATE_RIGHT(head, tmp, field) do { \ + SPLAY_LEFT((head)->sph_root, field) = SPLAY_RIGHT(tmp, field); \ + SPLAY_RIGHT(tmp, field) = (head)->sph_root; \ + (head)->sph_root = tmp; \ +} while (0) + +#define SPLAY_ROTATE_LEFT(head, tmp, field) do { \ + SPLAY_RIGHT((head)->sph_root, field) = SPLAY_LEFT(tmp, field); \ + SPLAY_LEFT(tmp, field) = (head)->sph_root; \ + (head)->sph_root = tmp; \ +} while (0) + +#define SPLAY_LINKLEFT(head, tmp, field) do { \ + SPLAY_LEFT(tmp, field) = (head)->sph_root; \ + tmp = (head)->sph_root; \ + (head)->sph_root = SPLAY_LEFT((head)->sph_root, field); \ +} while (0) + +#define SPLAY_LINKRIGHT(head, tmp, field) do { \ + SPLAY_RIGHT(tmp, field) = (head)->sph_root; \ + tmp = (head)->sph_root; \ + (head)->sph_root = SPLAY_RIGHT((head)->sph_root, field); \ +} while (0) + +#define SPLAY_ASSEMBLE(head, node, left, right, field) do { \ + SPLAY_RIGHT(left, field) = SPLAY_LEFT((head)->sph_root, field); \ + SPLAY_LEFT(right, field) = SPLAY_RIGHT((head)->sph_root, field);\ + SPLAY_LEFT((head)->sph_root, field) = SPLAY_RIGHT(node, field); \ + SPLAY_RIGHT((head)->sph_root, field) = SPLAY_LEFT(node, field); \ +} while (0) + +/* Generates prototypes and inline functions */ + +#define SPLAY_PROTOTYPE(name, type, field, cmp) \ +void name##_SPLAY(struct name *, struct type *); \ +void name##_SPLAY_MINMAX(struct name *, int); \ +struct type *name##_SPLAY_INSERT(struct name *, struct type *); \ +struct type *name##_SPLAY_REMOVE(struct name *, struct type *); \ + \ +/* Finds the node with the same key as elm */ \ +static __inline struct type * \ +name##_SPLAY_FIND(struct name *head, struct type *elm) \ +{ \ + if (SPLAY_EMPTY(head)) \ + return(NULL); \ + name##_SPLAY(head, elm); \ + if ((cmp)(elm, (head)->sph_root) == 0) \ + return (head->sph_root); \ + return (NULL); \ +} \ + \ +static __inline struct type * \ +name##_SPLAY_NEXT(struct name *head, struct type *elm) \ +{ \ + name##_SPLAY(head, elm); \ + if (SPLAY_RIGHT(elm, field) != NULL) { \ + elm = SPLAY_RIGHT(elm, field); \ + while (SPLAY_LEFT(elm, field) != NULL) { \ + elm = SPLAY_LEFT(elm, field); \ + } \ + } else \ + elm = NULL; \ + return (elm); \ +} \ + \ +static __inline struct type * \ +name##_SPLAY_MIN_MAX(struct name *head, int val) \ +{ \ + name##_SPLAY_MINMAX(head, val); \ + return (SPLAY_ROOT(head)); \ +} + +/* Main splay operation. + * Moves node close to the key of elm to top + */ +#define SPLAY_GENERATE(name, type, field, cmp) \ +struct type * \ +name##_SPLAY_INSERT(struct name *head, struct type *elm) \ +{ \ + if (SPLAY_EMPTY(head)) { \ + SPLAY_LEFT(elm, field) = SPLAY_RIGHT(elm, field) = NULL; \ + } else { \ + int __comp; \ + name##_SPLAY(head, elm); \ + __comp = (cmp)(elm, (head)->sph_root); \ + if(__comp < 0) { \ + SPLAY_LEFT(elm, field) = SPLAY_LEFT((head)->sph_root, field);\ + SPLAY_RIGHT(elm, field) = (head)->sph_root; \ + SPLAY_LEFT((head)->sph_root, field) = NULL; \ + } else if (__comp > 0) { \ + SPLAY_RIGHT(elm, field) = SPLAY_RIGHT((head)->sph_root, field);\ + SPLAY_LEFT(elm, field) = (head)->sph_root; \ + SPLAY_RIGHT((head)->sph_root, field) = NULL; \ + } else \ + return ((head)->sph_root); \ + } \ + (head)->sph_root = (elm); \ + return (NULL); \ +} \ + \ +struct type * \ +name##_SPLAY_REMOVE(struct name *head, struct type *elm) \ +{ \ + struct type *__tmp; \ + if (SPLAY_EMPTY(head)) \ + return (NULL); \ + name##_SPLAY(head, elm); \ + if ((cmp)(elm, (head)->sph_root) == 0) { \ + if (SPLAY_LEFT((head)->sph_root, field) == NULL) { \ + (head)->sph_root = SPLAY_RIGHT((head)->sph_root, field);\ + } else { \ + __tmp = SPLAY_RIGHT((head)->sph_root, field); \ + (head)->sph_root = SPLAY_LEFT((head)->sph_root, field);\ + name##_SPLAY(head, elm); \ + SPLAY_RIGHT((head)->sph_root, field) = __tmp; \ + } \ + return (elm); \ + } \ + return (NULL); \ +} \ + \ +void \ +name##_SPLAY(struct name *head, struct type *elm) \ +{ \ + struct type __node, *__left, *__right, *__tmp; \ + int __comp; \ +\ + SPLAY_LEFT(&__node, field) = SPLAY_RIGHT(&__node, field) = NULL;\ + __left = __right = &__node; \ +\ + while ((__comp = (cmp)(elm, (head)->sph_root))) { \ + if (__comp < 0) { \ + __tmp = SPLAY_LEFT((head)->sph_root, field); \ + if (__tmp == NULL) \ + break; \ + if ((cmp)(elm, __tmp) < 0){ \ + SPLAY_ROTATE_RIGHT(head, __tmp, field); \ + if (SPLAY_LEFT((head)->sph_root, field) == NULL)\ + break; \ + } \ + SPLAY_LINKLEFT(head, __right, field); \ + } else if (__comp > 0) { \ + __tmp = SPLAY_RIGHT((head)->sph_root, field); \ + if (__tmp == NULL) \ + break; \ + if ((cmp)(elm, __tmp) > 0){ \ + SPLAY_ROTATE_LEFT(head, __tmp, field); \ + if (SPLAY_RIGHT((head)->sph_root, field) == NULL)\ + break; \ + } \ + SPLAY_LINKRIGHT(head, __left, field); \ + } \ + } \ + SPLAY_ASSEMBLE(head, &__node, __left, __right, field); \ +} \ + \ +/* Splay with either the minimum or the maximum element \ + * Used to find minimum or maximum element in tree. \ + */ \ +void name##_SPLAY_MINMAX(struct name *head, int __comp) \ +{ \ + struct type __node, *__left, *__right, *__tmp; \ +\ + SPLAY_LEFT(&__node, field) = SPLAY_RIGHT(&__node, field) = NULL;\ + __left = __right = &__node; \ +\ + while (1) { \ + if (__comp < 0) { \ + __tmp = SPLAY_LEFT((head)->sph_root, field); \ + if (__tmp == NULL) \ + break; \ + if (__comp < 0){ \ + SPLAY_ROTATE_RIGHT(head, __tmp, field); \ + if (SPLAY_LEFT((head)->sph_root, field) == NULL)\ + break; \ + } \ + SPLAY_LINKLEFT(head, __right, field); \ + } else if (__comp > 0) { \ + __tmp = SPLAY_RIGHT((head)->sph_root, field); \ + if (__tmp == NULL) \ + break; \ + if (__comp > 0) { \ + SPLAY_ROTATE_LEFT(head, __tmp, field); \ + if (SPLAY_RIGHT((head)->sph_root, field) == NULL)\ + break; \ + } \ + SPLAY_LINKRIGHT(head, __left, field); \ + } \ + } \ + SPLAY_ASSEMBLE(head, &__node, __left, __right, field); \ +} + +#define SPLAY_NEGINF -1 +#define SPLAY_INF 1 + +#define SPLAY_INSERT(name, x, y) name##_SPLAY_INSERT(x, y) +#define SPLAY_REMOVE(name, x, y) name##_SPLAY_REMOVE(x, y) +#define SPLAY_FIND(name, x, y) name##_SPLAY_FIND(x, y) +#define SPLAY_NEXT(name, x, y) name##_SPLAY_NEXT(x, y) +#define SPLAY_MIN(name, x) (SPLAY_EMPTY(x) ? NULL \ + : name##_SPLAY_MIN_MAX(x, SPLAY_NEGINF)) +#define SPLAY_MAX(name, x) (SPLAY_EMPTY(x) ? NULL \ + : name##_SPLAY_MIN_MAX(x, SPLAY_INF)) + +#define SPLAY_FOREACH(x, name, head) \ + for ((x) = SPLAY_MIN(name, head); \ + (x) != NULL; \ + (x) = SPLAY_NEXT(name, head, x)) + +/* Macros that define a red-black tree */ +#define RB_HEAD(name, type) \ +struct name { \ + struct type *rbh_root; /* root of the tree */ \ +} + +#define RB_INITIALIZER(root) \ + { NULL } + +#define RB_INIT(root) do { \ + (root)->rbh_root = NULL; \ +} while (0) + +#define RB_BLACK 0 +#define RB_RED 1 +#define RB_ENTRY(type) \ +struct { \ + struct type *rbe_left; /* left element */ \ + struct type *rbe_right; /* right element */ \ + struct type *rbe_parent; /* parent element */ \ + int rbe_color; /* node color */ \ +} + +#define RB_LEFT(elm, field) (elm)->field.rbe_left +#define RB_RIGHT(elm, field) (elm)->field.rbe_right +#define RB_PARENT(elm, field) (elm)->field.rbe_parent +#define RB_COLOR(elm, field) (elm)->field.rbe_color +#define RB_ROOT(head) (head)->rbh_root +#define RB_EMPTY(head) (RB_ROOT(head) == NULL) + +#define RB_SET(elm, parent, field) do { \ + RB_PARENT(elm, field) = parent; \ + RB_LEFT(elm, field) = RB_RIGHT(elm, field) = NULL; \ + RB_COLOR(elm, field) = RB_RED; \ +} while (0) + +#define RB_SET_BLACKRED(black, red, field) do { \ + RB_COLOR(black, field) = RB_BLACK; \ + RB_COLOR(red, field) = RB_RED; \ +} while (0) + +#ifndef RB_AUGMENT +#define RB_AUGMENT(x) do {} while (0) +#endif + +#define RB_ROTATE_LEFT(head, elm, tmp, field) do { \ + (tmp) = RB_RIGHT(elm, field); \ + if ((RB_RIGHT(elm, field) = RB_LEFT(tmp, field))) { \ + RB_PARENT(RB_LEFT(tmp, field), field) = (elm); \ + } \ + RB_AUGMENT(elm); \ + if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field))) { \ + if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \ + RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ + else \ + RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ + } else \ + (head)->rbh_root = (tmp); \ + RB_LEFT(tmp, field) = (elm); \ + RB_PARENT(elm, field) = (tmp); \ + RB_AUGMENT(tmp); \ + if ((RB_PARENT(tmp, field))) \ + RB_AUGMENT(RB_PARENT(tmp, field)); \ +} while (0) + +#define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \ + (tmp) = RB_LEFT(elm, field); \ + if ((RB_LEFT(elm, field) = RB_RIGHT(tmp, field))) { \ + RB_PARENT(RB_RIGHT(tmp, field), field) = (elm); \ + } \ + RB_AUGMENT(elm); \ + if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field))) { \ + if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \ + RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ + else \ + RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ + } else \ + (head)->rbh_root = (tmp); \ + RB_RIGHT(tmp, field) = (elm); \ + RB_PARENT(elm, field) = (tmp); \ + RB_AUGMENT(tmp); \ + if ((RB_PARENT(tmp, field))) \ + RB_AUGMENT(RB_PARENT(tmp, field)); \ +} while (0) + +/* Generates prototypes and inline functions */ +#define RB_PROTOTYPE(name, type, field, cmp) \ + RB_PROTOTYPE_INTERNAL(name, type, field, cmp,) +#define RB_PROTOTYPE_STATIC(name, type, field, cmp) \ + RB_PROTOTYPE_INTERNAL(name, type, field, cmp, __attribute__((__unused__)) static) +#define RB_PROTOTYPE_INTERNAL(name, type, field, cmp, attr) \ +attr void name##_RB_INSERT_COLOR(struct name *, struct type *); \ +attr void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\ +attr struct type *name##_RB_REMOVE(struct name *, struct type *); \ +attr struct type *name##_RB_INSERT(struct name *, struct type *); \ +attr struct type *name##_RB_FIND(struct name *, struct type *); \ +attr struct type *name##_RB_NFIND(struct name *, struct type *); \ +attr struct type *name##_RB_NEXT(struct type *); \ +attr struct type *name##_RB_PREV(struct type *); \ +attr struct type *name##_RB_MINMAX(struct name *, int); \ + \ + +/* Main rb operation. + * Moves node close to the key of elm to top + */ +#define RB_GENERATE(name, type, field, cmp) \ + RB_GENERATE_INTERNAL(name, type, field, cmp,) +#define RB_GENERATE_STATIC(name, type, field, cmp) \ + RB_GENERATE_INTERNAL(name, type, field, cmp, __attribute__((__unused__)) static) +#define RB_GENERATE_INTERNAL(name, type, field, cmp, attr) \ +attr void \ +name##_RB_INSERT_COLOR(struct name *head, struct type *elm) \ +{ \ + struct type *parent, *gparent, *tmp; \ + while ((parent = RB_PARENT(elm, field)) && \ + RB_COLOR(parent, field) == RB_RED) { \ + gparent = RB_PARENT(parent, field); \ + if (parent == RB_LEFT(gparent, field)) { \ + tmp = RB_RIGHT(gparent, field); \ + if (tmp && RB_COLOR(tmp, field) == RB_RED) { \ + RB_COLOR(tmp, field) = RB_BLACK; \ + RB_SET_BLACKRED(parent, gparent, field);\ + elm = gparent; \ + continue; \ + } \ + if (RB_RIGHT(parent, field) == elm) { \ + RB_ROTATE_LEFT(head, parent, tmp, field);\ + tmp = parent; \ + parent = elm; \ + elm = tmp; \ + } \ + RB_SET_BLACKRED(parent, gparent, field); \ + RB_ROTATE_RIGHT(head, gparent, tmp, field); \ + } else { \ + tmp = RB_LEFT(gparent, field); \ + if (tmp && RB_COLOR(tmp, field) == RB_RED) { \ + RB_COLOR(tmp, field) = RB_BLACK; \ + RB_SET_BLACKRED(parent, gparent, field);\ + elm = gparent; \ + continue; \ + } \ + if (RB_LEFT(parent, field) == elm) { \ + RB_ROTATE_RIGHT(head, parent, tmp, field);\ + tmp = parent; \ + parent = elm; \ + elm = tmp; \ + } \ + RB_SET_BLACKRED(parent, gparent, field); \ + RB_ROTATE_LEFT(head, gparent, tmp, field); \ + } \ + } \ + RB_COLOR(head->rbh_root, field) = RB_BLACK; \ +} \ + \ +attr void \ +name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm) \ +{ \ + struct type *tmp; \ + while ((elm == NULL || RB_COLOR(elm, field) == RB_BLACK) && \ + elm != RB_ROOT(head)) { \ + if (RB_LEFT(parent, field) == elm) { \ + tmp = RB_RIGHT(parent, field); \ + if (RB_COLOR(tmp, field) == RB_RED) { \ + RB_SET_BLACKRED(tmp, parent, field); \ + RB_ROTATE_LEFT(head, parent, tmp, field);\ + tmp = RB_RIGHT(parent, field); \ + } \ + if ((RB_LEFT(tmp, field) == NULL || \ + RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\ + (RB_RIGHT(tmp, field) == NULL || \ + RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\ + RB_COLOR(tmp, field) = RB_RED; \ + elm = parent; \ + parent = RB_PARENT(elm, field); \ + } else { \ + if (RB_RIGHT(tmp, field) == NULL || \ + RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK) {\ + struct type *oleft; \ + if ((oleft = RB_LEFT(tmp, field)))\ + RB_COLOR(oleft, field) = RB_BLACK;\ + RB_COLOR(tmp, field) = RB_RED; \ + RB_ROTATE_RIGHT(head, tmp, oleft, field);\ + tmp = RB_RIGHT(parent, field); \ + } \ + RB_COLOR(tmp, field) = RB_COLOR(parent, field);\ + RB_COLOR(parent, field) = RB_BLACK; \ + if (RB_RIGHT(tmp, field)) \ + RB_COLOR(RB_RIGHT(tmp, field), field) = RB_BLACK;\ + RB_ROTATE_LEFT(head, parent, tmp, field);\ + elm = RB_ROOT(head); \ + break; \ + } \ + } else { \ + tmp = RB_LEFT(parent, field); \ + if (RB_COLOR(tmp, field) == RB_RED) { \ + RB_SET_BLACKRED(tmp, parent, field); \ + RB_ROTATE_RIGHT(head, parent, tmp, field);\ + tmp = RB_LEFT(parent, field); \ + } \ + if ((RB_LEFT(tmp, field) == NULL || \ + RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\ + (RB_RIGHT(tmp, field) == NULL || \ + RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\ + RB_COLOR(tmp, field) = RB_RED; \ + elm = parent; \ + parent = RB_PARENT(elm, field); \ + } else { \ + if (RB_LEFT(tmp, field) == NULL || \ + RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) {\ + struct type *oright; \ + if ((oright = RB_RIGHT(tmp, field)))\ + RB_COLOR(oright, field) = RB_BLACK;\ + RB_COLOR(tmp, field) = RB_RED; \ + RB_ROTATE_LEFT(head, tmp, oright, field);\ + tmp = RB_LEFT(parent, field); \ + } \ + RB_COLOR(tmp, field) = RB_COLOR(parent, field);\ + RB_COLOR(parent, field) = RB_BLACK; \ + if (RB_LEFT(tmp, field)) \ + RB_COLOR(RB_LEFT(tmp, field), field) = RB_BLACK;\ + RB_ROTATE_RIGHT(head, parent, tmp, field);\ + elm = RB_ROOT(head); \ + break; \ + } \ + } \ + } \ + if (elm) \ + RB_COLOR(elm, field) = RB_BLACK; \ +} \ + \ +attr struct type * \ +name##_RB_REMOVE(struct name *head, struct type *elm) \ +{ \ + struct type *child, *parent, *old = elm; \ + int color; \ + if (RB_LEFT(elm, field) == NULL) \ + child = RB_RIGHT(elm, field); \ + else if (RB_RIGHT(elm, field) == NULL) \ + child = RB_LEFT(elm, field); \ + else { \ + struct type *left; \ + elm = RB_RIGHT(elm, field); \ + while ((left = RB_LEFT(elm, field))) \ + elm = left; \ + child = RB_RIGHT(elm, field); \ + parent = RB_PARENT(elm, field); \ + color = RB_COLOR(elm, field); \ + if (child) \ + RB_PARENT(child, field) = parent; \ + if (parent) { \ + if (RB_LEFT(parent, field) == elm) \ + RB_LEFT(parent, field) = child; \ + else \ + RB_RIGHT(parent, field) = child; \ + RB_AUGMENT(parent); \ + } else \ + RB_ROOT(head) = child; \ + if (RB_PARENT(elm, field) == old) \ + parent = elm; \ + (elm)->field = (old)->field; \ + if (RB_PARENT(old, field)) { \ + if (RB_LEFT(RB_PARENT(old, field), field) == old)\ + RB_LEFT(RB_PARENT(old, field), field) = elm;\ + else \ + RB_RIGHT(RB_PARENT(old, field), field) = elm;\ + RB_AUGMENT(RB_PARENT(old, field)); \ + } else \ + RB_ROOT(head) = elm; \ + RB_PARENT(RB_LEFT(old, field), field) = elm; \ + if (RB_RIGHT(old, field)) \ + RB_PARENT(RB_RIGHT(old, field), field) = elm; \ + if (parent) { \ + left = parent; \ + do { \ + RB_AUGMENT(left); \ + } while ((left = RB_PARENT(left, field))); \ + } \ + goto color; \ + } \ + parent = RB_PARENT(elm, field); \ + color = RB_COLOR(elm, field); \ + if (child) \ + RB_PARENT(child, field) = parent; \ + if (parent) { \ + if (RB_LEFT(parent, field) == elm) \ + RB_LEFT(parent, field) = child; \ + else \ + RB_RIGHT(parent, field) = child; \ + RB_AUGMENT(parent); \ + } else \ + RB_ROOT(head) = child; \ +color: \ + if (color == RB_BLACK) \ + name##_RB_REMOVE_COLOR(head, parent, child); \ + return (old); \ +} \ + \ +/* Inserts a node into the RB tree */ \ +attr struct type * \ +name##_RB_INSERT(struct name *head, struct type *elm) \ +{ \ + struct type *tmp; \ + struct type *parent = NULL; \ + int comp = 0; \ + tmp = RB_ROOT(head); \ + while (tmp) { \ + parent = tmp; \ + comp = (cmp)(elm, parent); \ + if (comp < 0) \ + tmp = RB_LEFT(tmp, field); \ + else if (comp > 0) \ + tmp = RB_RIGHT(tmp, field); \ + else \ + return (tmp); \ + } \ + RB_SET(elm, parent, field); \ + if (parent != NULL) { \ + if (comp < 0) \ + RB_LEFT(parent, field) = elm; \ + else \ + RB_RIGHT(parent, field) = elm; \ + RB_AUGMENT(parent); \ + } else \ + RB_ROOT(head) = elm; \ + name##_RB_INSERT_COLOR(head, elm); \ + return (NULL); \ +} \ + \ +/* Finds the node with the same key as elm */ \ +attr struct type * \ +name##_RB_FIND(struct name *head, struct type *elm) \ +{ \ + struct type *tmp = RB_ROOT(head); \ + int comp; \ + while (tmp) { \ + comp = cmp(elm, tmp); \ + if (comp < 0) \ + tmp = RB_LEFT(tmp, field); \ + else if (comp > 0) \ + tmp = RB_RIGHT(tmp, field); \ + else \ + return (tmp); \ + } \ + return (NULL); \ +} \ + \ +/* Finds the first node greater than or equal to the search key */ \ +attr struct type * \ +name##_RB_NFIND(struct name *head, struct type *elm) \ +{ \ + struct type *tmp = RB_ROOT(head); \ + struct type *res = NULL; \ + int comp; \ + while (tmp) { \ + comp = cmp(elm, tmp); \ + if (comp < 0) { \ + res = tmp; \ + tmp = RB_LEFT(tmp, field); \ + } \ + else if (comp > 0) \ + tmp = RB_RIGHT(tmp, field); \ + else \ + return (tmp); \ + } \ + return (res); \ +} \ + \ +/* ARGSUSED */ \ +attr struct type * \ +name##_RB_NEXT(struct type *elm) \ +{ \ + if (RB_RIGHT(elm, field)) { \ + elm = RB_RIGHT(elm, field); \ + while (RB_LEFT(elm, field)) \ + elm = RB_LEFT(elm, field); \ + } else { \ + if (RB_PARENT(elm, field) && \ + (elm == RB_LEFT(RB_PARENT(elm, field), field))) \ + elm = RB_PARENT(elm, field); \ + else { \ + while (RB_PARENT(elm, field) && \ + (elm == RB_RIGHT(RB_PARENT(elm, field), field)))\ + elm = RB_PARENT(elm, field); \ + elm = RB_PARENT(elm, field); \ + } \ + } \ + return (elm); \ +} \ + \ +/* ARGSUSED */ \ +attr struct type * \ +name##_RB_PREV(struct type *elm) \ +{ \ + if (RB_LEFT(elm, field)) { \ + elm = RB_LEFT(elm, field); \ + while (RB_RIGHT(elm, field)) \ + elm = RB_RIGHT(elm, field); \ + } else { \ + if (RB_PARENT(elm, field) && \ + (elm == RB_RIGHT(RB_PARENT(elm, field), field))) \ + elm = RB_PARENT(elm, field); \ + else { \ + while (RB_PARENT(elm, field) && \ + (elm == RB_LEFT(RB_PARENT(elm, field), field)))\ + elm = RB_PARENT(elm, field); \ + elm = RB_PARENT(elm, field); \ + } \ + } \ + return (elm); \ +} \ + \ +attr struct type * \ +name##_RB_MINMAX(struct name *head, int val) \ +{ \ + struct type *tmp = RB_ROOT(head); \ + struct type *parent = NULL; \ + while (tmp) { \ + parent = tmp; \ + if (val < 0) \ + tmp = RB_LEFT(tmp, field); \ + else \ + tmp = RB_RIGHT(tmp, field); \ + } \ + return (parent); \ +} + +#define RB_NEGINF -1 +#define RB_INF 1 + +#define RB_INSERT(name, x, y) name##_RB_INSERT(x, y) +#define RB_REMOVE(name, x, y) name##_RB_REMOVE(x, y) +#define RB_FIND(name, x, y) name##_RB_FIND(x, y) +#define RB_NFIND(name, x, y) name##_RB_NFIND(x, y) +#define RB_NEXT(name, x, y) name##_RB_NEXT(y) +#define RB_PREV(name, x, y) name##_RB_PREV(y) +#define RB_MIN(name, x) name##_RB_MINMAX(x, RB_NEGINF) +#define RB_MAX(name, x) name##_RB_MINMAX(x, RB_INF) + +#define RB_FOREACH(x, name, head) \ + for ((x) = RB_MIN(name, head); \ + (x) != NULL; \ + (x) = name##_RB_NEXT(x)) + +#define RB_FOREACH_SAFE(x, name, head, y) \ + for ((x) = RB_MIN(name, head); \ + ((x) != NULL) && ((y) = name##_RB_NEXT(x), 1); \ + (x) = (y)) + +#define RB_FOREACH_REVERSE(x, name, head) \ + for ((x) = RB_MAX(name, head); \ + (x) != NULL; \ + (x) = name##_RB_PREV(x)) + +#define RB_FOREACH_REVERSE_SAFE(x, name, head, y) \ + for ((x) = RB_MAX(name, head); \ + ((x) != NULL) && ((y) = name##_RB_PREV(x), 1); \ + (x) = (y)) + +#endif /* _SYS_TREE_H_ */ diff --git a/include/DomainExec/opensshlib/timingsafe_bcmp.c b/include/DomainExec/opensshlib/timingsafe_bcmp.c new file mode 100644 index 00000000..7e28c0e2 --- /dev/null +++ b/include/DomainExec/opensshlib/timingsafe_bcmp.c @@ -0,0 +1,34 @@ +/* $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $ */ +/* + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/timingsafe_bcmp.c */ + +#include "includes.h" +#ifndef HAVE_TIMINGSAFE_BCMP + +int +timingsafe_bcmp(const void *b1, const void *b2, size_t n) +{ + const unsigned char *p1 = b1, *p2 = b2; + int ret = 0; + + for (; n > 0; n--) + ret |= *p1++ ^ *p2++; + return (ret != 0); +} + +#endif /* TIMINGSAFE_BCMP */ diff --git a/include/DomainExec/opensshlib/uidswap.h b/include/DomainExec/opensshlib/uidswap.h new file mode 100644 index 00000000..1c1163d7 --- /dev/null +++ b/include/DomainExec/opensshlib/uidswap.h @@ -0,0 +1,18 @@ +/* $OpenBSD: uidswap.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +void temporarily_use_uid(struct passwd *); +void restore_uid(void); +void permanently_set_uid(struct passwd *); +void permanently_drop_suid(uid_t); diff --git a/include/DomainExec/opensshlib/umac.c b/include/DomainExec/opensshlib/umac.c new file mode 100644 index 00000000..6ab3e4f4 --- /dev/null +++ b/include/DomainExec/opensshlib/umac.c @@ -0,0 +1,1278 @@ +/* $OpenBSD: umac.c,v 1.11 2014/07/22 07:13:42 guenther Exp $ */ +/* ----------------------------------------------------------------------- + * + * umac.c -- C Implementation UMAC Message Authentication + * + * Version 0.93b of rfc4418.txt -- 2006 July 18 + * + * For a full description of UMAC message authentication see the UMAC + * world-wide-web page at http://www.cs.ucdavis.edu/~rogaway/umac + * Please report bugs and suggestions to the UMAC webpage. + * + * Copyright (c) 1999-2006 Ted Krovetz + * + * Permission to use, copy, modify, and distribute this software and + * its documentation for any purpose and with or without fee, is hereby + * granted provided that the above copyright notice appears in all copies + * and in supporting documentation, and that the name of the copyright + * holder not be used in advertising or publicity pertaining to + * distribution of the software without specific, written prior permission. + * + * Comments should be directed to Ted Krovetz (tdk@acm.org) + * + * ---------------------------------------------------------------------- */ + + /* ////////////////////// IMPORTANT NOTES ///////////////////////////////// + * + * 1) This version does not work properly on messages larger than 16MB + * + * 2) If you set the switch to use SSE2, then all data must be 16-byte + * aligned + * + * 3) When calling the function umac(), it is assumed that msg is in + * a writable buffer of length divisible by 32 bytes. The message itself + * does not have to fill the entire buffer, but bytes beyond msg may be + * zeroed. + * + * 4) Three free AES implementations are supported by this implementation of + * UMAC. Paulo Barreto's version is in the public domain and can be found + * at http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ (search for + * "Barreto"). The only two files needed are rijndael-alg-fst.c and + * rijndael-alg-fst.h. Brian Gladman's version is distributed with the GNU + * Public lisence at http://fp.gladman.plus.com/AES/index.htm. It + * includes a fast IA-32 assembly version. The OpenSSL crypo library is + * the third. + * + * 5) With FORCE_C_ONLY flags set to 0, incorrect results are sometimes + * produced under gcc with optimizations set -O3 or higher. Dunno why. + * + /////////////////////////////////////////////////////////////////////// */ + +/* ---------------------------------------------------------------------- */ +/* --- User Switches ---------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ + +#ifndef UMAC_OUTPUT_LEN +#define UMAC_OUTPUT_LEN 8 /* Alowable: 4, 8, 12, 16 */ +#endif + +#if UMAC_OUTPUT_LEN != 4 && UMAC_OUTPUT_LEN != 8 && \ + UMAC_OUTPUT_LEN != 12 && UMAC_OUTPUT_LEN != 16 +# error UMAC_OUTPUT_LEN must be defined to 4, 8, 12 or 16 +#endif + +/* #define FORCE_C_ONLY 1 ANSI C and 64-bit integers req'd */ +/* #define AES_IMPLEMENTAION 1 1 = OpenSSL, 2 = Barreto, 3 = Gladman */ +/* #define SSE2 0 Is SSE2 is available? */ +/* #define RUN_TESTS 0 Run basic correctness/speed tests */ +/* #define UMAC_AE_SUPPORT 0 Enable auhthenticated encrytion */ + +/* ---------------------------------------------------------------------- */ +/* -- Global Includes --------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ + +#include "includes.h" +#include +#include +#include +#include +#include + +#include "xmalloc.h" +#include "umac.h" +#include "misc.h" + +/* ---------------------------------------------------------------------- */ +/* --- Primitive Data Types --- */ +/* ---------------------------------------------------------------------- */ + +/* The following assumptions may need change on your system */ +typedef u_int8_t UINT8; /* 1 byte */ +typedef u_int16_t UINT16; /* 2 byte */ +typedef u_int32_t UINT32; /* 4 byte */ +typedef u_int64_t UINT64; /* 8 bytes */ +#ifndef WIN32 +typedef unsigned int UWORD; /* Register */ +#endif + +/* ---------------------------------------------------------------------- */ +/* --- Constants -------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ + +#define UMAC_KEY_LEN 16 /* UMAC takes 16 bytes of external key */ + +/* Message "words" are read from memory in an endian-specific manner. */ +/* For this implementation to behave correctly, __LITTLE_ENDIAN__ must */ +/* be set true if the host computer is little-endian. */ + +#if BYTE_ORDER == LITTLE_ENDIAN +#define __LITTLE_ENDIAN__ 1 +#else +#define __LITTLE_ENDIAN__ 0 +#endif + +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ----- Architecture Specific ------------------------------------------ */ +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ + + +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ----- Primitive Routines --------------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ + + +/* ---------------------------------------------------------------------- */ +/* --- 32-bit by 32-bit to 64-bit Multiplication ------------------------ */ +/* ---------------------------------------------------------------------- */ + +#define MUL64(a,b) ((UINT64)((UINT64)(UINT32)(a) * (UINT64)(UINT32)(b))) + +/* ---------------------------------------------------------------------- */ +/* --- Endian Conversion --- Forcing assembly on some platforms */ +/* ---------------------------------------------------------------------- */ + +#if (__LITTLE_ENDIAN__) +#define LOAD_UINT32_REVERSED(p) get_u32(p) +#define STORE_UINT32_REVERSED(p,v) put_u32(p,v) +#else +#define LOAD_UINT32_REVERSED(p) get_u32_le(p) +#define STORE_UINT32_REVERSED(p,v) put_u32_le(p,v) +#endif + +#define LOAD_UINT32_LITTLE(p) (get_u32_le(p)) +#define STORE_UINT32_BIG(p,v) put_u32(p, v) + +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ----- Begin KDF & PDF Section ---------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ + +/* UMAC uses AES with 16 byte block and key lengths */ +#define AES_BLOCK_LEN 16 + +/* OpenSSL's AES */ +#ifdef WITH_OPENSSL +#include "openssl-compat.h" +#ifndef USE_BUILTIN_RIJNDAEL +# include +#endif +typedef AES_KEY aes_int_key[1]; +#define aes_encryption(in,out,int_key) \ + AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) +#define aes_key_setup(key,int_key) \ + AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key) +#else +#include "rijndael.h" +#define AES_ROUNDS ((UMAC_KEY_LEN / 4) + 6) +typedef UINT8 aes_int_key[AES_ROUNDS+1][4][4]; /* AES internal */ +#define aes_encryption(in,out,int_key) \ + rijndaelEncrypt((u32 *)(int_key), AES_ROUNDS, (u8 *)(in), (u8 *)(out)) +#define aes_key_setup(key,int_key) \ + rijndaelKeySetupEnc((u32 *)(int_key), (const unsigned char *)(key), \ + UMAC_KEY_LEN*8) +#endif + +/* The user-supplied UMAC key is stretched using AES in a counter + * mode to supply all random bits needed by UMAC. The kdf function takes + * an AES internal key representation 'key' and writes a stream of + * 'nbytes' bytes to the memory pointed at by 'bufp'. Each distinct + * 'ndx' causes a distinct byte stream. + */ +static void kdf(void *bufp, aes_int_key key, UINT8 ndx, int nbytes) +{ + UINT8 in_buf[AES_BLOCK_LEN] = {0}; + UINT8 out_buf[AES_BLOCK_LEN]; + UINT8 *dst_buf = (UINT8 *)bufp; + int i; + + /* Setup the initial value */ + in_buf[AES_BLOCK_LEN-9] = ndx; + in_buf[AES_BLOCK_LEN-1] = i = 1; + + while (nbytes >= AES_BLOCK_LEN) { + aes_encryption(in_buf, out_buf, key); + memcpy(dst_buf,out_buf,AES_BLOCK_LEN); + in_buf[AES_BLOCK_LEN-1] = ++i; + nbytes -= AES_BLOCK_LEN; + dst_buf += AES_BLOCK_LEN; + } + if (nbytes) { + aes_encryption(in_buf, out_buf, key); + memcpy(dst_buf,out_buf,nbytes); + } +} + +/* The final UHASH result is XOR'd with the output of a pseudorandom + * function. Here, we use AES to generate random output and + * xor the appropriate bytes depending on the last bits of nonce. + * This scheme is optimized for sequential, increasing big-endian nonces. + */ + +typedef struct { + UINT8 cache[AES_BLOCK_LEN]; /* Previous AES output is saved */ + UINT8 nonce[AES_BLOCK_LEN]; /* The AES input making above cache */ + aes_int_key prf_key; /* Expanded AES key for PDF */ +} pdf_ctx; + +static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) +{ + UINT8 buf[UMAC_KEY_LEN]; + + kdf(buf, prf_key, 0, UMAC_KEY_LEN); + aes_key_setup(buf, pc->prf_key); + + /* Initialize pdf and cache */ + memset(pc->nonce, 0, sizeof(pc->nonce)); + aes_encryption(pc->nonce, pc->cache, pc->prf_key); +} + +static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) +{ + /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes + * of the AES output. If last time around we returned the ndx-1st + * element, then we may have the result in the cache already. + */ + +#if (UMAC_OUTPUT_LEN == 4) +#define LOW_BIT_MASK 3 +#elif (UMAC_OUTPUT_LEN == 8) +#define LOW_BIT_MASK 1 +#elif (UMAC_OUTPUT_LEN > 8) +#define LOW_BIT_MASK 0 +#endif + union { + UINT8 tmp_nonce_lo[4]; + UINT32 align; + } t; +#if LOW_BIT_MASK != 0 + int ndx = nonce[7] & LOW_BIT_MASK; +#endif + *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1]; + t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ + + if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || + (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) + { + ((UINT32 *)pc->nonce)[0] = ((const UINT32 *)nonce)[0]; + ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; + aes_encryption(pc->nonce, pc->cache, pc->prf_key); + } + +#if (UMAC_OUTPUT_LEN == 4) + *((UINT32 *)buf) ^= ((UINT32 *)pc->cache)[ndx]; +#elif (UMAC_OUTPUT_LEN == 8) + *((UINT64 *)buf) ^= ((UINT64 *)pc->cache)[ndx]; +#elif (UMAC_OUTPUT_LEN == 12) + ((UINT64 *)buf)[0] ^= ((UINT64 *)pc->cache)[0]; + ((UINT32 *)buf)[2] ^= ((UINT32 *)pc->cache)[2]; +#elif (UMAC_OUTPUT_LEN == 16) + ((UINT64 *)buf)[0] ^= ((UINT64 *)pc->cache)[0]; + ((UINT64 *)buf)[1] ^= ((UINT64 *)pc->cache)[1]; +#endif +} + +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ----- Begin NH Hash Section ------------------------------------------ */ +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ + +/* The NH-based hash functions used in UMAC are described in the UMAC paper + * and specification, both of which can be found at the UMAC website. + * The interface to this implementation has two + * versions, one expects the entire message being hashed to be passed + * in a single buffer and returns the hash result immediately. The second + * allows the message to be passed in a sequence of buffers. In the + * muliple-buffer interface, the client calls the routine nh_update() as + * many times as necessary. When there is no more data to be fed to the + * hash, the client calls nh_final() which calculates the hash output. + * Before beginning another hash calculation the nh_reset() routine + * must be called. The single-buffer routine, nh(), is equivalent to + * the sequence of calls nh_update() and nh_final(); however it is + * optimized and should be prefered whenever the multiple-buffer interface + * is not necessary. When using either interface, it is the client's + * responsability to pass no more than L1_KEY_LEN bytes per hash result. + * + * The routine nh_init() initializes the nh_ctx data structure and + * must be called once, before any other PDF routine. + */ + + /* The "nh_aux" routines do the actual NH hashing work. They + * expect buffers to be multiples of L1_PAD_BOUNDARY. These routines + * produce output for all STREAMS NH iterations in one call, + * allowing the parallel implementation of the streams. + */ + +#define STREAMS (UMAC_OUTPUT_LEN / 4) /* Number of times hash is applied */ +#define L1_KEY_LEN 1024 /* Internal key bytes */ +#define L1_KEY_SHIFT 16 /* Toeplitz key shift between streams */ +#define L1_PAD_BOUNDARY 32 /* pad message to boundary multiple */ +#define ALLOC_BOUNDARY 16 /* Keep buffers aligned to this */ +#define HASH_BUF_BYTES 64 /* nh_aux_hb buffer multiple */ + +typedef struct { + UINT8 nh_key [L1_KEY_LEN + L1_KEY_SHIFT * (STREAMS - 1)]; /* NH Key */ + UINT8 data [HASH_BUF_BYTES]; /* Incoming data buffer */ + int next_data_empty; /* Bookeeping variable for data buffer. */ + int bytes_hashed; /* Bytes (out of L1_KEY_LEN) incorperated. */ + UINT64 state[STREAMS]; /* on-line state */ +} nh_ctx; + + +#if (UMAC_OUTPUT_LEN == 4) + +static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) +/* NH hashing primitive. Previous (partial) hash result is loaded and +* then stored via hp pointer. The length of the data pointed at by "dp", +* "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key +* is expected to be endian compensated in memory at key setup. +*/ +{ + UINT64 h; + UWORD c = dlen / 32; + UINT32 *k = (UINT32 *)kp; + const UINT32 *d = (const UINT32 *)dp; + UINT32 d0,d1,d2,d3,d4,d5,d6,d7; + UINT32 k0,k1,k2,k3,k4,k5,k6,k7; + + h = *((UINT64 *)hp); + do { + d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); + d2 = LOAD_UINT32_LITTLE(d+2); d3 = LOAD_UINT32_LITTLE(d+3); + d4 = LOAD_UINT32_LITTLE(d+4); d5 = LOAD_UINT32_LITTLE(d+5); + d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); + k0 = *(k+0); k1 = *(k+1); k2 = *(k+2); k3 = *(k+3); + k4 = *(k+4); k5 = *(k+5); k6 = *(k+6); k7 = *(k+7); + h += MUL64((k0 + d0), (k4 + d4)); + h += MUL64((k1 + d1), (k5 + d5)); + h += MUL64((k2 + d2), (k6 + d6)); + h += MUL64((k3 + d3), (k7 + d7)); + + d += 8; + k += 8; + } while (--c); + *((UINT64 *)hp) = h; +} + +#elif (UMAC_OUTPUT_LEN == 8) + +static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) +/* Same as previous nh_aux, but two streams are handled in one pass, + * reading and writing 16 bytes of hash-state per call. + */ +{ + UINT64 h1,h2; + UWORD c = dlen / 32; + UINT32 *k = (UINT32 *)kp; + const UINT32 *d = (const UINT32 *)dp; + UINT32 d0,d1,d2,d3,d4,d5,d6,d7; + UINT32 k0,k1,k2,k3,k4,k5,k6,k7, + k8,k9,k10,k11; + + h1 = *((UINT64 *)hp); + h2 = *((UINT64 *)hp + 1); + k0 = *(k+0); k1 = *(k+1); k2 = *(k+2); k3 = *(k+3); + do { + d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); + d2 = LOAD_UINT32_LITTLE(d+2); d3 = LOAD_UINT32_LITTLE(d+3); + d4 = LOAD_UINT32_LITTLE(d+4); d5 = LOAD_UINT32_LITTLE(d+5); + d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); + k4 = *(k+4); k5 = *(k+5); k6 = *(k+6); k7 = *(k+7); + k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); + + h1 += MUL64((k0 + d0), (k4 + d4)); + h2 += MUL64((k4 + d0), (k8 + d4)); + + h1 += MUL64((k1 + d1), (k5 + d5)); + h2 += MUL64((k5 + d1), (k9 + d5)); + + h1 += MUL64((k2 + d2), (k6 + d6)); + h2 += MUL64((k6 + d2), (k10 + d6)); + + h1 += MUL64((k3 + d3), (k7 + d7)); + h2 += MUL64((k7 + d3), (k11 + d7)); + + k0 = k8; k1 = k9; k2 = k10; k3 = k11; + + d += 8; + k += 8; + } while (--c); + ((UINT64 *)hp)[0] = h1; + ((UINT64 *)hp)[1] = h2; +} + +#elif (UMAC_OUTPUT_LEN == 12) + +static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) +/* Same as previous nh_aux, but two streams are handled in one pass, + * reading and writing 24 bytes of hash-state per call. +*/ +{ + UINT64 h1,h2,h3; + UWORD c = dlen / 32; + UINT32 *k = (UINT32 *)kp; + const UINT32 *d = (const UINT32 *)dp; + UINT32 d0,d1,d2,d3,d4,d5,d6,d7; + UINT32 k0,k1,k2,k3,k4,k5,k6,k7, + k8,k9,k10,k11,k12,k13,k14,k15; + + h1 = *((UINT64 *)hp); + h2 = *((UINT64 *)hp + 1); + h3 = *((UINT64 *)hp + 2); + k0 = *(k+0); k1 = *(k+1); k2 = *(k+2); k3 = *(k+3); + k4 = *(k+4); k5 = *(k+5); k6 = *(k+6); k7 = *(k+7); + do { + d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); + d2 = LOAD_UINT32_LITTLE(d+2); d3 = LOAD_UINT32_LITTLE(d+3); + d4 = LOAD_UINT32_LITTLE(d+4); d5 = LOAD_UINT32_LITTLE(d+5); + d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); + k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); + k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); + + h1 += MUL64((k0 + d0), (k4 + d4)); + h2 += MUL64((k4 + d0), (k8 + d4)); + h3 += MUL64((k8 + d0), (k12 + d4)); + + h1 += MUL64((k1 + d1), (k5 + d5)); + h2 += MUL64((k5 + d1), (k9 + d5)); + h3 += MUL64((k9 + d1), (k13 + d5)); + + h1 += MUL64((k2 + d2), (k6 + d6)); + h2 += MUL64((k6 + d2), (k10 + d6)); + h3 += MUL64((k10 + d2), (k14 + d6)); + + h1 += MUL64((k3 + d3), (k7 + d7)); + h2 += MUL64((k7 + d3), (k11 + d7)); + h3 += MUL64((k11 + d3), (k15 + d7)); + + k0 = k8; k1 = k9; k2 = k10; k3 = k11; + k4 = k12; k5 = k13; k6 = k14; k7 = k15; + + d += 8; + k += 8; + } while (--c); + ((UINT64 *)hp)[0] = h1; + ((UINT64 *)hp)[1] = h2; + ((UINT64 *)hp)[2] = h3; +} + +#elif (UMAC_OUTPUT_LEN == 16) + +static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) +/* Same as previous nh_aux, but two streams are handled in one pass, + * reading and writing 24 bytes of hash-state per call. +*/ +{ + UINT64 h1,h2,h3,h4; + UWORD c = dlen / 32; + UINT32 *k = (UINT32 *)kp; + const UINT32 *d = (const UINT32 *)dp; + UINT32 d0,d1,d2,d3,d4,d5,d6,d7; + UINT32 k0,k1,k2,k3,k4,k5,k6,k7, + k8,k9,k10,k11,k12,k13,k14,k15, + k16,k17,k18,k19; + + h1 = *((UINT64 *)hp); + h2 = *((UINT64 *)hp + 1); + h3 = *((UINT64 *)hp + 2); + h4 = *((UINT64 *)hp + 3); + k0 = *(k+0); k1 = *(k+1); k2 = *(k+2); k3 = *(k+3); + k4 = *(k+4); k5 = *(k+5); k6 = *(k+6); k7 = *(k+7); + do { + d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); + d2 = LOAD_UINT32_LITTLE(d+2); d3 = LOAD_UINT32_LITTLE(d+3); + d4 = LOAD_UINT32_LITTLE(d+4); d5 = LOAD_UINT32_LITTLE(d+5); + d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); + k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); + k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); + k16 = *(k+16); k17 = *(k+17); k18 = *(k+18); k19 = *(k+19); + + h1 += MUL64((k0 + d0), (k4 + d4)); + h2 += MUL64((k4 + d0), (k8 + d4)); + h3 += MUL64((k8 + d0), (k12 + d4)); + h4 += MUL64((k12 + d0), (k16 + d4)); + + h1 += MUL64((k1 + d1), (k5 + d5)); + h2 += MUL64((k5 + d1), (k9 + d5)); + h3 += MUL64((k9 + d1), (k13 + d5)); + h4 += MUL64((k13 + d1), (k17 + d5)); + + h1 += MUL64((k2 + d2), (k6 + d6)); + h2 += MUL64((k6 + d2), (k10 + d6)); + h3 += MUL64((k10 + d2), (k14 + d6)); + h4 += MUL64((k14 + d2), (k18 + d6)); + + h1 += MUL64((k3 + d3), (k7 + d7)); + h2 += MUL64((k7 + d3), (k11 + d7)); + h3 += MUL64((k11 + d3), (k15 + d7)); + h4 += MUL64((k15 + d3), (k19 + d7)); + + k0 = k8; k1 = k9; k2 = k10; k3 = k11; + k4 = k12; k5 = k13; k6 = k14; k7 = k15; + k8 = k16; k9 = k17; k10 = k18; k11 = k19; + + d += 8; + k += 8; + } while (--c); + ((UINT64 *)hp)[0] = h1; + ((UINT64 *)hp)[1] = h2; + ((UINT64 *)hp)[2] = h3; + ((UINT64 *)hp)[3] = h4; +} + +/* ---------------------------------------------------------------------- */ +#endif /* UMAC_OUTPUT_LENGTH */ +/* ---------------------------------------------------------------------- */ + + +/* ---------------------------------------------------------------------- */ + +static void nh_transform(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) +/* This function is a wrapper for the primitive NH hash functions. It takes + * as argument "hc" the current hash context and a buffer which must be a + * multiple of L1_PAD_BOUNDARY. The key passed to nh_aux is offset + * appropriately according to how much message has been hashed already. + */ +{ + UINT8 *key; + + key = hc->nh_key + hc->bytes_hashed; + nh_aux(key, buf, hc->state, nbytes); +} + +/* ---------------------------------------------------------------------- */ + +#if (__LITTLE_ENDIAN__) +static void endian_convert(void *buf, UWORD bpw, UINT32 num_bytes) +/* We endian convert the keys on little-endian computers to */ +/* compensate for the lack of big-endian memory reads during hashing. */ +{ + UWORD iters = num_bytes / bpw; + if (bpw == 4) { + UINT32 *p = (UINT32 *)buf; + do { + *p = LOAD_UINT32_REVERSED(p); + p++; + } while (--iters); + } else if (bpw == 8) { + UINT32 *p = (UINT32 *)buf; + UINT32 t; + do { + t = LOAD_UINT32_REVERSED(p+1); + p[1] = LOAD_UINT32_REVERSED(p); + p[0] = t; + p += 2; + } while (--iters); + } +} +#define endian_convert_if_le(x,y,z) endian_convert((x),(y),(z)) +#else +#define endian_convert_if_le(x,y,z) do{}while(0) /* Do nothing */ +#endif + +/* ---------------------------------------------------------------------- */ + +static void nh_reset(nh_ctx *hc) +/* Reset nh_ctx to ready for hashing of new data */ +{ + hc->bytes_hashed = 0; + hc->next_data_empty = 0; + hc->state[0] = 0; +#if (UMAC_OUTPUT_LEN >= 8) + hc->state[1] = 0; +#endif +#if (UMAC_OUTPUT_LEN >= 12) + hc->state[2] = 0; +#endif +#if (UMAC_OUTPUT_LEN == 16) + hc->state[3] = 0; +#endif + +} + +/* ---------------------------------------------------------------------- */ + +static void nh_init(nh_ctx *hc, aes_int_key prf_key) +/* Generate nh_key, endian convert and reset to be ready for hashing. */ +{ + kdf(hc->nh_key, prf_key, 1, sizeof(hc->nh_key)); + endian_convert_if_le(hc->nh_key, 4, sizeof(hc->nh_key)); + nh_reset(hc); +} + +/* ---------------------------------------------------------------------- */ + +static void nh_update(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) +/* Incorporate nbytes of data into a nh_ctx, buffer whatever is not an */ +/* even multiple of HASH_BUF_BYTES. */ +{ + UINT32 i,j; + + j = hc->next_data_empty; + if ((j + nbytes) >= HASH_BUF_BYTES) { + if (j) { + i = HASH_BUF_BYTES - j; + memcpy(hc->data+j, buf, i); + nh_transform(hc,hc->data,HASH_BUF_BYTES); + nbytes -= i; + buf += i; + hc->bytes_hashed += HASH_BUF_BYTES; + } + if (nbytes >= HASH_BUF_BYTES) { + i = nbytes & ~(HASH_BUF_BYTES - 1); + nh_transform(hc, buf, i); + nbytes -= i; + buf += i; + hc->bytes_hashed += i; + } + j = 0; + } + memcpy(hc->data + j, buf, nbytes); + hc->next_data_empty = j + nbytes; +} + +/* ---------------------------------------------------------------------- */ + +static void zero_pad(UINT8 *p, int nbytes) +{ +/* Write "nbytes" of zeroes, beginning at "p" */ + if (nbytes >= (int)sizeof(UWORD)) { + while ((ptrdiff_t)p % sizeof(UWORD)) { + *p = 0; + nbytes--; + p++; + } + while (nbytes >= (int)sizeof(UWORD)) { + *(UWORD *)p = 0; + nbytes -= sizeof(UWORD); + p += sizeof(UWORD); + } + } + while (nbytes) { + *p = 0; + nbytes--; + p++; + } +} + +/* ---------------------------------------------------------------------- */ + +static void nh_final(nh_ctx *hc, UINT8 *result) +/* After passing some number of data buffers to nh_update() for integration + * into an NH context, nh_final is called to produce a hash result. If any + * bytes are in the buffer hc->data, incorporate them into the + * NH context. Finally, add into the NH accumulation "state" the total number + * of bits hashed. The resulting numbers are written to the buffer "result". + * If nh_update was never called, L1_PAD_BOUNDARY zeroes are incorporated. + */ +{ + int nh_len, nbits; + + if (hc->next_data_empty != 0) { + nh_len = ((hc->next_data_empty + (L1_PAD_BOUNDARY - 1)) & + ~(L1_PAD_BOUNDARY - 1)); + zero_pad(hc->data + hc->next_data_empty, + nh_len - hc->next_data_empty); + nh_transform(hc, hc->data, nh_len); + hc->bytes_hashed += hc->next_data_empty; + } else if (hc->bytes_hashed == 0) { + nh_len = L1_PAD_BOUNDARY; + zero_pad(hc->data, L1_PAD_BOUNDARY); + nh_transform(hc, hc->data, nh_len); + } + + nbits = (hc->bytes_hashed << 3); + ((UINT64 *)result)[0] = ((UINT64 *)hc->state)[0] + nbits; +#if (UMAC_OUTPUT_LEN >= 8) + ((UINT64 *)result)[1] = ((UINT64 *)hc->state)[1] + nbits; +#endif +#if (UMAC_OUTPUT_LEN >= 12) + ((UINT64 *)result)[2] = ((UINT64 *)hc->state)[2] + nbits; +#endif +#if (UMAC_OUTPUT_LEN == 16) + ((UINT64 *)result)[3] = ((UINT64 *)hc->state)[3] + nbits; +#endif + nh_reset(hc); +} + +/* ---------------------------------------------------------------------- */ + +static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len, + UINT32 unpadded_len, UINT8 *result) +/* All-in-one nh_update() and nh_final() equivalent. + * Assumes that padded_len is divisible by L1_PAD_BOUNDARY and result is + * well aligned + */ +{ + UINT32 nbits; + + /* Initialize the hash state */ + nbits = (unpadded_len << 3); + + ((UINT64 *)result)[0] = nbits; +#if (UMAC_OUTPUT_LEN >= 8) + ((UINT64 *)result)[1] = nbits; +#endif +#if (UMAC_OUTPUT_LEN >= 12) + ((UINT64 *)result)[2] = nbits; +#endif +#if (UMAC_OUTPUT_LEN == 16) + ((UINT64 *)result)[3] = nbits; +#endif + + nh_aux(hc->nh_key, buf, result, padded_len); +} + +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ----- Begin UHASH Section -------------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ + +/* UHASH is a multi-layered algorithm. Data presented to UHASH is first + * hashed by NH. The NH output is then hashed by a polynomial-hash layer + * unless the initial data to be hashed is short. After the polynomial- + * layer, an inner-product hash is used to produce the final UHASH output. + * + * UHASH provides two interfaces, one all-at-once and another where data + * buffers are presented sequentially. In the sequential interface, the + * UHASH client calls the routine uhash_update() as many times as necessary. + * When there is no more data to be fed to UHASH, the client calls + * uhash_final() which + * calculates the UHASH output. Before beginning another UHASH calculation + * the uhash_reset() routine must be called. The all-at-once UHASH routine, + * uhash(), is equivalent to the sequence of calls uhash_update() and + * uhash_final(); however it is optimized and should be + * used whenever the sequential interface is not necessary. + * + * The routine uhash_init() initializes the uhash_ctx data structure and + * must be called once, before any other UHASH routine. + */ + +/* ---------------------------------------------------------------------- */ +/* ----- Constants and uhash_ctx ---------------------------------------- */ +/* ---------------------------------------------------------------------- */ + +/* ---------------------------------------------------------------------- */ +/* ----- Poly hash and Inner-Product hash Constants --------------------- */ +/* ---------------------------------------------------------------------- */ + +/* Primes and masks */ +#define p36 ((UINT64)0x0000000FFFFFFFFBull) /* 2^36 - 5 */ +#define p64 ((UINT64)0xFFFFFFFFFFFFFFC5ull) /* 2^64 - 59 */ +#define m36 ((UINT64)0x0000000FFFFFFFFFull) /* The low 36 of 64 bits */ + + +/* ---------------------------------------------------------------------- */ + +typedef struct uhash_ctx { + nh_ctx hash; /* Hash context for L1 NH hash */ + UINT64 poly_key_8[STREAMS]; /* p64 poly keys */ + UINT64 poly_accum[STREAMS]; /* poly hash result */ + UINT64 ip_keys[STREAMS*4]; /* Inner-product keys */ + UINT32 ip_trans[STREAMS]; /* Inner-product translation */ + UINT32 msg_len; /* Total length of data passed */ + /* to uhash */ +} uhash_ctx; +typedef struct uhash_ctx *uhash_ctx_t; + +/* ---------------------------------------------------------------------- */ + + +/* The polynomial hashes use Horner's rule to evaluate a polynomial one + * word at a time. As described in the specification, poly32 and poly64 + * require keys from special domains. The following implementations exploit + * the special domains to avoid overflow. The results are not guaranteed to + * be within Z_p32 and Z_p64, but the Inner-Product hash implementation + * patches any errant values. + */ + +static UINT64 poly64(UINT64 cur, UINT64 key, UINT64 data) +{ + UINT32 key_hi = (UINT32)(key >> 32), + key_lo = (UINT32)key, + cur_hi = (UINT32)(cur >> 32), + cur_lo = (UINT32)cur, + x_lo, + x_hi; + UINT64 X,T,res; + + X = MUL64(key_hi, cur_lo) + MUL64(cur_hi, key_lo); + x_lo = (UINT32)X; + x_hi = (UINT32)(X >> 32); + + res = (MUL64(key_hi, cur_hi) + x_hi) * 59 + MUL64(key_lo, cur_lo); + + T = ((UINT64)x_lo << 32); + res += T; + if (res < T) + res += 59; + + res += data; + if (res < data) + res += 59; + + return res; +} + + +/* Although UMAC is specified to use a ramped polynomial hash scheme, this + * implementation does not handle all ramp levels. Because we don't handle + * the ramp up to p128 modulus in this implementation, we are limited to + * 2^14 poly_hash() invocations per stream (for a total capacity of 2^24 + * bytes input to UMAC per tag, ie. 16MB). + */ +static void poly_hash(uhash_ctx_t hc, UINT32 data_in[]) +{ + int i; + UINT64 *data=(UINT64*)data_in; + + for (i = 0; i < STREAMS; i++) { + if ((UINT32)(data[i] >> 32) == 0xfffffffful) { + hc->poly_accum[i] = poly64(hc->poly_accum[i], + hc->poly_key_8[i], p64 - 1); + hc->poly_accum[i] = poly64(hc->poly_accum[i], + hc->poly_key_8[i], (data[i] - 59)); + } else { + hc->poly_accum[i] = poly64(hc->poly_accum[i], + hc->poly_key_8[i], data[i]); + } + } +} + + +/* ---------------------------------------------------------------------- */ + + +/* The final step in UHASH is an inner-product hash. The poly hash + * produces a result not neccesarily WORD_LEN bytes long. The inner- + * product hash breaks the polyhash output into 16-bit chunks and + * multiplies each with a 36 bit key. + */ + +static UINT64 ip_aux(UINT64 t, UINT64 *ipkp, UINT64 data) +{ + t = t + ipkp[0] * (UINT64)(UINT16)(data >> 48); + t = t + ipkp[1] * (UINT64)(UINT16)(data >> 32); + t = t + ipkp[2] * (UINT64)(UINT16)(data >> 16); + t = t + ipkp[3] * (UINT64)(UINT16)(data); + + return t; +} + +static UINT32 ip_reduce_p36(UINT64 t) +{ +/* Divisionless modular reduction */ + UINT64 ret; + + ret = (t & m36) + 5 * (t >> 36); + if (ret >= p36) + ret -= p36; + + /* return least significant 32 bits */ + return (UINT32)(ret); +} + + +/* If the data being hashed by UHASH is no longer than L1_KEY_LEN, then + * the polyhash stage is skipped and ip_short is applied directly to the + * NH output. + */ +static void ip_short(uhash_ctx_t ahc, UINT8 *nh_res, u_char *res) +{ + UINT64 t; + UINT64 *nhp = (UINT64 *)nh_res; + + t = ip_aux(0,ahc->ip_keys, nhp[0]); + STORE_UINT32_BIG((UINT32 *)res+0, ip_reduce_p36(t) ^ ahc->ip_trans[0]); +#if (UMAC_OUTPUT_LEN >= 8) + t = ip_aux(0,ahc->ip_keys+4, nhp[1]); + STORE_UINT32_BIG((UINT32 *)res+1, ip_reduce_p36(t) ^ ahc->ip_trans[1]); +#endif +#if (UMAC_OUTPUT_LEN >= 12) + t = ip_aux(0,ahc->ip_keys+8, nhp[2]); + STORE_UINT32_BIG((UINT32 *)res+2, ip_reduce_p36(t) ^ ahc->ip_trans[2]); +#endif +#if (UMAC_OUTPUT_LEN == 16) + t = ip_aux(0,ahc->ip_keys+12, nhp[3]); + STORE_UINT32_BIG((UINT32 *)res+3, ip_reduce_p36(t) ^ ahc->ip_trans[3]); +#endif +} + +/* If the data being hashed by UHASH is longer than L1_KEY_LEN, then + * the polyhash stage is not skipped and ip_long is applied to the + * polyhash output. + */ +static void ip_long(uhash_ctx_t ahc, u_char *res) +{ + int i; + UINT64 t; + + for (i = 0; i < STREAMS; i++) { + /* fix polyhash output not in Z_p64 */ + if (ahc->poly_accum[i] >= p64) + ahc->poly_accum[i] -= p64; + t = ip_aux(0,ahc->ip_keys+(i*4), ahc->poly_accum[i]); + STORE_UINT32_BIG((UINT32 *)res+i, + ip_reduce_p36(t) ^ ahc->ip_trans[i]); + } +} + + +/* ---------------------------------------------------------------------- */ + +/* ---------------------------------------------------------------------- */ + +/* Reset uhash context for next hash session */ +static int uhash_reset(uhash_ctx_t pc) +{ + nh_reset(&pc->hash); + pc->msg_len = 0; + pc->poly_accum[0] = 1; +#if (UMAC_OUTPUT_LEN >= 8) + pc->poly_accum[1] = 1; +#endif +#if (UMAC_OUTPUT_LEN >= 12) + pc->poly_accum[2] = 1; +#endif +#if (UMAC_OUTPUT_LEN == 16) + pc->poly_accum[3] = 1; +#endif + return 1; +} + +/* ---------------------------------------------------------------------- */ + +/* Given a pointer to the internal key needed by kdf() and a uhash context, + * initialize the NH context and generate keys needed for poly and inner- + * product hashing. All keys are endian adjusted in memory so that native + * loads cause correct keys to be in registers during calculation. + */ +static void uhash_init(uhash_ctx_t ahc, aes_int_key prf_key) +{ + int i; + UINT8 buf[(8*STREAMS+4)*sizeof(UINT64)]; + + /* Zero the entire uhash context */ + memset(ahc, 0, sizeof(uhash_ctx)); + + /* Initialize the L1 hash */ + nh_init(&ahc->hash, prf_key); + + /* Setup L2 hash variables */ + kdf(buf, prf_key, 2, sizeof(buf)); /* Fill buffer with index 1 key */ + for (i = 0; i < STREAMS; i++) { + /* Fill keys from the buffer, skipping bytes in the buffer not + * used by this implementation. Endian reverse the keys if on a + * little-endian computer. + */ + memcpy(ahc->poly_key_8+i, buf+24*i, 8); + endian_convert_if_le(ahc->poly_key_8+i, 8, 8); + /* Mask the 64-bit keys to their special domain */ + ahc->poly_key_8[i] &= ((UINT64)0x01ffffffu << 32) + 0x01ffffffu; + ahc->poly_accum[i] = 1; /* Our polyhash prepends a non-zero word */ + } + + /* Setup L3-1 hash variables */ + kdf(buf, prf_key, 3, sizeof(buf)); /* Fill buffer with index 2 key */ + for (i = 0; i < STREAMS; i++) + memcpy(ahc->ip_keys+4*i, buf+(8*i+4)*sizeof(UINT64), + 4*sizeof(UINT64)); + endian_convert_if_le(ahc->ip_keys, sizeof(UINT64), + sizeof(ahc->ip_keys)); + for (i = 0; i < STREAMS*4; i++) + ahc->ip_keys[i] %= p36; /* Bring into Z_p36 */ + + /* Setup L3-2 hash variables */ + /* Fill buffer with index 4 key */ + kdf(ahc->ip_trans, prf_key, 4, STREAMS * sizeof(UINT32)); + endian_convert_if_le(ahc->ip_trans, sizeof(UINT32), + STREAMS * sizeof(UINT32)); +} + +/* ---------------------------------------------------------------------- */ + +#if 0 +static uhash_ctx_t uhash_alloc(u_char key[]) +{ +/* Allocate memory and force to a 16-byte boundary. */ + uhash_ctx_t ctx; + u_char bytes_to_add; + aes_int_key prf_key; + + ctx = (uhash_ctx_t)malloc(sizeof(uhash_ctx)+ALLOC_BOUNDARY); + if (ctx) { + if (ALLOC_BOUNDARY) { + bytes_to_add = ALLOC_BOUNDARY - + ((ptrdiff_t)ctx & (ALLOC_BOUNDARY -1)); + ctx = (uhash_ctx_t)((u_char *)ctx + bytes_to_add); + *((u_char *)ctx - 1) = bytes_to_add; + } + aes_key_setup(key,prf_key); + uhash_init(ctx, prf_key); + } + return (ctx); +} +#endif + +/* ---------------------------------------------------------------------- */ + +#if 0 +static int uhash_free(uhash_ctx_t ctx) +{ +/* Free memory allocated by uhash_alloc */ + u_char bytes_to_sub; + + if (ctx) { + if (ALLOC_BOUNDARY) { + bytes_to_sub = *((u_char *)ctx - 1); + ctx = (uhash_ctx_t)((u_char *)ctx - bytes_to_sub); + } + free(ctx); + } + return (1); +} +#endif +/* ---------------------------------------------------------------------- */ + +static int uhash_update(uhash_ctx_t ctx, const u_char *input, long len) +/* Given len bytes of data, we parse it into L1_KEY_LEN chunks and + * hash each one with NH, calling the polyhash on each NH output. + */ +{ + UWORD bytes_hashed, bytes_remaining; + UINT64 result_buf[STREAMS]; + UINT8 *nh_result = (UINT8 *)&result_buf; + + if (ctx->msg_len + len <= L1_KEY_LEN) { + nh_update(&ctx->hash, (const UINT8 *)input, len); + ctx->msg_len += len; + } else { + + bytes_hashed = ctx->msg_len % L1_KEY_LEN; + if (ctx->msg_len == L1_KEY_LEN) + bytes_hashed = L1_KEY_LEN; + + if (bytes_hashed + len >= L1_KEY_LEN) { + + /* If some bytes have been passed to the hash function */ + /* then we want to pass at most (L1_KEY_LEN - bytes_hashed) */ + /* bytes to complete the current nh_block. */ + if (bytes_hashed) { + bytes_remaining = (L1_KEY_LEN - bytes_hashed); + nh_update(&ctx->hash, (const UINT8 *)input, bytes_remaining); + nh_final(&ctx->hash, nh_result); + ctx->msg_len += bytes_remaining; + poly_hash(ctx,(UINT32 *)nh_result); + len -= bytes_remaining; + input += bytes_remaining; + } + + /* Hash directly from input stream if enough bytes */ + while (len >= L1_KEY_LEN) { + nh(&ctx->hash, (const UINT8 *)input, L1_KEY_LEN, + L1_KEY_LEN, nh_result); + ctx->msg_len += L1_KEY_LEN; + len -= L1_KEY_LEN; + input += L1_KEY_LEN; + poly_hash(ctx,(UINT32 *)nh_result); + } + } + + /* pass remaining < L1_KEY_LEN bytes of input data to NH */ + if (len) { + nh_update(&ctx->hash, (const UINT8 *)input, len); + ctx->msg_len += len; + } + } + + return (1); +} + +/* ---------------------------------------------------------------------- */ + +static int uhash_final(uhash_ctx_t ctx, u_char *res) +/* Incorporate any pending data, pad, and generate tag */ +{ + UINT64 result_buf[STREAMS]; + UINT8 *nh_result = (UINT8 *)&result_buf; + + if (ctx->msg_len > L1_KEY_LEN) { + if (ctx->msg_len % L1_KEY_LEN) { + nh_final(&ctx->hash, nh_result); + poly_hash(ctx,(UINT32 *)nh_result); + } + ip_long(ctx, res); + } else { + nh_final(&ctx->hash, nh_result); + ip_short(ctx,nh_result, res); + } + uhash_reset(ctx); + return (1); +} + +/* ---------------------------------------------------------------------- */ + +#if 0 +static int uhash(uhash_ctx_t ahc, u_char *msg, long len, u_char *res) +/* assumes that msg is in a writable buffer of length divisible by */ +/* L1_PAD_BOUNDARY. Bytes beyond msg[len] may be zeroed. */ +{ + UINT8 nh_result[STREAMS*sizeof(UINT64)]; + UINT32 nh_len; + int extra_zeroes_needed; + + /* If the message to be hashed is no longer than L1_HASH_LEN, we skip + * the polyhash. + */ + if (len <= L1_KEY_LEN) { + if (len == 0) /* If zero length messages will not */ + nh_len = L1_PAD_BOUNDARY; /* be seen, comment out this case */ + else + nh_len = ((len + (L1_PAD_BOUNDARY - 1)) & ~(L1_PAD_BOUNDARY - 1)); + extra_zeroes_needed = nh_len - len; + zero_pad((UINT8 *)msg + len, extra_zeroes_needed); + nh(&ahc->hash, (UINT8 *)msg, nh_len, len, nh_result); + ip_short(ahc,nh_result, res); + } else { + /* Otherwise, we hash each L1_KEY_LEN chunk with NH, passing the NH + * output to poly_hash(). + */ + do { + nh(&ahc->hash, (UINT8 *)msg, L1_KEY_LEN, L1_KEY_LEN, nh_result); + poly_hash(ahc,(UINT32 *)nh_result); + len -= L1_KEY_LEN; + msg += L1_KEY_LEN; + } while (len >= L1_KEY_LEN); + if (len) { + nh_len = ((len + (L1_PAD_BOUNDARY - 1)) & ~(L1_PAD_BOUNDARY - 1)); + extra_zeroes_needed = nh_len - len; + zero_pad((UINT8 *)msg + len, extra_zeroes_needed); + nh(&ahc->hash, (UINT8 *)msg, nh_len, len, nh_result); + poly_hash(ahc,(UINT32 *)nh_result); + } + + ip_long(ahc, res); + } + + uhash_reset(ahc); + return 1; +} +#endif + +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ----- Begin UMAC Section --------------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ + +/* The UMAC interface has two interfaces, an all-at-once interface where + * the entire message to be authenticated is passed to UMAC in one buffer, + * and a sequential interface where the message is presented a little at a + * time. The all-at-once is more optimaized than the sequential version and + * should be preferred when the sequential interface is not required. + */ +struct umac_ctx { + uhash_ctx hash; /* Hash function for message compression */ + pdf_ctx pdf; /* PDF for hashed output */ + void *free_ptr; /* Address to free this struct via */ +}; + +/* ---------------------------------------------------------------------- */ + +#if 0 +int umac_reset(struct umac_ctx *ctx) +/* Reset the hash function to begin a new authentication. */ +{ + uhash_reset(&ctx->hash); + return (1); +} +#endif + +/* ---------------------------------------------------------------------- */ + +int umac_delete(struct umac_ctx *ctx) +/* Deallocate the ctx structure */ +{ + if (ctx) { + if (ALLOC_BOUNDARY) + ctx = (struct umac_ctx *)ctx->free_ptr; + free(ctx); + } + return (1); +} + +/* ---------------------------------------------------------------------- */ + +struct umac_ctx *umac_new(const u_char key[]) +/* Dynamically allocate a umac_ctx struct, initialize variables, + * generate subkeys from key. Align to 16-byte boundary. + */ +{ + struct umac_ctx *ctx, *octx; + size_t bytes_to_add; + aes_int_key prf_key; + + octx = ctx = xcalloc(1, sizeof(*ctx) + ALLOC_BOUNDARY); + if (ctx) { + if (ALLOC_BOUNDARY) { + bytes_to_add = ALLOC_BOUNDARY - + ((ptrdiff_t)ctx & (ALLOC_BOUNDARY - 1)); + ctx = (struct umac_ctx *)((u_char *)ctx + bytes_to_add); + } + ctx->free_ptr = octx; + aes_key_setup(key, prf_key); + pdf_init(&ctx->pdf, prf_key); + uhash_init(&ctx->hash, prf_key); + } + + return (ctx); +} + +/* ---------------------------------------------------------------------- */ + +int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]) +/* Incorporate any pending data, pad, and generate tag */ +{ + uhash_final(&ctx->hash, (u_char *)tag); + pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag); + + return (1); +} + +/* ---------------------------------------------------------------------- */ + +int umac_update(struct umac_ctx *ctx, const u_char *input, long len) +/* Given len bytes of data, we parse it into L1_KEY_LEN chunks and */ +/* hash each one, calling the PDF on the hashed output whenever the hash- */ +/* output buffer is full. */ +{ + uhash_update(&ctx->hash, input, len); + return (1); +} + +/* ---------------------------------------------------------------------- */ + +#if 0 +int umac(struct umac_ctx *ctx, u_char *input, + long len, u_char tag[], + u_char nonce[8]) +/* All-in-one version simply calls umac_update() and umac_final(). */ +{ + uhash(&ctx->hash, input, len, (u_char *)tag); + pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag); + + return (1); +} +#endif + +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ----- End UMAC Section ----------------------------------------------- */ +/* ---------------------------------------------------------------------- */ +/* ---------------------------------------------------------------------- */ diff --git a/include/DomainExec/opensshlib/umac.h b/include/DomainExec/opensshlib/umac.h new file mode 100644 index 00000000..7fb770f8 --- /dev/null +++ b/include/DomainExec/opensshlib/umac.h @@ -0,0 +1,129 @@ +/* $OpenBSD: umac.h,v 1.3 2013/07/22 12:20:02 djm Exp $ */ +/* ----------------------------------------------------------------------- + * + * umac.h -- C Implementation UMAC Message Authentication + * + * Version 0.93a of rfc4418.txt -- 2006 July 14 + * + * For a full description of UMAC message authentication see the UMAC + * world-wide-web page at http://www.cs.ucdavis.edu/~rogaway/umac + * Please report bugs and suggestions to the UMAC webpage. + * + * Copyright (c) 1999-2004 Ted Krovetz + * + * Permission to use, copy, modify, and distribute this software and + * its documentation for any purpose and with or without fee, is hereby + * granted provided that the above copyright notice appears in all copies + * and in supporting documentation, and that the name of the copyright + * holder not be used in advertising or publicity pertaining to + * distribution of the software without specific, written prior permission. + * + * Comments should be directed to Ted Krovetz (tdk@acm.org) + * + * ---------------------------------------------------------------------- */ + + /* ////////////////////// IMPORTANT NOTES ///////////////////////////////// + * + * 1) This version does not work properly on messages larger than 16MB + * + * 2) If you set the switch to use SSE2, then all data must be 16-byte + * aligned + * + * 3) When calling the function umac(), it is assumed that msg is in + * a writable buffer of length divisible by 32 bytes. The message itself + * does not have to fill the entire buffer, but bytes beyond msg may be + * zeroed. + * + * 4) Two free AES implementations are supported by this implementation of + * UMAC. Paulo Barreto's version is in the public domain and can be found + * at http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ (search for + * "Barreto"). The only two files needed are rijndael-alg-fst.c and + * rijndael-alg-fst.h. + * Brian Gladman's version is distributed with GNU Public lisence + * and can be found at http://fp.gladman.plus.com/AES/index.htm. It + * includes a fast IA-32 assembly version. + * + /////////////////////////////////////////////////////////////////////// */ +#ifndef HEADER_UMAC_H +#define HEADER_UMAC_H + + +#ifdef __cplusplus + extern "C" { +#endif + +struct umac_ctx *umac_new(const u_char key[]); +/* Dynamically allocate a umac_ctx struct, initialize variables, + * generate subkeys from key. + */ + +#if 0 +int umac_reset(struct umac_ctx *ctx); +/* Reset a umac_ctx to begin authenicating a new message */ +#endif + +int umac_update(struct umac_ctx *ctx, const u_char *input, long len); +/* Incorporate len bytes pointed to by input into context ctx */ + +int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]); +/* Incorporate any pending data and the ctr value, and return tag. + * This function returns error code if ctr < 0. + */ + +int umac_delete(struct umac_ctx *ctx); +/* Deallocate the context structure */ + +#if 0 +int umac(struct umac_ctx *ctx, u_char *input, + long len, u_char tag[], + u_char nonce[8]); +/* All-in-one implementation of the functions Reset, Update and Final */ +#endif + +/* uhash.h */ + + +#if 0 +typedef struct uhash_ctx *uhash_ctx_t; + /* The uhash_ctx structure is defined by the implementation of the */ + /* UHASH functions. */ + +uhash_ctx_t uhash_alloc(u_char key[16]); + /* Dynamically allocate a uhash_ctx struct and generate subkeys using */ + /* the kdf and kdf_key passed in. If kdf_key_len is 0 then RC6 is */ + /* used to generate key with a fixed key. If kdf_key_len > 0 but kdf */ + /* is NULL then the first 16 bytes pointed at by kdf_key is used as a */ + /* key for an RC6 based KDF. */ + +int uhash_free(uhash_ctx_t ctx); + +int uhash_set_params(uhash_ctx_t ctx, + void *params); + +int uhash_reset(uhash_ctx_t ctx); + +int uhash_update(uhash_ctx_t ctx, + u_char *input, + long len); + +int uhash_final(uhash_ctx_t ctx, + u_char ouput[]); + +int uhash(uhash_ctx_t ctx, + u_char *input, + long len, + u_char output[]); + +#endif + +/* matching umac-128 API, we reuse umac_ctx, since it's opaque */ +struct umac_ctx *umac128_new(const u_char key[]); +int umac128_update(struct umac_ctx *ctx, const u_char *input, long len); +int umac128_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]); +int umac128_delete(struct umac_ctx *ctx); + +#ifdef __cplusplus + } +#endif + +#endif /* HEADER_UMAC_H */ diff --git a/include/DomainExec/opensshlib/uuencode.c b/include/DomainExec/opensshlib/uuencode.c new file mode 100644 index 00000000..cc29e3f1 --- /dev/null +++ b/include/DomainExec/opensshlib/uuencode.c @@ -0,0 +1,97 @@ +/* $OpenBSD: uuencode.c,v 1.28 2015/04/24 01:36:24 deraadt Exp $ */ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include +#ifndef WIN32 +#include +#include +#endif +#include +#include + +#include "xmalloc.h" +#include "uuencode.h" + +/* + * Encode binary 'src' of length 'srclength', writing base64-encoded text + * to 'target' of size 'targsize'. Will always nul-terminate 'target'. + * Returns the number of bytes stored in 'target' or -1 on error (inc. + * 'targsize' too small). + */ +int +uuencode(const u_char *src, u_int srclength, + char *target, size_t targsize) +{ + return __b64_ntop(src, srclength, target, targsize); +} + +/* + * Decode base64-encoded 'src' into buffer 'target' of 'targsize' bytes. + * Will skip leading and trailing whitespace. Returns the number of bytes + * stored in 'target' or -1 on error (inc. targsize too small). + */ +int +uudecode(const char *src, u_char *target, size_t targsize) +{ + int len; + char *encoded, *p; + + /* copy the 'readonly' source */ + encoded = xstrdup(src); + /* skip whitespace and data */ + for (p = encoded; *p == ' ' || *p == '\t'; p++) + ; + for (; *p != '\0' && *p != ' ' && *p != '\t'; p++) + ; + /* and remove trailing whitespace because __b64_pton needs this */ + *p = '\0'; + len = __b64_pton(encoded, target, targsize); + free(encoded); + return len; +} + +void +dump_base64(FILE *fp, const u_char *data, u_int len) +{ + char *buf; + int i, n; + + if (len > 65536) { + fprintf(fp, "dump_base64: len > 65536\n"); + return; + } + buf = xreallocarray(NULL, 2, len); + n = uuencode(data, len, buf, 2*len); + for (i = 0; i < n; i++) { + fprintf(fp, "%c", buf[i]); + if (i % 70 == 69) + fprintf(fp, "\n"); + } + if (i % 70 != 69) + fprintf(fp, "\n"); + free(buf); +} diff --git a/include/DomainExec/opensshlib/uuencode.h b/include/DomainExec/opensshlib/uuencode.h new file mode 100644 index 00000000..4d988812 --- /dev/null +++ b/include/DomainExec/opensshlib/uuencode.h @@ -0,0 +1,29 @@ +/* $OpenBSD: uuencode.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */ + +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +int uuencode(const u_char *, u_int, char *, size_t); +int uudecode(const char *, u_char *, size_t); +void dump_base64(FILE *, const u_char *, u_int); diff --git a/include/DomainExec/opensshlib/verify.c b/include/DomainExec/opensshlib/verify.c new file mode 100644 index 00000000..1671a413 --- /dev/null +++ b/include/DomainExec/opensshlib/verify.c @@ -0,0 +1,49 @@ +/* $OpenBSD: verify.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ + +/* + * Public Domain, Author: Daniel J. Bernstein + * Copied from nacl-20110221/crypto_verify/32/ref/verify.c + */ + +#include "includes.h" + +#include "crypto_api.h" + +int crypto_verify_32(const unsigned char *x,const unsigned char *y) +{ + unsigned int differentbits = 0; +#define F(i) differentbits |= x[i] ^ y[i]; + F(0) + F(1) + F(2) + F(3) + F(4) + F(5) + F(6) + F(7) + F(8) + F(9) + F(10) + F(11) + F(12) + F(13) + F(14) + F(15) + F(16) + F(17) + F(18) + F(19) + F(20) + F(21) + F(22) + F(23) + F(24) + F(25) + F(26) + F(27) + F(28) + F(29) + F(30) + F(31) + return (1 & ((differentbits - 1) >> 8)) - 1; +} diff --git a/include/DomainExec/opensshlib/vis.c b/include/DomainExec/opensshlib/vis.c new file mode 100644 index 00000000..f6f5665c --- /dev/null +++ b/include/DomainExec/opensshlib/vis.c @@ -0,0 +1,225 @@ +/* $OpenBSD: vis.c,v 1.19 2005/09/01 17:15:49 millert Exp $ */ +/*- + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */ + +#include "includes.h" +#if !defined(HAVE_STRNVIS) || defined(BROKEN_STRNVIS) + +#include +#include + +#include "vis.h" + +#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') +#define isvisible(c) \ + (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \ + (((c) != '*' && (c) != '?' && (c) != '[' && (c) != '#') || \ + (flag & VIS_GLOB) == 0) && isgraph((u_char)(c))) || \ + ((flag & VIS_SP) == 0 && (c) == ' ') || \ + ((flag & VIS_TAB) == 0 && (c) == '\t') || \ + ((flag & VIS_NL) == 0 && (c) == '\n') || \ + ((flag & VIS_SAFE) && ((c) == '\b' || \ + (c) == '\007' || (c) == '\r' || \ + isgraph((u_char)(c))))) + +/* + * vis - visually encode characters + */ +char * +vis(char *dst, int c, int flag, int nextc) +{ + if (isvisible(c)) { + *dst++ = c; + if (c == '\\' && (flag & VIS_NOSLASH) == 0) + *dst++ = '\\'; + *dst = '\0'; + return (dst); + } + + if (flag & VIS_CSTYLE) { + switch(c) { + case '\n': + *dst++ = '\\'; + *dst++ = 'n'; + goto done; + case '\r': + *dst++ = '\\'; + *dst++ = 'r'; + goto done; + case '\b': + *dst++ = '\\'; + *dst++ = 'b'; + goto done; + case '\a': + *dst++ = '\\'; + *dst++ = 'a'; + goto done; + case '\v': + *dst++ = '\\'; + *dst++ = 'v'; + goto done; + case '\t': + *dst++ = '\\'; + *dst++ = 't'; + goto done; + case '\f': + *dst++ = '\\'; + *dst++ = 'f'; + goto done; + case ' ': + *dst++ = '\\'; + *dst++ = 's'; + goto done; + case '\0': + *dst++ = '\\'; + *dst++ = '0'; + if (isoctal(nextc)) { + *dst++ = '0'; + *dst++ = '0'; + } + goto done; + } + } + if (((c & 0177) == ' ') || (flag & VIS_OCTAL) || + ((flag & VIS_GLOB) && (c == '*' || c == '?' || c == '[' || c == '#'))) { + *dst++ = '\\'; + *dst++ = ((u_char)c >> 6 & 07) + '0'; + *dst++ = ((u_char)c >> 3 & 07) + '0'; + *dst++ = ((u_char)c & 07) + '0'; + goto done; + } + if ((flag & VIS_NOSLASH) == 0) + *dst++ = '\\'; + if (c & 0200) { + c &= 0177; + *dst++ = 'M'; + } + if (iscntrl((u_char)c)) { + *dst++ = '^'; + if (c == 0177) + *dst++ = '?'; + else + *dst++ = c + '@'; + } else { + *dst++ = '-'; + *dst++ = c; + } +done: + *dst = '\0'; + return (dst); +} + +/* + * strvis, strnvis, strvisx - visually encode characters from src into dst + * + * Dst must be 4 times the size of src to account for possible + * expansion. The length of dst, not including the trailing NULL, + * is returned. + * + * Strnvis will write no more than siz-1 bytes (and will NULL terminate). + * The number of bytes needed to fully encode the string is returned. + * + * Strvisx encodes exactly len bytes from src into dst. + * This is useful for encoding a block of data. + */ +int +strvis(char *dst, const char *src, int flag) +{ + char c; + char *start; + + for (start = dst; (c = *src);) + dst = vis(dst, c, flag, *++src); + *dst = '\0'; + return (dst - start); +} + +int +strnvis(char *dst, const char *src, size_t siz, int flag) +{ + char *start, *end; + char tbuf[5]; + int c, i; + + i = 0; + for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) { + if (isvisible(c)) { + i = 1; + *dst++ = c; + if (c == '\\' && (flag & VIS_NOSLASH) == 0) { + /* need space for the extra '\\' */ + if (dst < end) + *dst++ = '\\'; + else { + dst--; + i = 2; + break; + } + } + src++; + } else { + i = vis(tbuf, c, flag, *++src) - tbuf; + if (dst + i <= end) { + memcpy(dst, tbuf, i); + dst += i; + } else { + src--; + break; + } + } + } + if (siz > 0) + *dst = '\0'; + if (dst + i > end) { + /* adjust return value for truncation */ + while ((c = *src)) + dst += vis(tbuf, c, flag, *++src) - tbuf; + } + return (dst - start); +} + +int +strvisx(char *dst, const char *src, size_t len, int flag) +{ + char c; + char *start; + + for (start = dst; len > 1; len--) { + c = *src; + dst = vis(dst, c, flag, *++src); + } + if (len) + dst = vis(dst, *src, flag, '\0'); + *dst = '\0'; + return (dst - start); +} + +#endif diff --git a/include/DomainExec/opensshlib/vis.h b/include/DomainExec/opensshlib/vis.h new file mode 100644 index 00000000..d1286c99 --- /dev/null +++ b/include/DomainExec/opensshlib/vis.h @@ -0,0 +1,95 @@ +/* $OpenBSD: vis.h,v 1.11 2005/08/09 19:38:31 millert Exp $ */ +/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */ + +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)vis.h 5.9 (Berkeley) 4/3/91 + */ + +/* OPENBSD ORIGINAL: include/vis.h */ + +#include "includes.h" +#if !defined(HAVE_STRNVIS) || defined(BROKEN_STRNVIS) + +#ifndef _VIS_H_ +#define _VIS_H_ + +#include +#include + +/* + * to select alternate encoding format + */ +#define VIS_OCTAL 0x01 /* use octal \ddd format */ +#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropriate */ + +/* + * to alter set of characters encoded (default is to encode all + * non-graphic except space, tab, and newline). + */ +#define VIS_SP 0x04 /* also encode space */ +#define VIS_TAB 0x08 /* also encode tab */ +#define VIS_NL 0x10 /* also encode newline */ +#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL) +#define VIS_SAFE 0x20 /* only encode "unsafe" characters */ + +/* + * other + */ +#define VIS_NOSLASH 0x40 /* inhibit printing '\' */ +#define VIS_GLOB 0x100 /* encode glob(3) magics and '#' */ + +/* + * unvis return codes + */ +#define UNVIS_VALID 1 /* character valid */ +#define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */ +#define UNVIS_NOCHAR 3 /* valid sequence, no character produced */ +#define UNVIS_SYNBAD -1 /* unrecognized escape sequence */ +#define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */ + +/* + * unvis flags + */ +#define UNVIS_END 1 /* no more characters */ + +char *vis(char *, int, int, int); +int strvis(char *, const char *, int); +int strnvis(char *, const char *, size_t, int) + __attribute__ ((__bounded__(__string__,1,3))); +int strvisx(char *, const char *, size_t, int) + __attribute__ ((__bounded__(__string__,1,3))); +int strunvis(char *, const char *); +int unvis(char *, char, int *, int); +ssize_t strnunvis(char *, const char *, size_t) + __attribute__ ((__bounded__(__string__,1,3))); + +#endif /* !_VIS_H_ */ + +#endif /* !HAVE_STRNVIS || BROKEN_STRNVIS */ diff --git a/include/DomainExec/opensshlib/winfixssh.h b/include/DomainExec/opensshlib/winfixssh.h new file mode 100644 index 00000000..dd0d8ba9 --- /dev/null +++ b/include/DomainExec/opensshlib/winfixssh.h @@ -0,0 +1,90 @@ +#ifndef WINFIXSSH_H +#define WINFIXSSH_H + +typedef unsigned char u_int8_t; +typedef __int16 int16_t; +typedef unsigned __int16 u_int16_t; +typedef __int32 int32_t; +typedef __int64 int64_t; +typedef unsigned __int32 u_int32_t; +typedef unsigned __int64 u_int64_t; +typedef unsigned int uid_t; +typedef int socklen_t; +typedef int sig_atomic_t; + +#ifdef _MSC_VER +//not #if defined(_WIN32) || defined(_WIN64) because we have strncasecmp in mingw +#define strncasecmp _strnicmp +#define strcasecmp _stricmp +#endif + +#define SIZEOF_CHAR 1 +#define SIZEOF_SHORT_INT 2 +#define SIZEOF_INT 4 + +#define WITH_OPENSSL 1 +#define WITH_SSH1 1 +#define OPENSSL_HAS_ECC 1 +#define HAVE_EVP_SHA256 1 + +#ifdef _MSC_VER +/* only comes with Visual Studio. */ +#define HAVE_WSPIAPI_H 1 +#else +#undef HAVE_WSPIAPI_H +#endif + +#define HAVE_USLEEP 1 + +#define HAVE_GETADDRINFO 1 +#define HAVE_GETNAMEINFO 1 + +#define HAVE_SNPRINTF 1 + +#if 0 +#define HAVE_VASPRINTF 1 +#define HAVE_VSNPRINTF 1 +#endif + +#define SNPRINTF_CONST const +#ifndef HAVE_VSNPRINTF + #define HAVE_VSNPRINTF +#endif + +#undef HAVE_ENDIAN_H +#undef HAVE_TTYENT_H +#undef HAVE_MAILLOCK_H +#undef HAVE_PATHS_H + + +#define HAVE_STRUCT_IP 1 +/* #define HAVE_STRUCT_ICMP 1 */ +#define HAVE_STRNCASECMP 1 +#define HAVE_IP_IP_SUM 1 +#define STDC_HEADERS 1 +#define HAVE_STRING_H 1 +#define HAVE_MEMORY_H 1 +#define HAVE_FCNTL_H 1 +#define HAVE_ERRNO_H 1 +#define HAVE_SYS_STAT_H 1 +#define HAVE_MEMCPY 1 +#define HAVE_STRERROR 1 +/* #define HAVE_SYS_SOCKIO_H 1 */ +/* #undef HAVE_TERMIOS_H */ +#define HAVE_ERRNO_H 1 +#define HAVE_GAI_STRERROR 1 +/* #define HAVE_STRCASESTR 1 */ +#define HAVE_NETINET_IN_SYSTEM_H 1 +#define HAVE_NETINET_IF_ETHER_H 1 +#define HAVE_SYS_STAT_H 1 +/* #define HAVE_INTTYPES_H */ + +/* Without these, Windows will give us all sorts of crap about using functions + like strcpy() even if they are done safely */ +#define _CRT_SECURE_NO_DEPRECATE 1 +#ifndef _CRT_SECURE_NO_WARNINGS +#define _CRT_SECURE_NO_WARNINGS 1 +#endif +#pragma warning(disable: 4996) + +#endif \ No newline at end of file diff --git a/include/DomainExec/opensshlib/xmalloc.c b/include/DomainExec/opensshlib/xmalloc.c new file mode 100644 index 00000000..b3b8de7f --- /dev/null +++ b/include/DomainExec/opensshlib/xmalloc.c @@ -0,0 +1,121 @@ +/* $OpenBSD: xmalloc.c,v 1.34 2017/05/31 09:15:42 deraadt Exp $ */ +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * Versions of malloc and friends that check their results, and never return + * failure (they call fatal if they encounter an error). + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#include "includes.h" + +#include +#ifdef HAVE_STDINT_H +#include +#endif +#include +#include +#include + +#include "xmalloc.h" +#include "log.h" + +void +ssh_malloc_init(void) +{ +#if defined(__OpenBSD__) + extern char *malloc_options; + + malloc_options = "S"; +#endif /* __OpenBSD__ */ +} + +void * +xmalloc(size_t size) +{ + void *ptr; + + if (size == 0) + fatal("xmalloc: zero size"); + ptr = malloc(size); + if (ptr == NULL) + fatal("xmalloc: out of memory (allocating %zu bytes)", size); + return ptr; +} + +void * +xcalloc(size_t nmemb, size_t size) +{ + void *ptr; + + if (size == 0 || nmemb == 0) + fatal("xcalloc: zero size"); + if (SIZE_MAX / nmemb < size) + fatal("xcalloc: nmemb * size > SIZE_MAX"); + ptr = calloc(nmemb, size); + if (ptr == NULL) + fatal("xcalloc: out of memory (allocating %zu bytes)", + size * nmemb); + return ptr; +} + +void * +xreallocarray(void *ptr, size_t nmemb, size_t size) +{ + void *new_ptr; + + new_ptr = reallocarray(ptr, nmemb, size); + if (new_ptr == NULL) + fatal("xreallocarray: out of memory (%zu elements of %zu bytes)", + nmemb, size); + return new_ptr; +} + +#if 0 +/* not used currently, produces compilation problems in Windows */ +void * +xrecallocarray(void *ptr, size_t onmemb, size_t nmemb, size_t size) +{ + void *new_ptr; + + new_ptr = recallocarray(ptr, onmemb, nmemb, size); + if (new_ptr == NULL) + fatal("xrecallocarray: out of memory (%zu elements of %zu bytes)", + nmemb, size); + return new_ptr; +} +#endif + +char * +xstrdup(const char *str) +{ + size_t len; + char *cp; + + len = strlen(str) + 1; + cp = xmalloc(len); + strlcpy(cp, str, len); + return cp; +} + +int +xasprintf(char **ret, const char *fmt, ...) +{ + va_list ap; + int i; + + va_start(ap, fmt); + i = vasprintf(ret, fmt, ap); + va_end(ap); + + if (i < 0 || *ret == NULL) + fatal("xasprintf: could not allocate memory"); + + return (i); +} diff --git a/include/DomainExec/opensshlib/xmalloc.h b/include/DomainExec/opensshlib/xmalloc.h new file mode 100644 index 00000000..cf38ddfa --- /dev/null +++ b/include/DomainExec/opensshlib/xmalloc.h @@ -0,0 +1,27 @@ +/* $OpenBSD: xmalloc.h,v 1.17 2017/05/31 09:15:42 deraadt Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * Created: Mon Mar 20 22:09:17 1995 ylo + * + * Versions of malloc and friends that check their results, and never return + * failure (they call fatal if they encounter an error). + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +void ssh_malloc_init(void); +void *xmalloc(size_t); +void *xcalloc(size_t, size_t); +void *xreallocarray(void *, size_t, size_t); +void *xrecallocarray(void *, size_t, size_t, size_t); +char *xstrdup(const char *); +int xasprintf(char **, const char *, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); diff --git a/include/Service.cc b/include/Service.cc new file mode 100644 index 00000000..bbd49aff --- /dev/null +++ b/include/Service.cc @@ -0,0 +1,685 @@ + +/*************************************************************************** + * Service.cc -- The "Service" class encapsulates every bit of information * + * about the associated target's (Target class) service. Service-specific * + * options, statistical and timing information as well as functions for * + * handling username/password list iteration all belong to this class. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "Service.h" +#include "NcrackOps.h" + +extern NcrackOps o; + + +Service:: +Service() +{ + static unsigned long id = 0; + name = NULL; + target = NULL; + proto = IPPROTO_TCP; + portno = 0; + + uid = id++; + + loginlist_fini = false; + list_active = true; + list_full = false; + list_wait = false; + list_pairfini = false; + list_finishing = false; + list_finished = false; + just_started = true; + more_rounds = false; + skip_username = false; + + end.orly = false; + end.reason = NULL; + + failed_connections = 0; + total_attempts = 0; + finished_attempts = 0; + supported_attempts = 0; + active_connections = 0; + + min_connection_limit = -1; + max_connection_limit = -1; + ideal_parallelism = 1; /* we start with 1 connection exactly */ + auth_tries = -1; + connection_delay = -1; + connection_retries = -1; + timeout = -1; + path = Strndup("/", 2); /* path is '/' by default */ + + db = Strndup("admin", 5); /* databse is 'admin' by default */ + domain = Strndup("Workstation", 11); /* domain is 'Workstation' by default */ + + ssl = false; + + module_data = NULL; + memset(&last, 0, sizeof(last)); + UserArray = NULL; + PassArray = NULL; + hostinfo = NULL; + memset(&last_auth_rate, 0, sizeof(last_auth_rate)); + + htn.msecs_used = 0; + htn.toclock_running = false; + htn.host_start = htn.host_end = 0; + + linear_state = LINEAR_INIT; +} + +/* copy constructor */ +Service:: +Service(const Service& ref) +{ + name = strdup(ref.name); + proto = ref.proto; + portno = ref.portno; + + uid = ref.uid; + + min_connection_limit = ref.min_connection_limit; + max_connection_limit = ref.max_connection_limit; + auth_tries = ref.auth_tries; + connection_delay = ref.connection_delay; + connection_retries = ref.connection_retries; + timeout = ref.timeout; + ssl = ref.ssl; + //if (path) + // free(path); + path = Strndup(ref.path, strlen(ref.path)); + + db = Strndup(ref.db, strlen(ref.db)); + + domain = Strndup(ref.domain, strlen(ref.domain)); + + ideal_parallelism = 1; /* we start with 1 connection exactly */ + + ssl = ref.ssl; + UserArray = ref.UserArray; + PassArray = ref.PassArray; + uservi = UserArray->begin(); + passvi = PassArray->begin(); + + failed_connections = 0; + total_attempts = 0; + finished_attempts = 0; + supported_attempts = 0; + active_connections = 0; + + loginlist_fini = false; + passlist_fini = false; + userlist_fini = false; + list_active = true; + list_full = false; + list_wait = false; + list_pairfini = false; + list_finishing = false; + list_finished = false; + just_started = true; + more_rounds = false; + skip_username = false; + + end.orly = false; + end.reason = NULL; + + module_data = NULL; + hostinfo = NULL; + memset(&last, 0, sizeof(last)); + memset(&last_auth_rate, 0, sizeof(last_auth_rate)); + + htn.msecs_used = 0; + htn.toclock_running = false; + htn.host_start = htn.host_end = 0; + + linear_state = ref.linear_state; +} + +Service:: +~Service() +{ + if (name) + free(name); + if (module_data) + free(module_data); + if (hostinfo) + free(hostinfo); + if (end.reason) + free(end.reason); +} + +const char *Service:: +HostInfo(void) +{ + if (!hostinfo) + hostinfo = (char *) safe_malloc(MAX_HOSTINFO_LEN); + + if (!target) + fatal("%s: tried to print hostinfo with uninitialized Target\n", __func__); + + Snprintf(hostinfo, MAX_HOSTINFO_LEN, "%s://%s:%hu", name, + target->NameIP(), portno); + return hostinfo; +} + + +/* Add discovered credential to private list */ +void Service:: +addCredential(char *user, char *pass) +{ + loginpair tmp; + tmp.user = user; + tmp.pass = pass; + credentials_found.push_back(tmp); +} + +uint32_t Service:: +getUserlistIndex(void) +{ + return std::distance(UserArray->begin(), uservi); +} + +void Service:: +setUserlistIndex(uint32_t index) +{ + uservi = UserArray->begin() + index; +} + +uint32_t Service:: +getPasslistIndex(void) +{ + return std::distance(PassArray->begin(), passvi); +} + +void Service:: +setPasslistIndex(uint32_t index) +{ + passvi = PassArray->begin() + index; +} + + +/* + * returns -1 for end of login list and empty pool + * 0 for successful retrieval through lists + * 1 for successful retrieval through pool + */ +int Service:: +getNextPair(char **user, char **pass) +{ + if (!UserArray) + fatal("%s: uninitialized UserArray\n", __func__); + + if (!PassArray) + fatal("%s: uninitialized PassArray\n", __func__); + + loginpair tmp; + + /* If the login pair pool is not empty, then give priority to these + * pairs and extract the first one you find. */ + if (!pair_pool.empty()) { + + list ::iterator pairli = pair_pool.begin(); + tmp = pair_pool.front(); + *user = tmp.user; + *pass = tmp.pass; + pair_pool.erase(pairli); + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Pool: extract '%s' '%s'\n", HostInfo(), + tmp.user, tmp.pass); + return 1; + } + + if (loginlist_fini) + return -1; + + if (!strcmp(name, "redis")) { + if (passvi == PassArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Password list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + *user = *uservi; + *pass = *passvi; + passvi++; + return 0; + } + + if (!strcmp(name, "mongodb")) { + if (skip_username == true) { + uservi--; + if (o.debugging > 5) + log_write(LOG_STDOUT, "%s skipping username!!!! %s\n", HostInfo(), *(uservi)); + uservi = UserArray->erase(uservi); + if (uservi == UserArray->end()) { + uservi = UserArray->begin(); + passvi++; + if (passvi == PassArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Password list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + } + //printf("next user: %s\n", *uservi); + skip_username = false; + } + } + + if (!strcmp(name, "ssh")) { + + /* catches bug where ssh module crashed when user had specified correct username and + * password in the first attempt + */ + if (just_started == false && PassArray->size() == 1 && UserArray->size() == 1) { + uservi = UserArray->end(); + passvi = PassArray->end(); + loginlist_fini = true; + return -1; + } + + /* special case for ssh */ + if (just_started == true) { + + /* keep using same username for first timing probe */ + if (passvi == PassArray->end()) { + passvi = PassArray->begin(); + uservi++; + if (uservi == UserArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Username list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + } + *user = *uservi; + *pass = *passvi; + passvi++; + + return 0; + } + } + + if (o.pairwise && strcmp(name, "mongodb")) { + + if (uservi == UserArray->end() && passvi == PassArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Password list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + if (uservi == UserArray->end()) { + uservi = UserArray->begin(); + userlist_fini = true; + } + if (passvi == PassArray->end()) { + passvi = PassArray->begin(); + passlist_fini = true; + } + if (userlist_fini == true && passlist_fini == true) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Password list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + *pass = *passvi; + *user = *uservi; + uservi++; + passvi++; + + } else if (o.passwords_first && strcmp(name, "mongodb")) { + /* Iteration of password list for each username. */ + /* If password list finished one iteration then reset the password pointer + * to show at the beginning and get next username from username list. */ + if (passvi == PassArray->end()) { + passvi = PassArray->begin(); + uservi++; + if (uservi == UserArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Username list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + } + *user = *uservi; + *pass = *passvi; + passvi++; + + } else if (!o.passwords_first || !strcmp(name, "mongodb")) { + /* Iteration of username list for each password (default). */ + /* If username list finished one iteration then reset the username pointer + * to show at the beginning and get password from password list. */ + if (uservi == UserArray->end()) { + uservi = UserArray->begin(); + passvi++; + if (passvi == PassArray->end()) { + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s Password list finished!\n", HostInfo()); + loginlist_fini = true; + return -1; + } + } + *pass = *passvi; + *user = *uservi; + uservi++; + } + + + return 0; +} + + +void Service:: +removeFromPool(char *user, char *pass) +{ + loginpair tmp; + list ::iterator li; + + if (!user || !pass) + return; + + tmp.user = user; + tmp.pass = pass; + + for (li = mirror_pair_pool.begin(); li != mirror_pair_pool.end(); li++) { + if ((tmp.user == li->user) && (tmp.pass == li->pass)) + break; + } + if (li != mirror_pair_pool.end()) { + if (o.debugging > 8) { + if (!strcmp(name, "redis")) + log_write(LOG_STDOUT, "%s Pool: Removed '%s' \n", HostInfo(), tmp.pass); + else + log_write(LOG_STDOUT, "%s Pool: Removed %s %s\n", HostInfo(), + tmp.user, tmp.pass); + } + mirror_pair_pool.erase(li); + } +} + + + +void Service:: +appendToPool(char *user, char *pass) +{ + loginpair tmp; + list ::iterator li; + + if (!user) + fatal("%s: tried to append NULL user into pair pool", __func__); + if (!pass) + fatal("%s: tried to append NULL password into pair pool", __func__); + + tmp.user = user; + tmp.pass = pass; + pair_pool.push_back(tmp); + + if (o.debugging > 8) { + if (!strcmp(name, "redis")) + log_write(LOG_STDOUT, "%s Pool: Append '%s' \n", HostInfo(), tmp.pass); + else + log_write(LOG_STDOUT, "%s Pool: Append '%s' '%s' \n", HostInfo(), + tmp.user, tmp.pass); + } + + /* + * Try and see if login pair was already in our mirror pool. Only if + * it doesn't already exist, then append it to the list. + */ + for (li = mirror_pair_pool.begin(); li != mirror_pair_pool.end(); li++) { + if ((tmp.user == li->user) && (tmp.pass == li->pass)) + break; + } + if (li == mirror_pair_pool.end()) + mirror_pair_pool.push_back(tmp); +} + + +bool Service:: +isMirrorPoolEmpty(void) +{ + return mirror_pair_pool.empty(); +} + + +bool Service:: +isPoolEmpty(void) +{ + return pair_pool.empty(); +} + + +double Service:: +getPercDone(void) +{ + double ret = 0.0; + vector ::iterator usertmp = uservi; + vector ::iterator passtmp = passvi; + + if (!o.passwords_first) { + if (passtmp != PassArray->begin()) + passtmp--; + if (uservi == UserArray->end()) { + ret = distance(PassArray->begin(), passtmp) * UserArray->size(); + } else { + if (usertmp != UserArray->begin()) + usertmp--; + ret = distance(PassArray->begin(), passtmp) * UserArray->size() + + distance(UserArray->begin(), usertmp); + } + } else { + if (usertmp != UserArray->begin()) + usertmp--; + if (passvi == PassArray->end()) { + ret = distance(UserArray->begin(), usertmp) * PassArray->size(); + } else { + if (passtmp != PassArray->begin()) + passtmp--; + ret = distance(UserArray->begin(), usertmp) * PassArray->size() + + distance(PassArray->begin(), passtmp); + } + } + + if (ret) { + ret /= (double) (UserArray->size() * PassArray->size()); + if (ret >= 0.9999) + ret = 0.9999; + } else + ret = 0.0; + + return ret; +} + + +/* + * Starts the timeout clock for the host running (e.g. you are + * beginning a scan). If you do not have the current time handy, + * you can pass in NULL. When done, call stopTimeOutClock (it will + * also automatically be stopped of timedOut() returns true) + */ +void Service:: +startTimeOutClock(const struct timeval *now) { + assert(htn.toclock_running == false); + htn.toclock_running = true; + if (now) htn.toclock_start = *now; + else gettimeofday(&htn.toclock_start, NULL); + if (!htn.host_start) htn.host_start = htn.toclock_start.tv_sec; +} + + +/* The complement to startTimeOutClock. */ +void Service:: +stopTimeOutClock(const struct timeval *now) { + struct timeval tv; + assert(htn.toclock_running == true); + htn.toclock_running = false; + if (now) tv = *now; + else gettimeofday(&tv, NULL); + htn.msecs_used += timeval_msec_subtract(tv, htn.toclock_start); + htn.host_end = tv.tv_sec; +} + +/* + * Returns whether the host is timedout. If the timeoutclock is + * running, counts elapsed time for that. Pass NULL if you don't have the + * current time handy. You might as well also pass NULL if the + * clock is not running, as the func won't need the time. + */ +bool Service:: +timedOut(const struct timeval *now) { + unsigned long used = htn.msecs_used; + struct timeval tv; + + if (!timeout) + return false; + if (htn.toclock_running) { + if (now) + tv = *now; + else + gettimeofday(&tv, NULL); + + used += timeval_msec_subtract(tv, htn.toclock_start); + } + + return (used > (unsigned long)timeout)? true : false; +} + +void Service:: +setLinearState(size_t state) { + + linear_state = state; +} + + +size_t Service:: +getLinearState(void) { + + return linear_state; +} diff --git a/include/Service.h b/include/Service.h new file mode 100644 index 00000000..cb16f699 --- /dev/null +++ b/include/Service.h @@ -0,0 +1,393 @@ + +/*************************************************************************** + * Service.h -- The "Service" class encapsulates every bit of information * + * about the associated target's (Target class) service. Service-specific * + * options, statistical and timing information as well as functions for * + * handling username/password list iteration all belong to this class. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef SERVICE_H +#define SERVICE_H + +#include "ncrack.h" +#include "utils.h" +#include "Target.h" +#include "Buf.h" +#include "timing.h" +#include "Connection.h" +#include + + +#define BUFSIZE 256 +#define MAX_HOSTINFO_LEN 1024 + + + +typedef struct loginpair +{ + char *user; + char *pass; +} loginpair; + + +struct end_reason +{ + bool orly; /* did it end? */ + char *reason; /* why did it end */ +}; + + +struct host_timeout_nfo { + unsigned long msecs_used; /* How many msecs has this Target used? */ + bool toclock_running; /* Is the clock running right now? */ + struct timeval toclock_start; /* When did the clock start? */ + time_t host_start, host_end; /* The absolute start and end for this host */ +}; + +enum linear_states { LINEAR_INIT, LINEAR_ACTIVE, LINEAR_DONE }; + +class Service +{ + public: + Service(); + ~Service(); + + /* ********************* Functions ******************* */ + + Service(const Service&); /* copy constructor */ + const char *HostInfo(void); + + double getPercDone(void); + + /* Add discovered credential to 'credentials_found' */ + void addCredential(char *user, char *pass); + + int getNextPair(char **login, char **pass); + void appendToPool(char *login, char *pass); + void removeFromPool(char *login, char *pass); + bool isMirrorPoolEmpty(void); + bool isPoolEmpty(void); + + void setListActive(void) { list_active = true; }; + void unsetListActive(void) { list_active = false; }; + bool getListActive(void) { return list_active; }; + + void setListWait(void) { list_wait = true; }; + void unsetListWait(void) { list_wait = false; }; + bool getListWait(void) { return list_wait; }; + + void setListPairfini(void) { list_pairfini = true; }; + void unsetListPairfini(void) { list_pairfini = false; }; + bool getListPairfini(void) { return list_pairfini; }; + + void setListFull(void) { list_full = true; }; + void unsetListFull(void) { list_full = false; }; + bool getListFull(void) { return list_full; }; + + void setListFinishing(void) { list_finishing = true; }; + void unsetListFinishing(void) { list_finishing = false; }; + bool getListFinishing(void) { return list_finishing; }; + + void setListFinished(void) { list_finished = true; }; + bool getListFinished(void) { return list_finished; }; + + uint32_t getUserlistIndex(void); + void setUserlistIndex(uint32_t index); + uint32_t getPasslistIndex(void); + void setPasslistIndex(uint32_t index); + + void setLinearState(size_t state); + size_t getLinearState(void); + + + /* ********************* Members ********************* */ + + uint32_t uid; /* uniquely identifies service */ + char *name; + Target *target; /* service belongs to this host */ + u8 proto; + u16 portno; + + struct end_reason end; /* reason that this service ended */ + + /* list which holds discovered credentials if any */ + vector credentials_found; + + bool loginlist_fini;/* true if login list has been iterated through */ + bool userlist_fini; + bool passlist_fini; + + vector *UserArray; + vector *PassArray; + + /* true -> reconnaissance/timing probe */ + bool just_started; + + /* True if more connections needed for timing probe - usually modules like + * HTTP might need this, because they need to also check other variables + * like keep-alive values and authentication schemes (in separate + * connections) + */ + bool more_rounds; + + /* Will skip current username and move on to the next one if true. + * Currently used for MongoDB user-enum vulnerability in SCRAM_SHA1 auth. + */ + bool skip_username; + + unsigned int failed_connections; + long active_connections; + struct timeval last; /* time of last activated connection */ + + /* + * How many attempts the service supports per connection before + * closing on us. This is used as a valuable piece of information + * for many timing checks, and is gathered during the first connection + * (since that probably is the most reliable one, because in the beginning + * we haven't opened up too many connections yet) + */ + unsigned long supported_attempts; + + /* total auth attempts, including failed ones */ + unsigned long total_attempts; + + /* auth attempts that have finished up to the point of completing + * all authentication steps and getting the results */ + unsigned long finished_attempts; + + /* timing options that override global ones */ + + /* minimum number of concurrent parallel connections */ + long min_connection_limit; + /* maximum number of concurrent parallel connections */ + long max_connection_limit; + /* ideal number of concurrent parallel connections */ + long ideal_parallelism; + /* authentication attempts per connections */ + long auth_tries; + /* number of milliseconds to wait between each connection */ + long connection_delay; + /* number of connection retries after connection failure */ + long connection_retries; + /* maximum cracking time regardless of success so far */ + long long timeout; + + /* misc options */ + bool ssl; /* true -> SSL enabled over this service */ + char *path; /* used for HTTP or other modules that need a path-name */ + + char *db; /* used for MongoDB or other modules that need a database name */ + + char *domain; /* used for modules like WinRM that need a domain */ + + void *module_data; /* service/module-specific data */ + + RateMeter auth_rate_meter; + struct last_auth_rate { + double rate; + struct timeval time; + } last_auth_rate; + + list connections; + + /* + * Starts the timeout clock for the host running (e.g. you are + * beginning a scan). If you do not have the current time handy, + * you can pass in NULL. When done, call stopTimeOutClock (it will + * also automatically be stopped if timedOut() returns true) + */ + void startTimeOutClock(const struct timeval *now); + + /* The complement to startTimeOutClock. */ + void stopTimeOutClock(const struct timeval *now); + + /* Is the timeout clock currently running? */ + bool timeOutClockRunning() { return htn.toclock_running; } + + /* + * Returns whether the host is timedout. If the timeoutclock is + * running, counts elapsed time for that. Pass NULL if you don't have the + * current time handy. You might as well also pass NULL if the + * clock is not running, as the func won't need the time. + */ + bool timedOut(const struct timeval *now); + + /* Return time_t for the start and end time of this host */ + time_t StartTime() { return htn.host_start; } + + time_t EndTime() { return htn.host_end; } + + private: + + /* + * hostinfo in form "://:" + * e.g ftp://scanme.nmap.org:21 - Will be returned by HostInfo() + */ + char *hostinfo; + + /* + * Login pair pool that holds pairs that didn't manage to be authenticated + * due to an error (the host timed out, the connection was forcefully closed + * etc). If this pool has elements, then the next returned pair from + * NextPair() will come from this pool. NextPair() will remove the + * element from the list. + */ + list pair_pool; + + /* + * Mirror login pair pool, that holds pairs from login pair pool but which + * aren't removed from the list at the time they are used. + * By this way we can determine, if we are currently using pairs from the + * pair_pool by checking if the mirror_pair_pool is non-empty. + */ + list mirror_pair_pool; + + vector ::iterator uservi; + vector ::iterator passvi; + + bool list_active; /* service is now on 'services_active' list */ + bool list_wait; /* service appended to 'services_wait' list */ + bool list_pairfini; /* service appended to 'services_pairfini' list */ + bool list_full; /* service appended to 'services_full' list */ + bool list_finishing;/* service appended to 'services_finishing' list */ + bool list_finished; /* service is now on 'services_finished' list */ + + + /* + * LINEAR_INIT: service hasn't started connection yet + * LINEAR_ACTIVE: service has active connection + * LINEAR_DONE: service has finished connection + */ + size_t linear_state; + + struct host_timeout_nfo htn; + +}; + + +#endif diff --git a/include/ServiceGroup.cc b/include/ServiceGroup.cc new file mode 100644 index 00000000..af2c8f51 --- /dev/null +++ b/include/ServiceGroup.cc @@ -0,0 +1,438 @@ + +/*************************************************************************** + * ServiceGroup.cc -- The "ServiceGroup" class holds lists for all * + * services that are under active cracking or have been stalled for one * + * reason or another. Information and options that apply to all services * + * as a whole are also kept here. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ServiceGroup.h" +#include "NcrackOps.h" + +extern NcrackOps o; + + +ServiceGroup:: +ServiceGroup() +{ + /* members initialization */ + total_services = 0; + active_connections = 0; + connections_total = 0; + connections_timedout = 0; + connections_closed = 0; + credentials_found = 0; + SPM = new ScanProgressMeter(); +} + + +ServiceGroup:: +~ServiceGroup() +{ + // free stuff + delete SPM; +} + + +/* + * Find and set minimum connection delay from all unfinished services + */ +void ServiceGroup:: +findMinDelay(void) +{ + list delays; + list::iterator li; + + for (li = services_all.begin(); li != services_all.end(); li++) { + /* Append to temporary list only the unfinished services */ + if (!(*li)->getListFinished()) + delays.push_back((*li)->connection_delay); + } + + delays.sort(); + min_connection_delay = delays.front(); + delays.clear(); +} + + +/* + * Pushes service into one of the ServiceGroup lists. A Service might belong: + * a) to 'services_active' OR + * b) to 'services_finished' OR + * c) to any other combination of the rest of the lists + * A service might belong to more than one of the lists in case c) when + * for example it needs to wait both for the 'connection_delay' and the + * 'connection_limit'. + */ +list ::iterator ServiceGroup:: +pushServiceToList(Service *serv, list *dst) +{ + list ::iterator li = services_active.end(); + list ::iterator templi; + const char *dstname = NULL; + + assert(dst); + assert(serv); + + /* Check that destination list is valid and that service doesn't already + * belong to it. */ + if (!set_servlist(serv, dst) || !(dstname = list2name(dst))) + return li; + + /* + * If service belonged to 'services_active' then we also have to remove it + * from there. In any other case, we just copy the service to the list + * indicated by 'dst'. + */ + if (serv->getListActive()) { + for (li = services_active.begin(); li != services_active.end(); li++) { + if (((*li)->portno == serv->portno) && (!strcmp((*li)->name, serv->name)) + && (!(strcmp((*li)->target->NameIP(), serv->target->NameIP())))) + break; + } + if (li == services_active.end()) + fatal("%s: %s service not found in 'services_active' as indicated by " + "'getListActive()'!\n", __func__, serv->HostInfo()); + + serv->unsetListActive(); + li = services_active.erase(li); + } + + /* + * Now append service to destination list. The service can still be in other + * lists too. However, if we move it to 'services_finished', then no other + * action can happen on it. We also can never move a service to + * 'services_active' by this way. The service must stop being in any other + * list before finally being moved back to 'services_active' and this only + * happens through 'popServiceFromList()'. + */ + + if (dst == &services_active) { + if (o.debugging > 8) + error("%s cannot be pushed into 'services_active'. This is not allowed!\n", + serv->HostInfo()); + } + + dst->push_back(serv); + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s pushed to list %s\n", serv->HostInfo(), dstname); + + // TODO: probably we should also remove from any other list too, if service + // is finished. + + free((char *)dstname); + prev_modified = li; + return li; +} + + +/* + * Pops service from one of the ServiceGroup lists. This is the only way for a + * service to return back to 'services_active' and this happens if and only if + * it stops belonging to any other list (except 'services_finished' from which + * you are not allowed to remove a service once it moves there) + */ +list ::iterator ServiceGroup:: +popServiceFromList(Service *serv, list *src) +{ + list ::iterator li = services_finished.end(); + const char *srcname = NULL; + + assert(src); + assert(serv); + + if (src == &services_active) { + if (o.debugging > 8) + error("%s cannot be popped from 'services_active'. This is not allowed!\n", + serv->HostInfo()); + } + + /* unset corresponding boolean for service's list - If operation is invalid + * then return immediately (with null iterator) */ + if (!unset_servlist(serv, src) || !(srcname = list2name(src))) + return li; + + for (li = src->begin(); li != src->end(); li++) { + if (((*li)->portno == serv->portno) && (!strcmp((*li)->name, serv->name)) + && (!(strcmp((*li)->target->NameIP(), serv->target->NameIP())))) + break; + } + if (li == src->end()) + fatal("%s: %s service was not found in %s and thus cannot be popped!\n", + __func__, serv->HostInfo(), srcname); + + /* + * If service now doesn't belong to any other list other than + * 'services_active' then we can move them back there! + */ + if (!serv->getListWait() && !serv->getListPairfini() && + !serv->getListFull() && !serv->getListFinishing() && + !serv->getListFinished()) { + serv->setListActive(); + services_active.push_back(serv); + } + + li = src->erase(li); + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s popped from list %s\n", + serv->HostInfo(), srcname); + + + free((char *)srcname); + prev_modified = li; + return li; +} + + +/* + * Returns list's equivalent name. e.g for 'services_finished' it will return + * a "FINISHED" string. We prefer capitals for debugging purposes. Caller must + * free the string after it finishes using it. + */ +const char *ServiceGroup:: +list2name(list *list) +{ + const char *name = NULL; + + if (list == &services_active) + name = Strndup("ACTIVE", sizeof("ACTIVE") - 1); + else if (list == &services_wait) + name = Strndup("WAIT", sizeof("WAIT") - 1); + else if (list == &services_pairfini) + name = Strndup("PAIRFINI", sizeof("PAIRFINI") - 1); + else if (list == &services_full) + name = Strndup("FULL", sizeof("FULL") - 1); + else if (list == &services_finishing) + name = Strndup("FINISHING", sizeof("FINISHING") - 1); + else if (list == &services_finished) + name = Strndup("FINISHED", sizeof("FINISHED") - 1); + else + error("%s Invalid list specified!\n", __func__); + + return name; +} + + +/* + * Set service's corresponding boolean indicating that it now + * belongs to the particular list. If service is already on the list or an + * invalid list is specified, then the operation is invalid. + * Returns true if operation is valid and false for invalid. + */ +bool ServiceGroup:: +set_servlist(Service *serv, list *list) +{ + if (list == &services_active && !serv->getListActive()) + serv->setListActive(); + else if (list == &services_wait && !serv->getListWait()) + serv->setListWait(); + else if (list == &services_pairfini && !serv->getListPairfini()) + serv->setListPairfini(); + else if (list == &services_full && !serv->getListFull()) + serv->setListFull(); + else if (list == &services_finishing && !serv->getListFinishing()) + serv->setListFinishing(); + else if (list == &services_finished && !serv->getListFinished()) { + serv->setListFinished(); + serv->stopTimeOutClock(nsock_gettimeofday()); + } + else + return false; + + return true; +} + + +/* + * Unset service's corresponding boolean indicating that it stops + * belonging to the particular list. + * Returns true if operation is valid. + */ +bool ServiceGroup:: +unset_servlist(Service *serv, list *list) +{ + if (list == &services_active) + serv->unsetListActive(); + else if (list == &services_wait) + serv->unsetListWait(); + else if (list == &services_pairfini) + serv->unsetListPairfini(); + else if (list == &services_full) + serv->unsetListFull(); + else if (list == &services_finishing) + serv->unsetListFinishing(); + else if (list == &services_finished) { + if (o.debugging > 8) + error("%s cannot remove from 'services_finished'.This is not allowed!\n", + __func__); + return false; + } else { + error("%s destination list invalid!\n", __func__); + return false; + } + return true; +} + + +double ServiceGroup:: +getCompletionFraction(void) +{ + double total = 0; + unsigned int services_left = 0; + + list ::iterator li; + + for (li = services_all.begin(); li != services_all.end(); li++) { + if ((*li)->getListFinished()) + continue; + services_left++; + total += (*li)->getPercDone(); + } + + if (total) + total /= (double)services_left; + else + total = 0; + return total; +} + + +/* + * Return true if there is still a pending connection from the rest of the services + */ +bool ServiceGroup:: +checkLinearPending(void) +{ + list ::iterator li; + for (li = services_all.begin(); li != services_all.end(); li++) { + if ((*li)->getLinearState() == LINEAR_INIT || (*li)->getLinearState() == LINEAR_ACTIVE) + return true; + } + + return false; +} diff --git a/include/ServiceGroup.h b/include/ServiceGroup.h new file mode 100644 index 00000000..15f54864 --- /dev/null +++ b/include/ServiceGroup.h @@ -0,0 +1,270 @@ + +/*************************************************************************** + * ServiceGroup.h -- The "ServiceGroup" class holds lists for all * + * services that are under active cracking or have been stalled for one * + * reason or another. Information and options that apply to all services * + * as a whole are also kept here. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef SERVICE_GROUP_H +#define SERVICE_GROUP_H + +#include "ncrack.h" +#include "Service.h" +#include + + +class ServiceGroup { + public: + ServiceGroup(); + ~ServiceGroup(); + + /* ********************* Functions ******************* */ + + /* Find and set minimum connection delay from all services */ + void findMinDelay(void); + + /* + * Pushes service into one of the ServiceGroup lists. + * A Service might belong: + * a) to 'services_active' OR + * b) to 'services_finished' OR + * c) to any other combination of the rest of the lists + * A service might belong to more than one of the lists in case c) when + * for example it needs to wait both for the 'connection_delay' and the + * 'connection_limit'. + */ + list ::iterator pushServiceToList(Service *serv, + list *dst); + + /* + * Pops service from one of the ServiceGroup lists. This is the only way + * for a service to return back to 'services_active' and this happens if + * and only if it stops belonging to any other list (except + * 'services_finished' from which you are not allowed to remove a service + * once it moves there). + */ + list ::iterator popServiceFromList(Service *serv, + list *src); + + double getCompletionFraction(void); + + bool checkLinearPending(void); + + /* ********************* Members ********************* */ + + /* All Services. This includes all active and inactive services. + * This list is useful for iterating through all services in one + * global place instead of searching for each one of them in + * separate lists. This list is *never* touched except at creation. + */ + list services_all; + + /* Services finished (successfully or not) */ + list services_finished; + + /* + * Service has its credential list finished, the pool is empty + * but there are pending connections still active + */ + list services_finishing; + + /* + * Services that temporarily cannot initiate another + * connection due to timing constraints (connection limit) + */ + list services_full; + + /* + * Services that have to wait a time of 'connection_delay' + * until initiating another connection + */ + list services_wait; + + + /* + * Services that have to wait until our pair pool has at least one element + * to grab a login pair from, since the main credential list (username or + * password depending on the mode of iteration) has already finished being + * iterated through. + */ + list services_pairfini; + + /* Services that can initiate more connections */ + list services_active; + + /* how many services we need to crack in total */ + unsigned long total_services; + + long min_connection_delay;/* minimum connection delay from all services */ + long active_connections; /* total number of active connections */ + long connection_limit; /* maximum total number of active connections */ + + /* how many connections have been initiated */ + unsigned long connections_total; + unsigned long connections_timedout; /* how many connections have failed */ + + /* how many connections prematurely closed */ + unsigned long connections_closed; + + /* total credentials found */ + unsigned long credentials_found; + + int num_hosts_timedout; /* # of hosts timed out during (or before) scan */ + list ::iterator last_accessed; /* last element accessed */ + list ::iterator prev_modified; /* prev element modified */ + + RateMeter auth_rate_meter; + ScanProgressMeter *SPM; + + private: + + /* + * Returns list's equivalent name. e.g for services_finished it will return + * a "FINISHED" string. We prefer capitals for debugging purposes. Caller + * must free the string after it finishes using it. + */ + const char *list2name(list *list); + + /* + * Set service's corresponding boolean indicating that it now + * belongs to the particular list. + * Returns true if operation is valid. + */ + bool set_servlist(Service *serv, list *list); + + /* + * Unset service's corresponding boolean indicating that it stops + * belonging to the particular list. + * Returns true if operation is valid. + */ + bool unset_servlist(Service *serv, list *list); + +}; + +#endif diff --git a/include/Target.cc b/include/Target.cc new file mode 100644 index 00000000..8a5f241a --- /dev/null +++ b/include/Target.cc @@ -0,0 +1,309 @@ + +/*************************************************************************** + * Target.cc -- The Target class is a stripped version of the equivalent * + * class of Nmap. It holds information and functions mainly pertaining to * + * hostnames and IP addresses of the targets. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: Target.cc 12955 2009-04-15 00:37:03Z fyodor $ */ + +#include "NcrackOps.h" +#include "Target.h" +#include "nbase.h" +#include "utils.h" + +extern NcrackOps o; +using namespace std; + + +Target::Target() { + Initialize(); +} + +void Target::Initialize() { + hostname = NULL; + targetname = NULL; + memset(&targetsock, 0, sizeof(targetsock)); + targetsocklen = 0; + targetipstring[0] = '\0'; + nameIPBuf = NULL; +} + + +void Target::Recycle() { + FreeInternal(); + Initialize(); +} + +Target::~Target() { + FreeInternal(); +} + +void Target::FreeInternal() { + /* Free the DNS name if we resolved one */ + if (hostname) + free(hostname); + + if (targetname) + free(targetname); + + if (nameIPBuf) { + free(nameIPBuf); + nameIPBuf = NULL; + } + +} + +/* Creates a "presentation" formatted string out of the IPv4/IPv6 address. + Called when the IP changes */ +void Target::GenerateIPString() { + struct sockaddr_in *sin = (struct sockaddr_in *) &targetsock; +#if HAVE_IPV6 + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) &targetsock; +#endif + + if (inet_ntop(sin->sin_family, (sin->sin_family == AF_INET)? + (char *) &sin->sin_addr : +#if HAVE_IPV6 + (char *) &sin6->sin6_addr, +#else + (char *) NULL, +#endif + targetipstring, sizeof(targetipstring)) == NULL) { + fatal("Failed to convert target address to presentation format!?! " + "Error: %s", strerror(socket_errno())); + } +} + +/* Fills a sockaddr_storage with the AF_INET or AF_INET6 address + information of the target. This is a preferred way to get the + address since it is portable for IPv6 hosts. Returns 0 for + success. ss_len must be provided. It is not examined, but is set + to the size of the sockaddr copied in. */ +int Target::TargetSockAddr(struct sockaddr_storage *ss, size_t *ss_len) { + assert(ss); + assert(ss_len); + if (targetsocklen <= 0) + return 1; + assert(targetsocklen <= sizeof(*ss)); + memcpy(ss, &targetsock, targetsocklen); + *ss_len = targetsocklen; + return 0; +} + +/* Note that it is OK to pass in a sockaddr_in or sockaddr_in6 casted + to sockaddr_storage */ +void Target::setTargetSockAddr(struct sockaddr_storage *ss, size_t ss_len) { + + assert(ss_len > 0 && ss_len <= sizeof(*ss)); + if (targetsocklen > 0) { + /* We had an old target sock, so we better blow away the hostname as + this one may be new. */ + setHostName(NULL); + setTargetName(NULL); + } + memcpy(&targetsock, ss, ss_len); + targetsocklen = ss_len; + GenerateIPString(); + // /* The ports array needs to know a name too */ + //ports.setIdStr(targetipstr()); +} + +// Returns IPv4 host address or {0} if unavailable. +struct in_addr Target::v4host() { + const struct in_addr *addy = v4hostip(); + struct in_addr in; + if (addy) + return *addy; + in.s_addr = 0; + return in; +} + +// Returns IPv4 host address or NULL if unavailable. +const struct in_addr *Target::v4hostip() const { + struct sockaddr_in *sin = (struct sockaddr_in *) &targetsock; + if (sin->sin_family == AF_INET) + return &(sin->sin_addr); + return NULL; +} + + + +/* You can set to NULL to erase a name or if it failed to resolve -- or + just don't call this if it fails to resolve */ +void Target::setHostName(char *name) { + char *p; + if (hostname) { + free(hostname); + hostname = NULL; + } + if (name) { + p = hostname = strdup(name); + while (*p) { + // I think only a-z A-Z 0-9 . and - are allowed, but I'll be a little more + // generous. + if (!isalnum(*p) && !strchr(".-+=:_~*", *p)) { + //log_write(LOG_STDOUT, "Illegal character(s) in hostname -- " + //"replacing with '*'\n"); + *p = '*'; + } + p++; + } + } +} + +void Target::setTargetName(const char *name) { + if (targetname) { + free(targetname); + targetname = NULL; + } + if (name) + targetname = strdup(name); +} + +/* Generates a printable string consisting of the host's IP + address and hostname (if available). Eg "www.insecure.org + (64.71.184.53)" or "fe80::202:e3ff:fe14:1102". The name is + written into the buffer provided, which is also returned. Results + that do not fit in buflen will be truncated. */ +const char *Target::NameIP(char *buf, size_t buflen) { + assert(buf); + assert(buflen > 8); + if (hostname) + Snprintf(buf, buflen, "%s (%s)", hostname, targetipstring); + else + Strncpy(buf, targetipstring, buflen); + return buf; +} + +/* This next version returns a static buffer -- so no concurrency */ +const char *Target::NameIP() { + if (!nameIPBuf) + nameIPBuf = (char *) safe_malloc(MAXHOSTNAMELEN + INET6_ADDRSTRLEN); + return NameIP(nameIPBuf, MAXHOSTNAMELEN + INET6_ADDRSTRLEN); +} + diff --git a/include/Target.h b/include/Target.h new file mode 100644 index 00000000..b05f2011 --- /dev/null +++ b/include/Target.h @@ -0,0 +1,215 @@ + +/*************************************************************************** + * Target.h -- The Target class is a stripped version of the equivalent * + * class of Nmap. It holds information and functions mainly pertaining to * + * hostnames and IP addresses of the targets. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: Target.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef TARGET_H +#define TARGET_H + +#include "ncrack.h" + +#ifndef INET6_ADDRSTRLEN +#define INET6_ADDRSTRLEN 46 +#endif + +#include +using namespace std; + + +class Target { + public: /* For now ... a lot of the data members should be made private */ + Target(); + ~Target(); + /* Recycles the object by freeing internal objects and reinitializing + to default state */ + void Recycle(); + /* Fills a sockaddr_storage with the AF_INET or AF_INET6 address + information of the target. This is a preferred way to get the + address since it is portable for IPv6 hosts. Returns 0 for + success. ss_len must be provided. It is not examined, but is set + to the size of the sockaddr copied in. */ + int TargetSockAddr(struct sockaddr_storage *ss, size_t *ss_len); + /* Note that it is OK to pass in a sockaddr_in or sockaddr_in6 casted + to sockaddr_storage */ + void setTargetSockAddr(struct sockaddr_storage *ss, size_t ss_len); + // Returns IPv4 target host address or {0} if unavailable. + struct in_addr v4host(); + const struct in_addr *v4hostip() const; + /* The IPv4 or IPv6 literal string for the target host */ + const char *targetipstr() { return targetipstring; } + /* Give the name from the last setHostName() call, which should be + the name obtained from reverse-resolution (PTR query) of the IP (v4 + or v6). If the name has not been set, or was set to NULL, an empty + string ("") is returned to make printing easier. */ + const char *HostName() { return hostname? hostname : ""; } + /* You can set to NULL to erase a name or if it failed to resolve -- or + just don't call this if it fails to resolve. The hostname is blown + away when you setTargetSockAddr(), so make sure you do these in proper + order + */ + void setHostName(char *name); + /* Generates a printable string consisting of the host's IP + address and hostname (if available). Eg "www.insecure.org + (64.71.184.53)" or "fe80::202:e3ff:fe14:1102". The name is + written into the buffer provided, which is also returned. Results + that do not fit in buflen will be truncated. */ + const char *NameIP(char *buf, size_t buflen); + /* This next version returns a STATIC buffer -- so no concurrency */ + const char *NameIP(); + + /* Give the name from the last setTargetName() call, which is the + name of the target given on the command line if it's a named + host. */ + const char *TargetName() { return targetname; } + /* You can set to NULL to erase a name. The targetname is blown + away when you setTargetSockAddr(), so make sure you do these in proper + order + */ + void setTargetName(const char *name); + + char *hostname; // Null if unable to resolve or unset + /* The name of the target host given on the commmand line if it is a + * named host */ + char *targetname; + + private: + void Initialize(); + void FreeInternal(); // Free memory allocated inside this object + // Creates a "presentation" formatted string out of the IPv4/IPv6 address + void GenerateIPString(); + struct sockaddr_storage targetsock; + size_t targetsocklen; + char targetipstring[INET6_ADDRSTRLEN]; + char *nameIPBuf; /* for the NameIP(void) function to return */ + +}; + +#endif /* TARGET_H */ diff --git a/include/TargetGroup.cc b/include/TargetGroup.cc new file mode 100644 index 00000000..36c8b7da --- /dev/null +++ b/include/TargetGroup.cc @@ -0,0 +1,553 @@ + +/*************************************************************************** + * TargetGroup.cc -- The "TargetGroup" class holds a group of IP addresses,* + * such as those from a '/16' or '10.*.*.*' specification. It is a * + * stripped version of the equivalent class of Nmap. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: TargetGroup.cc 12955 2009-04-15 00:37:03Z fyodor $ */ + +#include "NcrackOps.h" +#include "TargetGroup.h" +#include "utils.h" + +extern NcrackOps o; + + +TargetGroup::TargetGroup() { + Initialize(); +} + +// Bring back (or start with) original state +void TargetGroup::Initialize() { + targets_type = TYPE_NONE; + memset(addresses, 0, sizeof(addresses)); + memset(current, 0, sizeof(current)); + memset(last, 0, sizeof(last)); + ipsleft = 0; +} + +/* take the object back to the beginning without (mdmcl) + * reinitalizing the data structures */ +int TargetGroup::rewind() { + + /* For netmasks we must set the current address to the + * starting address and calculate the ips by distance */ + if (targets_type == IPV4_NETMASK) { + currentaddr = startaddr; + if (startaddr.s_addr <= endaddr.s_addr) { + ipsleft = ((unsigned long long) (endaddr.s_addr - startaddr.s_addr)) + 1; + return 0; + } + else + assert(0); + } + /* For ranges, we easily set current to zero and calculate + * the ips by the number of values in the columns */ + else if (targets_type == IPV4_RANGES) { + memset((char *)current, 0, sizeof(current)); + ipsleft = (unsigned long long) (last[0] + 1) * + (unsigned long long) (last[1] + 1) * + (unsigned long long) (last[2] + 1) * + (unsigned long long) (last[3] + 1); + return 0; + } +#if HAVE_IPV6 + /* For IPV6 there is only one address, this function doesn't + * make much sence for IPv6 does it? */ + else if (targets_type == IPV6_ADDRESS) { + ipsleft = 1; + return 0; + } +#endif + + /* If we got this far there must be an error, wrong type */ + return -1; +} + + + +/* Initializes (or reinitializes) the object with a new expression, such + as 192.168.0.0/16 , 10.1.0-5.1-254 , or fe80::202:e3ff:fe14:1102 . + Returns 0 for success */ +int TargetGroup::parse_expr(const char * const target_expr, int af) { + + int i=0,j=0,k=0; + int start, end; + char *r,*s, *target_net; + char *addy[5]; + char *hostexp = strdup(target_expr); + struct hostent *target; + namedhost = 0; + + + + if (targets_type != TYPE_NONE) + Initialize(); + ipsleft = 0; + + if (af == AF_INET) { + + /* separate service specification from host */ + if ((s = strchr(hostexp, '[')) || (s = strstr(hostexp, "::")) || (s = strstr(hostexp, "://"))) + *s = '\0'; + + s = NULL; + + if (strchr(hostexp, ':')) + fatal("Invalid host expression: %s -- colons only allowed in IPv6 addresses, and then you need the -6 switch", hostexp); + + + /*struct in_addr current_in;*/ + addy[0] = addy[1] = addy[2] = addy[3] = addy[4] = NULL; + addy[0] = r = hostexp; + /* First we break the expression up into the four parts of the IP address + + the optional '/mask' */ + target_net = hostexp; + s = strchr(hostexp, '/'); /* Find the slash if there is one */ + if (s) { + *s = '\0'; /* Make sure target_net is terminated before the /## */ + s++; /* Point s at the netmask */ + } + netmask = ( s ) ? atoi(s) : 32; + if ((int) netmask < 0 || netmask > 32) { + error("Illegal netmask value (%d), must be /0 - /32 . Assuming /32 (one host)", netmask); + netmask = 32; + } + for(i=0; *(hostexp + i); i++) + if (isupper((int) *(hostexp +i)) || islower((int) *(hostexp +i))) { + namedhost = 1; + break; + } + if (netmask != 32 || namedhost) { + targets_type = IPV4_NETMASK; + if (!inet_pton(AF_INET, target_net, &(startaddr))) { + if ((target = gethostbyname(target_net))) { + int count=0; + + memcpy(&(startaddr), target->h_addr_list[0], sizeof(struct in_addr)); + + while (target->h_addr_list[count]) count++; + + if (count > 1) + error("Warning: Hostname %s resolves to %d IPs. Using %s.", + target_net, count, inet_ntoa(*((struct in_addr *)target->h_addr_list[0]))); + } else { + error("Failed to resolve given hostname/IP: %s. " + "Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges", target_net); + free(hostexp); + return 1; + } + } + if (netmask) { + unsigned long longtmp = ntohl(startaddr.s_addr); + startaddr.s_addr = longtmp & (unsigned long) (0 - (1<<(32 - netmask))); + endaddr.s_addr = longtmp | (unsigned long) ((1<<(32 - netmask)) - 1); + } else { + /* The above calculations don't work for a /0 netmask, though at first + * glance it appears that they would + */ + startaddr.s_addr = 0; + endaddr.s_addr = 0xffffffff; + } + currentaddr = startaddr; + if (startaddr.s_addr <= endaddr.s_addr) { + ipsleft = ((unsigned long long) (endaddr.s_addr - startaddr.s_addr)) + 1; + free(hostexp); + return 0; + } + error("Host specification invalid"); + free(hostexp); + return 1; + } + else { + targets_type = IPV4_RANGES; + i = 0; + + while(*++r) { + if (*r == '.' && ++i < 4) { + *r = '\0'; + addy[i] = r + 1; + } + else if (*r != '*' && *r != ',' && *r != '-' && !isdigit((int)*r)) + fatal("Invalid character in host specification. Note in particular that square brackets [] are no longer allowed. " + "They were redundant and can simply be removed."); + } + if (i != 3) fatal("Invalid target host specification: %s", target_expr); + + for (i = 0; i < 4; i++) { + j=0; + do { + s = strchr(addy[i],','); + if (s) + *s = '\0'; + if (*addy[i] == '*') { + start = 0; + end = 255; + } else if (*addy[i] == '-') { + start = 0; + if (*(addy[i] + 1) == '\0') + end = 255; + else + end = atoi(addy[i]+ 1); + } else { + start = end = atoi(addy[i]); + if ((r = strchr(addy[i],'-')) && *(r+1) ) + end = atoi(r + 1); + else if (r && !*(r+1)) + end = 255; + } + + if (start < 0 || start > end || start > 255 || end > 255) + fatal("Your host specifications are illegal!"); + if (j + (end - start) > 255) + fatal("Your host specifications are illegal!"); + + for (k = start; k <= end; k++) + addresses[i][j++] = k; + + last[i] = j - 1; + if (s) + addy[i] = s + 1; + } while (s); + } + } + memset((char *)current, 0, sizeof(current)); + ipsleft = (unsigned long long) (last[0] + 1) * + (unsigned long long) (last[1] + 1) * + (unsigned long long) (last[2] + 1) * + (unsigned long long) (last[3] + 1); + } + else { +#if HAVE_IPV6 + int rc = 0; + assert(af == AF_INET6); + if (strchr(hostexp, '/')) { + fatal("Invalid host expression: %s -- slash not allowed. IPv6 addresses can currently only be specified individually", hostexp); + } + targets_type = IPV6_ADDRESS; + struct addrinfo hints; + struct addrinfo *result = NULL; + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_INET6; + rc = getaddrinfo(hostexp, NULL, &hints, &result); + if (rc != 0 || result == NULL) { + error("Failed to resolve given IPv6 hostname/IP: %s. Note that you can't use '/mask' or '[1-4,7,100-]' style ranges for IPv6. Error code %d: %s", hostexp, rc, gai_strerror(rc)); + free(hostexp); + if (result) freeaddrinfo(result); + return 1; + } + assert(result->ai_addrlen == sizeof(struct sockaddr_in6)); + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) result->ai_addr; + memcpy(&ip6, sin6, sizeof(struct sockaddr_in6)); + ipsleft = 1; + freeaddrinfo(result); +#else // HAVE_IPV6 + fatal("IPv6 not supported on your platform"); +#endif // HAVE_IPV6 + } + + free(hostexp); + return 0; +} + +/* For ranges, skip all hosts in an octet, (mdmcl) + * get_next_host should be used for skipping the last octet :-) + * returns: number of hosts skipped */ +int TargetGroup::skip_range(_octet_nums octet) { + unsigned long hosts_skipped = 0, /* number of hosts skipped */ + oct = 0; /* octect number */ + int i = 0; /* simple lcv */ + + /* This function is only supported for RANGES! */ + if (targets_type != IPV4_RANGES) + return -1; + + switch (octet) { + case FIRST_OCTET: + oct = 0; + hosts_skipped = (unsigned long)(last[1] + 1) * (unsigned long)(last[2] + 1) * (unsigned long)(last[3] + 1); + break; + case SECOND_OCTET: + oct = 1; + hosts_skipped = (unsigned long)(last[2] + 1) * (unsigned long)(last[3] + 1); + break; + case THIRD_OCTET: + oct = 2; + hosts_skipped = (last[3] + 1); + break; + default: /* Hmm, how'd you do that */ + return -1; + } + + /* catch if we try to take more than are left */ + assert(ipsleft + 1>= hosts_skipped); + + /* increment the next octect that we can above us */ + for (i = oct; i >= 0; i--) { + if (current[i] < last[i]) { + current[i]++; + break; + } + else + current[i] = 0; + } + + /* reset all the ones below us to zero */ + for (i = oct+1; i <= 3; i++) { + current[i] = 0; + } + + /* we actually don't skip the current, it was accounted for + * by get_next_host */ + ipsleft -= hosts_skipped - 1; + + return hosts_skipped; +} + +/* Grab the next host from this expression (if any) and updates its internal + state to reflect that the IP was given out. Returns 0 and + fills in ss if successful. ss must point to a pre-allocated + sockaddr_storage structure */ +int TargetGroup::get_next_host(struct sockaddr_storage *ss, size_t *sslen) { + + int octet; + struct sockaddr_in *sin = (struct sockaddr_in *) ss; + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) ss; +//startover: /* to handle nmap --resume where I have already + // scanned many of the IPs */ + assert(ss); + assert(sslen); + + + if (ipsleft == 0) + return -1; + + if (targets_type == IPV4_NETMASK) { + memset(sin, 0, sizeof(struct sockaddr_in)); + sin->sin_family = AF_INET; + *sslen = sizeof(struct sockaddr_in); +#if HAVE_SOCKADDR_SA_LEN + sin->sin_len = *sslen; +#endif + + if (currentaddr.s_addr <= endaddr.s_addr) { + sin->sin_addr.s_addr = htonl(currentaddr.s_addr++); + } else { + error("Bogus target structure passed to %s", __func__); + ipsleft = 0; + return -1; + } + } + else if (targets_type == IPV4_RANGES) { + memset(sin, 0, sizeof(struct sockaddr_in)); + sin->sin_family = AF_INET; + *sslen = sizeof(struct sockaddr_in); + +#if HAVE_SOCKADDR_SA_LEN + sin->sin_len = *sslen; +#endif + + /* Set the IP to the current value of everything */ + sin->sin_addr.s_addr = htonl(addresses[0][current[0]] << 24 | + addresses[1][current[1]] << 16 | + addresses[2][current[2]] << 8 | + addresses[3][current[3]]); + + /* Now we nudge up to the next IP */ + for(octet = 3; octet >= 0; octet--) { + if (current[octet] < last[octet]) { + /* OK, this is the column I have room to nudge upwards */ + current[octet]++; + break; + } else { + /* This octet is finished so I reset it to the beginning */ + current[octet] = 0; + } + } + if (octet == -1) { + /* It didn't find anything to bump up, I must have taken the last IP */ + assert(ipsleft == 1); + /* So I set current to last with the very final octet up one ... */ + /* Note that this may make current[3] == 256 */ + current[0] = last[0]; current[1] = last[1]; + current[2] = last[2]; current[3] = last[3] + 1; + } else { + assert(ipsleft > 1); /* There must be at least one more IP left */ + } + } else { + assert(targets_type == IPV6_ADDRESS); + assert(ipsleft == 1); +#if HAVE_IPV6 + *sslen = sizeof(struct sockaddr_in6); + memset(sin6, 0, *sslen); + sin6->sin6_family = AF_INET6; +#ifdef SIN_LEN + sin6->sin6_len = *sslen; +#endif /* SIN_LEN */ + memcpy(sin6->sin6_addr.s6_addr, ip6.sin6_addr.s6_addr, 16); + sin6->sin6_scope_id = ip6.sin6_scope_id; +#else + fatal("IPV6 not supported on this platform"); +#endif // HAVE_IPV6 + } + ipsleft--; + + return 0; +} + +/* Returns the last given host, so that it will be given again next + time get_next_host is called. Obviously, you should only call + this if you have fetched at least 1 host since parse_expr() was + called */ +int TargetGroup::return_last_host() { + int octet; + + ipsleft++; + if (targets_type == IPV4_NETMASK) { + assert(currentaddr.s_addr > startaddr.s_addr); + currentaddr.s_addr--; + } else if (targets_type == IPV4_RANGES) { + for(octet = 3; octet >= 0; octet--) { + if (current[octet] > 0) { + /* OK, this is the column I have room to nudge downwards */ + current[octet]--; + break; + } else { + /* This octet is already at the beginning, so I set it to the end */ + current[octet] = last[octet]; + } + } + assert(octet != -1); + } else { + assert(targets_type == IPV6_ADDRESS); + assert(ipsleft == 1); + } + return 0; +} + + diff --git a/include/TargetGroup.h b/include/TargetGroup.h new file mode 100644 index 00000000..7a45c79f --- /dev/null +++ b/include/TargetGroup.h @@ -0,0 +1,207 @@ + +/*************************************************************************** + * TargetGroup.h -- The "TargetGroup" class holds a group of IP addresses, * + * such as those from a '/16' or '10.*.*.*' specification. It is a * + * stripped version of the equivalent class of Nmap. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: TargetGroup.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef TARGETGROUP_H +#define TARGETGROUP_H + +#include "ncrack.h" +#include "Target.h" +#include "global_structures.h" + +#include + +class TargetGroup { + public: + /* used by get_target_types */ + enum _targets_types { TYPE_NONE, IPV4_NETMASK, IPV4_RANGES, IPV6_ADDRESS }; + /* used as input to skip range */ + enum _octet_nums { FIRST_OCTET, SECOND_OCTET, THIRD_OCTET }; + TargetGroup(); + + /* Initializes (or reinitializes) the object with a new expression, + such as 192.168.0.0/16 , 10.1.0-5.1-254 , or + fe80::202:e3ff:fe14:1102 . The af parameter is AF_INET or + AF_INET6 Returns 0 for success */ + int parse_expr(const char * const target_expr, int af); + /* Reset the object without reinitializing it */ + int rewind(); + /* Grab the next host from this expression (if any). Returns 0 and + fills in ss if successful. ss must point to a pre-allocated + sockaddr_storage structure */ + int get_next_host(struct sockaddr_storage *ss, size_t *sslen); + /* Returns the last given host, so that it will be given again next + time get_next_host is called. Obviously, you should only call + this if you have fetched at least 1 host since parse_expr() was + called */ + int return_last_host(); + /* return the target type */ + char get_targets_type() {return targets_type;}; + /* get the netmask */ + int get_mask() {return netmask;}; + /* is the current expression a named host */ + int get_namedhost() {return namedhost;}; + /* Skip an octet in the range array */ + int skip_range(_octet_nums octet); + + vector services; + + private: + enum _targets_types targets_type; + void Initialize(); + +#if HAVE_IPV6 + struct sockaddr_in6 ip6; +#endif + + /* These 4 are used for the '/mask' style of specifying target + net (IPV4_NETMASK) */ + u32 netmask; + struct in_addr startaddr; + struct in_addr currentaddr; + struct in_addr endaddr; + + // These three are for the '138.[1-7,16,91-95,200-].12.1' style (IPV4_RANGES) + u8 addresses[4][256]; + unsigned int current[4]; + u8 last[4]; + +/* Number of IPs left in this structure -- set to 0 if + the fields are not valid */ + unsigned long long ipsleft; + + // is the current target expression a named host + int namedhost; +}; + + +#endif /* TARGETGROUP_H */ diff --git a/include/blackmarlinexec-services b/include/blackmarlinexec-services new file mode 100644 index 00000000..103ba9e2 --- /dev/null +++ b/include/blackmarlinexec-services @@ -0,0 +1,48 @@ +# Ncrack available services +# Use this file to add additional supported services in the format specified: +# / +# where protocol = either tcp or udp + +ftp 21/tcp +ssh 22/tcp +telnet 23/tcp +http 80/tcp +wordpress 80/tcp +wp 80/tcp +webform 80/tcp +web 80/tcp +joomla 80/tcp +dicom 104/tcp +pop3 110/tcp +imap 143/tcp +microsoft-ds 445/tcp +netbios-ssn 445/tcp +smb 445/tcp +smb2 445/tcp +smb 139/tcp +https 443/tcp +owa 443/tcp +wordpress-tls 443/tcp +wp-tls 443/tcp +webform 443/tcp +web-tls 443/tcp +sip 5060/tcp +pop3s 995/tcp +mssql 1433/tcp +mqtt 1883/tcp +mysql 3306/tcp +ms-wbt-server 3389/tcp +rdp 3389/tcp +psql 5432/tcp +vnc 5801/tcp +vnc 5900/tcp +vnc 5901/tcp +vnc 6001/tcp +redis 6379/tcp +winrm 5985/tcp +winrm 5986/tcp +couchbase 8091/tcp +cassandra 9160/tcp +cassandra 9042/tcp +mongodb 27017/tcp +cvs 2401/tcp diff --git a/include/authkill/.gitattributes b/include/crack/authkill/.gitattributes similarity index 100% rename from include/authkill/.gitattributes rename to include/crack/authkill/.gitattributes diff --git a/include/authkill/.gitignore b/include/crack/authkill/.gitignore similarity index 100% rename from include/authkill/.gitignore rename to include/crack/authkill/.gitignore diff --git a/include/authkill/authkill/authkill.sln b/include/crack/authkill/authkill/authkill.sln similarity index 100% rename from include/authkill/authkill/authkill.sln rename to include/crack/authkill/authkill/authkill.sln diff --git a/include/authkill/authkill/authkill/Program.cs b/include/crack/authkill/authkill/authkill/Program.cs similarity index 100% rename from include/authkill/authkill/authkill/Program.cs rename to include/crack/authkill/authkill/authkill/Program.cs diff --git a/include/authkill/authkill/authkill/Properties/AssemblyInfo.cs b/include/crack/authkill/authkill/authkill/Properties/AssemblyInfo.cs similarity index 100% rename from include/authkill/authkill/authkill/Properties/AssemblyInfo.cs rename to include/crack/authkill/authkill/authkill/Properties/AssemblyInfo.cs diff --git a/include/authkill/authkill/authkill/authkill.csproj b/include/crack/authkill/authkill/authkill/authkill.csproj similarity index 100% rename from include/authkill/authkill/authkill/authkill.csproj rename to include/crack/authkill/authkill/authkill/authkill.csproj diff --git a/include/cracker/.editorconfig b/include/crack/cracker/.editorconfig similarity index 100% rename from include/cracker/.editorconfig rename to include/crack/cracker/.editorconfig diff --git a/include/cracker/.gitattributes b/include/crack/cracker/.gitattributes similarity index 100% rename from include/cracker/.gitattributes rename to include/crack/cracker/.gitattributes diff --git a/include/cracker/.gitignore b/include/crack/cracker/.gitignore similarity index 100% rename from include/cracker/.gitignore rename to include/crack/cracker/.gitignore diff --git a/include/cracker/blackmarlinexec.sln b/include/crack/cracker/blackmarlinexec.sln similarity index 100% rename from include/cracker/blackmarlinexec.sln rename to include/crack/cracker/blackmarlinexec.sln diff --git a/include/cracker/sbexecution/AntiAnalysis/pch.h b/include/crack/cracker/sbexecution/AntiAnalysis/pch.h similarity index 100% rename from include/cracker/sbexecution/AntiAnalysis/pch.h rename to include/crack/cracker/sbexecution/AntiAnalysis/pch.h diff --git a/include/cracker/sbexecution/AntiAnalysis/process.cpp b/include/crack/cracker/sbexecution/AntiAnalysis/process.cpp similarity index 100% rename from include/cracker/sbexecution/AntiAnalysis/process.cpp rename to include/crack/cracker/sbexecution/AntiAnalysis/process.cpp diff --git a/include/cracker/sbexecution/AntiAnalysis/process.h b/include/crack/cracker/sbexecution/AntiAnalysis/process.h similarity index 100% rename from include/cracker/sbexecution/AntiAnalysis/process.h rename to include/crack/cracker/sbexecution/AntiAnalysis/process.h diff --git a/include/cracker/sbexecution/AntiDebug/BeingDebugged.cpp b/include/crack/cracker/sbexecution/AntiDebug/BeingDebugged.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/BeingDebugged.cpp rename to include/crack/cracker/sbexecution/AntiDebug/BeingDebugged.cpp diff --git a/include/cracker/sbexecution/AntiDebug/BeingDebugged.h b/include/crack/cracker/sbexecution/AntiDebug/BeingDebugged.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/BeingDebugged.h rename to include/crack/cracker/sbexecution/AntiDebug/BeingDebugged.h diff --git a/include/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.cpp b/include/crack/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.cpp rename to include/crack/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.cpp diff --git a/include/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.h b/include/crack/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.h rename to include/crack/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.h diff --git a/include/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.cpp b/include/crack/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.cpp rename to include/crack/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.cpp diff --git a/include/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.h b/include/crack/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.h rename to include/crack/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.h diff --git a/include/cracker/sbexecution/AntiDebug/HardwareBreakpoints.cpp b/include/crack/cracker/sbexecution/AntiDebug/HardwareBreakpoints.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/HardwareBreakpoints.cpp rename to include/crack/cracker/sbexecution/AntiDebug/HardwareBreakpoints.cpp diff --git a/include/cracker/sbexecution/AntiDebug/HardwareBreakpoints.h b/include/crack/cracker/sbexecution/AntiDebug/HardwareBreakpoints.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/HardwareBreakpoints.h rename to include/crack/cracker/sbexecution/AntiDebug/HardwareBreakpoints.h diff --git a/include/cracker/sbexecution/AntiDebug/Interrupt_0x2d.cpp b/include/crack/cracker/sbexecution/AntiDebug/Interrupt_0x2d.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/Interrupt_0x2d.cpp rename to include/crack/cracker/sbexecution/AntiDebug/Interrupt_0x2d.cpp diff --git a/include/cracker/sbexecution/AntiDebug/Interrupt_0x2d.h b/include/crack/cracker/sbexecution/AntiDebug/Interrupt_0x2d.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/Interrupt_0x2d.h rename to include/crack/cracker/sbexecution/AntiDebug/Interrupt_0x2d.h diff --git a/include/cracker/sbexecution/AntiDebug/Interrupt_3.cpp b/include/crack/cracker/sbexecution/AntiDebug/Interrupt_3.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/Interrupt_3.cpp rename to include/crack/cracker/sbexecution/AntiDebug/Interrupt_3.cpp diff --git a/include/cracker/sbexecution/AntiDebug/Interrupt_3.h b/include/crack/cracker/sbexecution/AntiDebug/Interrupt_3.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/Interrupt_3.h rename to include/crack/cracker/sbexecution/AntiDebug/Interrupt_3.h diff --git a/include/cracker/sbexecution/AntiDebug/IsDebuggerPresent.cpp b/include/crack/cracker/sbexecution/AntiDebug/IsDebuggerPresent.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/IsDebuggerPresent.cpp rename to include/crack/cracker/sbexecution/AntiDebug/IsDebuggerPresent.cpp diff --git a/include/cracker/sbexecution/AntiDebug/IsDebuggerPresent.h b/include/crack/cracker/sbexecution/AntiDebug/IsDebuggerPresent.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/IsDebuggerPresent.h rename to include/crack/cracker/sbexecution/AntiDebug/IsDebuggerPresent.h diff --git a/include/cracker/sbexecution/AntiDebug/LowFragmentationHeap.cpp b/include/crack/cracker/sbexecution/AntiDebug/LowFragmentationHeap.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/LowFragmentationHeap.cpp rename to include/crack/cracker/sbexecution/AntiDebug/LowFragmentationHeap.cpp diff --git a/include/cracker/sbexecution/AntiDebug/LowFragmentationHeap.h b/include/crack/cracker/sbexecution/AntiDebug/LowFragmentationHeap.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/LowFragmentationHeap.h rename to include/crack/cracker/sbexecution/AntiDebug/LowFragmentationHeap.h diff --git a/include/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.cpp b/include/crack/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.cpp rename to include/crack/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.cpp diff --git a/include/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.h b/include/crack/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.h rename to include/crack/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.h diff --git a/include/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.cpp b/include/crack/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.cpp rename to include/crack/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.cpp diff --git a/include/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.h b/include/crack/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.h rename to include/crack/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.h diff --git a/include/cracker/sbexecution/AntiDebug/NtGlobalFlag.cpp b/include/crack/cracker/sbexecution/AntiDebug/NtGlobalFlag.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtGlobalFlag.cpp rename to include/crack/cracker/sbexecution/AntiDebug/NtGlobalFlag.cpp diff --git a/include/cracker/sbexecution/AntiDebug/NtGlobalFlag.h b/include/crack/cracker/sbexecution/AntiDebug/NtGlobalFlag.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtGlobalFlag.h rename to include/crack/cracker/sbexecution/AntiDebug/NtGlobalFlag.h diff --git a/include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.cpp b/include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.cpp rename to include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.cpp diff --git a/include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.h b/include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.h rename to include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.h diff --git a/include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.cpp b/include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.cpp rename to include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.cpp diff --git a/include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.h b/include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.h rename to include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.h diff --git a/include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.cpp b/include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.cpp rename to include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.cpp diff --git a/include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.h b/include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.h rename to include/crack/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.h diff --git a/include/cracker/sbexecution/AntiDebug/NtQueryObject_AllTypesInformation.cpp b/include/crack/cracker/sbexecution/AntiDebug/NtQueryObject_AllTypesInformation.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtQueryObject_AllTypesInformation.cpp rename to include/crack/cracker/sbexecution/AntiDebug/NtQueryObject_AllTypesInformation.cpp diff --git a/include/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectInformation.h b/include/crack/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectInformation.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectInformation.h rename to include/crack/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectInformation.h diff --git a/include/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectTypeInformation.cpp b/include/crack/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectTypeInformation.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectTypeInformation.cpp rename to include/crack/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectTypeInformation.cpp diff --git a/include/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.cpp b/include/crack/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.cpp rename to include/crack/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.cpp diff --git a/include/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.h b/include/crack/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.h rename to include/crack/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.h diff --git a/include/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.cpp b/include/crack/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.cpp rename to include/crack/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.cpp diff --git a/include/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.h b/include/crack/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.h rename to include/crack/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.h diff --git a/include/cracker/sbexecution/AntiDebug/NtSystemDebugControl.cpp b/include/crack/cracker/sbexecution/AntiDebug/NtSystemDebugControl.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtSystemDebugControl.cpp rename to include/crack/cracker/sbexecution/AntiDebug/NtSystemDebugControl.cpp diff --git a/include/cracker/sbexecution/AntiDebug/NtSystemDebugControl.h b/include/crack/cracker/sbexecution/AntiDebug/NtSystemDebugControl.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtSystemDebugControl.h rename to include/crack/cracker/sbexecution/AntiDebug/NtSystemDebugControl.h diff --git a/include/cracker/sbexecution/AntiDebug/NtYieldExecution.cpp b/include/crack/cracker/sbexecution/AntiDebug/NtYieldExecution.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtYieldExecution.cpp rename to include/crack/cracker/sbexecution/AntiDebug/NtYieldExecution.cpp diff --git a/include/cracker/sbexecution/AntiDebug/NtYieldExecution.h b/include/crack/cracker/sbexecution/AntiDebug/NtYieldExecution.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/NtYieldExecution.h rename to include/crack/cracker/sbexecution/AntiDebug/NtYieldExecution.h diff --git a/include/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.cpp b/include/crack/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.cpp rename to include/crack/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.cpp diff --git a/include/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.h b/include/crack/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.h rename to include/crack/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.h diff --git a/include/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.cpp b/include/crack/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.cpp rename to include/crack/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.cpp diff --git a/include/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.h b/include/crack/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.h rename to include/crack/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.h diff --git a/include/cracker/sbexecution/AntiDebug/ParentProcess.cpp b/include/crack/cracker/sbexecution/AntiDebug/ParentProcess.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ParentProcess.cpp rename to include/crack/cracker/sbexecution/AntiDebug/ParentProcess.cpp diff --git a/include/cracker/sbexecution/AntiDebug/ParentProcess.h b/include/crack/cracker/sbexecution/AntiDebug/ParentProcess.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ParentProcess.h rename to include/crack/cracker/sbexecution/AntiDebug/ParentProcess.h diff --git a/include/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.cpp b/include/crack/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.cpp rename to include/crack/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.cpp diff --git a/include/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.h b/include/crack/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.h rename to include/crack/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.h diff --git a/include/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.cpp b/include/crack/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.cpp rename to include/crack/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.cpp diff --git a/include/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.h b/include/crack/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.h rename to include/crack/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.h diff --git a/include/cracker/sbexecution/AntiDebug/ProcessJob.cpp b/include/crack/cracker/sbexecution/AntiDebug/ProcessJob.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ProcessJob.cpp rename to include/crack/cracker/sbexecution/AntiDebug/ProcessJob.cpp diff --git a/include/cracker/sbexecution/AntiDebug/ProcessJob.h b/include/crack/cracker/sbexecution/AntiDebug/ProcessJob.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ProcessJob.h rename to include/crack/cracker/sbexecution/AntiDebug/ProcessJob.h diff --git a/include/cracker/sbexecution/AntiDebug/ScanForModules.cpp b/include/crack/cracker/sbexecution/AntiDebug/ScanForModules.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ScanForModules.cpp rename to include/crack/cracker/sbexecution/AntiDebug/ScanForModules.cpp diff --git a/include/cracker/sbexecution/AntiDebug/ScanForModules.h b/include/crack/cracker/sbexecution/AntiDebug/ScanForModules.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/ScanForModules.h rename to include/crack/cracker/sbexecution/AntiDebug/ScanForModules.h diff --git a/include/cracker/sbexecution/AntiDebug/SeDebugPrivilege.cpp b/include/crack/cracker/sbexecution/AntiDebug/SeDebugPrivilege.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/SeDebugPrivilege.cpp rename to include/crack/cracker/sbexecution/AntiDebug/SeDebugPrivilege.cpp diff --git a/include/cracker/sbexecution/AntiDebug/SeDebugPrivilege.h b/include/crack/cracker/sbexecution/AntiDebug/SeDebugPrivilege.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/SeDebugPrivilege.h rename to include/crack/cracker/sbexecution/AntiDebug/SeDebugPrivilege.h diff --git a/include/cracker/sbexecution/AntiDebug/SetHandleInformation_API.cpp b/include/crack/cracker/sbexecution/AntiDebug/SetHandleInformation_API.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/SetHandleInformation_API.cpp rename to include/crack/cracker/sbexecution/AntiDebug/SetHandleInformation_API.cpp diff --git a/include/cracker/sbexecution/AntiDebug/SetHandleInformation_API.h b/include/crack/cracker/sbexecution/AntiDebug/SetHandleInformation_API.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/SetHandleInformation_API.h rename to include/crack/cracker/sbexecution/AntiDebug/SetHandleInformation_API.h diff --git a/include/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.cpp b/include/crack/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.cpp rename to include/crack/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.cpp diff --git a/include/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.h b/include/crack/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.h rename to include/crack/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.h diff --git a/include/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.cpp b/include/crack/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.cpp rename to include/crack/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.cpp diff --git a/include/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.h b/include/crack/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.h rename to include/crack/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.h diff --git a/include/cracker/sbexecution/AntiDebug/TLS_callbacks.cpp b/include/crack/cracker/sbexecution/AntiDebug/TLS_callbacks.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/TLS_callbacks.cpp rename to include/crack/cracker/sbexecution/AntiDebug/TLS_callbacks.cpp diff --git a/include/cracker/sbexecution/AntiDebug/TLS_callbacks.h b/include/crack/cracker/sbexecution/AntiDebug/TLS_callbacks.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/TLS_callbacks.h rename to include/crack/cracker/sbexecution/AntiDebug/TLS_callbacks.h diff --git a/include/cracker/sbexecution/AntiDebug/TrapFlag.cpp b/include/crack/cracker/sbexecution/AntiDebug/TrapFlag.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/TrapFlag.cpp rename to include/crack/cracker/sbexecution/AntiDebug/TrapFlag.cpp diff --git a/include/cracker/sbexecution/AntiDebug/TrapFlag.h b/include/crack/cracker/sbexecution/AntiDebug/TrapFlag.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/TrapFlag.h rename to include/crack/cracker/sbexecution/AntiDebug/TrapFlag.h diff --git a/include/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.cpp b/include/crack/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.cpp rename to include/crack/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.cpp diff --git a/include/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.h b/include/crack/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.h rename to include/crack/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.h diff --git a/include/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.cpp b/include/crack/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.cpp rename to include/crack/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.cpp diff --git a/include/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.h b/include/crack/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.h rename to include/crack/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.h diff --git a/include/cracker/sbexecution/AntiDebug/WriteWatch.cpp b/include/crack/cracker/sbexecution/AntiDebug/WriteWatch.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDebug/WriteWatch.cpp rename to include/crack/cracker/sbexecution/AntiDebug/WriteWatch.cpp diff --git a/include/cracker/sbexecution/AntiDebug/WriteWatch.h b/include/crack/cracker/sbexecution/AntiDebug/WriteWatch.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/WriteWatch.h rename to include/crack/cracker/sbexecution/AntiDebug/WriteWatch.h diff --git a/include/cracker/sbexecution/AntiDebug/int2d_x64.asm b/include/crack/cracker/sbexecution/AntiDebug/int2d_x64.asm similarity index 100% rename from include/cracker/sbexecution/AntiDebug/int2d_x64.asm rename to include/crack/cracker/sbexecution/AntiDebug/int2d_x64.asm diff --git a/include/cracker/sbexecution/AntiDebug/int2d_x86.asm b/include/crack/cracker/sbexecution/AntiDebug/int2d_x86.asm similarity index 100% rename from include/cracker/sbexecution/AntiDebug/int2d_x86.asm rename to include/crack/cracker/sbexecution/AntiDebug/int2d_x86.asm diff --git a/include/cracker/sbexecution/AntiDebug/pch.h b/include/crack/cracker/sbexecution/AntiDebug/pch.h similarity index 100% rename from include/cracker/sbexecution/AntiDebug/pch.h rename to include/crack/cracker/sbexecution/AntiDebug/pch.h diff --git a/include/cracker/sbexecution/AntiDisassm/AntiDisassm.cpp b/include/crack/cracker/sbexecution/AntiDisassm/AntiDisassm.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDisassm/AntiDisassm.cpp rename to include/crack/cracker/sbexecution/AntiDisassm/AntiDisassm.cpp diff --git a/include/cracker/sbexecution/AntiDisassm/AntiDisassm.h b/include/crack/cracker/sbexecution/AntiDisassm/AntiDisassm.h similarity index 100% rename from include/cracker/sbexecution/AntiDisassm/AntiDisassm.h rename to include/crack/cracker/sbexecution/AntiDisassm/AntiDisassm.h diff --git a/include/cracker/sbexecution/AntiDisassm/AntiDisassm_x64.asm b/include/crack/cracker/sbexecution/AntiDisassm/AntiDisassm_x64.asm similarity index 100% rename from include/cracker/sbexecution/AntiDisassm/AntiDisassm_x64.asm rename to include/crack/cracker/sbexecution/AntiDisassm/AntiDisassm_x64.asm diff --git a/include/cracker/sbexecution/AntiDisassm/AntiDisassm_x86.asm b/include/crack/cracker/sbexecution/AntiDisassm/AntiDisassm_x86.asm similarity index 100% rename from include/cracker/sbexecution/AntiDisassm/AntiDisassm_x86.asm rename to include/crack/cracker/sbexecution/AntiDisassm/AntiDisassm_x86.asm diff --git a/include/cracker/sbexecution/AntiDisassm/pch.h b/include/crack/cracker/sbexecution/AntiDisassm/pch.h similarity index 100% rename from include/cracker/sbexecution/AntiDisassm/pch.h rename to include/crack/cracker/sbexecution/AntiDisassm/pch.h diff --git a/include/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.cpp b/include/crack/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.cpp rename to include/crack/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.cpp diff --git a/include/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.h b/include/crack/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.h similarity index 100% rename from include/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.h rename to include/crack/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.h diff --git a/include/cracker/sbexecution/AntiDump/SizeOfImage.cpp b/include/crack/cracker/sbexecution/AntiDump/SizeOfImage.cpp similarity index 100% rename from include/cracker/sbexecution/AntiDump/SizeOfImage.cpp rename to include/crack/cracker/sbexecution/AntiDump/SizeOfImage.cpp diff --git a/include/cracker/sbexecution/AntiDump/SizeOfImage.h b/include/crack/cracker/sbexecution/AntiDump/SizeOfImage.h similarity index 100% rename from include/cracker/sbexecution/AntiDump/SizeOfImage.h rename to include/crack/cracker/sbexecution/AntiDump/SizeOfImage.h diff --git a/include/cracker/sbexecution/AntiDump/pch.h b/include/crack/cracker/sbexecution/AntiDump/pch.h similarity index 100% rename from include/cracker/sbexecution/AntiDump/pch.h rename to include/crack/cracker/sbexecution/AntiDump/pch.h diff --git a/include/cracker/sbexecution/AntiVM/Generic.cpp b/include/crack/cracker/sbexecution/AntiVM/Generic.cpp similarity index 100% rename from include/cracker/sbexecution/AntiVM/Generic.cpp rename to include/crack/cracker/sbexecution/AntiVM/Generic.cpp diff --git a/include/cracker/sbexecution/AntiVM/Generic.h b/include/crack/cracker/sbexecution/AntiVM/Generic.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/Generic.h rename to include/crack/cracker/sbexecution/AntiVM/Generic.h diff --git a/include/cracker/sbexecution/AntiVM/HyperV.cpp b/include/crack/cracker/sbexecution/AntiVM/HyperV.cpp similarity index 100% rename from include/cracker/sbexecution/AntiVM/HyperV.cpp rename to include/crack/cracker/sbexecution/AntiVM/HyperV.cpp diff --git a/include/cracker/sbexecution/AntiVM/HyperV.h b/include/crack/cracker/sbexecution/AntiVM/HyperV.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/HyperV.h rename to include/crack/cracker/sbexecution/AntiVM/HyperV.h diff --git a/include/cracker/sbexecution/AntiVM/KVM.cpp b/include/crack/cracker/sbexecution/AntiVM/KVM.cpp similarity index 100% rename from include/cracker/sbexecution/AntiVM/KVM.cpp rename to include/crack/cracker/sbexecution/AntiVM/KVM.cpp diff --git a/include/cracker/sbexecution/AntiVM/KVM.h b/include/crack/cracker/sbexecution/AntiVM/KVM.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/KVM.h rename to include/crack/cracker/sbexecution/AntiVM/KVM.h diff --git a/include/cracker/sbexecution/AntiVM/Parallels.cpp b/include/crack/cracker/sbexecution/AntiVM/Parallels.cpp similarity index 100% rename from include/cracker/sbexecution/AntiVM/Parallels.cpp rename to include/crack/cracker/sbexecution/AntiVM/Parallels.cpp diff --git a/include/cracker/sbexecution/AntiVM/Parallels.h b/include/crack/cracker/sbexecution/AntiVM/Parallels.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/Parallels.h rename to include/crack/cracker/sbexecution/AntiVM/Parallels.h diff --git a/include/cracker/sbexecution/AntiVM/Qemu.cpp b/include/crack/cracker/sbexecution/AntiVM/Qemu.cpp similarity index 100% rename from include/cracker/sbexecution/AntiVM/Qemu.cpp rename to include/crack/cracker/sbexecution/AntiVM/Qemu.cpp diff --git a/include/cracker/sbexecution/AntiVM/Qemu.h b/include/crack/cracker/sbexecution/AntiVM/Qemu.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/Qemu.h rename to include/crack/cracker/sbexecution/AntiVM/Qemu.h diff --git a/include/cracker/sbexecution/AntiVM/Services.cpp b/include/crack/cracker/sbexecution/AntiVM/Services.cpp similarity index 100% rename from include/cracker/sbexecution/AntiVM/Services.cpp rename to include/crack/cracker/sbexecution/AntiVM/Services.cpp diff --git a/include/cracker/sbexecution/AntiVM/Services.h b/include/crack/cracker/sbexecution/AntiVM/Services.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/Services.h rename to include/crack/cracker/sbexecution/AntiVM/Services.h diff --git a/include/cracker/sbexecution/AntiVM/VMWare.cpp b/include/crack/cracker/sbexecution/AntiVM/VMWare.cpp similarity index 100% rename from include/cracker/sbexecution/AntiVM/VMWare.cpp rename to include/crack/cracker/sbexecution/AntiVM/VMWare.cpp diff --git a/include/cracker/sbexecution/AntiVM/VMWare.h b/include/crack/cracker/sbexecution/AntiVM/VMWare.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/VMWare.h rename to include/crack/cracker/sbexecution/AntiVM/VMWare.h diff --git a/include/cracker/sbexecution/AntiVM/VirtualBox.cpp b/include/crack/cracker/sbexecution/AntiVM/VirtualBox.cpp similarity index 100% rename from include/cracker/sbexecution/AntiVM/VirtualBox.cpp rename to include/crack/cracker/sbexecution/AntiVM/VirtualBox.cpp diff --git a/include/cracker/sbexecution/AntiVM/VirtualBox.h b/include/crack/cracker/sbexecution/AntiVM/VirtualBox.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/VirtualBox.h rename to include/crack/cracker/sbexecution/AntiVM/VirtualBox.h diff --git a/include/cracker/sbexecution/AntiVM/VirtualPC.cpp b/include/crack/cracker/sbexecution/AntiVM/VirtualPC.cpp similarity index 100% rename from include/cracker/sbexecution/AntiVM/VirtualPC.cpp rename to include/crack/cracker/sbexecution/AntiVM/VirtualPC.cpp diff --git a/include/cracker/sbexecution/AntiVM/VirtualPC.h b/include/crack/cracker/sbexecution/AntiVM/VirtualPC.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/VirtualPC.h rename to include/crack/cracker/sbexecution/AntiVM/VirtualPC.h diff --git a/include/cracker/sbexecution/AntiVM/Wine.cpp b/include/crack/cracker/sbexecution/AntiVM/Wine.cpp similarity index 100% rename from include/cracker/sbexecution/AntiVM/Wine.cpp rename to include/crack/cracker/sbexecution/AntiVM/Wine.cpp diff --git a/include/cracker/sbexecution/AntiVM/Wine.h b/include/crack/cracker/sbexecution/AntiVM/Wine.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/Wine.h rename to include/crack/cracker/sbexecution/AntiVM/Wine.h diff --git a/include/cracker/sbexecution/AntiVM/Xen.cpp b/include/crack/cracker/sbexecution/AntiVM/Xen.cpp similarity index 100% rename from include/cracker/sbexecution/AntiVM/Xen.cpp rename to include/crack/cracker/sbexecution/AntiVM/Xen.cpp diff --git a/include/cracker/sbexecution/AntiVM/Xen.h b/include/crack/cracker/sbexecution/AntiVM/Xen.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/Xen.h rename to include/crack/cracker/sbexecution/AntiVM/Xen.h diff --git a/include/cracker/sbexecution/AntiVM/pch.h b/include/crack/cracker/sbexecution/AntiVM/pch.h similarity index 100% rename from include/cracker/sbexecution/AntiVM/pch.h rename to include/crack/cracker/sbexecution/AntiVM/pch.h diff --git a/include/cracker/sbexecution/CodeInjection/CreateRemoteThread.cpp b/include/crack/cracker/sbexecution/CodeInjection/CreateRemoteThread.cpp similarity index 100% rename from include/cracker/sbexecution/CodeInjection/CreateRemoteThread.cpp rename to include/crack/cracker/sbexecution/CodeInjection/CreateRemoteThread.cpp diff --git a/include/cracker/sbexecution/CodeInjection/CreateRemoteThread.h b/include/crack/cracker/sbexecution/CodeInjection/CreateRemoteThread.h similarity index 100% rename from include/cracker/sbexecution/CodeInjection/CreateRemoteThread.h rename to include/crack/cracker/sbexecution/CodeInjection/CreateRemoteThread.h diff --git a/include/cracker/sbexecution/CodeInjection/GetSetThreadContext.cpp b/include/crack/cracker/sbexecution/CodeInjection/GetSetThreadContext.cpp similarity index 100% rename from include/cracker/sbexecution/CodeInjection/GetSetThreadContext.cpp rename to include/crack/cracker/sbexecution/CodeInjection/GetSetThreadContext.cpp diff --git a/include/cracker/sbexecution/CodeInjection/GetSetThreadContext.h b/include/crack/cracker/sbexecution/CodeInjection/GetSetThreadContext.h similarity index 100% rename from include/cracker/sbexecution/CodeInjection/GetSetThreadContext.h rename to include/crack/cracker/sbexecution/CodeInjection/GetSetThreadContext.h diff --git a/include/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.cpp b/include/crack/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.cpp similarity index 100% rename from include/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.cpp rename to include/crack/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.cpp diff --git a/include/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.h b/include/crack/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.h similarity index 100% rename from include/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.h rename to include/crack/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.h diff --git a/include/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj b/include/crack/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj similarity index 100% rename from include/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj rename to include/crack/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj diff --git a/include/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj.filters b/include/crack/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj.filters similarity index 100% rename from include/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj.filters rename to include/crack/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj.filters diff --git a/include/cracker/sbexecution/CodeInjection/InjectedDLL/definitions.def b/include/crack/cracker/sbexecution/CodeInjection/InjectedDLL/definitions.def similarity index 100% rename from include/cracker/sbexecution/CodeInjection/InjectedDLL/definitions.def rename to include/crack/cracker/sbexecution/CodeInjection/InjectedDLL/definitions.def diff --git a/include/cracker/sbexecution/CodeInjection/NtCreateThreadEx.cpp b/include/crack/cracker/sbexecution/CodeInjection/NtCreateThreadEx.cpp similarity index 100% rename from include/cracker/sbexecution/CodeInjection/NtCreateThreadEx.cpp rename to include/crack/cracker/sbexecution/CodeInjection/NtCreateThreadEx.cpp diff --git a/include/cracker/sbexecution/CodeInjection/NtCreateThreadEx.h b/include/crack/cracker/sbexecution/CodeInjection/NtCreateThreadEx.h similarity index 100% rename from include/cracker/sbexecution/CodeInjection/NtCreateThreadEx.h rename to include/crack/cracker/sbexecution/CodeInjection/NtCreateThreadEx.h diff --git a/include/cracker/sbexecution/CodeInjection/QueueUserAPC.cpp b/include/crack/cracker/sbexecution/CodeInjection/QueueUserAPC.cpp similarity index 100% rename from include/cracker/sbexecution/CodeInjection/QueueUserAPC.cpp rename to include/crack/cracker/sbexecution/CodeInjection/QueueUserAPC.cpp diff --git a/include/cracker/sbexecution/CodeInjection/QueueUserAPC.h b/include/crack/cracker/sbexecution/CodeInjection/QueueUserAPC.h similarity index 100% rename from include/cracker/sbexecution/CodeInjection/QueueUserAPC.h rename to include/crack/cracker/sbexecution/CodeInjection/QueueUserAPC.h diff --git a/include/cracker/sbexecution/CodeInjection/RtlCreateUserThread.cpp b/include/crack/cracker/sbexecution/CodeInjection/RtlCreateUserThread.cpp similarity index 100% rename from include/cracker/sbexecution/CodeInjection/RtlCreateUserThread.cpp rename to include/crack/cracker/sbexecution/CodeInjection/RtlCreateUserThread.cpp diff --git a/include/cracker/sbexecution/CodeInjection/RtlCreateUserThread.h b/include/crack/cracker/sbexecution/CodeInjection/RtlCreateUserThread.h similarity index 100% rename from include/cracker/sbexecution/CodeInjection/RtlCreateUserThread.h rename to include/crack/cracker/sbexecution/CodeInjection/RtlCreateUserThread.h diff --git a/include/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.cpp b/include/crack/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.cpp similarity index 100% rename from include/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.cpp rename to include/crack/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.cpp diff --git a/include/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.h b/include/crack/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.h similarity index 100% rename from include/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.h rename to include/crack/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.h diff --git a/include/cracker/sbexecution/CodeInjection/pch.h b/include/crack/cracker/sbexecution/CodeInjection/pch.h similarity index 100% rename from include/cracker/sbexecution/CodeInjection/pch.h rename to include/crack/cracker/sbexecution/CodeInjection/pch.h diff --git a/include/cracker/sbexecution/OfficeMacro/al-khaser.docm b/include/crack/cracker/sbexecution/OfficeMacro/al-khaser.docm similarity index 100% rename from include/cracker/sbexecution/OfficeMacro/al-khaser.docm rename to include/crack/cracker/sbexecution/OfficeMacro/al-khaser.docm diff --git a/include/cracker/sbexecution/OfficeMacro/macros.vba b/include/crack/cracker/sbexecution/OfficeMacro/macros.vba similarity index 100% rename from include/cracker/sbexecution/OfficeMacro/macros.vba rename to include/crack/cracker/sbexecution/OfficeMacro/macros.vba diff --git a/include/cracker/sbexecution/Shared/APIs.cpp b/include/crack/cracker/sbexecution/Shared/APIs.cpp similarity index 100% rename from include/cracker/sbexecution/Shared/APIs.cpp rename to include/crack/cracker/sbexecution/Shared/APIs.cpp diff --git a/include/cracker/sbexecution/Shared/APIs.h b/include/crack/cracker/sbexecution/Shared/APIs.h similarity index 100% rename from include/cracker/sbexecution/Shared/APIs.h rename to include/crack/cracker/sbexecution/Shared/APIs.h diff --git a/include/cracker/sbexecution/Shared/ApiTypeDefs.cpp b/include/crack/cracker/sbexecution/Shared/ApiTypeDefs.cpp similarity index 100% rename from include/cracker/sbexecution/Shared/ApiTypeDefs.cpp rename to include/crack/cracker/sbexecution/Shared/ApiTypeDefs.cpp diff --git a/include/cracker/sbexecution/Shared/ApiTypeDefs.h b/include/crack/cracker/sbexecution/Shared/ApiTypeDefs.h similarity index 100% rename from include/cracker/sbexecution/Shared/ApiTypeDefs.h rename to include/crack/cracker/sbexecution/Shared/ApiTypeDefs.h diff --git a/include/cracker/sbexecution/Shared/Common.cpp b/include/crack/cracker/sbexecution/Shared/Common.cpp similarity index 100% rename from include/cracker/sbexecution/Shared/Common.cpp rename to include/crack/cracker/sbexecution/Shared/Common.cpp diff --git a/include/cracker/sbexecution/Shared/Common.h b/include/crack/cracker/sbexecution/Shared/Common.h similarity index 100% rename from include/cracker/sbexecution/Shared/Common.h rename to include/crack/cracker/sbexecution/Shared/Common.h diff --git a/include/cracker/sbexecution/Shared/Utils.cpp b/include/crack/cracker/sbexecution/Shared/Utils.cpp similarity index 100% rename from include/cracker/sbexecution/Shared/Utils.cpp rename to include/crack/cracker/sbexecution/Shared/Utils.cpp diff --git a/include/cracker/sbexecution/Shared/Utils.h b/include/crack/cracker/sbexecution/Shared/Utils.h similarity index 100% rename from include/cracker/sbexecution/Shared/Utils.h rename to include/crack/cracker/sbexecution/Shared/Utils.h diff --git a/include/cracker/sbexecution/Shared/VersionHelpers.h b/include/crack/cracker/sbexecution/Shared/VersionHelpers.h similarity index 100% rename from include/cracker/sbexecution/Shared/VersionHelpers.h rename to include/crack/cracker/sbexecution/Shared/VersionHelpers.h diff --git a/include/cracker/sbexecution/Shared/WinStructs.h b/include/crack/cracker/sbexecution/Shared/WinStructs.h similarity index 100% rename from include/cracker/sbexecution/Shared/WinStructs.h rename to include/crack/cracker/sbexecution/Shared/WinStructs.h diff --git a/include/cracker/sbexecution/Shared/log.cpp b/include/crack/cracker/sbexecution/Shared/log.cpp similarity index 100% rename from include/cracker/sbexecution/Shared/log.cpp rename to include/crack/cracker/sbexecution/Shared/log.cpp diff --git a/include/cracker/sbexecution/Shared/log.h b/include/crack/cracker/sbexecution/Shared/log.h similarity index 100% rename from include/cracker/sbexecution/Shared/log.h rename to include/crack/cracker/sbexecution/Shared/log.h diff --git a/include/cracker/sbexecution/Shared/pch.h b/include/crack/cracker/sbexecution/Shared/pch.h similarity index 100% rename from include/cracker/sbexecution/Shared/pch.h rename to include/crack/cracker/sbexecution/Shared/pch.h diff --git a/include/cracker/sbexecution/Shared/winapifamily.h b/include/crack/cracker/sbexecution/Shared/winapifamily.h similarity index 100% rename from include/cracker/sbexecution/Shared/winapifamily.h rename to include/crack/cracker/sbexecution/Shared/winapifamily.h diff --git a/include/cracker/sbexecution/TimingAttacks/pch.h b/include/crack/cracker/sbexecution/TimingAttacks/pch.h similarity index 100% rename from include/cracker/sbexecution/TimingAttacks/pch.h rename to include/crack/cracker/sbexecution/TimingAttacks/pch.h diff --git a/include/cracker/sbexecution/TimingAttacks/timing.cpp b/include/crack/cracker/sbexecution/TimingAttacks/timing.cpp similarity index 100% rename from include/cracker/sbexecution/TimingAttacks/timing.cpp rename to include/crack/cracker/sbexecution/TimingAttacks/timing.cpp diff --git a/include/cracker/sbexecution/TimingAttacks/timing.h b/include/crack/cracker/sbexecution/TimingAttacks/timing.h similarity index 100% rename from include/cracker/sbexecution/TimingAttacks/timing.h rename to include/crack/cracker/sbexecution/TimingAttacks/timing.h diff --git a/include/cracker/sbexecution/blackmarlinexec.cpp b/include/crack/cracker/sbexecution/blackmarlinexec.cpp similarity index 100% rename from include/cracker/sbexecution/blackmarlinexec.cpp rename to include/crack/cracker/sbexecution/blackmarlinexec.cpp diff --git a/include/cracker/sbexecution/blackmarlinexec.filters b/include/crack/cracker/sbexecution/blackmarlinexec.filters similarity index 100% rename from include/cracker/sbexecution/blackmarlinexec.filters rename to include/crack/cracker/sbexecution/blackmarlinexec.filters diff --git a/include/cracker/sbexecution/blackmarlinexec.vcxproj b/include/crack/cracker/sbexecution/blackmarlinexec.vcxproj similarity index 100% rename from include/cracker/sbexecution/blackmarlinexec.vcxproj rename to include/crack/cracker/sbexecution/blackmarlinexec.vcxproj diff --git a/include/cracker/sbexecution/packages.config b/include/crack/cracker/sbexecution/packages.config similarity index 100% rename from include/cracker/sbexecution/packages.config rename to include/crack/cracker/sbexecution/packages.config diff --git a/include/cracker/sbexecution/pch.cpp b/include/crack/cracker/sbexecution/pch.cpp similarity index 100% rename from include/cracker/sbexecution/pch.cpp rename to include/crack/cracker/sbexecution/pch.cpp diff --git a/include/cracker/sbexecution/pch.h b/include/crack/cracker/sbexecution/pch.h similarity index 100% rename from include/cracker/sbexecution/pch.h rename to include/crack/cracker/sbexecution/pch.h diff --git a/include/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.cpp b/include/crack/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.cpp similarity index 100% rename from include/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.cpp rename to include/crack/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.cpp diff --git a/include/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj b/include/crack/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj similarity index 100% rename from include/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj rename to include/crack/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj diff --git a/include/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj.filters b/include/crack/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj.filters similarity index 100% rename from include/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj.filters rename to include/crack/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj.filters diff --git a/include/cracker/tools/ATAIdentifyDump/IdentifyDeviceData.h b/include/crack/cracker/tools/ATAIdentifyDump/IdentifyDeviceData.h similarity index 100% rename from include/cracker/tools/ATAIdentifyDump/IdentifyDeviceData.h rename to include/crack/cracker/tools/ATAIdentifyDump/IdentifyDeviceData.h diff --git a/include/cracker/tools/ATAIdentifyDump/pch.cpp b/include/crack/cracker/tools/ATAIdentifyDump/pch.cpp similarity index 100% rename from include/cracker/tools/ATAIdentifyDump/pch.cpp rename to include/crack/cracker/tools/ATAIdentifyDump/pch.cpp diff --git a/include/cracker/tools/ATAIdentifyDump/pch.h b/include/crack/cracker/tools/ATAIdentifyDump/pch.h similarity index 100% rename from include/cracker/tools/ATAIdentifyDump/pch.h rename to include/crack/cracker/tools/ATAIdentifyDump/pch.h diff --git a/include/cracker/tools/StructDumpCodegen/struct_dump_codegen.linq b/include/crack/cracker/tools/StructDumpCodegen/struct_dump_codegen.linq similarity index 100% rename from include/cracker/tools/StructDumpCodegen/struct_dump_codegen.linq rename to include/crack/cracker/tools/StructDumpCodegen/struct_dump_codegen.linq diff --git a/include/dextory/.gitignore b/include/crack/dextory/.gitignore similarity index 100% rename from include/dextory/.gitignore rename to include/crack/dextory/.gitignore diff --git a/include/dextory/asset/SiPolicy.xml b/include/crack/dextory/asset/SiPolicy.xml similarity index 100% rename from include/dextory/asset/SiPolicy.xml rename to include/crack/dextory/asset/SiPolicy.xml diff --git a/include/dextory/asset/build-your-own-pki.md b/include/crack/dextory/asset/build-your-own-pki.md similarity index 100% rename from include/dextory/asset/build-your-own-pki.md rename to include/crack/dextory/asset/build-your-own-pki.md diff --git a/include/dextory/asset/build-your-own-pki.zh-CN.md b/include/crack/dextory/asset/build-your-own-pki.zh-CN.md similarity index 100% rename from include/dextory/asset/build-your-own-pki.zh-CN.md rename to include/crack/dextory/asset/build-your-own-pki.zh-CN.md diff --git a/include/dextory/asset/pki-architecture.png b/include/crack/dextory/asset/pki-architecture.png similarity index 100% rename from include/dextory/asset/pki-architecture.png rename to include/crack/dextory/asset/pki-architecture.png diff --git a/include/dextory/custom/OwnedResource.hpp b/include/crack/dextory/custom/OwnedResource.hpp similarity index 100% rename from include/dextory/custom/OwnedResource.hpp rename to include/crack/dextory/custom/OwnedResource.hpp diff --git a/include/dextory/custom/ProductPolicy.cpp b/include/crack/dextory/custom/ProductPolicy.cpp similarity index 100% rename from include/dextory/custom/ProductPolicy.cpp rename to include/crack/dextory/custom/ProductPolicy.cpp diff --git a/include/dextory/custom/ProductPolicy.hpp b/include/crack/dextory/custom/ProductPolicy.hpp similarity index 100% rename from include/dextory/custom/ProductPolicy.hpp rename to include/crack/dextory/custom/ProductPolicy.hpp diff --git a/include/dextory/custom/ProductPolicyParser.cpp b/include/crack/dextory/custom/ProductPolicyParser.cpp similarity index 100% rename from include/dextory/custom/ProductPolicyParser.cpp rename to include/crack/dextory/custom/ProductPolicyParser.cpp diff --git a/include/dextory/custom/ProductPolicyParser.hpp b/include/crack/dextory/custom/ProductPolicyParser.hpp similarity index 100% rename from include/dextory/custom/ProductPolicyParser.hpp rename to include/crack/dextory/custom/ProductPolicyParser.hpp diff --git a/include/dextory/custom/dextory.filters b/include/crack/dextory/custom/dextory.filters similarity index 100% rename from include/dextory/custom/dextory.filters rename to include/crack/dextory/custom/dextory.filters diff --git a/include/dextory/custom/dextory.user b/include/crack/dextory/custom/dextory.user similarity index 100% rename from include/dextory/custom/dextory.user rename to include/crack/dextory/custom/dextory.user diff --git a/include/dextory/custom/dextory.vcxproj b/include/crack/dextory/custom/dextory.vcxproj similarity index 100% rename from include/dextory/custom/dextory.vcxproj rename to include/crack/dextory/custom/dextory.vcxproj diff --git a/include/dextory/custom/tmain.cpp b/include/crack/dextory/custom/tmain.cpp similarity index 100% rename from include/dextory/custom/tmain.cpp rename to include/crack/dextory/custom/tmain.cpp diff --git a/include/dextory/dextory b/include/crack/dextory/dextory similarity index 100% rename from include/dextory/dextory rename to include/crack/dextory/dextory diff --git a/include/dextory/dextory.sln b/include/crack/dextory/dextory.sln similarity index 100% rename from include/dextory/dextory.sln rename to include/crack/dextory/dextory.sln diff --git a/include/dextory/kernel/CustomKernelSignersPersistent.vcxproj.user b/include/crack/dextory/kernel/CustomKernelSignersPersistent.vcxproj.user similarity index 100% rename from include/dextory/kernel/CustomKernelSignersPersistent.vcxproj.user rename to include/crack/dextory/kernel/CustomKernelSignersPersistent.vcxproj.user diff --git a/include/dextory/kernel/cksp_defs.h b/include/crack/dextory/kernel/cksp_defs.h similarity index 100% rename from include/dextory/kernel/cksp_defs.h rename to include/crack/dextory/kernel/cksp_defs.h diff --git a/include/dextory/kernel/cksp_entry.c b/include/crack/dextory/kernel/cksp_entry.c similarity index 100% rename from include/dextory/kernel/cksp_entry.c rename to include/crack/dextory/kernel/cksp_entry.c diff --git a/include/dextory/kernel/cksp_irp_null.c b/include/crack/dextory/kernel/cksp_irp_null.c similarity index 100% rename from include/dextory/kernel/cksp_irp_null.c rename to include/crack/dextory/kernel/cksp_irp_null.c diff --git a/include/dextory/kernel/cksp_main.c b/include/crack/dextory/kernel/cksp_main.c similarity index 100% rename from include/dextory/kernel/cksp_main.c rename to include/crack/dextory/kernel/cksp_main.c diff --git a/include/dextory/kernel/cksp_unload.c b/include/crack/dextory/kernel/cksp_unload.c similarity index 100% rename from include/dextory/kernel/cksp_unload.c rename to include/crack/dextory/kernel/cksp_unload.c diff --git a/include/dextory/kernel/dextory.filters b/include/crack/dextory/kernel/dextory.filters similarity index 100% rename from include/dextory/kernel/dextory.filters rename to include/crack/dextory/kernel/dextory.filters diff --git a/include/dextory/kernel/dextory.vcxproj b/include/crack/dextory/kernel/dextory.vcxproj similarity index 100% rename from include/dextory/kernel/dextory.vcxproj rename to include/crack/dextory/kernel/dextory.vcxproj diff --git a/include/enformer/.gitattributes b/include/crack/enformer/.gitattributes similarity index 100% rename from include/enformer/.gitattributes rename to include/crack/enformer/.gitattributes diff --git a/include/enformer/.gitignore b/include/crack/enformer/.gitignore similarity index 100% rename from include/enformer/.gitignore rename to include/crack/enformer/.gitignore diff --git a/include/enformer/informer.P64 b/include/crack/enformer/informer.P64 similarity index 100% rename from include/enformer/informer.P64 rename to include/crack/enformer/informer.P64 diff --git a/include/enformer/informer.pLW b/include/crack/enformer/informer.pLW similarity index 100% rename from include/enformer/informer.pLW rename to include/crack/enformer/informer.pLW diff --git a/include/enformer/informer.sln b/include/crack/enformer/informer.sln similarity index 100% rename from include/enformer/informer.sln rename to include/crack/enformer/informer.sln diff --git a/include/enformer/plugin/Class_Informer.txt b/include/crack/enformer/plugin/Class_Informer.txt similarity index 100% rename from include/enformer/plugin/Class_Informer.txt rename to include/crack/enformer/plugin/Class_Informer.txt diff --git a/include/enformer/plugin/Core.cpp b/include/crack/enformer/plugin/Core.cpp similarity index 100% rename from include/enformer/plugin/Core.cpp rename to include/crack/enformer/plugin/Core.cpp diff --git a/include/enformer/plugin/Core.h b/include/crack/enformer/plugin/Core.h similarity index 100% rename from include/enformer/plugin/Core.h rename to include/crack/enformer/plugin/Core.h diff --git a/include/enformer/plugin/GeneratedFiles/Debug/moc_MainDialog.cpp b/include/crack/enformer/plugin/GeneratedFiles/Debug/moc_MainDialog.cpp similarity index 100% rename from include/enformer/plugin/GeneratedFiles/Debug/moc_MainDialog.cpp rename to include/crack/enformer/plugin/GeneratedFiles/Debug/moc_MainDialog.cpp diff --git a/include/enformer/plugin/GeneratedFiles/Debug64/moc_MainDialog.cpp b/include/crack/enformer/plugin/GeneratedFiles/Debug64/moc_MainDialog.cpp similarity index 100% rename from include/enformer/plugin/GeneratedFiles/Debug64/moc_MainDialog.cpp rename to include/crack/enformer/plugin/GeneratedFiles/Debug64/moc_MainDialog.cpp diff --git a/include/enformer/plugin/GeneratedFiles/Release/moc_MainDialog.cpp b/include/crack/enformer/plugin/GeneratedFiles/Release/moc_MainDialog.cpp similarity index 100% rename from include/enformer/plugin/GeneratedFiles/Release/moc_MainDialog.cpp rename to include/crack/enformer/plugin/GeneratedFiles/Release/moc_MainDialog.cpp diff --git a/include/enformer/plugin/GeneratedFiles/Release64/moc_MainDialog.cpp b/include/crack/enformer/plugin/GeneratedFiles/Release64/moc_MainDialog.cpp similarity index 100% rename from include/enformer/plugin/GeneratedFiles/Release64/moc_MainDialog.cpp rename to include/crack/enformer/plugin/GeneratedFiles/Release64/moc_MainDialog.cpp diff --git a/include/enformer/plugin/GeneratedFiles/qrc_QtResource.cpp b/include/crack/enformer/plugin/GeneratedFiles/qrc_QtResource.cpp similarity index 100% rename from include/enformer/plugin/GeneratedFiles/qrc_QtResource.cpp rename to include/crack/enformer/plugin/GeneratedFiles/qrc_QtResource.cpp diff --git a/include/enformer/plugin/GeneratedFiles/ui_dialog.h b/include/crack/enformer/plugin/GeneratedFiles/ui_dialog.h similarity index 100% rename from include/enformer/plugin/GeneratedFiles/ui_dialog.h rename to include/crack/enformer/plugin/GeneratedFiles/ui_dialog.h diff --git a/include/enformer/plugin/IdaOgg.h b/include/crack/enformer/plugin/IdaOgg.h similarity index 100% rename from include/enformer/plugin/IdaOgg.h rename to include/crack/enformer/plugin/IdaOgg.h diff --git a/include/enformer/plugin/IdaOggPlayer.LiB b/include/crack/enformer/plugin/IdaOggPlayer.LiB similarity index 100% rename from include/enformer/plugin/IdaOggPlayer.LiB rename to include/crack/enformer/plugin/IdaOggPlayer.LiB diff --git a/include/enformer/plugin/IdaOggPlayerD.LiB b/include/crack/enformer/plugin/IdaOggPlayerD.LiB similarity index 100% rename from include/enformer/plugin/IdaOggPlayerD.LiB rename to include/crack/enformer/plugin/IdaOggPlayerD.LiB diff --git a/include/enformer/plugin/Main.cpp b/include/crack/enformer/plugin/Main.cpp similarity index 100% rename from include/enformer/plugin/Main.cpp rename to include/crack/enformer/plugin/Main.cpp diff --git a/include/enformer/plugin/MainDialog.cpp b/include/crack/enformer/plugin/MainDialog.cpp similarity index 100% rename from include/enformer/plugin/MainDialog.cpp rename to include/crack/enformer/plugin/MainDialog.cpp diff --git a/include/enformer/plugin/MainDialog.h b/include/crack/enformer/plugin/MainDialog.h similarity index 100% rename from include/enformer/plugin/MainDialog.h rename to include/crack/enformer/plugin/MainDialog.h diff --git a/include/enformer/plugin/QtResource.qrc b/include/crack/enformer/plugin/QtResource.qrc similarity index 100% rename from include/enformer/plugin/QtResource.qrc rename to include/crack/enformer/plugin/QtResource.qrc diff --git a/include/enformer/plugin/RTTI.cpp b/include/crack/enformer/plugin/RTTI.cpp similarity index 100% rename from include/enformer/plugin/RTTI.cpp rename to include/crack/enformer/plugin/RTTI.cpp diff --git a/include/enformer/plugin/RTTI.h b/include/crack/enformer/plugin/RTTI.h similarity index 100% rename from include/enformer/plugin/RTTI.h rename to include/crack/enformer/plugin/RTTI.h diff --git a/include/enformer/plugin/StdAfx.h b/include/crack/enformer/plugin/StdAfx.h similarity index 100% rename from include/enformer/plugin/StdAfx.h rename to include/crack/enformer/plugin/StdAfx.h diff --git a/include/enformer/plugin/Utility.cpp b/include/crack/enformer/plugin/Utility.cpp similarity index 100% rename from include/enformer/plugin/Utility.cpp rename to include/crack/enformer/plugin/Utility.cpp diff --git a/include/enformer/plugin/Utility.h b/include/crack/enformer/plugin/Utility.h similarity index 100% rename from include/enformer/plugin/Utility.h rename to include/crack/enformer/plugin/Utility.h diff --git a/include/enformer/plugin/Vftable.cpp b/include/crack/enformer/plugin/Vftable.cpp similarity index 100% rename from include/enformer/plugin/Vftable.cpp rename to include/crack/enformer/plugin/Vftable.cpp diff --git a/include/enformer/plugin/Vftable.h b/include/crack/enformer/plugin/Vftable.h similarity index 100% rename from include/enformer/plugin/Vftable.h rename to include/crack/enformer/plugin/Vftable.h diff --git a/include/enformer/plugin/WaitBoxEx.LiB b/include/crack/enformer/plugin/WaitBoxEx.LiB similarity index 100% rename from include/enformer/plugin/WaitBoxEx.LiB rename to include/crack/enformer/plugin/WaitBoxEx.LiB diff --git a/include/enformer/plugin/WaitBoxEx.h b/include/crack/enformer/plugin/WaitBoxEx.h similarity index 100% rename from include/enformer/plugin/WaitBoxEx.h rename to include/crack/enformer/plugin/WaitBoxEx.h diff --git a/include/enformer/plugin/WaitBoxExD.LiB b/include/crack/enformer/plugin/WaitBoxExD.LiB similarity index 100% rename from include/enformer/plugin/WaitBoxExD.LiB rename to include/crack/enformer/plugin/WaitBoxExD.LiB diff --git a/include/enformer/plugin/banner.png b/include/crack/enformer/plugin/banner.png similarity index 100% rename from include/enformer/plugin/banner.png rename to include/crack/enformer/plugin/banner.png diff --git a/include/enformer/plugin/checkbox-checked.png b/include/crack/enformer/plugin/checkbox-checked.png similarity index 100% rename from include/enformer/plugin/checkbox-checked.png rename to include/crack/enformer/plugin/checkbox-checked.png diff --git a/include/enformer/plugin/completed.ogg b/include/crack/enformer/plugin/completed.ogg similarity index 100% rename from include/enformer/plugin/completed.ogg rename to include/crack/enformer/plugin/completed.ogg diff --git a/include/enformer/plugin/dialog.ui b/include/crack/enformer/plugin/dialog.ui similarity index 100% rename from include/enformer/plugin/dialog.ui rename to include/crack/enformer/plugin/dialog.ui diff --git a/include/enformer/plugin/icon.png b/include/crack/enformer/plugin/icon.png similarity index 100% rename from include/enformer/plugin/icon.png rename to include/crack/enformer/plugin/icon.png diff --git a/include/enformer/plugin/informer.filters b/include/crack/enformer/plugin/informer.filters similarity index 100% rename from include/enformer/plugin/informer.filters rename to include/crack/enformer/plugin/informer.filters diff --git a/include/enformer/plugin/informer.user b/include/crack/enformer/plugin/informer.user similarity index 100% rename from include/enformer/plugin/informer.user rename to include/crack/enformer/plugin/informer.user diff --git a/include/enformer/plugin/informer.vcxproj b/include/crack/enformer/plugin/informer.vcxproj similarity index 100% rename from include/enformer/plugin/informer.vcxproj rename to include/crack/enformer/plugin/informer.vcxproj diff --git a/include/enformer/plugin/progress-style.qss b/include/crack/enformer/plugin/progress-style.qss similarity index 100% rename from include/enformer/plugin/progress-style.qss rename to include/crack/enformer/plugin/progress-style.qss diff --git a/include/enformer/plugin/style.qss b/include/crack/enformer/plugin/style.qss similarity index 100% rename from include/enformer/plugin/style.qss rename to include/crack/enformer/plugin/style.qss diff --git a/include/enformer/plugin/undname.h b/include/crack/enformer/plugin/undname.h similarity index 100% rename from include/enformer/plugin/undname.h rename to include/crack/enformer/plugin/undname.h diff --git a/include/enformer/plugin/view-style.qss b/include/crack/enformer/plugin/view-style.qss similarity index 100% rename from include/enformer/plugin/view-style.qss rename to include/crack/enformer/plugin/view-style.qss diff --git a/include/expecs/.gitignore b/include/crack/expecs/.gitignore similarity index 100% rename from include/expecs/.gitignore rename to include/crack/expecs/.gitignore diff --git a/include/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.cpp b/include/crack/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.cpp similarity index 100% rename from include/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.cpp rename to include/crack/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.cpp diff --git a/include/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj b/include/crack/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj similarity index 100% rename from include/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj rename to include/crack/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj diff --git a/include/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj.filters b/include/crack/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj.filters similarity index 100% rename from include/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj.filters rename to include/crack/expecs/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj.filters diff --git a/include/expecs/exploits/arbitrary-overwrite/pch.cpp b/include/crack/expecs/exploits/arbitrary-overwrite/pch.cpp similarity index 100% rename from include/expecs/exploits/arbitrary-overwrite/pch.cpp rename to include/crack/expecs/exploits/arbitrary-overwrite/pch.cpp diff --git a/include/expecs/exploits/arbitrary-overwrite/pch.h b/include/crack/expecs/exploits/arbitrary-overwrite/pch.h similarity index 100% rename from include/expecs/exploits/arbitrary-overwrite/pch.h rename to include/crack/expecs/exploits/arbitrary-overwrite/pch.h diff --git a/include/expecs/exploits/exploits.sln b/include/crack/expecs/exploits/exploits.sln similarity index 100% rename from include/expecs/exploits/exploits.sln rename to include/crack/expecs/exploits/exploits.sln diff --git a/include/expecs/exploits/integer-overflow/integer-overflow.cpp b/include/crack/expecs/exploits/integer-overflow/integer-overflow.cpp similarity index 100% rename from include/expecs/exploits/integer-overflow/integer-overflow.cpp rename to include/crack/expecs/exploits/integer-overflow/integer-overflow.cpp diff --git a/include/expecs/exploits/integer-overflow/integer-overflow.vcxproj b/include/crack/expecs/exploits/integer-overflow/integer-overflow.vcxproj similarity index 100% rename from include/expecs/exploits/integer-overflow/integer-overflow.vcxproj rename to include/crack/expecs/exploits/integer-overflow/integer-overflow.vcxproj diff --git a/include/expecs/exploits/integer-overflow/integer-overflow.vcxproj.filters b/include/crack/expecs/exploits/integer-overflow/integer-overflow.vcxproj.filters similarity index 100% rename from include/expecs/exploits/integer-overflow/integer-overflow.vcxproj.filters rename to include/crack/expecs/exploits/integer-overflow/integer-overflow.vcxproj.filters diff --git a/include/expecs/exploits/integer-overflow/pch.cpp b/include/crack/expecs/exploits/integer-overflow/pch.cpp similarity index 100% rename from include/expecs/exploits/integer-overflow/pch.cpp rename to include/crack/expecs/exploits/integer-overflow/pch.cpp diff --git a/include/expecs/exploits/integer-overflow/pch.h b/include/crack/expecs/exploits/integer-overflow/pch.h similarity index 100% rename from include/expecs/exploits/integer-overflow/pch.h rename to include/crack/expecs/exploits/integer-overflow/pch.h diff --git a/include/expecs/exploits/null-pointer-dereference/null-pointer-dereference.cpp b/include/crack/expecs/exploits/null-pointer-dereference/null-pointer-dereference.cpp similarity index 100% rename from include/expecs/exploits/null-pointer-dereference/null-pointer-dereference.cpp rename to include/crack/expecs/exploits/null-pointer-dereference/null-pointer-dereference.cpp diff --git a/include/expecs/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj b/include/crack/expecs/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj similarity index 100% rename from include/expecs/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj rename to include/crack/expecs/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj diff --git a/include/expecs/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj.filters b/include/crack/expecs/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj.filters similarity index 100% rename from include/expecs/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj.filters rename to include/crack/expecs/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj.filters diff --git a/include/expecs/exploits/null-pointer-dereference/pch.cpp b/include/crack/expecs/exploits/null-pointer-dereference/pch.cpp similarity index 100% rename from include/expecs/exploits/null-pointer-dereference/pch.cpp rename to include/crack/expecs/exploits/null-pointer-dereference/pch.cpp diff --git a/include/expecs/exploits/null-pointer-dereference/pch.h b/include/crack/expecs/exploits/null-pointer-dereference/pch.h similarity index 100% rename from include/expecs/exploits/null-pointer-dereference/pch.h rename to include/crack/expecs/exploits/null-pointer-dereference/pch.h diff --git a/include/expecs/exploits/stack-overflow/pch.cpp b/include/crack/expecs/exploits/stack-overflow/pch.cpp similarity index 100% rename from include/expecs/exploits/stack-overflow/pch.cpp rename to include/crack/expecs/exploits/stack-overflow/pch.cpp diff --git a/include/expecs/exploits/stack-overflow/pch.h b/include/crack/expecs/exploits/stack-overflow/pch.h similarity index 100% rename from include/expecs/exploits/stack-overflow/pch.h rename to include/crack/expecs/exploits/stack-overflow/pch.h diff --git a/include/expecs/exploits/stack-overflow/stack-overflow.cpp b/include/crack/expecs/exploits/stack-overflow/stack-overflow.cpp similarity index 100% rename from include/expecs/exploits/stack-overflow/stack-overflow.cpp rename to include/crack/expecs/exploits/stack-overflow/stack-overflow.cpp diff --git a/include/expecs/exploits/stack-overflow/stack-overflow.vcxproj b/include/crack/expecs/exploits/stack-overflow/stack-overflow.vcxproj similarity index 100% rename from include/expecs/exploits/stack-overflow/stack-overflow.vcxproj rename to include/crack/expecs/exploits/stack-overflow/stack-overflow.vcxproj diff --git a/include/expecs/exploits/stack-overflow/stack-overflow.vcxproj.filters b/include/crack/expecs/exploits/stack-overflow/stack-overflow.vcxproj.filters similarity index 100% rename from include/expecs/exploits/stack-overflow/stack-overflow.vcxproj.filters rename to include/crack/expecs/exploits/stack-overflow/stack-overflow.vcxproj.filters diff --git a/include/expecs/exploits/type-confusion/pch.cpp b/include/crack/expecs/exploits/type-confusion/pch.cpp similarity index 100% rename from include/expecs/exploits/type-confusion/pch.cpp rename to include/crack/expecs/exploits/type-confusion/pch.cpp diff --git a/include/expecs/exploits/type-confusion/pch.h b/include/crack/expecs/exploits/type-confusion/pch.h similarity index 100% rename from include/expecs/exploits/type-confusion/pch.h rename to include/crack/expecs/exploits/type-confusion/pch.h diff --git a/include/expecs/exploits/type-confusion/type-confusion.cpp b/include/crack/expecs/exploits/type-confusion/type-confusion.cpp similarity index 100% rename from include/expecs/exploits/type-confusion/type-confusion.cpp rename to include/crack/expecs/exploits/type-confusion/type-confusion.cpp diff --git a/include/expecs/exploits/type-confusion/type-confusion.vcxproj b/include/crack/expecs/exploits/type-confusion/type-confusion.vcxproj similarity index 100% rename from include/expecs/exploits/type-confusion/type-confusion.vcxproj rename to include/crack/expecs/exploits/type-confusion/type-confusion.vcxproj diff --git a/include/expecs/exploits/type-confusion/type-confusion.vcxproj.filters b/include/crack/expecs/exploits/type-confusion/type-confusion.vcxproj.filters similarity index 100% rename from include/expecs/exploits/type-confusion/type-confusion.vcxproj.filters rename to include/crack/expecs/exploits/type-confusion/type-confusion.vcxproj.filters diff --git a/include/expecs/exploits/uninitialized-stack-variable/pch.cpp b/include/crack/expecs/exploits/uninitialized-stack-variable/pch.cpp similarity index 100% rename from include/expecs/exploits/uninitialized-stack-variable/pch.cpp rename to include/crack/expecs/exploits/uninitialized-stack-variable/pch.cpp diff --git a/include/expecs/exploits/uninitialized-stack-variable/pch.h b/include/crack/expecs/exploits/uninitialized-stack-variable/pch.h similarity index 100% rename from include/expecs/exploits/uninitialized-stack-variable/pch.h rename to include/crack/expecs/exploits/uninitialized-stack-variable/pch.h diff --git a/include/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.cpp b/include/crack/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.cpp similarity index 100% rename from include/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.cpp rename to include/crack/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.cpp diff --git a/include/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.h b/include/crack/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.h similarity index 100% rename from include/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.h rename to include/crack/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.h diff --git a/include/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj b/include/crack/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj similarity index 100% rename from include/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj rename to include/crack/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj diff --git a/include/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj.filters b/include/crack/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj.filters similarity index 100% rename from include/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj.filters rename to include/crack/expecs/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj.filters diff --git a/include/expecs/harvard/seh-based-exploits/Millenium MP3 Studio.exe b/include/crack/expecs/harvard/seh-based-exploits/Millenium MP3 Studio.exe similarity index 100% rename from include/expecs/harvard/seh-based-exploits/Millenium MP3 Studio.exe rename to include/crack/expecs/harvard/seh-based-exploits/Millenium MP3 Studio.exe diff --git a/include/expecs/harvard/seh-based-exploits/README.md b/include/crack/expecs/harvard/seh-based-exploits/README.md similarity index 100% rename from include/expecs/harvard/seh-based-exploits/README.md rename to include/crack/expecs/harvard/seh-based-exploits/README.md diff --git a/include/expecs/harvard/seh-based-exploits/soritong10.exe b/include/crack/expecs/harvard/seh-based-exploits/soritong10.exe similarity index 100% rename from include/expecs/harvard/seh-based-exploits/soritong10.exe rename to include/crack/expecs/harvard/seh-based-exploits/soritong10.exe diff --git a/include/expecs/harvard/stack-based-overflows/EasyRMtoMP3Converter.exe b/include/crack/expecs/harvard/stack-based-overflows/EasyRMtoMP3Converter.exe similarity index 100% rename from include/expecs/harvard/stack-based-overflows/EasyRMtoMP3Converter.exe rename to include/crack/expecs/harvard/stack-based-overflows/EasyRMtoMP3Converter.exe diff --git a/include/expecs/harvard/stack-based-overflows/README.md b/include/crack/expecs/harvard/stack-based-overflows/README.md similarity index 100% rename from include/expecs/harvard/stack-based-overflows/README.md rename to include/crack/expecs/harvard/stack-based-overflows/README.md diff --git a/include/expecs/harvard/stack-based-overflows/exploit-call-esp.py b/include/crack/expecs/harvard/stack-based-overflows/exploit-call-esp.py similarity index 100% rename from include/expecs/harvard/stack-based-overflows/exploit-call-esp.py rename to include/crack/expecs/harvard/stack-based-overflows/exploit-call-esp.py diff --git a/include/expecs/harvard/stack-based-overflows/exploit-jmp-esp.py b/include/crack/expecs/harvard/stack-based-overflows/exploit-jmp-esp.py similarity index 100% rename from include/expecs/harvard/stack-based-overflows/exploit-jmp-esp.py rename to include/crack/expecs/harvard/stack-based-overflows/exploit-jmp-esp.py diff --git a/include/expecs/harvard/stack-based-overflows/exploit-pop-pop-ret.py b/include/crack/expecs/harvard/stack-based-overflows/exploit-pop-pop-ret.py similarity index 100% rename from include/expecs/harvard/stack-based-overflows/exploit-pop-pop-ret.py rename to include/crack/expecs/harvard/stack-based-overflows/exploit-pop-pop-ret.py diff --git a/include/expecs/harvard/stack-based-overflows/exploit-popad.py b/include/crack/expecs/harvard/stack-based-overflows/exploit-popad.py similarity index 100% rename from include/expecs/harvard/stack-based-overflows/exploit-popad.py rename to include/crack/expecs/harvard/stack-based-overflows/exploit-popad.py diff --git a/include/expecs/harvard/stack-based-overflows/exploit-push-ret.py b/include/crack/expecs/harvard/stack-based-overflows/exploit-push-ret.py similarity index 100% rename from include/expecs/harvard/stack-based-overflows/exploit-push-ret.py rename to include/crack/expecs/harvard/stack-based-overflows/exploit-push-ret.py diff --git a/include/expecs/harvard/stack-based-overflows/exploit-smallbuffers.py b/include/crack/expecs/harvard/stack-based-overflows/exploit-smallbuffers.py similarity index 100% rename from include/expecs/harvard/stack-based-overflows/exploit-smallbuffers.py rename to include/crack/expecs/harvard/stack-based-overflows/exploit-smallbuffers.py diff --git a/include/pen/SConstruct b/include/crack/pen/SConstruct similarity index 100% rename from include/pen/SConstruct rename to include/crack/pen/SConstruct diff --git a/include/pen/adclient.cpp b/include/crack/pen/adclient.cpp similarity index 100% rename from include/pen/adclient.cpp rename to include/crack/pen/adclient.cpp diff --git a/include/pen/adclient.h b/include/crack/pen/adclient.h similarity index 100% rename from include/pen/adclient.h rename to include/crack/pen/adclient.h diff --git a/include/pen/adclient_krb.cpp b/include/crack/pen/adclient_krb.cpp similarity index 100% rename from include/pen/adclient_krb.cpp rename to include/crack/pen/adclient_krb.cpp diff --git a/include/pen/adclient_sasl.cpp b/include/crack/pen/adclient_sasl.cpp similarity index 100% rename from include/pen/adclient_sasl.cpp rename to include/crack/pen/adclient_sasl.cpp diff --git a/include/pen/adclient_wrapper.cpp b/include/crack/pen/adclient_wrapper.cpp similarity index 100% rename from include/pen/adclient_wrapper.cpp rename to include/crack/pen/adclient_wrapper.cpp diff --git a/include/pen/adclient_wrapper2.cpp b/include/crack/pen/adclient_wrapper2.cpp similarity index 100% rename from include/pen/adclient_wrapper2.cpp rename to include/crack/pen/adclient_wrapper2.cpp diff --git a/include/pen/assembler/.clang-format b/include/crack/pen/assembler/.clang-format similarity index 100% rename from include/pen/assembler/.clang-format rename to include/crack/pen/assembler/.clang-format diff --git a/include/pen/assembler/.clang-tidy b/include/crack/pen/assembler/.clang-tidy similarity index 100% rename from include/pen/assembler/.clang-tidy rename to include/crack/pen/assembler/.clang-tidy diff --git a/include/pen/assembler/CMakeLists.txt b/include/crack/pen/assembler/CMakeLists.txt similarity index 100% rename from include/pen/assembler/CMakeLists.txt rename to include/crack/pen/assembler/CMakeLists.txt diff --git a/include/pen/assembler/assembler/include/zasm/base/immediate.hpp b/include/crack/pen/assembler/assembler/include/zasm/base/immediate.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/base/immediate.hpp rename to include/crack/pen/assembler/assembler/include/zasm/base/immediate.hpp diff --git a/include/pen/assembler/assembler/include/zasm/base/instruction.hpp b/include/crack/pen/assembler/assembler/include/zasm/base/instruction.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/base/instruction.hpp rename to include/crack/pen/assembler/assembler/include/zasm/base/instruction.hpp diff --git a/include/pen/assembler/assembler/include/zasm/base/label.hpp b/include/crack/pen/assembler/assembler/include/zasm/base/label.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/base/label.hpp rename to include/crack/pen/assembler/assembler/include/zasm/base/label.hpp diff --git a/include/pen/assembler/assembler/include/zasm/base/memory.hpp b/include/crack/pen/assembler/assembler/include/zasm/base/memory.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/base/memory.hpp rename to include/crack/pen/assembler/assembler/include/zasm/base/memory.hpp diff --git a/include/pen/assembler/assembler/include/zasm/base/meta.hpp b/include/crack/pen/assembler/assembler/include/zasm/base/meta.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/base/meta.hpp rename to include/crack/pen/assembler/assembler/include/zasm/base/meta.hpp diff --git a/include/pen/assembler/assembler/include/zasm/base/mode.hpp b/include/crack/pen/assembler/assembler/include/zasm/base/mode.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/base/mode.hpp rename to include/crack/pen/assembler/assembler/include/zasm/base/mode.hpp diff --git a/include/pen/assembler/assembler/include/zasm/base/operand.hpp b/include/crack/pen/assembler/assembler/include/zasm/base/operand.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/base/operand.hpp rename to include/crack/pen/assembler/assembler/include/zasm/base/operand.hpp diff --git a/include/pen/assembler/assembler/include/zasm/base/register.hpp b/include/crack/pen/assembler/assembler/include/zasm/base/register.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/base/register.hpp rename to include/crack/pen/assembler/assembler/include/zasm/base/register.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/bitsize.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/bitsize.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/bitsize.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/bitsize.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/enumflags.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/enumflags.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/enumflags.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/enumflags.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/errors.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/errors.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/errors.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/errors.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/expected.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/expected.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/expected.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/expected.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/filestream.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/filestream.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/filestream.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/filestream.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/math.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/math.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/math.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/math.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/memorystream.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/memorystream.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/memorystream.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/memorystream.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/objectpool.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/objectpool.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/objectpool.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/objectpool.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/packed.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/packed.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/packed.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/packed.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/stream.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/stream.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/stream.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/stream.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/stringpool.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/stringpool.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/stringpool.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/stringpool.hpp diff --git a/include/pen/assembler/assembler/include/zasm/core/strongtype.hpp b/include/crack/pen/assembler/assembler/include/zasm/core/strongtype.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/core/strongtype.hpp rename to include/crack/pen/assembler/assembler/include/zasm/core/strongtype.hpp diff --git a/include/pen/assembler/assembler/include/zasm/decoder/decoder.hpp b/include/crack/pen/assembler/assembler/include/zasm/decoder/decoder.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/decoder/decoder.hpp rename to include/crack/pen/assembler/assembler/include/zasm/decoder/decoder.hpp diff --git a/include/pen/assembler/assembler/include/zasm/encoder/encoder.hpp b/include/crack/pen/assembler/assembler/include/zasm/encoder/encoder.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/encoder/encoder.hpp rename to include/crack/pen/assembler/assembler/include/zasm/encoder/encoder.hpp diff --git a/include/pen/assembler/assembler/include/zasm/formatter/formatter.hpp b/include/crack/pen/assembler/assembler/include/zasm/formatter/formatter.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/formatter/formatter.hpp rename to include/crack/pen/assembler/assembler/include/zasm/formatter/formatter.hpp diff --git a/include/pen/assembler/assembler/include/zasm/program/align.hpp b/include/crack/pen/assembler/assembler/include/zasm/program/align.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/program/align.hpp rename to include/crack/pen/assembler/assembler/include/zasm/program/align.hpp diff --git a/include/pen/assembler/assembler/include/zasm/program/data.hpp b/include/crack/pen/assembler/assembler/include/zasm/program/data.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/program/data.hpp rename to include/crack/pen/assembler/assembler/include/zasm/program/data.hpp diff --git a/include/pen/assembler/assembler/include/zasm/program/embeddedlabel.hpp b/include/crack/pen/assembler/assembler/include/zasm/program/embeddedlabel.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/program/embeddedlabel.hpp rename to include/crack/pen/assembler/assembler/include/zasm/program/embeddedlabel.hpp diff --git a/include/pen/assembler/assembler/include/zasm/program/instruction.hpp b/include/crack/pen/assembler/assembler/include/zasm/program/instruction.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/program/instruction.hpp rename to include/crack/pen/assembler/assembler/include/zasm/program/instruction.hpp diff --git a/include/pen/assembler/assembler/include/zasm/program/labeldata.hpp b/include/crack/pen/assembler/assembler/include/zasm/program/labeldata.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/program/labeldata.hpp rename to include/crack/pen/assembler/assembler/include/zasm/program/labeldata.hpp diff --git a/include/pen/assembler/assembler/include/zasm/program/node.hpp b/include/crack/pen/assembler/assembler/include/zasm/program/node.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/program/node.hpp rename to include/crack/pen/assembler/assembler/include/zasm/program/node.hpp diff --git a/include/pen/assembler/assembler/include/zasm/program/observer.hpp b/include/crack/pen/assembler/assembler/include/zasm/program/observer.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/program/observer.hpp rename to include/crack/pen/assembler/assembler/include/zasm/program/observer.hpp diff --git a/include/pen/assembler/assembler/include/zasm/program/program.hpp b/include/crack/pen/assembler/assembler/include/zasm/program/program.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/program/program.hpp rename to include/crack/pen/assembler/assembler/include/zasm/program/program.hpp diff --git a/include/pen/assembler/assembler/include/zasm/program/saverestore.hpp b/include/crack/pen/assembler/assembler/include/zasm/program/saverestore.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/program/saverestore.hpp rename to include/crack/pen/assembler/assembler/include/zasm/program/saverestore.hpp diff --git a/include/pen/assembler/assembler/include/zasm/program/section.hpp b/include/crack/pen/assembler/assembler/include/zasm/program/section.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/program/section.hpp rename to include/crack/pen/assembler/assembler/include/zasm/program/section.hpp diff --git a/include/pen/assembler/assembler/include/zasm/program/sentinel.hpp b/include/crack/pen/assembler/assembler/include/zasm/program/sentinel.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/program/sentinel.hpp rename to include/crack/pen/assembler/assembler/include/zasm/program/sentinel.hpp diff --git a/include/pen/assembler/assembler/include/zasm/serialization/serializer.hpp b/include/crack/pen/assembler/assembler/include/zasm/serialization/serializer.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/serialization/serializer.hpp rename to include/crack/pen/assembler/assembler/include/zasm/serialization/serializer.hpp diff --git a/include/pen/assembler/assembler/include/zasm/x86/assembler.hpp b/include/crack/pen/assembler/assembler/include/zasm/x86/assembler.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/x86/assembler.hpp rename to include/crack/pen/assembler/assembler/include/zasm/x86/assembler.hpp diff --git a/include/pen/assembler/assembler/include/zasm/x86/emitter.hpp b/include/crack/pen/assembler/assembler/include/zasm/x86/emitter.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/x86/emitter.hpp rename to include/crack/pen/assembler/assembler/include/zasm/x86/emitter.hpp diff --git a/include/pen/assembler/assembler/include/zasm/x86/memory.hpp b/include/crack/pen/assembler/assembler/include/zasm/x86/memory.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/x86/memory.hpp rename to include/crack/pen/assembler/assembler/include/zasm/x86/memory.hpp diff --git a/include/pen/assembler/assembler/include/zasm/x86/meta.hpp b/include/crack/pen/assembler/assembler/include/zasm/x86/meta.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/x86/meta.hpp rename to include/crack/pen/assembler/assembler/include/zasm/x86/meta.hpp diff --git a/include/pen/assembler/assembler/include/zasm/x86/mnemonic.hpp b/include/crack/pen/assembler/assembler/include/zasm/x86/mnemonic.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/x86/mnemonic.hpp rename to include/crack/pen/assembler/assembler/include/zasm/x86/mnemonic.hpp diff --git a/include/pen/assembler/assembler/include/zasm/x86/register.hpp b/include/crack/pen/assembler/assembler/include/zasm/x86/register.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/x86/register.hpp rename to include/crack/pen/assembler/assembler/include/zasm/x86/register.hpp diff --git a/include/pen/assembler/assembler/include/zasm/x86/x86.hpp b/include/crack/pen/assembler/assembler/include/zasm/x86/x86.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/x86/x86.hpp rename to include/crack/pen/assembler/assembler/include/zasm/x86/x86.hpp diff --git a/include/pen/assembler/assembler/include/zasm/zasm.hpp b/include/crack/pen/assembler/assembler/include/zasm/zasm.hpp similarity index 100% rename from include/pen/assembler/assembler/include/zasm/zasm.hpp rename to include/crack/pen/assembler/assembler/include/zasm/zasm.hpp diff --git a/include/pen/assembler/assembler/src/zasm/src/core/error.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/core/error.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/core/error.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/core/error.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/core/filestream.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/core/filestream.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/core/filestream.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/core/filestream.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/core/memorystream.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/core/memorystream.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/core/memorystream.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/core/memorystream.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/decoder/decoder.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/decoder/decoder.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/decoder/decoder.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/decoder/decoder.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/encoder/encoder.context.hpp b/include/crack/pen/assembler/assembler/src/zasm/src/encoder/encoder.context.hpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/encoder/encoder.context.hpp rename to include/crack/pen/assembler/assembler/src/zasm/src/encoder/encoder.context.hpp diff --git a/include/pen/assembler/assembler/src/zasm/src/encoder/encoder.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/encoder/encoder.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/encoder/encoder.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/encoder/encoder.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/formatter/formatter.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/formatter/formatter.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/formatter/formatter.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/formatter/formatter.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/program/data.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/program/data.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/program/data.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/program/data.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/program/instruction.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/program/instruction.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/program/instruction.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/program/instruction.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/program/program.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/program/program.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/program/program.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/program/program.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/program/program.node.hpp b/include/crack/pen/assembler/assembler/src/zasm/src/program/program.node.hpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/program/program.node.hpp rename to include/crack/pen/assembler/assembler/src/zasm/src/program/program.node.hpp diff --git a/include/pen/assembler/assembler/src/zasm/src/program/program.state.hpp b/include/crack/pen/assembler/assembler/src/zasm/src/program/program.state.hpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/program/program.state.hpp rename to include/crack/pen/assembler/assembler/src/zasm/src/program/program.state.hpp diff --git a/include/pen/assembler/assembler/src/zasm/src/program/register.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/program/register.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/program/register.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/program/register.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/program/saverestore.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/program/saverestore.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/program/saverestore.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/program/saverestore.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/program/saverestore.load.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/program/saverestore.load.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/program/saverestore.load.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/program/saverestore.load.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/program/saverestore.save.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/program/saverestore.save.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/program/saverestore.save.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/program/saverestore.save.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/program/saverestorehelper.hpp b/include/crack/pen/assembler/assembler/src/zasm/src/program/saverestorehelper.hpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/program/saverestorehelper.hpp rename to include/crack/pen/assembler/assembler/src/zasm/src/program/saverestorehelper.hpp diff --git a/include/pen/assembler/assembler/src/zasm/src/program/saverestoretypes.hpp b/include/crack/pen/assembler/assembler/src/zasm/src/program/saverestoretypes.hpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/program/saverestoretypes.hpp rename to include/crack/pen/assembler/assembler/src/zasm/src/program/saverestoretypes.hpp diff --git a/include/pen/assembler/assembler/src/zasm/src/serialization/serializer.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/serialization/serializer.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/serialization/serializer.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/serialization/serializer.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/x86/x86.assembler.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/x86/x86.assembler.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/x86/x86.assembler.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/x86/x86.assembler.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/x86/x86.register.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/x86/x86.register.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/x86/x86.register.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/x86/x86.register.cpp diff --git a/include/pen/assembler/assembler/src/zasm/src/zasm.cpp b/include/crack/pen/assembler/assembler/src/zasm/src/zasm.cpp similarity index 100% rename from include/pen/assembler/assembler/src/zasm/src/zasm.cpp rename to include/crack/pen/assembler/assembler/src/zasm/src/zasm.cpp diff --git a/include/pen/assembler/benchmark/src/benchmarks/benchmark.assembler.cpp b/include/crack/pen/assembler/benchmark/src/benchmarks/benchmark.assembler.cpp similarity index 100% rename from include/pen/assembler/benchmark/src/benchmarks/benchmark.assembler.cpp rename to include/crack/pen/assembler/benchmark/src/benchmarks/benchmark.assembler.cpp diff --git a/include/pen/assembler/benchmark/src/benchmarks/benchmark.formatter.cpp b/include/crack/pen/assembler/benchmark/src/benchmarks/benchmark.formatter.cpp similarity index 100% rename from include/pen/assembler/benchmark/src/benchmarks/benchmark.formatter.cpp rename to include/crack/pen/assembler/benchmark/src/benchmarks/benchmark.formatter.cpp diff --git a/include/pen/assembler/benchmark/src/benchmarks/benchmark.instructioninfo.cpp b/include/crack/pen/assembler/benchmark/src/benchmarks/benchmark.instructioninfo.cpp similarity index 100% rename from include/pen/assembler/benchmark/src/benchmarks/benchmark.instructioninfo.cpp rename to include/crack/pen/assembler/benchmark/src/benchmarks/benchmark.instructioninfo.cpp diff --git a/include/pen/assembler/benchmark/src/benchmarks/benchmark.serialization.cpp b/include/crack/pen/assembler/benchmark/src/benchmarks/benchmark.serialization.cpp similarity index 100% rename from include/pen/assembler/benchmark/src/benchmarks/benchmark.serialization.cpp rename to include/crack/pen/assembler/benchmark/src/benchmarks/benchmark.serialization.cpp diff --git a/include/pen/assembler/benchmark/src/benchmarks/benchmark.stringpool.cpp b/include/crack/pen/assembler/benchmark/src/benchmarks/benchmark.stringpool.cpp similarity index 100% rename from include/pen/assembler/benchmark/src/benchmarks/benchmark.stringpool.cpp rename to include/crack/pen/assembler/benchmark/src/benchmarks/benchmark.stringpool.cpp diff --git a/include/pen/assembler/benchmark/src/main.cpp b/include/crack/pen/assembler/benchmark/src/main.cpp similarity index 100% rename from include/pen/assembler/benchmark/src/main.cpp rename to include/crack/pen/assembler/benchmark/src/main.cpp diff --git a/include/pen/assembler/cmake.toml b/include/crack/pen/assembler/cmake.toml similarity index 100% rename from include/pen/assembler/cmake.toml rename to include/crack/pen/assembler/cmake.toml diff --git a/include/pen/assembler/cmkr.cmake b/include/crack/pen/assembler/cmkr.cmake similarity index 100% rename from include/pen/assembler/cmkr.cmake rename to include/crack/pen/assembler/cmkr.cmake diff --git a/include/pen/assembler/examples/assembler_basic/main.cpp b/include/crack/pen/assembler/examples/assembler_basic/main.cpp similarity index 100% rename from include/pen/assembler/examples/assembler_basic/main.cpp rename to include/crack/pen/assembler/examples/assembler_basic/main.cpp diff --git a/include/pen/assembler/examples/assembler_sections/main.cpp b/include/crack/pen/assembler/examples/assembler_sections/main.cpp similarity index 100% rename from include/pen/assembler/examples/assembler_sections/main.cpp rename to include/crack/pen/assembler/examples/assembler_sections/main.cpp diff --git a/include/pen/assembler/examples/basic_jit/main.cpp b/include/crack/pen/assembler/examples/basic_jit/main.cpp similarity index 100% rename from include/pen/assembler/examples/basic_jit/main.cpp rename to include/crack/pen/assembler/examples/basic_jit/main.cpp diff --git a/include/pen/assembler/examples/common/examples.common.hpp b/include/crack/pen/assembler/examples/common/examples.common.hpp similarity index 100% rename from include/pen/assembler/examples/common/examples.common.hpp rename to include/crack/pen/assembler/examples/common/examples.common.hpp diff --git a/include/pen/assembler/examples/decode_to_assembler/main.cpp b/include/crack/pen/assembler/examples/decode_to_assembler/main.cpp similarity index 100% rename from include/pen/assembler/examples/decode_to_assembler/main.cpp rename to include/crack/pen/assembler/examples/decode_to_assembler/main.cpp diff --git a/include/pen/assembler/examples/instruction_info/main.cpp b/include/crack/pen/assembler/examples/instruction_info/main.cpp similarity index 100% rename from include/pen/assembler/examples/instruction_info/main.cpp rename to include/crack/pen/assembler/examples/instruction_info/main.cpp diff --git a/include/pen/assembler/examples/memory_operands/main.cpp b/include/crack/pen/assembler/examples/memory_operands/main.cpp similarity index 100% rename from include/pen/assembler/examples/memory_operands/main.cpp rename to include/crack/pen/assembler/examples/memory_operands/main.cpp diff --git a/include/pen/assembler/examples/modify_instruction/main.cpp b/include/crack/pen/assembler/examples/modify_instruction/main.cpp similarity index 100% rename from include/pen/assembler/examples/modify_instruction/main.cpp rename to include/crack/pen/assembler/examples/modify_instruction/main.cpp diff --git a/include/pen/assembler/examples/modify_program/main.cpp b/include/crack/pen/assembler/examples/modify_program/main.cpp similarity index 100% rename from include/pen/assembler/examples/modify_program/main.cpp rename to include/crack/pen/assembler/examples/modify_program/main.cpp diff --git a/include/pen/assembler/examples/program_observer/main.cpp b/include/crack/pen/assembler/examples/program_observer/main.cpp similarity index 100% rename from include/pen/assembler/examples/program_observer/main.cpp rename to include/crack/pen/assembler/examples/program_observer/main.cpp diff --git a/include/pen/assembler/pro/CMakeLists.txt b/include/crack/pen/assembler/pro/CMakeLists.txt similarity index 100% rename from include/pen/assembler/pro/CMakeLists.txt rename to include/crack/pen/assembler/pro/CMakeLists.txt diff --git a/include/pen/assembler/pro/cmake.toml b/include/crack/pen/assembler/pro/cmake.toml similarity index 100% rename from include/pen/assembler/pro/cmake.toml rename to include/crack/pen/assembler/pro/cmake.toml diff --git a/include/pen/assembler/testdata/include/zasm/testdata/x86/instructions.hpp b/include/crack/pen/assembler/testdata/include/zasm/testdata/x86/instructions.hpp similarity index 100% rename from include/pen/assembler/testdata/include/zasm/testdata/x86/instructions.hpp rename to include/crack/pen/assembler/testdata/include/zasm/testdata/x86/instructions.hpp diff --git a/include/pen/assembler/tests/src/main.cpp b/include/crack/pen/assembler/tests/src/main.cpp similarity index 100% rename from include/pen/assembler/tests/src/main.cpp rename to include/crack/pen/assembler/tests/src/main.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.assembler.cpp b/include/crack/pen/assembler/tests/src/tests/tests.assembler.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.assembler.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.assembler.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.decoder.cpp b/include/crack/pen/assembler/tests/src/tests/tests.decoder.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.decoder.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.decoder.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.enumflags.cpp b/include/crack/pen/assembler/tests/src/tests/tests.enumflags.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.enumflags.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.enumflags.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.error.cpp b/include/crack/pen/assembler/tests/src/tests/tests.error.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.error.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.error.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.externals.cpp b/include/crack/pen/assembler/tests/src/tests/tests.externals.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.externals.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.externals.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.formatter.cpp b/include/crack/pen/assembler/tests/src/tests/tests.formatter.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.formatter.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.formatter.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.imports.cpp b/include/crack/pen/assembler/tests/src/tests/tests.imports.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.imports.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.imports.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.instruction.cpp b/include/crack/pen/assembler/tests/src/tests/tests.instruction.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.instruction.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.instruction.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.instructions.x64.cpp b/include/crack/pen/assembler/tests/src/tests/tests.instructions.x64.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.instructions.x64.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.instructions.x64.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.instructionsinfo.x64.cpp b/include/crack/pen/assembler/tests/src/tests/tests.instructionsinfo.x64.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.instructionsinfo.x64.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.instructionsinfo.x64.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.observer.cpp b/include/crack/pen/assembler/tests/src/tests/tests.observer.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.observer.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.observer.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.packed.cpp b/include/crack/pen/assembler/tests/src/tests/tests.packed.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.packed.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.packed.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.program.cpp b/include/crack/pen/assembler/tests/src/tests/tests.program.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.program.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.program.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.registers.cpp b/include/crack/pen/assembler/tests/src/tests/tests.registers.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.registers.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.registers.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.relocation.cpp b/include/crack/pen/assembler/tests/src/tests/tests.relocation.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.relocation.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.relocation.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.saverestore.cpp b/include/crack/pen/assembler/tests/src/tests/tests.saverestore.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.saverestore.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.saverestore.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.sections.cpp b/include/crack/pen/assembler/tests/src/tests/tests.sections.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.sections.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.sections.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.segments.cpp b/include/crack/pen/assembler/tests/src/tests/tests.segments.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.segments.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.segments.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.serialization.cpp b/include/crack/pen/assembler/tests/src/tests/tests.serialization.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.serialization.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.serialization.cpp diff --git a/include/pen/assembler/tests/src/tests/tests.stringpool.cpp b/include/crack/pen/assembler/tests/src/tests/tests.stringpool.cpp similarity index 100% rename from include/pen/assembler/tests/src/tests/tests.stringpool.cpp rename to include/crack/pen/assembler/tests/src/tests/tests.stringpool.cpp diff --git a/include/pen/assembler/tests/src/testutils.cpp b/include/crack/pen/assembler/tests/src/testutils.cpp similarity index 100% rename from include/pen/assembler/tests/src/testutils.cpp rename to include/crack/pen/assembler/tests/src/testutils.cpp diff --git a/include/pen/assembler/tests/src/testutils.hpp b/include/crack/pen/assembler/tests/src/testutils.hpp similarity index 100% rename from include/pen/assembler/tests/src/testutils.hpp rename to include/crack/pen/assembler/tests/src/testutils.hpp diff --git a/include/pen/cracker/.editorconfig b/include/crack/pen/cracker/.editorconfig similarity index 100% rename from include/pen/cracker/.editorconfig rename to include/crack/pen/cracker/.editorconfig diff --git a/include/pen/cracker/.gitattributes b/include/crack/pen/cracker/.gitattributes similarity index 100% rename from include/pen/cracker/.gitattributes rename to include/crack/pen/cracker/.gitattributes diff --git a/include/pen/cracker/.gitignore b/include/crack/pen/cracker/.gitignore similarity index 100% rename from include/pen/cracker/.gitignore rename to include/crack/pen/cracker/.gitignore diff --git a/include/pen/cracker/blackmarlinexec.sln b/include/crack/pen/cracker/blackmarlinexec.sln similarity index 100% rename from include/pen/cracker/blackmarlinexec.sln rename to include/crack/pen/cracker/blackmarlinexec.sln diff --git a/include/pen/cracker/cracks b/include/crack/pen/cracker/cracks similarity index 100% rename from include/pen/cracker/cracks rename to include/crack/pen/cracker/cracks diff --git a/include/pen/cracker/sbexecution/AntiAnalysis/pch.h b/include/crack/pen/cracker/sbexecution/AntiAnalysis/pch.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiAnalysis/pch.h rename to include/crack/pen/cracker/sbexecution/AntiAnalysis/pch.h diff --git a/include/pen/cracker/sbexecution/AntiAnalysis/process.cpp b/include/crack/pen/cracker/sbexecution/AntiAnalysis/process.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiAnalysis/process.cpp rename to include/crack/pen/cracker/sbexecution/AntiAnalysis/process.cpp diff --git a/include/pen/cracker/sbexecution/AntiAnalysis/process.h b/include/crack/pen/cracker/sbexecution/AntiAnalysis/process.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiAnalysis/process.h rename to include/crack/pen/cracker/sbexecution/AntiAnalysis/process.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/BeingDebugged.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/BeingDebugged.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/BeingDebugged.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/BeingDebugged.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/BeingDebugged.h b/include/crack/pen/cracker/sbexecution/AntiDebug/BeingDebugged.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/BeingDebugged.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/BeingDebugged.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.h b/include/crack/pen/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/CheckRemoteDebuggerPresent.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.h b/include/crack/pen/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/CloseHandle_InvalidHandle.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/HardwareBreakpoints.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/HardwareBreakpoints.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/HardwareBreakpoints.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/HardwareBreakpoints.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/HardwareBreakpoints.h b/include/crack/pen/cracker/sbexecution/AntiDebug/HardwareBreakpoints.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/HardwareBreakpoints.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/HardwareBreakpoints.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/Interrupt_0x2d.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/Interrupt_0x2d.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/Interrupt_0x2d.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/Interrupt_0x2d.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/Interrupt_0x2d.h b/include/crack/pen/cracker/sbexecution/AntiDebug/Interrupt_0x2d.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/Interrupt_0x2d.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/Interrupt_0x2d.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/Interrupt_3.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/Interrupt_3.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/Interrupt_3.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/Interrupt_3.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/Interrupt_3.h b/include/crack/pen/cracker/sbexecution/AntiDebug/Interrupt_3.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/Interrupt_3.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/Interrupt_3.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/IsDebuggerPresent.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/IsDebuggerPresent.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/IsDebuggerPresent.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/IsDebuggerPresent.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/IsDebuggerPresent.h b/include/crack/pen/cracker/sbexecution/AntiDebug/IsDebuggerPresent.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/IsDebuggerPresent.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/IsDebuggerPresent.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/LowFragmentationHeap.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/LowFragmentationHeap.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/LowFragmentationHeap.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/LowFragmentationHeap.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/LowFragmentationHeap.h b/include/crack/pen/cracker/sbexecution/AntiDebug/LowFragmentationHeap.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/LowFragmentationHeap.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/LowFragmentationHeap.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.h b/include/crack/pen/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/MemoryBreakpoints_PageGuard.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.h b/include/crack/pen/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/ModuleBoundsHookCheck.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtGlobalFlag.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/NtGlobalFlag.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtGlobalFlag.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtGlobalFlag.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtGlobalFlag.h b/include/crack/pen/cracker/sbexecution/AntiDebug/NtGlobalFlag.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtGlobalFlag.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtGlobalFlag.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.h b/include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.h b/include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.h b/include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtQueryObject_AllTypesInformation.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryObject_AllTypesInformation.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtQueryObject_AllTypesInformation.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryObject_AllTypesInformation.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectInformation.h b/include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectInformation.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectInformation.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectInformation.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectTypeInformation.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectTypeInformation.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectTypeInformation.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtQueryObject_ObjectTypeInformation.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.h b/include/crack/pen/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.h b/include/crack/pen/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtSystemDebugControl.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/NtSystemDebugControl.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtSystemDebugControl.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtSystemDebugControl.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtSystemDebugControl.h b/include/crack/pen/cracker/sbexecution/AntiDebug/NtSystemDebugControl.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtSystemDebugControl.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtSystemDebugControl.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtYieldExecution.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/NtYieldExecution.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtYieldExecution.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtYieldExecution.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/NtYieldExecution.h b/include/crack/pen/cracker/sbexecution/AntiDebug/NtYieldExecution.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/NtYieldExecution.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/NtYieldExecution.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.h b/include/crack/pen/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/OutputDebugStringAPI.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.h b/include/crack/pen/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/PageExceptionBreakpointCheck.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/ParentProcess.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/ParentProcess.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ParentProcess.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/ParentProcess.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/ParentProcess.h b/include/crack/pen/cracker/sbexecution/AntiDebug/ParentProcess.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ParentProcess.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/ParentProcess.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.h b/include/crack/pen/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/ProcessHeap_Flags.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.h b/include/crack/pen/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/ProcessHeap_ForceFlags.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/ProcessJob.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/ProcessJob.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ProcessJob.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/ProcessJob.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/ProcessJob.h b/include/crack/pen/cracker/sbexecution/AntiDebug/ProcessJob.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ProcessJob.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/ProcessJob.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/ScanForModules.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/ScanForModules.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ScanForModules.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/ScanForModules.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/ScanForModules.h b/include/crack/pen/cracker/sbexecution/AntiDebug/ScanForModules.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/ScanForModules.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/ScanForModules.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/SeDebugPrivilege.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/SeDebugPrivilege.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/SeDebugPrivilege.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/SeDebugPrivilege.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/SeDebugPrivilege.h b/include/crack/pen/cracker/sbexecution/AntiDebug/SeDebugPrivilege.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/SeDebugPrivilege.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/SeDebugPrivilege.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/SetHandleInformation_API.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/SetHandleInformation_API.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/SetHandleInformation_API.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/SetHandleInformation_API.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/SetHandleInformation_API.h b/include/crack/pen/cracker/sbexecution/AntiDebug/SetHandleInformation_API.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/SetHandleInformation_API.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/SetHandleInformation_API.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.h b/include/crack/pen/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/SharedUserData_KernelDebugger.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.h b/include/crack/pen/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/SoftwareBreakpoints.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/TLS_callbacks.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/TLS_callbacks.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/TLS_callbacks.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/TLS_callbacks.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/TLS_callbacks.h b/include/crack/pen/cracker/sbexecution/AntiDebug/TLS_callbacks.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/TLS_callbacks.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/TLS_callbacks.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/TrapFlag.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/TrapFlag.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/TrapFlag.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/TrapFlag.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/TrapFlag.h b/include/crack/pen/cracker/sbexecution/AntiDebug/TrapFlag.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/TrapFlag.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/TrapFlag.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.h b/include/crack/pen/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/UnhandledExceptionFilter_Handler.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.h b/include/crack/pen/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/WUDF_IsDebuggerPresent.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/WriteWatch.cpp b/include/crack/pen/cracker/sbexecution/AntiDebug/WriteWatch.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/WriteWatch.cpp rename to include/crack/pen/cracker/sbexecution/AntiDebug/WriteWatch.cpp diff --git a/include/pen/cracker/sbexecution/AntiDebug/WriteWatch.h b/include/crack/pen/cracker/sbexecution/AntiDebug/WriteWatch.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/WriteWatch.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/WriteWatch.h diff --git a/include/pen/cracker/sbexecution/AntiDebug/int2d_x64.asm b/include/crack/pen/cracker/sbexecution/AntiDebug/int2d_x64.asm similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/int2d_x64.asm rename to include/crack/pen/cracker/sbexecution/AntiDebug/int2d_x64.asm diff --git a/include/pen/cracker/sbexecution/AntiDebug/int2d_x86.asm b/include/crack/pen/cracker/sbexecution/AntiDebug/int2d_x86.asm similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/int2d_x86.asm rename to include/crack/pen/cracker/sbexecution/AntiDebug/int2d_x86.asm diff --git a/include/pen/cracker/sbexecution/AntiDebug/pch.h b/include/crack/pen/cracker/sbexecution/AntiDebug/pch.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDebug/pch.h rename to include/crack/pen/cracker/sbexecution/AntiDebug/pch.h diff --git a/include/pen/cracker/sbexecution/AntiDisassm/AntiDisassm.cpp b/include/crack/pen/cracker/sbexecution/AntiDisassm/AntiDisassm.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDisassm/AntiDisassm.cpp rename to include/crack/pen/cracker/sbexecution/AntiDisassm/AntiDisassm.cpp diff --git a/include/pen/cracker/sbexecution/AntiDisassm/AntiDisassm.h b/include/crack/pen/cracker/sbexecution/AntiDisassm/AntiDisassm.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDisassm/AntiDisassm.h rename to include/crack/pen/cracker/sbexecution/AntiDisassm/AntiDisassm.h diff --git a/include/pen/cracker/sbexecution/AntiDisassm/AntiDisassm_x64.asm b/include/crack/pen/cracker/sbexecution/AntiDisassm/AntiDisassm_x64.asm similarity index 100% rename from include/pen/cracker/sbexecution/AntiDisassm/AntiDisassm_x64.asm rename to include/crack/pen/cracker/sbexecution/AntiDisassm/AntiDisassm_x64.asm diff --git a/include/pen/cracker/sbexecution/AntiDisassm/AntiDisassm_x86.asm b/include/crack/pen/cracker/sbexecution/AntiDisassm/AntiDisassm_x86.asm similarity index 100% rename from include/pen/cracker/sbexecution/AntiDisassm/AntiDisassm_x86.asm rename to include/crack/pen/cracker/sbexecution/AntiDisassm/AntiDisassm_x86.asm diff --git a/include/pen/cracker/sbexecution/AntiDisassm/pch.h b/include/crack/pen/cracker/sbexecution/AntiDisassm/pch.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDisassm/pch.h rename to include/crack/pen/cracker/sbexecution/AntiDisassm/pch.h diff --git a/include/pen/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.cpp b/include/crack/pen/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.cpp rename to include/crack/pen/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.cpp diff --git a/include/pen/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.h b/include/crack/pen/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.h rename to include/crack/pen/cracker/sbexecution/AntiDump/ErasePEHeaderFromMemory.h diff --git a/include/pen/cracker/sbexecution/AntiDump/SizeOfImage.cpp b/include/crack/pen/cracker/sbexecution/AntiDump/SizeOfImage.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiDump/SizeOfImage.cpp rename to include/crack/pen/cracker/sbexecution/AntiDump/SizeOfImage.cpp diff --git a/include/pen/cracker/sbexecution/AntiDump/SizeOfImage.h b/include/crack/pen/cracker/sbexecution/AntiDump/SizeOfImage.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDump/SizeOfImage.h rename to include/crack/pen/cracker/sbexecution/AntiDump/SizeOfImage.h diff --git a/include/pen/cracker/sbexecution/AntiDump/pch.h b/include/crack/pen/cracker/sbexecution/AntiDump/pch.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiDump/pch.h rename to include/crack/pen/cracker/sbexecution/AntiDump/pch.h diff --git a/include/pen/cracker/sbexecution/AntiVM/Generic.cpp b/include/crack/pen/cracker/sbexecution/AntiVM/Generic.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Generic.cpp rename to include/crack/pen/cracker/sbexecution/AntiVM/Generic.cpp diff --git a/include/pen/cracker/sbexecution/AntiVM/Generic.h b/include/crack/pen/cracker/sbexecution/AntiVM/Generic.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Generic.h rename to include/crack/pen/cracker/sbexecution/AntiVM/Generic.h diff --git a/include/pen/cracker/sbexecution/AntiVM/HyperV.cpp b/include/crack/pen/cracker/sbexecution/AntiVM/HyperV.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/HyperV.cpp rename to include/crack/pen/cracker/sbexecution/AntiVM/HyperV.cpp diff --git a/include/pen/cracker/sbexecution/AntiVM/HyperV.h b/include/crack/pen/cracker/sbexecution/AntiVM/HyperV.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/HyperV.h rename to include/crack/pen/cracker/sbexecution/AntiVM/HyperV.h diff --git a/include/pen/cracker/sbexecution/AntiVM/KVM.cpp b/include/crack/pen/cracker/sbexecution/AntiVM/KVM.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/KVM.cpp rename to include/crack/pen/cracker/sbexecution/AntiVM/KVM.cpp diff --git a/include/pen/cracker/sbexecution/AntiVM/KVM.h b/include/crack/pen/cracker/sbexecution/AntiVM/KVM.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/KVM.h rename to include/crack/pen/cracker/sbexecution/AntiVM/KVM.h diff --git a/include/pen/cracker/sbexecution/AntiVM/Parallels.cpp b/include/crack/pen/cracker/sbexecution/AntiVM/Parallels.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Parallels.cpp rename to include/crack/pen/cracker/sbexecution/AntiVM/Parallels.cpp diff --git a/include/pen/cracker/sbexecution/AntiVM/Parallels.h b/include/crack/pen/cracker/sbexecution/AntiVM/Parallels.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Parallels.h rename to include/crack/pen/cracker/sbexecution/AntiVM/Parallels.h diff --git a/include/pen/cracker/sbexecution/AntiVM/Qemu.cpp b/include/crack/pen/cracker/sbexecution/AntiVM/Qemu.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Qemu.cpp rename to include/crack/pen/cracker/sbexecution/AntiVM/Qemu.cpp diff --git a/include/pen/cracker/sbexecution/AntiVM/Qemu.h b/include/crack/pen/cracker/sbexecution/AntiVM/Qemu.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Qemu.h rename to include/crack/pen/cracker/sbexecution/AntiVM/Qemu.h diff --git a/include/pen/cracker/sbexecution/AntiVM/Services.cpp b/include/crack/pen/cracker/sbexecution/AntiVM/Services.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Services.cpp rename to include/crack/pen/cracker/sbexecution/AntiVM/Services.cpp diff --git a/include/pen/cracker/sbexecution/AntiVM/Services.h b/include/crack/pen/cracker/sbexecution/AntiVM/Services.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Services.h rename to include/crack/pen/cracker/sbexecution/AntiVM/Services.h diff --git a/include/pen/cracker/sbexecution/AntiVM/VMWare.cpp b/include/crack/pen/cracker/sbexecution/AntiVM/VMWare.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/VMWare.cpp rename to include/crack/pen/cracker/sbexecution/AntiVM/VMWare.cpp diff --git a/include/pen/cracker/sbexecution/AntiVM/VMWare.h b/include/crack/pen/cracker/sbexecution/AntiVM/VMWare.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/VMWare.h rename to include/crack/pen/cracker/sbexecution/AntiVM/VMWare.h diff --git a/include/pen/cracker/sbexecution/AntiVM/VirtualBox.cpp b/include/crack/pen/cracker/sbexecution/AntiVM/VirtualBox.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/VirtualBox.cpp rename to include/crack/pen/cracker/sbexecution/AntiVM/VirtualBox.cpp diff --git a/include/pen/cracker/sbexecution/AntiVM/VirtualBox.h b/include/crack/pen/cracker/sbexecution/AntiVM/VirtualBox.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/VirtualBox.h rename to include/crack/pen/cracker/sbexecution/AntiVM/VirtualBox.h diff --git a/include/pen/cracker/sbexecution/AntiVM/VirtualPC.cpp b/include/crack/pen/cracker/sbexecution/AntiVM/VirtualPC.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/VirtualPC.cpp rename to include/crack/pen/cracker/sbexecution/AntiVM/VirtualPC.cpp diff --git a/include/pen/cracker/sbexecution/AntiVM/VirtualPC.h b/include/crack/pen/cracker/sbexecution/AntiVM/VirtualPC.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/VirtualPC.h rename to include/crack/pen/cracker/sbexecution/AntiVM/VirtualPC.h diff --git a/include/pen/cracker/sbexecution/AntiVM/Wine.cpp b/include/crack/pen/cracker/sbexecution/AntiVM/Wine.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Wine.cpp rename to include/crack/pen/cracker/sbexecution/AntiVM/Wine.cpp diff --git a/include/pen/cracker/sbexecution/AntiVM/Wine.h b/include/crack/pen/cracker/sbexecution/AntiVM/Wine.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Wine.h rename to include/crack/pen/cracker/sbexecution/AntiVM/Wine.h diff --git a/include/pen/cracker/sbexecution/AntiVM/Xen.cpp b/include/crack/pen/cracker/sbexecution/AntiVM/Xen.cpp similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Xen.cpp rename to include/crack/pen/cracker/sbexecution/AntiVM/Xen.cpp diff --git a/include/pen/cracker/sbexecution/AntiVM/Xen.h b/include/crack/pen/cracker/sbexecution/AntiVM/Xen.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/Xen.h rename to include/crack/pen/cracker/sbexecution/AntiVM/Xen.h diff --git a/include/pen/cracker/sbexecution/AntiVM/pch.h b/include/crack/pen/cracker/sbexecution/AntiVM/pch.h similarity index 100% rename from include/pen/cracker/sbexecution/AntiVM/pch.h rename to include/crack/pen/cracker/sbexecution/AntiVM/pch.h diff --git a/include/pen/cracker/sbexecution/CodeInjection/CreateRemoteThread.cpp b/include/crack/pen/cracker/sbexecution/CodeInjection/CreateRemoteThread.cpp similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/CreateRemoteThread.cpp rename to include/crack/pen/cracker/sbexecution/CodeInjection/CreateRemoteThread.cpp diff --git a/include/pen/cracker/sbexecution/CodeInjection/CreateRemoteThread.h b/include/crack/pen/cracker/sbexecution/CodeInjection/CreateRemoteThread.h similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/CreateRemoteThread.h rename to include/crack/pen/cracker/sbexecution/CodeInjection/CreateRemoteThread.h diff --git a/include/pen/cracker/sbexecution/CodeInjection/GetSetThreadContext.cpp b/include/crack/pen/cracker/sbexecution/CodeInjection/GetSetThreadContext.cpp similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/GetSetThreadContext.cpp rename to include/crack/pen/cracker/sbexecution/CodeInjection/GetSetThreadContext.cpp diff --git a/include/pen/cracker/sbexecution/CodeInjection/GetSetThreadContext.h b/include/crack/pen/cracker/sbexecution/CodeInjection/GetSetThreadContext.h similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/GetSetThreadContext.h rename to include/crack/pen/cracker/sbexecution/CodeInjection/GetSetThreadContext.h diff --git a/include/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.cpp b/include/crack/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.cpp similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.cpp rename to include/crack/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.cpp diff --git a/include/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.h b/include/crack/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.h similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.h rename to include/crack/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.h diff --git a/include/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj b/include/crack/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj rename to include/crack/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj diff --git a/include/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj.filters b/include/crack/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj.filters similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj.filters rename to include/crack/pen/cracker/sbexecution/CodeInjection/InjectedDLL/InjectedDLL.vcxproj.filters diff --git a/include/pen/cracker/sbexecution/CodeInjection/InjectedDLL/definitions.def b/include/crack/pen/cracker/sbexecution/CodeInjection/InjectedDLL/definitions.def similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/InjectedDLL/definitions.def rename to include/crack/pen/cracker/sbexecution/CodeInjection/InjectedDLL/definitions.def diff --git a/include/pen/cracker/sbexecution/CodeInjection/NtCreateThreadEx.cpp b/include/crack/pen/cracker/sbexecution/CodeInjection/NtCreateThreadEx.cpp similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/NtCreateThreadEx.cpp rename to include/crack/pen/cracker/sbexecution/CodeInjection/NtCreateThreadEx.cpp diff --git a/include/pen/cracker/sbexecution/CodeInjection/NtCreateThreadEx.h b/include/crack/pen/cracker/sbexecution/CodeInjection/NtCreateThreadEx.h similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/NtCreateThreadEx.h rename to include/crack/pen/cracker/sbexecution/CodeInjection/NtCreateThreadEx.h diff --git a/include/pen/cracker/sbexecution/CodeInjection/QueueUserAPC.cpp b/include/crack/pen/cracker/sbexecution/CodeInjection/QueueUserAPC.cpp similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/QueueUserAPC.cpp rename to include/crack/pen/cracker/sbexecution/CodeInjection/QueueUserAPC.cpp diff --git a/include/pen/cracker/sbexecution/CodeInjection/QueueUserAPC.h b/include/crack/pen/cracker/sbexecution/CodeInjection/QueueUserAPC.h similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/QueueUserAPC.h rename to include/crack/pen/cracker/sbexecution/CodeInjection/QueueUserAPC.h diff --git a/include/pen/cracker/sbexecution/CodeInjection/RtlCreateUserThread.cpp b/include/crack/pen/cracker/sbexecution/CodeInjection/RtlCreateUserThread.cpp similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/RtlCreateUserThread.cpp rename to include/crack/pen/cracker/sbexecution/CodeInjection/RtlCreateUserThread.cpp diff --git a/include/pen/cracker/sbexecution/CodeInjection/RtlCreateUserThread.h b/include/crack/pen/cracker/sbexecution/CodeInjection/RtlCreateUserThread.h similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/RtlCreateUserThread.h rename to include/crack/pen/cracker/sbexecution/CodeInjection/RtlCreateUserThread.h diff --git a/include/pen/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.cpp b/include/crack/pen/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.cpp similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.cpp rename to include/crack/pen/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.cpp diff --git a/include/pen/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.h b/include/crack/pen/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.h similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.h rename to include/crack/pen/cracker/sbexecution/CodeInjection/SetWindowsHooksEx.h diff --git a/include/pen/cracker/sbexecution/CodeInjection/pch.h b/include/crack/pen/cracker/sbexecution/CodeInjection/pch.h similarity index 100% rename from include/pen/cracker/sbexecution/CodeInjection/pch.h rename to include/crack/pen/cracker/sbexecution/CodeInjection/pch.h diff --git a/include/pen/cracker/sbexecution/OfficeMacro/al-khaser.docm b/include/crack/pen/cracker/sbexecution/OfficeMacro/al-khaser.docm similarity index 100% rename from include/pen/cracker/sbexecution/OfficeMacro/al-khaser.docm rename to include/crack/pen/cracker/sbexecution/OfficeMacro/al-khaser.docm diff --git a/include/pen/cracker/sbexecution/OfficeMacro/macros.vba b/include/crack/pen/cracker/sbexecution/OfficeMacro/macros.vba similarity index 100% rename from include/pen/cracker/sbexecution/OfficeMacro/macros.vba rename to include/crack/pen/cracker/sbexecution/OfficeMacro/macros.vba diff --git a/include/pen/cracker/sbexecution/Shared/APIs.cpp b/include/crack/pen/cracker/sbexecution/Shared/APIs.cpp similarity index 100% rename from include/pen/cracker/sbexecution/Shared/APIs.cpp rename to include/crack/pen/cracker/sbexecution/Shared/APIs.cpp diff --git a/include/pen/cracker/sbexecution/Shared/APIs.h b/include/crack/pen/cracker/sbexecution/Shared/APIs.h similarity index 100% rename from include/pen/cracker/sbexecution/Shared/APIs.h rename to include/crack/pen/cracker/sbexecution/Shared/APIs.h diff --git a/include/pen/cracker/sbexecution/Shared/ApiTypeDefs.cpp b/include/crack/pen/cracker/sbexecution/Shared/ApiTypeDefs.cpp similarity index 100% rename from include/pen/cracker/sbexecution/Shared/ApiTypeDefs.cpp rename to include/crack/pen/cracker/sbexecution/Shared/ApiTypeDefs.cpp diff --git a/include/pen/cracker/sbexecution/Shared/ApiTypeDefs.h b/include/crack/pen/cracker/sbexecution/Shared/ApiTypeDefs.h similarity index 100% rename from include/pen/cracker/sbexecution/Shared/ApiTypeDefs.h rename to include/crack/pen/cracker/sbexecution/Shared/ApiTypeDefs.h diff --git a/include/pen/cracker/sbexecution/Shared/Common.cpp b/include/crack/pen/cracker/sbexecution/Shared/Common.cpp similarity index 100% rename from include/pen/cracker/sbexecution/Shared/Common.cpp rename to include/crack/pen/cracker/sbexecution/Shared/Common.cpp diff --git a/include/pen/cracker/sbexecution/Shared/Common.h b/include/crack/pen/cracker/sbexecution/Shared/Common.h similarity index 100% rename from include/pen/cracker/sbexecution/Shared/Common.h rename to include/crack/pen/cracker/sbexecution/Shared/Common.h diff --git a/include/pen/cracker/sbexecution/Shared/Utils.cpp b/include/crack/pen/cracker/sbexecution/Shared/Utils.cpp similarity index 100% rename from include/pen/cracker/sbexecution/Shared/Utils.cpp rename to include/crack/pen/cracker/sbexecution/Shared/Utils.cpp diff --git a/include/pen/cracker/sbexecution/Shared/Utils.h b/include/crack/pen/cracker/sbexecution/Shared/Utils.h similarity index 100% rename from include/pen/cracker/sbexecution/Shared/Utils.h rename to include/crack/pen/cracker/sbexecution/Shared/Utils.h diff --git a/include/pen/cracker/sbexecution/Shared/VersionHelpers.h b/include/crack/pen/cracker/sbexecution/Shared/VersionHelpers.h similarity index 100% rename from include/pen/cracker/sbexecution/Shared/VersionHelpers.h rename to include/crack/pen/cracker/sbexecution/Shared/VersionHelpers.h diff --git a/include/pen/cracker/sbexecution/Shared/WinStructs.h b/include/crack/pen/cracker/sbexecution/Shared/WinStructs.h similarity index 100% rename from include/pen/cracker/sbexecution/Shared/WinStructs.h rename to include/crack/pen/cracker/sbexecution/Shared/WinStructs.h diff --git a/include/pen/cracker/sbexecution/Shared/log.cpp b/include/crack/pen/cracker/sbexecution/Shared/log.cpp similarity index 100% rename from include/pen/cracker/sbexecution/Shared/log.cpp rename to include/crack/pen/cracker/sbexecution/Shared/log.cpp diff --git a/include/pen/cracker/sbexecution/Shared/log.h b/include/crack/pen/cracker/sbexecution/Shared/log.h similarity index 100% rename from include/pen/cracker/sbexecution/Shared/log.h rename to include/crack/pen/cracker/sbexecution/Shared/log.h diff --git a/include/pen/cracker/sbexecution/Shared/pch.h b/include/crack/pen/cracker/sbexecution/Shared/pch.h similarity index 100% rename from include/pen/cracker/sbexecution/Shared/pch.h rename to include/crack/pen/cracker/sbexecution/Shared/pch.h diff --git a/include/pen/cracker/sbexecution/Shared/winapifamily.h b/include/crack/pen/cracker/sbexecution/Shared/winapifamily.h similarity index 100% rename from include/pen/cracker/sbexecution/Shared/winapifamily.h rename to include/crack/pen/cracker/sbexecution/Shared/winapifamily.h diff --git a/include/pen/cracker/sbexecution/TimingAttacks/pch.h b/include/crack/pen/cracker/sbexecution/TimingAttacks/pch.h similarity index 100% rename from include/pen/cracker/sbexecution/TimingAttacks/pch.h rename to include/crack/pen/cracker/sbexecution/TimingAttacks/pch.h diff --git a/include/pen/cracker/sbexecution/TimingAttacks/timing.cpp b/include/crack/pen/cracker/sbexecution/TimingAttacks/timing.cpp similarity index 100% rename from include/pen/cracker/sbexecution/TimingAttacks/timing.cpp rename to include/crack/pen/cracker/sbexecution/TimingAttacks/timing.cpp diff --git a/include/pen/cracker/sbexecution/TimingAttacks/timing.h b/include/crack/pen/cracker/sbexecution/TimingAttacks/timing.h similarity index 100% rename from include/pen/cracker/sbexecution/TimingAttacks/timing.h rename to include/crack/pen/cracker/sbexecution/TimingAttacks/timing.h diff --git a/include/pen/cracker/sbexecution/blackmarlinexec.cpp b/include/crack/pen/cracker/sbexecution/blackmarlinexec.cpp similarity index 100% rename from include/pen/cracker/sbexecution/blackmarlinexec.cpp rename to include/crack/pen/cracker/sbexecution/blackmarlinexec.cpp diff --git a/include/pen/cracker/sbexecution/blackmarlinexec.filters b/include/crack/pen/cracker/sbexecution/blackmarlinexec.filters similarity index 100% rename from include/pen/cracker/sbexecution/blackmarlinexec.filters rename to include/crack/pen/cracker/sbexecution/blackmarlinexec.filters diff --git a/include/pen/cracker/sbexecution/blackmarlinexec.vcxproj b/include/crack/pen/cracker/sbexecution/blackmarlinexec.vcxproj similarity index 100% rename from include/pen/cracker/sbexecution/blackmarlinexec.vcxproj rename to include/crack/pen/cracker/sbexecution/blackmarlinexec.vcxproj diff --git a/include/pen/cracker/sbexecution/packages.config b/include/crack/pen/cracker/sbexecution/packages.config similarity index 100% rename from include/pen/cracker/sbexecution/packages.config rename to include/crack/pen/cracker/sbexecution/packages.config diff --git a/include/pen/cracker/sbexecution/pch.cpp b/include/crack/pen/cracker/sbexecution/pch.cpp similarity index 100% rename from include/pen/cracker/sbexecution/pch.cpp rename to include/crack/pen/cracker/sbexecution/pch.cpp diff --git a/include/pen/cracker/sbexecution/pch.h b/include/crack/pen/cracker/sbexecution/pch.h similarity index 100% rename from include/pen/cracker/sbexecution/pch.h rename to include/crack/pen/cracker/sbexecution/pch.h diff --git a/include/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.cpp b/include/crack/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.cpp similarity index 100% rename from include/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.cpp rename to include/crack/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.cpp diff --git a/include/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj b/include/crack/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj similarity index 100% rename from include/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj rename to include/crack/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj diff --git a/include/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj.filters b/include/crack/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj.filters similarity index 100% rename from include/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj.filters rename to include/crack/pen/cracker/tools/ATAIdentifyDump/ATAIdentifyDump.vcxproj.filters diff --git a/include/pen/cracker/tools/ATAIdentifyDump/IdentifyDeviceData.h b/include/crack/pen/cracker/tools/ATAIdentifyDump/IdentifyDeviceData.h similarity index 100% rename from include/pen/cracker/tools/ATAIdentifyDump/IdentifyDeviceData.h rename to include/crack/pen/cracker/tools/ATAIdentifyDump/IdentifyDeviceData.h diff --git a/include/pen/cracker/tools/ATAIdentifyDump/pch.cpp b/include/crack/pen/cracker/tools/ATAIdentifyDump/pch.cpp similarity index 100% rename from include/pen/cracker/tools/ATAIdentifyDump/pch.cpp rename to include/crack/pen/cracker/tools/ATAIdentifyDump/pch.cpp diff --git a/include/pen/cracker/tools/ATAIdentifyDump/pch.h b/include/crack/pen/cracker/tools/ATAIdentifyDump/pch.h similarity index 100% rename from include/pen/cracker/tools/ATAIdentifyDump/pch.h rename to include/crack/pen/cracker/tools/ATAIdentifyDump/pch.h diff --git a/include/pen/cracker/tools/StructDumpCodegen/struct_dump_codegen.linq b/include/crack/pen/cracker/tools/StructDumpCodegen/struct_dump_codegen.linq similarity index 100% rename from include/pen/cracker/tools/StructDumpCodegen/struct_dump_codegen.linq rename to include/crack/pen/cracker/tools/StructDumpCodegen/struct_dump_codegen.linq diff --git a/include/pen/enformer/.gitattributes b/include/crack/pen/enformer/.gitattributes similarity index 100% rename from include/pen/enformer/.gitattributes rename to include/crack/pen/enformer/.gitattributes diff --git a/include/pen/enformer/.gitignore b/include/crack/pen/enformer/.gitignore similarity index 100% rename from include/pen/enformer/.gitignore rename to include/crack/pen/enformer/.gitignore diff --git a/include/pen/enformer/informer.P64 b/include/crack/pen/enformer/informer.P64 similarity index 100% rename from include/pen/enformer/informer.P64 rename to include/crack/pen/enformer/informer.P64 diff --git a/include/pen/enformer/informer.pLW b/include/crack/pen/enformer/informer.pLW similarity index 100% rename from include/pen/enformer/informer.pLW rename to include/crack/pen/enformer/informer.pLW diff --git a/include/pen/enformer/informer.sln b/include/crack/pen/enformer/informer.sln similarity index 100% rename from include/pen/enformer/informer.sln rename to include/crack/pen/enformer/informer.sln diff --git a/include/pen/enformer/plugin/Class_Informer.txt b/include/crack/pen/enformer/plugin/Class_Informer.txt similarity index 100% rename from include/pen/enformer/plugin/Class_Informer.txt rename to include/crack/pen/enformer/plugin/Class_Informer.txt diff --git a/include/pen/enformer/plugin/Core.cpp b/include/crack/pen/enformer/plugin/Core.cpp similarity index 100% rename from include/pen/enformer/plugin/Core.cpp rename to include/crack/pen/enformer/plugin/Core.cpp diff --git a/include/pen/enformer/plugin/Core.h b/include/crack/pen/enformer/plugin/Core.h similarity index 100% rename from include/pen/enformer/plugin/Core.h rename to include/crack/pen/enformer/plugin/Core.h diff --git a/include/pen/enformer/plugin/GeneratedFiles/Debug/moc_MainDialog.cpp b/include/crack/pen/enformer/plugin/GeneratedFiles/Debug/moc_MainDialog.cpp similarity index 100% rename from include/pen/enformer/plugin/GeneratedFiles/Debug/moc_MainDialog.cpp rename to include/crack/pen/enformer/plugin/GeneratedFiles/Debug/moc_MainDialog.cpp diff --git a/include/pen/enformer/plugin/GeneratedFiles/Debug64/moc_MainDialog.cpp b/include/crack/pen/enformer/plugin/GeneratedFiles/Debug64/moc_MainDialog.cpp similarity index 100% rename from include/pen/enformer/plugin/GeneratedFiles/Debug64/moc_MainDialog.cpp rename to include/crack/pen/enformer/plugin/GeneratedFiles/Debug64/moc_MainDialog.cpp diff --git a/include/pen/enformer/plugin/GeneratedFiles/Release/moc_MainDialog.cpp b/include/crack/pen/enformer/plugin/GeneratedFiles/Release/moc_MainDialog.cpp similarity index 100% rename from include/pen/enformer/plugin/GeneratedFiles/Release/moc_MainDialog.cpp rename to include/crack/pen/enformer/plugin/GeneratedFiles/Release/moc_MainDialog.cpp diff --git a/include/pen/enformer/plugin/GeneratedFiles/Release64/moc_MainDialog.cpp b/include/crack/pen/enformer/plugin/GeneratedFiles/Release64/moc_MainDialog.cpp similarity index 100% rename from include/pen/enformer/plugin/GeneratedFiles/Release64/moc_MainDialog.cpp rename to include/crack/pen/enformer/plugin/GeneratedFiles/Release64/moc_MainDialog.cpp diff --git a/include/pen/enformer/plugin/GeneratedFiles/qrc_QtResource.cpp b/include/crack/pen/enformer/plugin/GeneratedFiles/qrc_QtResource.cpp similarity index 100% rename from include/pen/enformer/plugin/GeneratedFiles/qrc_QtResource.cpp rename to include/crack/pen/enformer/plugin/GeneratedFiles/qrc_QtResource.cpp diff --git a/include/pen/enformer/plugin/GeneratedFiles/ui_dialog.h b/include/crack/pen/enformer/plugin/GeneratedFiles/ui_dialog.h similarity index 100% rename from include/pen/enformer/plugin/GeneratedFiles/ui_dialog.h rename to include/crack/pen/enformer/plugin/GeneratedFiles/ui_dialog.h diff --git a/include/pen/enformer/plugin/IdaOgg.h b/include/crack/pen/enformer/plugin/IdaOgg.h similarity index 100% rename from include/pen/enformer/plugin/IdaOgg.h rename to include/crack/pen/enformer/plugin/IdaOgg.h diff --git a/include/pen/enformer/plugin/IdaOggPlayer.LiB b/include/crack/pen/enformer/plugin/IdaOggPlayer.LiB similarity index 100% rename from include/pen/enformer/plugin/IdaOggPlayer.LiB rename to include/crack/pen/enformer/plugin/IdaOggPlayer.LiB diff --git a/include/pen/enformer/plugin/IdaOggPlayerD.LiB b/include/crack/pen/enformer/plugin/IdaOggPlayerD.LiB similarity index 100% rename from include/pen/enformer/plugin/IdaOggPlayerD.LiB rename to include/crack/pen/enformer/plugin/IdaOggPlayerD.LiB diff --git a/include/pen/enformer/plugin/Main.cpp b/include/crack/pen/enformer/plugin/Main.cpp similarity index 100% rename from include/pen/enformer/plugin/Main.cpp rename to include/crack/pen/enformer/plugin/Main.cpp diff --git a/include/pen/enformer/plugin/MainDialog.cpp b/include/crack/pen/enformer/plugin/MainDialog.cpp similarity index 100% rename from include/pen/enformer/plugin/MainDialog.cpp rename to include/crack/pen/enformer/plugin/MainDialog.cpp diff --git a/include/pen/enformer/plugin/MainDialog.h b/include/crack/pen/enformer/plugin/MainDialog.h similarity index 100% rename from include/pen/enformer/plugin/MainDialog.h rename to include/crack/pen/enformer/plugin/MainDialog.h diff --git a/include/pen/enformer/plugin/QtResource.qrc b/include/crack/pen/enformer/plugin/QtResource.qrc similarity index 100% rename from include/pen/enformer/plugin/QtResource.qrc rename to include/crack/pen/enformer/plugin/QtResource.qrc diff --git a/include/pen/enformer/plugin/RTTI.cpp b/include/crack/pen/enformer/plugin/RTTI.cpp similarity index 100% rename from include/pen/enformer/plugin/RTTI.cpp rename to include/crack/pen/enformer/plugin/RTTI.cpp diff --git a/include/pen/enformer/plugin/RTTI.h b/include/crack/pen/enformer/plugin/RTTI.h similarity index 100% rename from include/pen/enformer/plugin/RTTI.h rename to include/crack/pen/enformer/plugin/RTTI.h diff --git a/include/pen/enformer/plugin/StdAfx.h b/include/crack/pen/enformer/plugin/StdAfx.h similarity index 100% rename from include/pen/enformer/plugin/StdAfx.h rename to include/crack/pen/enformer/plugin/StdAfx.h diff --git a/include/pen/enformer/plugin/Utility.cpp b/include/crack/pen/enformer/plugin/Utility.cpp similarity index 100% rename from include/pen/enformer/plugin/Utility.cpp rename to include/crack/pen/enformer/plugin/Utility.cpp diff --git a/include/pen/enformer/plugin/Utility.h b/include/crack/pen/enformer/plugin/Utility.h similarity index 100% rename from include/pen/enformer/plugin/Utility.h rename to include/crack/pen/enformer/plugin/Utility.h diff --git a/include/pen/enformer/plugin/Vftable.cpp b/include/crack/pen/enformer/plugin/Vftable.cpp similarity index 100% rename from include/pen/enformer/plugin/Vftable.cpp rename to include/crack/pen/enformer/plugin/Vftable.cpp diff --git a/include/pen/enformer/plugin/Vftable.h b/include/crack/pen/enformer/plugin/Vftable.h similarity index 100% rename from include/pen/enformer/plugin/Vftable.h rename to include/crack/pen/enformer/plugin/Vftable.h diff --git a/include/pen/enformer/plugin/WaitBoxEx.LiB b/include/crack/pen/enformer/plugin/WaitBoxEx.LiB similarity index 100% rename from include/pen/enformer/plugin/WaitBoxEx.LiB rename to include/crack/pen/enformer/plugin/WaitBoxEx.LiB diff --git a/include/pen/enformer/plugin/WaitBoxEx.h b/include/crack/pen/enformer/plugin/WaitBoxEx.h similarity index 100% rename from include/pen/enformer/plugin/WaitBoxEx.h rename to include/crack/pen/enformer/plugin/WaitBoxEx.h diff --git a/include/pen/enformer/plugin/WaitBoxExD.LiB b/include/crack/pen/enformer/plugin/WaitBoxExD.LiB similarity index 100% rename from include/pen/enformer/plugin/WaitBoxExD.LiB rename to include/crack/pen/enformer/plugin/WaitBoxExD.LiB diff --git a/include/pen/enformer/plugin/banner.png b/include/crack/pen/enformer/plugin/banner.png similarity index 100% rename from include/pen/enformer/plugin/banner.png rename to include/crack/pen/enformer/plugin/banner.png diff --git a/include/pen/enformer/plugin/checkbox-checked.png b/include/crack/pen/enformer/plugin/checkbox-checked.png similarity index 100% rename from include/pen/enformer/plugin/checkbox-checked.png rename to include/crack/pen/enformer/plugin/checkbox-checked.png diff --git a/include/pen/enformer/plugin/completed.ogg b/include/crack/pen/enformer/plugin/completed.ogg similarity index 100% rename from include/pen/enformer/plugin/completed.ogg rename to include/crack/pen/enformer/plugin/completed.ogg diff --git a/include/pen/enformer/plugin/dialog.ui b/include/crack/pen/enformer/plugin/dialog.ui similarity index 100% rename from include/pen/enformer/plugin/dialog.ui rename to include/crack/pen/enformer/plugin/dialog.ui diff --git a/include/pen/enformer/plugin/icon.png b/include/crack/pen/enformer/plugin/icon.png similarity index 100% rename from include/pen/enformer/plugin/icon.png rename to include/crack/pen/enformer/plugin/icon.png diff --git a/include/pen/enformer/plugin/informer.filters b/include/crack/pen/enformer/plugin/informer.filters similarity index 100% rename from include/pen/enformer/plugin/informer.filters rename to include/crack/pen/enformer/plugin/informer.filters diff --git a/include/pen/enformer/plugin/informer.user b/include/crack/pen/enformer/plugin/informer.user similarity index 100% rename from include/pen/enformer/plugin/informer.user rename to include/crack/pen/enformer/plugin/informer.user diff --git a/include/pen/enformer/plugin/informer.vcxproj b/include/crack/pen/enformer/plugin/informer.vcxproj similarity index 100% rename from include/pen/enformer/plugin/informer.vcxproj rename to include/crack/pen/enformer/plugin/informer.vcxproj diff --git a/include/pen/enformer/plugin/progress-style.qss b/include/crack/pen/enformer/plugin/progress-style.qss similarity index 100% rename from include/pen/enformer/plugin/progress-style.qss rename to include/crack/pen/enformer/plugin/progress-style.qss diff --git a/include/pen/enformer/plugin/style.qss b/include/crack/pen/enformer/plugin/style.qss similarity index 100% rename from include/pen/enformer/plugin/style.qss rename to include/crack/pen/enformer/plugin/style.qss diff --git a/include/pen/enformer/plugin/undname.h b/include/crack/pen/enformer/plugin/undname.h similarity index 100% rename from include/pen/enformer/plugin/undname.h rename to include/crack/pen/enformer/plugin/undname.h diff --git a/include/pen/enformer/plugin/view-style.qss b/include/crack/pen/enformer/plugin/view-style.qss similarity index 100% rename from include/pen/enformer/plugin/view-style.qss rename to include/crack/pen/enformer/plugin/view-style.qss diff --git a/include/pen/execution/asset/img.png b/include/crack/pen/execution/asset/img.png similarity index 100% rename from include/pen/execution/asset/img.png rename to include/crack/pen/execution/asset/img.png diff --git a/include/pen/execution/execution/execution-dll/RefleXXion-DLL.vcxproj.user b/include/crack/pen/execution/execution/execution-dll/RefleXXion-DLL.vcxproj.user similarity index 100% rename from include/pen/execution/execution/execution-dll/RefleXXion-DLL.vcxproj.user rename to include/crack/pen/execution/execution/execution-dll/RefleXXion-DLL.vcxproj.user diff --git a/include/pen/execution/execution/execution-dll/execution.filters b/include/crack/pen/execution/execution/execution-dll/execution.filters similarity index 100% rename from include/pen/execution/execution/execution-dll/execution.filters rename to include/crack/pen/execution/execution/execution-dll/execution.filters diff --git a/include/pen/execution/execution/execution-dll/execution.vcxproj b/include/crack/pen/execution/execution/execution-dll/execution.vcxproj similarity index 100% rename from include/pen/execution/execution/execution-dll/execution.vcxproj rename to include/crack/pen/execution/execution/execution-dll/execution.vcxproj diff --git a/include/pen/execution/execution/execution-dll/main.cpp b/include/crack/pen/execution/execution/execution-dll/main.cpp similarity index 100% rename from include/pen/execution/execution/execution-dll/main.cpp rename to include/crack/pen/execution/execution/execution-dll/main.cpp diff --git a/include/pen/execution/execution/execution-exe/RefleXXion-EXE.vcxproj.user b/include/crack/pen/execution/execution/execution-exe/RefleXXion-EXE.vcxproj.user similarity index 100% rename from include/pen/execution/execution/execution-exe/RefleXXion-EXE.vcxproj.user rename to include/crack/pen/execution/execution/execution-exe/RefleXXion-EXE.vcxproj.user diff --git a/include/pen/execution/execution/execution-exe/execution.filters b/include/crack/pen/execution/execution/execution-exe/execution.filters similarity index 100% rename from include/pen/execution/execution/execution-exe/execution.filters rename to include/crack/pen/execution/execution/execution-exe/execution.filters diff --git a/include/pen/execution/execution/execution-exe/execution.vcxproj b/include/crack/pen/execution/execution/execution-exe/execution.vcxproj similarity index 100% rename from include/pen/execution/execution/execution-exe/execution.vcxproj rename to include/crack/pen/execution/execution/execution-exe/execution.vcxproj diff --git a/include/pen/execution/execution/execution-exe/main.cpp b/include/crack/pen/execution/execution/execution-exe/main.cpp similarity index 100% rename from include/pen/execution/execution/execution-exe/main.cpp rename to include/crack/pen/execution/execution/execution-exe/main.cpp diff --git a/include/pen/execution/execution/execution.sln b/include/crack/pen/execution/execution/execution.sln similarity index 100% rename from include/pen/execution/execution/execution.sln rename to include/crack/pen/execution/execution/execution.sln diff --git a/include/pen/fuzzer/bme-fuzzer.sh b/include/crack/pen/fuzzer/bme-fuzzer.sh similarity index 100% rename from include/pen/fuzzer/bme-fuzzer.sh rename to include/crack/pen/fuzzer/bme-fuzzer.sh diff --git a/include/pen/fuzzer/fuzzer/CMakeLists.txt b/include/crack/pen/fuzzer/fuzzer/CMakeLists.txt similarity index 100% rename from include/pen/fuzzer/fuzzer/CMakeLists.txt rename to include/crack/pen/fuzzer/fuzzer/CMakeLists.txt diff --git a/include/pen/fuzzer/fuzzer/FuzzerBuiltins.h b/include/crack/pen/fuzzer/fuzzer/FuzzerBuiltins.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerBuiltins.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerBuiltins.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerBuiltinsMsvc.h b/include/crack/pen/fuzzer/fuzzer/FuzzerBuiltinsMsvc.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerBuiltinsMsvc.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerBuiltinsMsvc.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerCommand.h b/include/crack/pen/fuzzer/fuzzer/FuzzerCommand.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerCommand.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerCommand.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerCorpus.h b/include/crack/pen/fuzzer/fuzzer/FuzzerCorpus.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerCorpus.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerCorpus.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerCrossOver.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerCrossOver.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerCrossOver.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerCrossOver.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerDataFlowTrace.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerDataFlowTrace.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerDataFlowTrace.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerDataFlowTrace.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerDataFlowTrace.h b/include/crack/pen/fuzzer/fuzzer/FuzzerDataFlowTrace.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerDataFlowTrace.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerDataFlowTrace.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerDefs.h b/include/crack/pen/fuzzer/fuzzer/FuzzerDefs.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerDefs.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerDefs.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerDictionary.h b/include/crack/pen/fuzzer/fuzzer/FuzzerDictionary.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerDictionary.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerDictionary.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerDriver.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerDriver.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerDriver.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerDriver.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerExtFunctions.def b/include/crack/pen/fuzzer/fuzzer/FuzzerExtFunctions.def similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerExtFunctions.def rename to include/crack/pen/fuzzer/fuzzer/FuzzerExtFunctions.def diff --git a/include/pen/fuzzer/fuzzer/FuzzerExtFunctions.h b/include/crack/pen/fuzzer/fuzzer/FuzzerExtFunctions.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerExtFunctions.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerExtFunctions.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerExtFunctionsDlsym.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerExtFunctionsDlsym.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerExtFunctionsDlsym.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerExtFunctionsDlsym.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerExtFunctionsWeak.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerExtFunctionsWeak.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerExtFunctionsWeak.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerExtFunctionsWeak.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerExtFunctionsWindows.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerExtFunctionsWindows.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerExtFunctionsWindows.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerExtFunctionsWindows.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerExtraCounters.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerExtraCounters.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerExtraCounters.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerExtraCounters.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerFlags.def b/include/crack/pen/fuzzer/fuzzer/FuzzerFlags.def similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerFlags.def rename to include/crack/pen/fuzzer/fuzzer/FuzzerFlags.def diff --git a/include/pen/fuzzer/fuzzer/FuzzerFork.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerFork.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerFork.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerFork.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerFork.h b/include/crack/pen/fuzzer/fuzzer/FuzzerFork.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerFork.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerFork.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerIO.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerIO.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerIO.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerIO.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerIO.h b/include/crack/pen/fuzzer/fuzzer/FuzzerIO.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerIO.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerIO.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerIOPosix.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerIOPosix.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerIOPosix.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerIOPosix.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerIOWindows.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerIOWindows.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerIOWindows.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerIOWindows.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerInterface.h b/include/crack/pen/fuzzer/fuzzer/FuzzerInterface.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerInterface.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerInterface.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerInternal.h b/include/crack/pen/fuzzer/fuzzer/FuzzerInternal.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerInternal.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerInternal.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerLoop.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerLoop.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerLoop.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerLoop.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerMain.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerMain.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerMain.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerMain.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerMerge.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerMerge.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerMerge.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerMerge.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerMerge.h b/include/crack/pen/fuzzer/fuzzer/FuzzerMerge.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerMerge.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerMerge.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerMutate.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerMutate.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerMutate.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerMutate.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerMutate.h b/include/crack/pen/fuzzer/fuzzer/FuzzerMutate.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerMutate.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerMutate.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerOptions.h b/include/crack/pen/fuzzer/fuzzer/FuzzerOptions.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerOptions.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerOptions.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerRandom.h b/include/crack/pen/fuzzer/fuzzer/FuzzerRandom.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerRandom.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerRandom.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerSHA1.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerSHA1.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerSHA1.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerSHA1.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerSHA1.h b/include/crack/pen/fuzzer/fuzzer/FuzzerSHA1.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerSHA1.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerSHA1.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerTracePC.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerTracePC.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerTracePC.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerTracePC.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerTracePC.h b/include/crack/pen/fuzzer/fuzzer/FuzzerTracePC.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerTracePC.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerTracePC.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerUtil.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerUtil.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerUtil.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerUtil.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerUtil.h b/include/crack/pen/fuzzer/fuzzer/FuzzerUtil.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerUtil.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerUtil.h diff --git a/include/pen/fuzzer/fuzzer/FuzzerUtilDarwin.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerUtilDarwin.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerUtilDarwin.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerUtilDarwin.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerUtilFuchsia.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerUtilFuchsia.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerUtilFuchsia.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerUtilFuchsia.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerUtilLinux.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerUtilLinux.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerUtilLinux.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerUtilLinux.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerUtilPosix.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerUtilPosix.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerUtilPosix.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerUtilPosix.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerUtilWindows.cpp b/include/crack/pen/fuzzer/fuzzer/FuzzerUtilWindows.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerUtilWindows.cpp rename to include/crack/pen/fuzzer/fuzzer/FuzzerUtilWindows.cpp diff --git a/include/pen/fuzzer/fuzzer/FuzzerValueBitMap.h b/include/crack/pen/fuzzer/fuzzer/FuzzerValueBitMap.h similarity index 100% rename from include/pen/fuzzer/fuzzer/FuzzerValueBitMap.h rename to include/crack/pen/fuzzer/fuzzer/FuzzerValueBitMap.h diff --git a/include/pen/fuzzer/fuzzer/build.sh b/include/crack/pen/fuzzer/fuzzer/build.sh similarity index 100% rename from include/pen/fuzzer/fuzzer/build.sh rename to include/crack/pen/fuzzer/fuzzer/build.sh diff --git a/include/pen/fuzzer/fuzzer/dataflow/DataFlow.cpp b/include/crack/pen/fuzzer/fuzzer/dataflow/DataFlow.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/dataflow/DataFlow.cpp rename to include/crack/pen/fuzzer/fuzzer/dataflow/DataFlow.cpp diff --git a/include/pen/fuzzer/fuzzer/dataflow/DataFlow.h b/include/crack/pen/fuzzer/fuzzer/dataflow/DataFlow.h similarity index 100% rename from include/pen/fuzzer/fuzzer/dataflow/DataFlow.h rename to include/crack/pen/fuzzer/fuzzer/dataflow/DataFlow.h diff --git a/include/pen/fuzzer/fuzzer/dataflow/DataFlowCallbacks.cpp b/include/crack/pen/fuzzer/fuzzer/dataflow/DataFlowCallbacks.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/dataflow/DataFlowCallbacks.cpp rename to include/crack/pen/fuzzer/fuzzer/dataflow/DataFlowCallbacks.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/CMakeLists.txt b/include/crack/pen/fuzzer/fuzzer/fuzzer/CMakeLists.txt similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/CMakeLists.txt rename to include/crack/pen/fuzzer/fuzzer/fuzzer/CMakeLists.txt diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerBuiltins.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerBuiltins.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerBuiltins.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerBuiltins.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerBuiltinsMsvc.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerBuiltinsMsvc.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerBuiltinsMsvc.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerBuiltinsMsvc.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerCommand.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerCommand.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerCommand.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerCommand.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerCorpus.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerCorpus.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerCorpus.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerCorpus.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerCrossOver.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerCrossOver.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerCrossOver.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerCrossOver.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerDataFlowTrace.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerDataFlowTrace.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerDataFlowTrace.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerDataFlowTrace.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerDataFlowTrace.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerDataFlowTrace.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerDataFlowTrace.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerDataFlowTrace.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerDefs.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerDefs.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerDefs.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerDefs.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerDictionary.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerDictionary.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerDictionary.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerDictionary.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerDriver.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerDriver.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerDriver.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerDriver.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctions.def b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctions.def similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctions.def rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctions.def diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctions.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctions.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctions.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctions.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsDlsym.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsDlsym.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsDlsym.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsDlsym.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsWeak.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsWeak.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsWeak.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsWeak.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsWindows.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsWindows.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsWindows.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtFunctionsWindows.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtraCounters.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtraCounters.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerExtraCounters.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerExtraCounters.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerFlags.def b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerFlags.def similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerFlags.def rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerFlags.def diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerFork.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerFork.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerFork.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerFork.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerFork.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerFork.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerFork.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerFork.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerIO.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerIO.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerIO.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerIO.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerIO.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerIO.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerIO.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerIO.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerIOPosix.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerIOPosix.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerIOPosix.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerIOPosix.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerIOWindows.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerIOWindows.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerIOWindows.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerIOWindows.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerInterface.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerInterface.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerInterface.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerInterface.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerInternal.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerInternal.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerInternal.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerInternal.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerLoop.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerLoop.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerLoop.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerLoop.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerMain.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerMain.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerMain.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerMain.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerMerge.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerMerge.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerMerge.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerMerge.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerMerge.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerMerge.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerMerge.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerMerge.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerMutate.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerMutate.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerMutate.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerMutate.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerMutate.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerMutate.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerMutate.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerMutate.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerOptions.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerOptions.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerOptions.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerOptions.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerRandom.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerRandom.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerRandom.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerRandom.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerSHA1.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerSHA1.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerSHA1.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerSHA1.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerSHA1.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerSHA1.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerSHA1.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerSHA1.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerTracePC.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerTracePC.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerTracePC.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerTracePC.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerTracePC.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerTracePC.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerTracePC.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerTracePC.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtil.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtil.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtil.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtil.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtil.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtil.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtil.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtil.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilDarwin.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilDarwin.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilDarwin.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilDarwin.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilFuchsia.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilFuchsia.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilFuchsia.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilFuchsia.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilLinux.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilLinux.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilLinux.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilLinux.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilPosix.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilPosix.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilPosix.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilPosix.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilWindows.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilWindows.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilWindows.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerUtilWindows.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/FuzzerValueBitMap.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerValueBitMap.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/FuzzerValueBitMap.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/FuzzerValueBitMap.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/afl/afl_driver.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/afl/afl_driver.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/afl/afl_driver.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/afl/afl_driver.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/build.sh b/include/crack/pen/fuzzer/fuzzer/fuzzer/build.sh similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/build.sh rename to include/crack/pen/fuzzer/fuzzer/fuzzer/build.sh diff --git a/include/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlow.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlow.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlow.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlow.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlow.h b/include/crack/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlow.h similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlow.h rename to include/crack/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlow.h diff --git a/include/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlowCallbacks.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlowCallbacks.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlowCallbacks.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/dataflow/DataFlowCallbacks.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/scripts/unbalanced_allocs.py b/include/crack/pen/fuzzer/fuzzer/fuzzer/scripts/unbalanced_allocs.py similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/scripts/unbalanced_allocs.py rename to include/crack/pen/fuzzer/fuzzer/fuzzer/scripts/unbalanced_allocs.py diff --git a/include/pen/fuzzer/fuzzer/fuzzer/standalone/StandaloneFuzzTargetMain.c b/include/crack/pen/fuzzer/fuzzer/fuzzer/standalone/StandaloneFuzzTargetMain.c similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/standalone/StandaloneFuzzTargetMain.c rename to include/crack/pen/fuzzer/fuzzer/fuzzer/standalone/StandaloneFuzzTargetMain.c diff --git a/include/pen/fuzzer/fuzzer/fuzzer/tests/CMakeLists.txt b/include/crack/pen/fuzzer/fuzzer/fuzzer/tests/CMakeLists.txt similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/tests/CMakeLists.txt rename to include/crack/pen/fuzzer/fuzzer/fuzzer/tests/CMakeLists.txt diff --git a/include/pen/fuzzer/fuzzer/fuzzer/tests/FuzzedDataProviderUnittest.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/tests/FuzzedDataProviderUnittest.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/tests/FuzzedDataProviderUnittest.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/tests/FuzzedDataProviderUnittest.cpp diff --git a/include/pen/fuzzer/fuzzer/fuzzer/tests/FuzzerUnittest.cpp b/include/crack/pen/fuzzer/fuzzer/fuzzer/tests/FuzzerUnittest.cpp similarity index 100% rename from include/pen/fuzzer/fuzzer/fuzzer/tests/FuzzerUnittest.cpp rename to include/crack/pen/fuzzer/fuzzer/fuzzer/tests/FuzzerUnittest.cpp diff --git a/include/pen/fuzzer/lessons/01/cpp.pdf b/include/crack/pen/fuzzer/lessons/01/cpp.pdf similarity index 100% rename from include/pen/fuzzer/lessons/01/cpp.pdf rename to include/crack/pen/fuzzer/lessons/01/cpp.pdf diff --git a/include/pen/fuzzer/lessons/02/bin/asan.tgz b/include/crack/pen/fuzzer/lessons/02/bin/asan.tgz similarity index 100% rename from include/pen/fuzzer/lessons/02/bin/asan.tgz rename to include/crack/pen/fuzzer/lessons/02/bin/asan.tgz diff --git a/include/pen/fuzzer/lessons/02/bin/radamsa b/include/crack/pen/fuzzer/lessons/02/bin/radamsa similarity index 100% rename from include/pen/fuzzer/lessons/02/bin/radamsa rename to include/crack/pen/fuzzer/lessons/02/bin/radamsa diff --git a/include/pen/fuzzer/lessons/02/generate_testcases.py b/include/crack/pen/fuzzer/lessons/02/generate_testcases.py similarity index 100% rename from include/pen/fuzzer/lessons/02/generate_testcases.py rename to include/crack/pen/fuzzer/lessons/02/generate_testcases.py diff --git a/include/pen/fuzzer/lessons/02/run_fuzzing.py b/include/crack/pen/fuzzer/lessons/02/run_fuzzing.py similarity index 100% rename from include/pen/fuzzer/lessons/02/run_fuzzing.py rename to include/crack/pen/fuzzer/lessons/02/run_fuzzing.py diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/TALOS-CAN-0174 - Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability_POC.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/TALOS-CAN-0174 - Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability_POC.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/TALOS-CAN-0174 - Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability_POC.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/TALOS-CAN-0174 - Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability_POC.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/a.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/a.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/a.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/a.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/b.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/b.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/b.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/b.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/chromeUrls.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/chromeUrls.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/chromeUrls.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/chromeUrls.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/cr.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/cr.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/cr.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/cr.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/formsubmit.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/formsubmit.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/formsubmit.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/formsubmit.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/global-buffer-overflow-61f-ada-9ec.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/global-buffer-overflow-61f-ada-9ec.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/global-buffer-overflow-61f-ada-9ec.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/global-buffer-overflow-61f-ada-9ec.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/global-buffer-overflow.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/global-buffer-overflow.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/global-buffer-overflow.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/global-buffer-overflow.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/heap-buffer-overflow-b19-c75-64e.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/heap-buffer-overflow-b19-c75-64e.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/heap-buffer-overflow-b19-c75-64e.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/heap-buffer-overflow-b19-c75-64e.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/heap-use-after-free-8d2-641-d6d.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/heap-use-after-free-8d2-641-d6d.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/heap-use-after-free-8d2-641-d6d.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/heap-use-after-free-8d2-641-d6d.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/jbig2-overflow-4.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/jbig2-overflow-4.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/jbig2-overflow-4.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/jbig2-overflow-4.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/pageviewtest.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/pageviewtest.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/pageviewtest.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/pageviewtest.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/pdf_crash.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/pdf_crash.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/pdf_crash.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/pdf_crash.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/pdf_crash1.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/pdf_crash1.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/pdf_crash1.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/pdf_crash1.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/pdfium-parseSymbolDict-Overflow.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/pdfium-parseSymbolDict-Overflow.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/pdfium-parseSymbolDict-Overflow.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/pdfium-parseSymbolDict-Overflow.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/poc (1).pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/poc (1).pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/poc (1).pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/poc (1).pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/poc.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/poc.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/poc.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/poc.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/poc_1.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_1.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/poc_1.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_1.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/poc_2.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_2.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/poc_2.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_2.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/poc_3.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_3.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/poc_3.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_3.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/poc_32bit.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_32bit.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/poc_32bit.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_32bit.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/poc_64bit.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_64bit.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/poc_64bit.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_64bit.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/poc_stable.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_stable.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/poc_stable.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_stable.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/poc_tot.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_tot.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/poc_tot.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/poc_tot.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/pocxx.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/pocxx.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/pocxx.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/pocxx.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/repro (1).pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/repro (1).pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/repro (1).pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/repro (1).pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/repro (2).pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/repro (2).pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/repro (2).pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/repro (2).pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/repro.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/repro.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/repro.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/repro.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/soiax0001_repro.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/soiax0001_repro.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/soiax0001_repro.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/soiax0001_repro.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/test (1).pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/test (1).pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/test (1).pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/test (1).pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/test (2).pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/test (2).pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/test (2).pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/test (2).pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/test.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/test.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/test.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/test.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/testcase (1).pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/testcase (1).pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/testcase (1).pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/testcase (1).pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/testcase.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/testcase.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/testcase.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/testcase.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/testcase_focus.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/testcase_focus.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/testcase_focus.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/testcase_focus.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/uaf_2.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/uaf_2.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/uaf_2.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/uaf_2.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/xxx.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/xxx.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/xxx.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/xxx.pdf diff --git a/include/pen/fuzzer/lessons/02/seed_corpus/xxx2.pdf b/include/crack/pen/fuzzer/lessons/02/seed_corpus/xxx2.pdf similarity index 100% rename from include/pen/fuzzer/lessons/02/seed_corpus/xxx2.pdf rename to include/crack/pen/fuzzer/lessons/02/seed_corpus/xxx2.pdf diff --git a/include/pen/fuzzer/lessons/03/cpp.pdf b/include/crack/pen/fuzzer/lessons/03/cpp.pdf similarity index 100% rename from include/pen/fuzzer/lessons/03/cpp.pdf rename to include/crack/pen/fuzzer/lessons/03/cpp.pdf diff --git a/include/pen/fuzzer/lessons/04/first_fuzzer.cc b/include/crack/pen/fuzzer/lessons/04/first_fuzzer.cc similarity index 100% rename from include/pen/fuzzer/lessons/04/first_fuzzer.cc rename to include/crack/pen/fuzzer/lessons/04/first_fuzzer.cc diff --git a/include/pen/fuzzer/lessons/04/fourth_fuzzer.cc b/include/crack/pen/fuzzer/lessons/04/fourth_fuzzer.cc similarity index 100% rename from include/pen/fuzzer/lessons/04/fourth_fuzzer.cc rename to include/crack/pen/fuzzer/lessons/04/fourth_fuzzer.cc diff --git a/include/pen/fuzzer/lessons/04/second_fuzzer.cc b/include/crack/pen/fuzzer/lessons/04/second_fuzzer.cc similarity index 100% rename from include/pen/fuzzer/lessons/04/second_fuzzer.cc rename to include/crack/pen/fuzzer/lessons/04/second_fuzzer.cc diff --git a/include/pen/fuzzer/lessons/04/third_fuzzer.cc b/include/crack/pen/fuzzer/lessons/04/third_fuzzer.cc similarity index 100% rename from include/pen/fuzzer/lessons/04/third_fuzzer.cc rename to include/crack/pen/fuzzer/lessons/04/third_fuzzer.cc diff --git a/include/pen/fuzzer/lessons/04/vulnerable_functions.h b/include/crack/pen/fuzzer/lessons/04/vulnerable_functions.h similarity index 100% rename from include/pen/fuzzer/lessons/04/vulnerable_functions.h rename to include/crack/pen/fuzzer/lessons/04/vulnerable_functions.h diff --git a/include/pen/fuzzer/lessons/05/README.md b/include/crack/pen/fuzzer/lessons/05/README.md similarity index 100% rename from include/pen/fuzzer/lessons/05/README.md rename to include/crack/pen/fuzzer/lessons/05/README.md diff --git a/include/pen/fuzzer/lessons/05/openssl1.0.1f.tgz b/include/crack/pen/fuzzer/lessons/05/openssl1.0.1f.tgz similarity index 100% rename from include/pen/fuzzer/lessons/05/openssl1.0.1f.tgz rename to include/crack/pen/fuzzer/lessons/05/openssl1.0.1f.tgz diff --git a/include/pen/fuzzer/lessons/05/openssl_fuzzer.cc b/include/crack/pen/fuzzer/lessons/05/openssl_fuzzer.cc similarity index 100% rename from include/pen/fuzzer/lessons/05/openssl_fuzzer.cc rename to include/crack/pen/fuzzer/lessons/05/openssl_fuzzer.cc diff --git a/include/pen/fuzzer/lessons/05/server.key b/include/crack/pen/fuzzer/lessons/05/server.key similarity index 100% rename from include/pen/fuzzer/lessons/05/server.key rename to include/crack/pen/fuzzer/lessons/05/server.key diff --git a/include/pen/fuzzer/lessons/05/server.pem b/include/crack/pen/fuzzer/lessons/05/server.pem similarity index 100% rename from include/pen/fuzzer/lessons/05/server.pem rename to include/crack/pen/fuzzer/lessons/05/server.pem diff --git a/include/pen/fuzzer/lessons/06/README.md b/include/crack/pen/fuzzer/lessons/06/README.md similarity index 100% rename from include/pen/fuzzer/lessons/06/README.md rename to include/crack/pen/fuzzer/lessons/06/README.md diff --git a/include/pen/fuzzer/lessons/06/c-ares.tgz b/include/crack/pen/fuzzer/lessons/06/c-ares.tgz similarity index 100% rename from include/pen/fuzzer/lessons/06/c-ares.tgz rename to include/crack/pen/fuzzer/lessons/06/c-ares.tgz diff --git a/include/pen/fuzzer/lessons/06/c_ares_fuzzer.cc b/include/crack/pen/fuzzer/lessons/06/c_ares_fuzzer.cc similarity index 100% rename from include/pen/fuzzer/lessons/06/c_ares_fuzzer.cc rename to include/crack/pen/fuzzer/lessons/06/c_ares_fuzzer.cc diff --git a/include/pen/fuzzer/lessons/07/Modern_Fuzzing_of_C_C++_projects_slides_40-62.pdf b/include/crack/pen/fuzzer/lessons/07/Modern_Fuzzing_of_C_C++_projects_slides_40-62.pdf similarity index 100% rename from include/pen/fuzzer/lessons/07/Modern_Fuzzing_of_C_C++_projects_slides_40-62.pdf rename to include/crack/pen/fuzzer/lessons/07/Modern_Fuzzing_of_C_C++_projects_slides_40-62.pdf diff --git a/include/pen/fuzzer/lessons/07/README.md b/include/crack/pen/fuzzer/lessons/07/README.md similarity index 100% rename from include/pen/fuzzer/lessons/07/README.md rename to include/crack/pen/fuzzer/lessons/07/README.md diff --git a/include/pen/fuzzer/lessons/08/README.md b/include/crack/pen/fuzzer/lessons/08/README.md similarity index 100% rename from include/pen/fuzzer/lessons/08/README.md rename to include/crack/pen/fuzzer/lessons/08/README.md diff --git a/include/pen/fuzzer/lessons/08/coverage-report-server.py b/include/crack/pen/fuzzer/lessons/08/coverage-report-server.py similarity index 100% rename from include/pen/fuzzer/lessons/08/coverage-report-server.py rename to include/crack/pen/fuzzer/lessons/08/coverage-report-server.py diff --git a/include/pen/fuzzer/lessons/08/libxml2.tgz b/include/crack/pen/fuzzer/lessons/08/libxml2.tgz similarity index 100% rename from include/pen/fuzzer/lessons/08/libxml2.tgz rename to include/crack/pen/fuzzer/lessons/08/libxml2.tgz diff --git a/include/pen/fuzzer/lessons/08/png.dict b/include/crack/pen/fuzzer/lessons/08/png.dict similarity index 100% rename from include/pen/fuzzer/lessons/08/png.dict rename to include/crack/pen/fuzzer/lessons/08/png.dict diff --git a/include/pen/fuzzer/lessons/08/xml.dict b/include/crack/pen/fuzzer/lessons/08/xml.dict similarity index 100% rename from include/pen/fuzzer/lessons/08/xml.dict rename to include/crack/pen/fuzzer/lessons/08/xml.dict diff --git a/include/pen/fuzzer/lessons/08/xml_compile_regexp_fuzzer.cc b/include/crack/pen/fuzzer/lessons/08/xml_compile_regexp_fuzzer.cc similarity index 100% rename from include/pen/fuzzer/lessons/08/xml_compile_regexp_fuzzer.cc rename to include/crack/pen/fuzzer/lessons/08/xml_compile_regexp_fuzzer.cc diff --git a/include/pen/fuzzer/lessons/08/xml_read_memory_fuzzer.cc b/include/crack/pen/fuzzer/lessons/08/xml_read_memory_fuzzer.cc similarity index 100% rename from include/pen/fuzzer/lessons/08/xml_read_memory_fuzzer.cc rename to include/crack/pen/fuzzer/lessons/08/xml_read_memory_fuzzer.cc diff --git a/include/pen/fuzzer/lessons/09/README.md b/include/crack/pen/fuzzer/lessons/09/README.md similarity index 100% rename from include/pen/fuzzer/lessons/09/README.md rename to include/crack/pen/fuzzer/lessons/09/README.md diff --git a/include/pen/fuzzer/lessons/09/libpng.tgz b/include/crack/pen/fuzzer/lessons/09/libpng.tgz similarity index 100% rename from include/pen/fuzzer/lessons/09/libpng.tgz rename to include/crack/pen/fuzzer/lessons/09/libpng.tgz diff --git a/include/pen/fuzzer/lessons/09/libpng_read_fuzzer.cc b/include/crack/pen/fuzzer/lessons/09/libpng_read_fuzzer.cc similarity index 100% rename from include/pen/fuzzer/lessons/09/libpng_read_fuzzer.cc rename to include/crack/pen/fuzzer/lessons/09/libpng_read_fuzzer.cc diff --git a/include/pen/fuzzer/lessons/09/png.dict b/include/crack/pen/fuzzer/lessons/09/png.dict similarity index 100% rename from include/pen/fuzzer/lessons/09/png.dict rename to include/crack/pen/fuzzer/lessons/09/png.dict diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/anti_aliasing.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/anti_aliasing.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/anti_aliasing.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/anti_aliasing.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/anti_aliasing_perspective.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/anti_aliasing_perspective.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/anti_aliasing_perspective.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/anti_aliasing_perspective.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/axis_aligned.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/axis_aligned.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/axis_aligned.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/axis_aligned.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/background_filter.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/background_filter.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur_off_axis.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur_off_axis.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur_off_axis.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur_off_axis.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur_outsets.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur_outsets.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur_outsets.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_blur_outsets.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/background_filter_on_scaled_layer_gl.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_on_scaled_layer_gl.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/background_filter_on_scaled_layer_gl.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_on_scaled_layer_gl.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/background_filter_on_scaled_layer_sw.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_on_scaled_layer_sw.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/background_filter_on_scaled_layer_sw.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_on_scaled_layer_sw.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/background_filter_rotated_gl.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_rotated_gl.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/background_filter_rotated_gl.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_rotated_gl.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/background_filter_rotated_sw.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_rotated_sw.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/background_filter_rotated_sw.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/background_filter_rotated_sw.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/black.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/black.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/black.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/black.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blending_and_filter.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_and_filter.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blending_and_filter.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_and_filter.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_cm.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_cm.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_cm.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_cm.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_mask.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_mask.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_mask.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_mask.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_mask_cm.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_mask_cm.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_mask_cm.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_render_pass_mask_cm.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blending_transparent.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_transparent.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blending_transparent.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_transparent.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blending_with_root.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_with_root.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blending_with_root.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blending_with_root.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_alpha.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_alpha.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_alpha.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_alpha.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_alpha_translate.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_alpha_translate.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_alpha_translate.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_alpha_translate.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_anti_aliasing.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_anti_aliasing.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_anti_aliasing.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_anti_aliasing.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_filter_chain.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_filter_chain.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_filter_chain.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_filter_chain.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_flipped.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_flipped.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_flipped.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_flipped.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_partial_flipped.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_partial_flipped.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_partial_flipped.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blue_yellow_partial_flipped.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blur_filter_with_clip_gl.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blur_filter_with_clip_gl.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blur_filter_with_clip_gl.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blur_filter_with_clip_gl.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/blur_filter_with_clip_sw.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/blur_filter_with_clip_sw.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/blur_filter_with_clip_sw.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/blur_filter_with_clip_sw.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/checkers.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/checkers.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/checkers.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/checkers.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/checkers_big.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/checkers_big.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/checkers_big.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/checkers_big.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/dark_grey.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/dark_grey.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/dark_grey.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/dark_grey.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/enlarged_texture_on_crop_offset.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/enlarged_texture_on_crop_offset.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/enlarged_texture_on_crop_offset.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/enlarged_texture_on_crop_offset.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/enlarged_texture_on_threshold.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/enlarged_texture_on_threshold.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/enlarged_texture_on_threshold.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/enlarged_texture_on_threshold.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/filter_with_giant_crop_rect.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/filter_with_giant_crop_rect.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/filter_with_giant_crop_rect.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/filter_with_giant_crop_rect.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/force_anti_aliasing_off.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/force_anti_aliasing_off.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/force_anti_aliasing_off.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/force_anti_aliasing_off.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/four_blue_green_checkers.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/four_blue_green_checkers.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/four_blue_green_checkers.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/four_blue_green_checkers.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/four_blue_green_checkers_linear.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/four_blue_green_checkers_linear.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/four_blue_green_checkers_linear.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/four_blue_green_checkers_linear.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/green.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/green.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/green.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/green.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/green_alpha.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/green_alpha.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/green_alpha.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/green_alpha.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/green_small.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/green_small.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/green_small.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/green_small.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/green_small_with_blue_corner.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/green_small_with_blue_corner.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/green_small_with_blue_corner.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/green_small_with_blue_corner.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/green_with_blue_corner.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/green_with_blue_corner.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/green_with_blue_corner.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/green_with_blue_corner.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/image_mask_of_layer.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/image_mask_of_layer.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/image_mask_of_layer.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/image_mask_of_layer.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green_squares.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green_squares.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green_squares.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green_squares.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green_squares_video.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green_squares_video.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green_squares_video.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/intersecting_blue_green_squares_video.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/intersecting_light_dark_squares_video.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/intersecting_light_dark_squares_video.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/intersecting_light_dark_squares_video.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/intersecting_light_dark_squares_video.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/mask_bottom_right.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_bottom_right.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/mask_bottom_right.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_bottom_right.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/mask_middle.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_middle.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/mask_middle.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_middle.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/mask_of_background_filter.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_background_filter.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/mask_of_background_filter.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_background_filter.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/mask_of_clipped_layer.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_clipped_layer.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/mask_of_clipped_layer.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_clipped_layer.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/mask_of_layer.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_layer.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/mask_of_layer.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_layer.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/mask_of_layer_with_blend.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_layer_with_blend.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/mask_of_layer_with_blend.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_layer_with_blend.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/mask_of_replica.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_replica.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/mask_of_replica.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_replica.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/mask_of_replica_of_clipped_layer.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_replica_of_clipped_layer.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/mask_of_replica_of_clipped_layer.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_of_replica_of_clipped_layer.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/mask_with_replica.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_with_replica.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/mask_with_replica.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_with_replica.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/mask_with_replica_of_clipped_layer.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_with_replica_of_clipped_layer.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/mask_with_replica_of_clipped_layer.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/mask_with_replica_of_clipped_layer.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/offset_background_filter_1x.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/offset_background_filter_1x.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/offset_background_filter_1x.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/offset_background_filter_1x.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/offset_background_filter_2x.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/offset_background_filter_2x.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/offset_background_filter_2x.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/offset_background_filter_2x.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/rotated_drop_shadow_filter_gl.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/rotated_drop_shadow_filter_gl.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/rotated_drop_shadow_filter_gl.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/rotated_drop_shadow_filter_gl.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/rotated_drop_shadow_filter_sw.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/rotated_drop_shadow_filter_sw.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/rotated_drop_shadow_filter_sw.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/rotated_drop_shadow_filter_sw.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/rotated_filter_gl.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/rotated_filter_gl.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/rotated_filter_gl.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/rotated_filter_gl.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/rotated_filter_sw.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/rotated_filter_sw.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/rotated_filter_sw.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/rotated_filter_sw.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/scaled_render_surface_layer_gl.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/scaled_render_surface_layer_gl.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/scaled_render_surface_layer_gl.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/scaled_render_surface_layer_gl.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/scaled_render_surface_layer_sw.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/scaled_render_surface_layer_sw.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/scaled_render_surface_layer_sw.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/scaled_render_surface_layer_sw.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/spiral.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/spiral.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/spiral.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/spiral.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/spiral_64_scale.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/spiral_64_scale.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/spiral_64_scale.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/spiral_64_scale.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/spiral_double_scale.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/spiral_double_scale.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/spiral_double_scale.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/spiral_double_scale.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/white.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/white.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/white.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/white.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/wrap_mode_repeat.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/wrap_mode_repeat.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/wrap_mode_repeat.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/wrap_mode_repeat.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_alpha.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_alpha.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_alpha.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_alpha.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_clipped.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_clipped.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_clipped.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_clipped.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_offset.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_offset.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_offset.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/yuv_stripes_offset.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/zoom_filter_gl.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/zoom_filter_gl.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/zoom_filter_gl.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/zoom_filter_gl.png diff --git a/include/pen/fuzzer/lessons/09/seed_corpus/zoom_filter_sw.png b/include/crack/pen/fuzzer/lessons/09/seed_corpus/zoom_filter_sw.png similarity index 100% rename from include/pen/fuzzer/lessons/09/seed_corpus/zoom_filter_sw.png rename to include/crack/pen/fuzzer/lessons/09/seed_corpus/zoom_filter_sw.png diff --git a/include/pen/fuzzer/lessons/09/single_seed/seed.png b/include/crack/pen/fuzzer/lessons/09/single_seed/seed.png similarity index 100% rename from include/pen/fuzzer/lessons/09/single_seed/seed.png rename to include/crack/pen/fuzzer/lessons/09/single_seed/seed.png diff --git a/include/pen/fuzzer/lessons/10/README.md b/include/crack/pen/fuzzer/lessons/10/README.md similarity index 100% rename from include/pen/fuzzer/lessons/10/README.md rename to include/crack/pen/fuzzer/lessons/10/README.md diff --git a/include/pen/fuzzer/lessons/10/re2.tgz b/include/crack/pen/fuzzer/lessons/10/re2.tgz similarity index 100% rename from include/pen/fuzzer/lessons/10/re2.tgz rename to include/crack/pen/fuzzer/lessons/10/re2.tgz diff --git a/include/pen/fuzzer/lessons/10/re2_fuzzer.cc b/include/crack/pen/fuzzer/lessons/10/re2_fuzzer.cc similarity index 100% rename from include/pen/fuzzer/lessons/10/re2_fuzzer.cc rename to include/crack/pen/fuzzer/lessons/10/re2_fuzzer.cc diff --git a/include/pen/fuzzer/lessons/11/README.md b/include/crack/pen/fuzzer/lessons/11/README.md similarity index 100% rename from include/pen/fuzzer/lessons/11/README.md rename to include/crack/pen/fuzzer/lessons/11/README.md diff --git a/include/pen/fuzzer/lessons/11/pcre2-10.00.tgz b/include/crack/pen/fuzzer/lessons/11/pcre2-10.00.tgz similarity index 100% rename from include/pen/fuzzer/lessons/11/pcre2-10.00.tgz rename to include/crack/pen/fuzzer/lessons/11/pcre2-10.00.tgz diff --git a/include/pen/fuzzer/lessons/11/pcre2.tgz b/include/crack/pen/fuzzer/lessons/11/pcre2.tgz similarity index 100% rename from include/pen/fuzzer/lessons/11/pcre2.tgz rename to include/crack/pen/fuzzer/lessons/11/pcre2.tgz diff --git a/include/pen/fuzzer/lessons/11/pcre2_fuzzer.cc b/include/crack/pen/fuzzer/lessons/11/pcre2_fuzzer.cc similarity index 100% rename from include/pen/fuzzer/lessons/11/pcre2_fuzzer.cc rename to include/crack/pen/fuzzer/lessons/11/pcre2_fuzzer.cc diff --git a/include/pen/fuzzer/lessons/12/Modern_Fuzzing_of_C_C++_projects_slides_63-70.pdf b/include/crack/pen/fuzzer/lessons/12/Modern_Fuzzing_of_C_C++_projects_slides_63-70.pdf similarity index 100% rename from include/pen/fuzzer/lessons/12/Modern_Fuzzing_of_C_C++_projects_slides_63-70.pdf rename to include/crack/pen/fuzzer/lessons/12/Modern_Fuzzing_of_C_C++_projects_slides_63-70.pdf diff --git a/include/pen/fuzzer/lessons/12/README.md b/include/crack/pen/fuzzer/lessons/12/README.md similarity index 100% rename from include/pen/fuzzer/lessons/12/README.md rename to include/crack/pen/fuzzer/lessons/12/README.md diff --git a/include/pen/kernelos/.gitignore b/include/crack/pen/kernelos/.gitignore similarity index 100% rename from include/pen/kernelos/.gitignore rename to include/crack/pen/kernelos/.gitignore diff --git a/include/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.cpp b/include/crack/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.cpp similarity index 100% rename from include/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.cpp rename to include/crack/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.cpp diff --git a/include/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj b/include/crack/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj similarity index 100% rename from include/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj rename to include/crack/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj diff --git a/include/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj.filters b/include/crack/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj.filters similarity index 100% rename from include/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj.filters rename to include/crack/pen/kernelos/exploits/arbitrary-overwrite/arbitrary-overwrite.vcxproj.filters diff --git a/include/pen/kernelos/exploits/arbitrary-overwrite/pch.cpp b/include/crack/pen/kernelos/exploits/arbitrary-overwrite/pch.cpp similarity index 100% rename from include/pen/kernelos/exploits/arbitrary-overwrite/pch.cpp rename to include/crack/pen/kernelos/exploits/arbitrary-overwrite/pch.cpp diff --git a/include/pen/kernelos/exploits/arbitrary-overwrite/pch.h b/include/crack/pen/kernelos/exploits/arbitrary-overwrite/pch.h similarity index 100% rename from include/pen/kernelos/exploits/arbitrary-overwrite/pch.h rename to include/crack/pen/kernelos/exploits/arbitrary-overwrite/pch.h diff --git a/include/pen/kernelos/exploits/exploits.sln b/include/crack/pen/kernelos/exploits/exploits.sln similarity index 100% rename from include/pen/kernelos/exploits/exploits.sln rename to include/crack/pen/kernelos/exploits/exploits.sln diff --git a/include/pen/kernelos/exploits/integer-overflow/integer-overflow.cpp b/include/crack/pen/kernelos/exploits/integer-overflow/integer-overflow.cpp similarity index 100% rename from include/pen/kernelos/exploits/integer-overflow/integer-overflow.cpp rename to include/crack/pen/kernelos/exploits/integer-overflow/integer-overflow.cpp diff --git a/include/pen/kernelos/exploits/integer-overflow/integer-overflow.vcxproj b/include/crack/pen/kernelos/exploits/integer-overflow/integer-overflow.vcxproj similarity index 100% rename from include/pen/kernelos/exploits/integer-overflow/integer-overflow.vcxproj rename to include/crack/pen/kernelos/exploits/integer-overflow/integer-overflow.vcxproj diff --git a/include/pen/kernelos/exploits/integer-overflow/integer-overflow.vcxproj.filters b/include/crack/pen/kernelos/exploits/integer-overflow/integer-overflow.vcxproj.filters similarity index 100% rename from include/pen/kernelos/exploits/integer-overflow/integer-overflow.vcxproj.filters rename to include/crack/pen/kernelos/exploits/integer-overflow/integer-overflow.vcxproj.filters diff --git a/include/pen/kernelos/exploits/integer-overflow/pch.cpp b/include/crack/pen/kernelos/exploits/integer-overflow/pch.cpp similarity index 100% rename from include/pen/kernelos/exploits/integer-overflow/pch.cpp rename to include/crack/pen/kernelos/exploits/integer-overflow/pch.cpp diff --git a/include/pen/kernelos/exploits/integer-overflow/pch.h b/include/crack/pen/kernelos/exploits/integer-overflow/pch.h similarity index 100% rename from include/pen/kernelos/exploits/integer-overflow/pch.h rename to include/crack/pen/kernelos/exploits/integer-overflow/pch.h diff --git a/include/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.cpp b/include/crack/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.cpp similarity index 100% rename from include/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.cpp rename to include/crack/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.cpp diff --git a/include/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj b/include/crack/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj similarity index 100% rename from include/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj rename to include/crack/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj diff --git a/include/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj.filters b/include/crack/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj.filters similarity index 100% rename from include/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj.filters rename to include/crack/pen/kernelos/exploits/null-pointer-dereference/null-pointer-dereference.vcxproj.filters diff --git a/include/pen/kernelos/exploits/null-pointer-dereference/pch.cpp b/include/crack/pen/kernelos/exploits/null-pointer-dereference/pch.cpp similarity index 100% rename from include/pen/kernelos/exploits/null-pointer-dereference/pch.cpp rename to include/crack/pen/kernelos/exploits/null-pointer-dereference/pch.cpp diff --git a/include/pen/kernelos/exploits/null-pointer-dereference/pch.h b/include/crack/pen/kernelos/exploits/null-pointer-dereference/pch.h similarity index 100% rename from include/pen/kernelos/exploits/null-pointer-dereference/pch.h rename to include/crack/pen/kernelos/exploits/null-pointer-dereference/pch.h diff --git a/include/pen/kernelos/exploits/stack-overflow/pch.cpp b/include/crack/pen/kernelos/exploits/stack-overflow/pch.cpp similarity index 100% rename from include/pen/kernelos/exploits/stack-overflow/pch.cpp rename to include/crack/pen/kernelos/exploits/stack-overflow/pch.cpp diff --git a/include/pen/kernelos/exploits/stack-overflow/pch.h b/include/crack/pen/kernelos/exploits/stack-overflow/pch.h similarity index 100% rename from include/pen/kernelos/exploits/stack-overflow/pch.h rename to include/crack/pen/kernelos/exploits/stack-overflow/pch.h diff --git a/include/pen/kernelos/exploits/stack-overflow/stack-overflow.cpp b/include/crack/pen/kernelos/exploits/stack-overflow/stack-overflow.cpp similarity index 100% rename from include/pen/kernelos/exploits/stack-overflow/stack-overflow.cpp rename to include/crack/pen/kernelos/exploits/stack-overflow/stack-overflow.cpp diff --git a/include/pen/kernelos/exploits/stack-overflow/stack-overflow.vcxproj b/include/crack/pen/kernelos/exploits/stack-overflow/stack-overflow.vcxproj similarity index 100% rename from include/pen/kernelos/exploits/stack-overflow/stack-overflow.vcxproj rename to include/crack/pen/kernelos/exploits/stack-overflow/stack-overflow.vcxproj diff --git a/include/pen/kernelos/exploits/stack-overflow/stack-overflow.vcxproj.filters b/include/crack/pen/kernelos/exploits/stack-overflow/stack-overflow.vcxproj.filters similarity index 100% rename from include/pen/kernelos/exploits/stack-overflow/stack-overflow.vcxproj.filters rename to include/crack/pen/kernelos/exploits/stack-overflow/stack-overflow.vcxproj.filters diff --git a/include/pen/kernelos/exploits/type-confusion/pch.cpp b/include/crack/pen/kernelos/exploits/type-confusion/pch.cpp similarity index 100% rename from include/pen/kernelos/exploits/type-confusion/pch.cpp rename to include/crack/pen/kernelos/exploits/type-confusion/pch.cpp diff --git a/include/pen/kernelos/exploits/type-confusion/pch.h b/include/crack/pen/kernelos/exploits/type-confusion/pch.h similarity index 100% rename from include/pen/kernelos/exploits/type-confusion/pch.h rename to include/crack/pen/kernelos/exploits/type-confusion/pch.h diff --git a/include/pen/kernelos/exploits/type-confusion/type-confusion.cpp b/include/crack/pen/kernelos/exploits/type-confusion/type-confusion.cpp similarity index 100% rename from include/pen/kernelos/exploits/type-confusion/type-confusion.cpp rename to include/crack/pen/kernelos/exploits/type-confusion/type-confusion.cpp diff --git a/include/pen/kernelos/exploits/type-confusion/type-confusion.vcxproj b/include/crack/pen/kernelos/exploits/type-confusion/type-confusion.vcxproj similarity index 100% rename from include/pen/kernelos/exploits/type-confusion/type-confusion.vcxproj rename to include/crack/pen/kernelos/exploits/type-confusion/type-confusion.vcxproj diff --git a/include/pen/kernelos/exploits/type-confusion/type-confusion.vcxproj.filters b/include/crack/pen/kernelos/exploits/type-confusion/type-confusion.vcxproj.filters similarity index 100% rename from include/pen/kernelos/exploits/type-confusion/type-confusion.vcxproj.filters rename to include/crack/pen/kernelos/exploits/type-confusion/type-confusion.vcxproj.filters diff --git a/include/pen/kernelos/exploits/uninitialized-stack-variable/pch.cpp b/include/crack/pen/kernelos/exploits/uninitialized-stack-variable/pch.cpp similarity index 100% rename from include/pen/kernelos/exploits/uninitialized-stack-variable/pch.cpp rename to include/crack/pen/kernelos/exploits/uninitialized-stack-variable/pch.cpp diff --git a/include/pen/kernelos/exploits/uninitialized-stack-variable/pch.h b/include/crack/pen/kernelos/exploits/uninitialized-stack-variable/pch.h similarity index 100% rename from include/pen/kernelos/exploits/uninitialized-stack-variable/pch.h rename to include/crack/pen/kernelos/exploits/uninitialized-stack-variable/pch.h diff --git a/include/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.cpp b/include/crack/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.cpp similarity index 100% rename from include/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.cpp rename to include/crack/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.cpp diff --git a/include/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.h b/include/crack/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.h similarity index 100% rename from include/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.h rename to include/crack/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.h diff --git a/include/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj b/include/crack/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj similarity index 100% rename from include/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj rename to include/crack/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj diff --git a/include/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj.filters b/include/crack/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj.filters similarity index 100% rename from include/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj.filters rename to include/crack/pen/kernelos/exploits/uninitialized-stack-variable/uninitialized-stack-variable.vcxproj.filters diff --git a/include/pen/kernelos/harvard/seh-based-exploits/Millenium MP3 Studio.exe b/include/crack/pen/kernelos/harvard/seh-based-exploits/Millenium MP3 Studio.exe similarity index 100% rename from include/pen/kernelos/harvard/seh-based-exploits/Millenium MP3 Studio.exe rename to include/crack/pen/kernelos/harvard/seh-based-exploits/Millenium MP3 Studio.exe diff --git a/include/pen/kernelos/harvard/seh-based-exploits/README.md b/include/crack/pen/kernelos/harvard/seh-based-exploits/README.md similarity index 100% rename from include/pen/kernelos/harvard/seh-based-exploits/README.md rename to include/crack/pen/kernelos/harvard/seh-based-exploits/README.md diff --git a/include/pen/kernelos/harvard/seh-based-exploits/soritong10.exe b/include/crack/pen/kernelos/harvard/seh-based-exploits/soritong10.exe similarity index 100% rename from include/pen/kernelos/harvard/seh-based-exploits/soritong10.exe rename to include/crack/pen/kernelos/harvard/seh-based-exploits/soritong10.exe diff --git a/include/pen/kernelos/harvard/stack-based-overflows/EasyRMtoMP3Converter.exe b/include/crack/pen/kernelos/harvard/stack-based-overflows/EasyRMtoMP3Converter.exe similarity index 100% rename from include/pen/kernelos/harvard/stack-based-overflows/EasyRMtoMP3Converter.exe rename to include/crack/pen/kernelos/harvard/stack-based-overflows/EasyRMtoMP3Converter.exe diff --git a/include/pen/kernelos/harvard/stack-based-overflows/README.md b/include/crack/pen/kernelos/harvard/stack-based-overflows/README.md similarity index 100% rename from include/pen/kernelos/harvard/stack-based-overflows/README.md rename to include/crack/pen/kernelos/harvard/stack-based-overflows/README.md diff --git a/include/pen/kernelos/harvard/stack-based-overflows/exploit-call-esp.py b/include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-call-esp.py similarity index 100% rename from include/pen/kernelos/harvard/stack-based-overflows/exploit-call-esp.py rename to include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-call-esp.py diff --git a/include/pen/kernelos/harvard/stack-based-overflows/exploit-jmp-esp.py b/include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-jmp-esp.py similarity index 100% rename from include/pen/kernelos/harvard/stack-based-overflows/exploit-jmp-esp.py rename to include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-jmp-esp.py diff --git a/include/pen/kernelos/harvard/stack-based-overflows/exploit-pop-pop-ret.py b/include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-pop-pop-ret.py similarity index 100% rename from include/pen/kernelos/harvard/stack-based-overflows/exploit-pop-pop-ret.py rename to include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-pop-pop-ret.py diff --git a/include/pen/kernelos/harvard/stack-based-overflows/exploit-popad.py b/include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-popad.py similarity index 100% rename from include/pen/kernelos/harvard/stack-based-overflows/exploit-popad.py rename to include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-popad.py diff --git a/include/pen/kernelos/harvard/stack-based-overflows/exploit-push-ret.py b/include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-push-ret.py similarity index 100% rename from include/pen/kernelos/harvard/stack-based-overflows/exploit-push-ret.py rename to include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-push-ret.py diff --git a/include/pen/kernelos/harvard/stack-based-overflows/exploit-smallbuffers.py b/include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-smallbuffers.py similarity index 100% rename from include/pen/kernelos/harvard/stack-based-overflows/exploit-smallbuffers.py rename to include/crack/pen/kernelos/harvard/stack-based-overflows/exploit-smallbuffers.py diff --git a/include/pen/owner/.gitignore b/include/crack/pen/owner/.gitignore similarity index 100% rename from include/pen/owner/.gitignore rename to include/crack/pen/owner/.gitignore diff --git a/include/pen/owner/asset/SiPolicy.xml b/include/crack/pen/owner/asset/SiPolicy.xml similarity index 100% rename from include/pen/owner/asset/SiPolicy.xml rename to include/crack/pen/owner/asset/SiPolicy.xml diff --git a/include/pen/owner/asset/build-your-own-pki.md b/include/crack/pen/owner/asset/build-your-own-pki.md similarity index 100% rename from include/pen/owner/asset/build-your-own-pki.md rename to include/crack/pen/owner/asset/build-your-own-pki.md diff --git a/include/pen/owner/asset/build-your-own-pki.zh-CN.md b/include/crack/pen/owner/asset/build-your-own-pki.zh-CN.md similarity index 100% rename from include/pen/owner/asset/build-your-own-pki.zh-CN.md rename to include/crack/pen/owner/asset/build-your-own-pki.zh-CN.md diff --git a/include/pen/owner/asset/pki-architecture.png b/include/crack/pen/owner/asset/pki-architecture.png similarity index 100% rename from include/pen/owner/asset/pki-architecture.png rename to include/crack/pen/owner/asset/pki-architecture.png diff --git a/include/pen/owner/custom/OwnedResource.hpp b/include/crack/pen/owner/custom/OwnedResource.hpp similarity index 100% rename from include/pen/owner/custom/OwnedResource.hpp rename to include/crack/pen/owner/custom/OwnedResource.hpp diff --git a/include/pen/owner/custom/ProductPolicy.cpp b/include/crack/pen/owner/custom/ProductPolicy.cpp similarity index 100% rename from include/pen/owner/custom/ProductPolicy.cpp rename to include/crack/pen/owner/custom/ProductPolicy.cpp diff --git a/include/pen/owner/custom/ProductPolicy.hpp b/include/crack/pen/owner/custom/ProductPolicy.hpp similarity index 100% rename from include/pen/owner/custom/ProductPolicy.hpp rename to include/crack/pen/owner/custom/ProductPolicy.hpp diff --git a/include/pen/owner/custom/ProductPolicyParser.cpp b/include/crack/pen/owner/custom/ProductPolicyParser.cpp similarity index 100% rename from include/pen/owner/custom/ProductPolicyParser.cpp rename to include/crack/pen/owner/custom/ProductPolicyParser.cpp diff --git a/include/pen/owner/custom/ProductPolicyParser.hpp b/include/crack/pen/owner/custom/ProductPolicyParser.hpp similarity index 100% rename from include/pen/owner/custom/ProductPolicyParser.hpp rename to include/crack/pen/owner/custom/ProductPolicyParser.hpp diff --git a/include/pen/owner/custom/dextory.filters b/include/crack/pen/owner/custom/dextory.filters similarity index 100% rename from include/pen/owner/custom/dextory.filters rename to include/crack/pen/owner/custom/dextory.filters diff --git a/include/pen/owner/custom/dextory.user b/include/crack/pen/owner/custom/dextory.user similarity index 100% rename from include/pen/owner/custom/dextory.user rename to include/crack/pen/owner/custom/dextory.user diff --git a/include/pen/owner/custom/dextory.vcxproj b/include/crack/pen/owner/custom/dextory.vcxproj similarity index 100% rename from include/pen/owner/custom/dextory.vcxproj rename to include/crack/pen/owner/custom/dextory.vcxproj diff --git a/include/pen/owner/custom/tmain.cpp b/include/crack/pen/owner/custom/tmain.cpp similarity index 100% rename from include/pen/owner/custom/tmain.cpp rename to include/crack/pen/owner/custom/tmain.cpp diff --git a/include/pen/owner/dextory.sln b/include/crack/pen/owner/dextory.sln similarity index 100% rename from include/pen/owner/dextory.sln rename to include/crack/pen/owner/dextory.sln diff --git a/include/pen/owner/kernel/CustomKernelSignersPersistent.vcxproj.user b/include/crack/pen/owner/kernel/CustomKernelSignersPersistent.vcxproj.user similarity index 100% rename from include/pen/owner/kernel/CustomKernelSignersPersistent.vcxproj.user rename to include/crack/pen/owner/kernel/CustomKernelSignersPersistent.vcxproj.user diff --git a/include/pen/owner/kernel/cksp_defs.h b/include/crack/pen/owner/kernel/cksp_defs.h similarity index 100% rename from include/pen/owner/kernel/cksp_defs.h rename to include/crack/pen/owner/kernel/cksp_defs.h diff --git a/include/pen/owner/kernel/cksp_entry.c b/include/crack/pen/owner/kernel/cksp_entry.c similarity index 100% rename from include/pen/owner/kernel/cksp_entry.c rename to include/crack/pen/owner/kernel/cksp_entry.c diff --git a/include/pen/owner/kernel/cksp_irp_null.c b/include/crack/pen/owner/kernel/cksp_irp_null.c similarity index 100% rename from include/pen/owner/kernel/cksp_irp_null.c rename to include/crack/pen/owner/kernel/cksp_irp_null.c diff --git a/include/pen/owner/kernel/cksp_main.c b/include/crack/pen/owner/kernel/cksp_main.c similarity index 100% rename from include/pen/owner/kernel/cksp_main.c rename to include/crack/pen/owner/kernel/cksp_main.c diff --git a/include/pen/owner/kernel/cksp_unload.c b/include/crack/pen/owner/kernel/cksp_unload.c similarity index 100% rename from include/pen/owner/kernel/cksp_unload.c rename to include/crack/pen/owner/kernel/cksp_unload.c diff --git a/include/pen/owner/kernel/dextory.filters b/include/crack/pen/owner/kernel/dextory.filters similarity index 100% rename from include/pen/owner/kernel/dextory.filters rename to include/crack/pen/owner/kernel/dextory.filters diff --git a/include/pen/owner/kernel/dextory.vcxproj b/include/crack/pen/owner/kernel/dextory.vcxproj similarity index 100% rename from include/pen/owner/kernel/dextory.vcxproj rename to include/crack/pen/owner/kernel/dextory.vcxproj diff --git a/include/pen/thread.cpp b/include/crack/pen/thread.cpp similarity index 100% rename from include/pen/thread.cpp rename to include/crack/pen/thread.cpp diff --git a/include/sharpmarlin/.gitattributes b/include/crack/sharpmarlin/.gitattributes similarity index 100% rename from include/sharpmarlin/.gitattributes rename to include/crack/sharpmarlin/.gitattributes diff --git a/include/sharpmarlin/.gitignore b/include/crack/sharpmarlin/.gitignore similarity index 100% rename from include/sharpmarlin/.gitignore rename to include/crack/sharpmarlin/.gitignore diff --git a/include/sharpmarlin/sharpmarlin/Client/Algorithm/Aes256.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Algorithm/Aes256.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Algorithm/Aes256.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Algorithm/Aes256.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Algorithm/Sha256.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Algorithm/Sha256.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Algorithm/Sha256.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Algorithm/Sha256.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Client.csproj b/include/crack/sharpmarlin/sharpmarlin/Client/Client.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Client.csproj rename to include/crack/sharpmarlin/sharpmarlin/Client/Client.csproj diff --git a/include/sharpmarlin/sharpmarlin/Client/Connection/ClientSocket.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Connection/ClientSocket.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Connection/ClientSocket.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Connection/ClientSocket.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Handle Packet/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Handle Packet/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Handle Packet/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Handle Packet/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Helper/Anti_Analysis.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Helper/Anti_Analysis.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Helper/Anti_Analysis.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Helper/Anti_Analysis.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Helper/CheckMiner.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Helper/CheckMiner.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Helper/CheckMiner.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Helper/CheckMiner.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Helper/HwidGen.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Helper/HwidGen.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Helper/HwidGen.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Helper/HwidGen.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Helper/IdSender.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Helper/IdSender.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Helper/IdSender.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Helper/IdSender.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Helper/Methods.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Helper/Methods.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Helper/Methods.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Helper/Methods.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Helper/MutexControl.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Helper/MutexControl.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Helper/MutexControl.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Helper/MutexControl.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Helper/NativeMethods.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Helper/NativeMethods.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Helper/NativeMethods.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Helper/NativeMethods.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Helper/ProcessCritical.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Helper/ProcessCritical.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Helper/ProcessCritical.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Helper/ProcessCritical.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Helper/SetRegistry.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Helper/SetRegistry.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Helper/SetRegistry.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Helper/SetRegistry.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Client/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Client/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Client/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Client/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Client/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Client/Install/NormalStartup.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Install/NormalStartup.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Install/NormalStartup.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Install/NormalStartup.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Program.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Program.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Program.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Program.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/Settings.cs b/include/crack/sharpmarlin/sharpmarlin/Client/Settings.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/Settings.cs rename to include/crack/sharpmarlin/sharpmarlin/Client/Settings.cs diff --git a/include/sharpmarlin/sharpmarlin/Client/app.config b/include/crack/sharpmarlin/sharpmarlin/Client/app.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/app.config rename to include/crack/sharpmarlin/sharpmarlin/Client/app.config diff --git a/include/sharpmarlin/sharpmarlin/Client/packages.config b/include/crack/sharpmarlin/sharpmarlin/Client/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Client/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Client/packages.config diff --git a/include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/BytesTools.cs b/include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/BytesTools.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/BytesTools.cs rename to include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/BytesTools.cs diff --git a/include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/MsgPack.cs b/include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/MsgPack.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/MsgPack.cs rename to include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/MsgPack.cs diff --git a/include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/MsgPackType.cs b/include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/MsgPackType.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/MsgPackType.cs rename to include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/MsgPackType.cs diff --git a/include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/ReadTools.cs b/include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/ReadTools.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/ReadTools.cs rename to include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/ReadTools.cs diff --git a/include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/WriteTools.cs b/include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/WriteTools.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/WriteTools.cs rename to include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/WriteTools.cs diff --git a/include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/Zip.cs b/include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/Zip.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/MessagePack/MessagePack/Zip.cs rename to include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePack/Zip.cs diff --git a/include/sharpmarlin/sharpmarlin/MessagePack/MessagePackLib.csproj b/include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePackLib.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/MessagePack/MessagePackLib.csproj rename to include/crack/sharpmarlin/sharpmarlin/MessagePack/MessagePackLib.csproj diff --git a/include/sharpmarlin/sharpmarlin/MessagePack/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/MessagePack/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/MessagePack/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/MessagePack/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Chat.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Chat.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Chat.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Chat.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.resx b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.resx rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/FormChat.resx diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Chat/Chat/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Extra.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Extra.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Extra.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Extra.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/HandleBlankScreen.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/HandleBlankScreen.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/HandleBlankScreen.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/HandleBlankScreen.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/HandleDisableDefender.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/HandleDisableDefender.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/HandleDisableDefender.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/HandleDisableDefender.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/Wallpaper.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/Wallpaper.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/Wallpaper.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Handler/Wallpaper.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Extra/Extra/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FileManager.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FileManager.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FileManager.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FileManager.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Handler/FileManager.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Handler/FileManager.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Handler/FileManager.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Handler/FileManager.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/TempSocket.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/TempSocket.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/TempSocket.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/TempSocket.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileManager/FileManager/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FileSearcher.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FileSearcher.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FileSearcher.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FileSearcher.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/FileSearcher/FileSearcher/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/LimeLogger.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/LimeLogger.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/LimeLogger.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/LimeLogger.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/LimeLogger/LimeLogger/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleBotKiller.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleBotKiller.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleBotKiller.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleBotKiller.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleDos.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleDos.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleDos.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleDos.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleLimeUSB.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleLimeUSB.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleLimeUSB.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleLimeUSB.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleShell.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleShell.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleShell.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleShell.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleTorrent.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleTorrent.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleTorrent.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandleTorrent.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandlerExecuteDotNetCode.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandlerExecuteDotNetCode.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandlerExecuteDotNetCode.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Handler/HandlerExecuteDotNetCode.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/IconLib.dll b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/IconLib.dll similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/IconLib.dll rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/IconLib.dll diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Miscellaneous.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Miscellaneous.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Miscellaneous.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Miscellaneous.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/Resources.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/Resources.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/Resources.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/Resources.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/Resources.resx b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/Resources.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/Resources.resx rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/Properties/Resources.resx diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Miscellaneous/Miscellaneous/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandlePcOptions.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandlePcOptions.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandlePcOptions.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandlePcOptions.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleReportWindow.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleReportWindow.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleReportWindow.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleReportWindow.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleThumbnails.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleThumbnails.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleThumbnails.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleThumbnails.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleUAC.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleUAC.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleUAC.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleUAC.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleUninstall.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleUninstall.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleUninstall.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Handler/HandleUninstall.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Methods.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Methods.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Methods.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Methods.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Options.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Options.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Options.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Options.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Options/Options/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Options/Options/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Options/Options/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ProcessManager.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ProcessManager.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ProcessManager.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/ProcessManager.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/ProcessManager/ProcessManager/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/Account.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/Account.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/Account.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/Account.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/AesGcm.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/AesGcm.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/AesGcm.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/AesGcm.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/BCrypt.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/BCrypt.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/BCrypt.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/BCrypt.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/ChromiumCookies.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/ChromiumCookies.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/ChromiumCookies.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Chromium/ChromiumCookies.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/CredentialModel.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/CredentialModel.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/CredentialModel.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/CredentialModel.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/Cookies/FFCookiesGrabber.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/Cookies/FFCookiesGrabber.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/Cookies/FFCookiesGrabber.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/Cookies/FFCookiesGrabber.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/FFDecryptor.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/FFDecryptor.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/FFDecryptor.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/FFDecryptor.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/Firefox.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/Firefox.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/Firefox.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/Firefox.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/FirefoxPassReader.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/FirefoxPassReader.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/FirefoxPassReader.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/Firefox/FirefoxPassReader.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/IPassReader.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/IPassReader.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/IPassReader.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/IPassReader.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/SQLiteHandler.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/SQLiteHandler.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/SQLiteHandler.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Browsers/SQLiteHandler.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Recovery.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Recovery.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Recovery.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/Recovery.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/Recovery/Recovery/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/CameraControlProperty.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/CameraControlProperty.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/CameraControlProperty.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/CameraControlProperty.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfoCollection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfoCollection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfoCollection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfoCollection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCameraControl.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCameraControl.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCameraControl.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCameraControl.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCrossbar.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCrossbar.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCrossbar.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCrossbar.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMStreamConfig.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMStreamConfig.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMStreamConfig.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMStreamConfig.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMVideoControl.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMVideoControl.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMVideoControl.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMVideoControl.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IBaseFilter.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IBaseFilter.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IBaseFilter.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IBaseFilter.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICaptureGraphBuilder2.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICaptureGraphBuilder2.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICaptureGraphBuilder2.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICaptureGraphBuilder2.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICreateDevEnum.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICreateDevEnum.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICreateDevEnum.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICreateDevEnum.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumFilters.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumFilters.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumFilters.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumFilters.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumPins.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumPins.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumPins.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumPins.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph2.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph2.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph2.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph2.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IGraphBuilder.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IGraphBuilder.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IGraphBuilder.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IGraphBuilder.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaControl.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaControl.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaControl.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaControl.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaEventEx.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaEventEx.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaEventEx.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaEventEx.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPropertyBag.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPropertyBag.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPropertyBag.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPropertyBag.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IReferenceClock.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IReferenceClock.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IReferenceClock.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IReferenceClock.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabber.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabber.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabber.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabber.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabberCB.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabberCB.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabberCB.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabberCB.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISpecifyPropertyPages.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISpecifyPropertyPages.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISpecifyPropertyPages.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISpecifyPropertyPages.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Structures.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Structures.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Structures.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Structures.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Uuids.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Uuids.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Uuids.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Uuids.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Win32.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Win32.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Win32.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Win32.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/PhysicalConnectorType.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/PhysicalConnectorType.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/PhysicalConnectorType.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/PhysicalConnectorType.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Uuids.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Uuids.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Uuids.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Uuids.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCapabilities.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCapabilities.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCapabilities.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCapabilities.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCaptureDevice.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCaptureDevice.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCaptureDevice.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCaptureDevice.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoInput.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoInput.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoInput.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoInput.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video/IVideoSource.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video/IVideoSource.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video/IVideoSource.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video/IVideoSource.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video/VideoEvents.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video/VideoEvents.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video/VideoEvents.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/AForge/Video/VideoEvents.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/RemoteCamera.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/RemoteCamera.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/RemoteCamera.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/RemoteCamera.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteCamera/RemoteCamera/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/RemoteDesktop.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/RemoteDesktop.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/RemoteDesktop.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/RemoteDesktop.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/Enums.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/Enums.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/Enums.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/Enums.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IUnsafeCodec.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IUnsafeCodec.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IUnsafeCodec.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IUnsafeCodec.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IVideoCodec.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IVideoCodec.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IVideoCodec.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IVideoCodec.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/JpgCompression.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/JpgCompression.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/JpgCompression.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/JpgCompression.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/LzwCompression.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/LzwCompression.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/LzwCompression.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/LzwCompression.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/NativeMethods.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/NativeMethods.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/NativeMethods.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/NativeMethods.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/RemoteDesktop/RemoteDesktop/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleMiner.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleMiner.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleMiner.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleMiner.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleUninstall.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleUninstall.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleUninstall.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Handler/HandleUninstall.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Methods.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Methods.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Methods.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Methods.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/SendFile.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/SendFile.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/SendFile.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/SendFile.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendFile/SendFile/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory.sln b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory.sln rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory.sln diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Connection.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Connection.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Connection.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Connection.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Handler/HandleMiner.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Handler/HandleMiner.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Handler/HandleMiner.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Handler/HandleMiner.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Handler/HandleSendTo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Handler/HandleSendTo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Handler/HandleSendTo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Handler/HandleSendTo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/ILMerge.props b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/ILMerge.props similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/ILMerge.props rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/ILMerge.props diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/ILMergeOrder.txt b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/ILMergeOrder.txt similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/ILMergeOrder.txt rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/ILMergeOrder.txt diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Plugin.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Plugin.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Plugin.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Plugin.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/SendMemory.csproj b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/SendMemory.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/SendMemory.csproj rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/SendMemory.csproj diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/SendToMemory.cs b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/SendToMemory.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/SendToMemory.cs rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/SendToMemory.cs diff --git a/include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/packages.config b/include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Plugin/SendMemory/SendMemory/packages.config diff --git a/include/sharpmarlin/sharpmarlin/Server/Algorithm/Aes256.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Algorithm/Aes256.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Algorithm/Aes256.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Algorithm/Aes256.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Algorithm/GetHash.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Algorithm/GetHash.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Algorithm/GetHash.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Algorithm/GetHash.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Algorithm/Sha256.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Algorithm/Sha256.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Algorithm/Sha256.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Algorithm/Sha256.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Algorithm/Zip.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Algorithm/Zip.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Algorithm/Zip.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Algorithm/Zip.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/App.config b/include/crack/sharpmarlin/sharpmarlin/Server/App.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/App.config rename to include/crack/sharpmarlin/sharpmarlin/Server/App.config diff --git a/include/sharpmarlin/sharpmarlin/Server/Connection/Clients.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Connection/Clients.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Connection/Clients.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Connection/Clients.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Connection/Listener.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Connection/Listener.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Connection/Listener.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Connection/Listener.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/FodyWeavers.xml b/include/crack/sharpmarlin/sharpmarlin/Server/FodyWeavers.xml similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/FodyWeavers.xml rename to include/crack/sharpmarlin/sharpmarlin/Server/FodyWeavers.xml diff --git a/include/sharpmarlin/sharpmarlin/Server/FodyWeavers.xsd b/include/crack/sharpmarlin/sharpmarlin/Server/FodyWeavers.xsd similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/FodyWeavers.xsd rename to include/crack/sharpmarlin/sharpmarlin/Server/FodyWeavers.xsd diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/Form1.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/Form1.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/Form1.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/Form1.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/Form1.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/Form1.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/Form1.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/Form1.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/Form1.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/Form1.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/Form1.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/Form1.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormAbout.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBlockClients.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormBuilder.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormCertificate.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormChat.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormChat.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormChat.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormChat.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormChat.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormChat.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormChat.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormChat.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormChat.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormChat.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormChat.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormChat.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDOS.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDotNetEditor.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormDownloadFile.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileManager.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormFileSearcher.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormKeylogger.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormMiner.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPassword.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormPorts.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormProcessManager.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormRemoteDesktop.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormSendFileToMemory.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormShell.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormShell.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormShell.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormShell.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormShell.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormShell.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormShell.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormShell.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormShell.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormShell.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormShell.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormShell.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormTorrent.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Forms/FormWebcam.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleChat.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleChat.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleChat.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleChat.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleDos.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleDos.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleDos.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleDos.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleFileManager.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleFileManager.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleFileManager.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleFileManager.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleKeylogger.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleKeylogger.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleKeylogger.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleKeylogger.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleListView.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleListView.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleListView.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleListView.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleLogs.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleLogs.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleLogs.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleLogs.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleMiner.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleMiner.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleMiner.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleMiner.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandlePing.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandlePing.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandlePing.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandlePing.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleProcessManager.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleProcessManager.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleProcessManager.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleProcessManager.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleRecovery.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleRecovery.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleRecovery.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleRecovery.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleRemoteDesktop.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleRemoteDesktop.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleRemoteDesktop.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleRemoteDesktop.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleReportWindow.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleReportWindow.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleReportWindow.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleReportWindow.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleShell.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleShell.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleShell.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleShell.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleThumbnails.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleThumbnails.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleThumbnails.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleThumbnails.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleWebcam.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleWebcam.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleWebcam.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandleWebcam.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandlerFileSearcher.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandlerFileSearcher.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/HandlerFileSearcher.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/HandlerFileSearcher.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Handle Packet/Packet.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/Packet.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Handle Packet/Packet.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Handle Packet/Packet.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Helper/AsyncTask.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Helper/AsyncTask.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Helper/AsyncTask.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Helper/AsyncTask.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Helper/CreateCertificate.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Helper/CreateCertificate.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Helper/CreateCertificate.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Helper/CreateCertificate.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Helper/IconInjector.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Helper/IconInjector.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Helper/IconInjector.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Helper/IconInjector.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Helper/ListViewColumnSorter.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Helper/ListViewColumnSorter.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Helper/ListViewColumnSorter.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Helper/ListViewColumnSorter.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Helper/ListviewDoubleBuffer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Helper/ListviewDoubleBuffer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Helper/ListviewDoubleBuffer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Helper/ListviewDoubleBuffer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Helper/Methods.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Helper/Methods.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Helper/Methods.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Helper/Methods.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Helper/ReferenceLoader.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Helper/ReferenceLoader.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Helper/ReferenceLoader.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Helper/ReferenceLoader.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/MessagePack/BytesTools.cs b/include/crack/sharpmarlin/sharpmarlin/Server/MessagePack/BytesTools.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/MessagePack/BytesTools.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/MessagePack/BytesTools.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/MessagePack/MsgPack.cs b/include/crack/sharpmarlin/sharpmarlin/Server/MessagePack/MsgPack.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/MessagePack/MsgPack.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/MessagePack/MsgPack.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/MessagePack/MsgPackType.cs b/include/crack/sharpmarlin/sharpmarlin/Server/MessagePack/MsgPackType.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/MessagePack/MsgPackType.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/MessagePack/MsgPackType.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/MessagePack/ReadTools.cs b/include/crack/sharpmarlin/sharpmarlin/Server/MessagePack/ReadTools.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/MessagePack/ReadTools.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/MessagePack/ReadTools.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/MessagePack/WriteTools.cs b/include/crack/sharpmarlin/sharpmarlin/Server/MessagePack/WriteTools.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/MessagePack/WriteTools.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/MessagePack/WriteTools.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Program.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Program.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Program.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Program.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Properties/AssemblyInfo.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Properties/AssemblyInfo.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Properties/AssemblyInfo.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Properties/AssemblyInfo.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Properties/Resources.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Properties/Resources.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Properties/Resources.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Properties/Resources.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Properties/Resources.resx b/include/crack/sharpmarlin/sharpmarlin/Server/Properties/Resources.resx similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Properties/Resources.resx rename to include/crack/sharpmarlin/sharpmarlin/Server/Properties/Resources.resx diff --git a/include/sharpmarlin/sharpmarlin/Server/Properties/Settings.Designer.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Properties/Settings.Designer.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Properties/Settings.Designer.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Properties/Settings.Designer.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Properties/Settings.settings b/include/crack/sharpmarlin/sharpmarlin/Server/Properties/Settings.settings similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Properties/Settings.settings rename to include/crack/sharpmarlin/sharpmarlin/Server/Properties/Settings.settings diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/Base64.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/Base64.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/Base64.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/Base64.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/ClassesRenaming.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/ClassesRenaming.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/ClassesRenaming.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/ClassesRenaming.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/DecryptionHelper.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/DecryptionHelper.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/DecryptionHelper.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/DecryptionHelper.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/FieldsRenaming.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/FieldsRenaming.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/FieldsRenaming.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/FieldsRenaming.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/InjectHelper.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/InjectHelper.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/InjectHelper.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/InjectHelper.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/MethodsRenaming.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/MethodsRenaming.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/MethodsRenaming.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/MethodsRenaming.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/NamespacesRenaming.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/NamespacesRenaming.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/NamespacesRenaming.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/NamespacesRenaming.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/PropertiesRenaming.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/PropertiesRenaming.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/PropertiesRenaming.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/PropertiesRenaming.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/Utils.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/Utils.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/Utils.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Classes/Utils.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/EncryptString.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/EncryptString.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/EncryptString.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/EncryptString.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Interfaces/ICrypto.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Interfaces/ICrypto.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Interfaces/ICrypto.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Interfaces/ICrypto.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Interfaces/IRenaming.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Interfaces/IRenaming.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Interfaces/IRenaming.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/Interfaces/IRenaming.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/ModuleDefMD.cs b/include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/ModuleDefMD.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/ModuleDefMD.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/RenamingObfuscation/ModuleDefMD.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/7z.dll b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/7z.dll similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/7z.dll rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/7z.dll diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/7z.exe b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/7z.exe similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/7z.exe rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/7z.exe diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/Fixer.bat b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/Fixer.bat similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/Fixer.bat rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/Fixer.bat diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/IconExtractor.dll b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/IconExtractor.dll similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/IconExtractor.dll rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/IconExtractor.dll diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/Miscellaneous.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/Miscellaneous.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/Miscellaneous.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/Miscellaneous.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/arrow_down.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/arrow_down.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/arrow_down.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/arrow_down.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/arrow_up.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/arrow_up.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/arrow_up.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/arrow_up.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/blank-screen.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/blank-screen.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/blank-screen.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/blank-screen.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/botkiller.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/botkiller.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/botkiller.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/botkiller.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/builder.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/builder.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/builder.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/builder.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/cGeoIp.dll b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/cGeoIp.dll similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/cGeoIp.dll rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/cGeoIp.dll diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/chat.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/chat.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/chat.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/chat.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/client.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/client.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/client.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/client.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/coding.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/coding.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/coding.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/coding.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/ddos.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/ddos.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/ddos.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/ddos.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/disabled.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/disabled.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/disabled.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/disabled.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/extra.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/extra.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/extra.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/extra.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/filemanager.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/filemanager.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/filemanager.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/filemanager.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/iconfinder_32_171485 (1).png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/iconfinder_32_171485 (1).png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/iconfinder_32_171485 (1).png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/iconfinder_32_171485 (1).png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/info.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/info.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/info.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/info.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/key.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/key.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/key.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/key.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/keyboard-on.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/keyboard-on.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/keyboard-on.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/keyboard-on.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/keyboard.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/keyboard.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/keyboard.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/keyboard.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/logger.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/logger.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/logger.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/logger.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/monitoring-system.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/monitoring-system.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/monitoring-system.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/monitoring-system.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/mouse.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/mouse.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/mouse.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/mouse.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/mouse_enable.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/mouse_enable.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/mouse_enable.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/mouse_enable.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/msgbox.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/msgbox.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/msgbox.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/msgbox.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/netstat.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/netstat.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/netstat.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/netstat.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/pc.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/pc.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/pc.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/pc.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/play-button.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/play-button.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/play-button.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/play-button.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/process.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/process.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/process.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/process.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/remotedesktop.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/remotedesktop.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/remotedesktop.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/remotedesktop.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/report.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/report.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/report.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/report.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/save-image.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/save-image.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/save-image.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/save-image.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/save-image2.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/save-image2.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/save-image2.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/save-image2.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/server.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/server.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/server.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/server.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/settings.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/settings.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/settings.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/settings.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/shell.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/shell.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/shell.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/shell.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/stop (1).png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/stop (1).png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/stop (1).png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/stop (1).png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/system.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/system.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/system.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/system.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/tomem.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/tomem.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/tomem.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/tomem.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/tomem1.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/tomem1.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/tomem1.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/tomem1.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/u-torrent-logo.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/u-torrent-logo.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/u-torrent-logo.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/u-torrent-logo.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/uac.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/uac.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/uac.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/uac.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/usb.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/usb.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/usb.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/usb.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/visit.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/visit.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/visit.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/visit.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/webcam.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/webcam.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/webcam.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/webcam.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/xmr.png b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/xmr.png similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/xmr.png rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/xmr.png diff --git a/include/sharpmarlin/sharpmarlin/Server/Resources/xmrig.bin b/include/crack/sharpmarlin/sharpmarlin/Server/Resources/xmrig.bin similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Resources/xmrig.bin rename to include/crack/sharpmarlin/sharpmarlin/Server/Resources/xmrig.bin diff --git a/include/sharpmarlin/sharpmarlin/Server/Server.csproj b/include/crack/sharpmarlin/sharpmarlin/Server/Server.csproj similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Server.csproj rename to include/crack/sharpmarlin/sharpmarlin/Server/Server.csproj diff --git a/include/sharpmarlin/sharpmarlin/Server/Settings.cs b/include/crack/sharpmarlin/sharpmarlin/Server/Settings.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/Settings.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/Settings.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/StreamLibrary/Enums.cs b/include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/Enums.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/StreamLibrary/Enums.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/Enums.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/StreamLibrary/IUnsafeCodec.cs b/include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/IUnsafeCodec.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/StreamLibrary/IUnsafeCodec.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/IUnsafeCodec.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/StreamLibrary/IVideoCodec.cs b/include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/IVideoCodec.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/StreamLibrary/IVideoCodec.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/IVideoCodec.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/StreamLibrary/JpgCompression.cs b/include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/JpgCompression.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/StreamLibrary/JpgCompression.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/JpgCompression.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/StreamLibrary/NativeMethods.cs b/include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/NativeMethods.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/StreamLibrary/NativeMethods.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/NativeMethods.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs b/include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/StreamLibrary/UnsafeStreamCodec.cs b/include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/UnsafeStreamCodec.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/StreamLibrary/UnsafeStreamCodec.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/UnsafeStreamCodec.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/JpgCompression.cs b/include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/JpgCompression.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/JpgCompression.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/JpgCompression.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/LzwCompression.cs b/include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/LzwCompression.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/LzwCompression.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/LzwCompression.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/NativeMethods.cs b/include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/NativeMethods.cs similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/NativeMethods.cs rename to include/crack/sharpmarlin/sharpmarlin/Server/StreamLibrary/src/NativeMethods.cs diff --git a/include/sharpmarlin/sharpmarlin/Server/async_icon.ico b/include/crack/sharpmarlin/sharpmarlin/Server/async_icon.ico similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/async_icon.ico rename to include/crack/sharpmarlin/sharpmarlin/Server/async_icon.ico diff --git a/include/sharpmarlin/sharpmarlin/Server/packages.config b/include/crack/sharpmarlin/sharpmarlin/Server/packages.config similarity index 100% rename from include/sharpmarlin/sharpmarlin/Server/packages.config rename to include/crack/sharpmarlin/sharpmarlin/Server/packages.config diff --git a/include/sharpmarlin/sharpmarlin/sharpmarlin.sln b/include/crack/sharpmarlin/sharpmarlin/sharpmarlin.sln similarity index 100% rename from include/sharpmarlin/sharpmarlin/sharpmarlin.sln rename to include/crack/sharpmarlin/sharpmarlin/sharpmarlin.sln diff --git a/include/crypto.cc b/include/crypto.cc new file mode 100644 index 00000000..620156d0 --- /dev/null +++ b/include/crypto.cc @@ -0,0 +1,964 @@ + +/*************************************************************************** + * crypto.cc -- crypto functions like LM, NTLM etc reside here * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack.h" +#include "crypto.h" + +#if HAVE_OPENSSL + +#include +#include +#include +#include +#include +#include +#ifndef WIN32 + #include +#endif +#include "ncrack_error.h" +#include "utils.h" + + +static void password_to_key(const uint8_t password[7], uint8_t key[8]) +{ + /* make room for parity bits */ + key[0] = (password[0] >> 0); + key[1] = ((password[0]) << 7) | (password[1] >> 1); + key[2] = ((password[1]) << 6) | (password[2] >> 2); + key[3] = ((password[2]) << 5) | (password[3] >> 3); + key[4] = ((password[3]) << 4) | (password[4] >> 4); + key[5] = ((password[4]) << 3) | (password[5] >> 5); + key[6] = ((password[5]) << 2) | (password[6] >> 6); + key[7] = ((password[6]) << 1); +} + + +static void +des(const uint8_t password[7], const uint8_t data[8], uint8_t result[]) +{ + DES_cblock key; + DES_key_schedule schedule; + + password_to_key(password, key); + + DES_set_odd_parity(&key); + DES_set_key_unchecked(&key, &schedule); + DES_ecb_encrypt((DES_cblock*)data, (DES_cblock*)result, &schedule, DES_ENCRYPT); +} + + + +/* Generate the Lanman v1 hash (LMv1). The generated hash is incredibly easy to + * reverse, because the input is padded or truncated to 14 characters, then + * split into two 7-character strings. Each of these strings are used as a key + * to encrypt the string, "KGS!@#$%" in DES. Because the keys are no longer + * than 7-characters long, it's pretty trivial to bruteforce them. + */ +void +lm_create_hash(const char *password, uint8_t result[16]) +{ + size_t i; + uint8_t password1[7]; + uint8_t password2[7]; + uint8_t kgs[] = "KGS!@#$%"; + uint8_t hash1[8]; + uint8_t hash2[8]; + + /* Initialize passwords to NULLs. */ + memset(password1, 0, 7); + memset(password2, 0, 7); + + /* Copy passwords over, convert to uppercase, they're automatically padded with NULLs. */ + for (i = 0; i < 7; i++) { + if (i < strlen(password)) + password1[i] = toupper(password[i]); + if (i + 7 < strlen(password)) + password2[i] = toupper(password[i + 7]); + } + + /* Do the encryption. */ + des(password1, kgs, hash1); + des(password2, kgs, hash2); + + /* Copy the result to the return parameter. */ + memcpy(result + 0, hash1, 8); + memcpy(result + 8, hash2, 8); +} + + +/* Create the Lanman response to send back to the server. To do this, the + * Lanman password is padded to 21 characters and split into three + * 7-character strings. Each of those strings is used as a key to encrypt + * the server challenge. The three encrypted strings are concatenated and + * returned. + */ +void +lm_create_response(const uint8_t lanman[16], const uint8_t challenge[8], uint8_t result[24]) +{ + size_t i; + + uint8_t password1[7]; + uint8_t password2[7]; + uint8_t password3[7]; + + uint8_t hash1[8]; + uint8_t hash2[8]; + uint8_t hash3[8]; + + /* Initialize passwords. */ + memset(password1, 0, 7); + memset(password2, 0, 7); + memset(password3, 0, 7); + + /* Copy data over. */ + for (i = 0; i < 7; i++) { + password1[i] = lanman[i]; + password2[i] = lanman[i + 7]; + password3[i] = (i + 14 < 16) ? lanman[i + 14] : 0; + } + + /* do the encryption. */ + des(password1, challenge, hash1); + des(password2, challenge, hash2); + des(password3, challenge, hash3); + + /* Copy the result to the return parameter. */ + memcpy(result + 0, hash1, 8); + memcpy(result + 8, hash2, 8); + memcpy(result + 16, hash3, 8); +} + + + +/* Generate the NTLMv1 hash. This hash is quite a bit better than LMv1, and is + * far easier to generate. Basically, it's the MD4 of the Unicode password. + */ +void +ntlm_create_hash(const char *password, uint8_t result[16]) +{ + char *unicode = unicode_alloc(password); + MD4_CTX ntlm; + + if(!unicode) + fatal("%s non unicode", __func__); + + MD4_Init(&ntlm); + MD4_Update(&ntlm, unicode, strlen(password) * 2); + MD4_Final(result, &ntlm); + free(unicode); +} + + + +/* Create the NTLM response to send back to the server. This is actually done + * the exact same way as the Lanman hash, so we call the Lanman function. + */ +void +ntlm_create_response(const uint8_t ntlm[16], const uint8_t challenge[8], + uint8_t result[24]) +{ + lm_create_response(ntlm, challenge, result); +} + + + +/* Create the NTLMv2 hash, which is based on the NTLMv1 hash (for easy + * upgrading), the username, and the domain. Essentially, the NTLM hash + * is used as a HMAC-MD5 key, which is used to hash the unicode domain + * concatenated with the unicode username. + */ +void +ntlmv2_create_hash(const uint8_t ntlm[16], const char *username, + const char *domain, uint8_t hash[16]) +{ + /* Convert username to unicode. */ + size_t username_length = strlen(username); + size_t domain_length = strlen(domain); + char *combined; + uint8_t *combined_unicode; + + /* Probably shouldn't do this, but this is all prototype so eh? */ + if (username_length > 256 || domain_length > 256) + fatal("username or domain too long."); + + /* Combine the username and domain into one string. */ + combined = (char *)safe_malloc(username_length + domain_length + 1); + memset(combined, 0, username_length + domain_length + 1); + + memcpy(combined, username, username_length); + memcpy(combined + username_length, domain, domain_length); + + /* Convert to Unicode. */ + combined_unicode = (uint8_t*)unicode_alloc_upper(combined); + if (!combined_unicode) + fatal("Out of memory"); + + /* Perform the Hmac-MD5. */ + HMAC(EVP_md5(), ntlm, 16, combined_unicode, (username_length + domain_length) * 2, hash, NULL); + + free(combined_unicode); + free(combined); +} + + + +/* Create the LMv2 response, which can be sent back to the server. This is + * identical to the NTLMv2 function, except that it uses an 8-byte client + * challenge. The reason for LMv2 is a long and twisted story. Well, + * not really. The reason is basically that the v1 hashes are always 24-bytes, + * and some servers expect 24 bytes, but the NTLMv2 hash is more than 24 bytes. + * So, the only way to keep pass-through compatibility was to have a v2-hash + * that was guaranteed to be 24 bytes. So LMv1 was born: it has a 16-byte hash + * followed by the 8-byte client challenge, for a total of 24 bytes. + */ +void +lmv2_create_response(const uint8_t ntlm[16], const char *username, + const char *domain, const uint8_t challenge[8], uint8_t *result, + uint8_t *result_size) +{ + ntlmv2_create_response(ntlm, username, domain, challenge, result, result_size); +} + + + +/* Create the NTLMv2 response, which can be sent back to the server. This is + * done by using the HMAC-MD5 algorithm with the NTLMv2 hash as a key, and + * the server challenge concatenated with the client challenge for the data. + * The resulting hash is concatenated with the client challenge and returned. + */ +void +ntlmv2_create_response(const uint8_t ntlm[16], const char *username, + const char *domain, const uint8_t challenge[8], uint8_t *result, + uint8_t *result_size) +{ + size_t i; + uint8_t v2hash[16]; + uint8_t *data; + + uint8_t blip[8]; + uint8_t *blob = NULL; + uint8_t blob_length = 0; + + + /* Create the 'blip'. TODO: Do I care if this is random? */ + for (i = 0; i < 8; i++) + blip[i] = i; + + if (*result_size < 24) + { + /* Result can't be less than 24 bytes. */ + fatal("Result size is too low!"); + } else if (*result_size == 24) { + /* If they're looking for 24 bytes, then it's just the raw blob. */ + blob = (uint8_t *)safe_malloc(8); + memcpy(blob, blip, 8); + blob_length = 8; + } else { + blob = (uint8_t *)safe_malloc(24); + for (i = 0; i < 24; i++) + blob[i] = i; + blob_length = 24; + } + + /* Allocate room enough for the server challenge and the client blob. */ + data = (uint8_t *)safe_malloc(8 + blob_length); + + /* Copy the challenge into the memory. */ + memcpy(data, challenge, 8); + /* Copy the blob into the memory. */ + memcpy(data + 8, blob, blob_length); + + /* Get the v2 hash. */ + ntlmv2_create_hash(ntlm, username, domain, v2hash); + + /* Generate the v2 response. */ + HMAC(EVP_md5(), v2hash, 16, data, 8 + blob_length, result, NULL); + + /* Copy the blob onto the end of the v2 response. */ + memcpy(result + 16, blob, blob_length); + + /* Store the result size. */ + *result_size = blob_length + 16; + + /* Finally, free up some memory. */ + free(data); + free(blob); +} + + + +/* + * Uses the RSA algorithm to encrypt the input into the output. + */ +void rsa_encrypt(uint8_t *input, uint8_t *output, int length, + uint8_t *mod_bin, uint32_t mod_size, uint8_t *exp_bin) +{ + uint8_t input_temp[256]; + BIGNUM *val1 = BN_new(), *val2 = BN_new(), *bn_mod = BN_new(), *bn_exp = BN_new(); + + BN_CTX *bn_ctx = BN_CTX_new(); + memcpy(input_temp, input, length); + mem_reverse(input_temp, length); + mem_reverse(mod_bin, mod_size); + mem_reverse(exp_bin, 4); + BN_bin2bn(input_temp, length, val1); + BN_bin2bn(exp_bin, 4, bn_exp); + BN_bin2bn(mod_bin, mod_size, bn_mod); + BN_mod_exp(val2, val1, bn_exp, bn_mod, bn_ctx); + int output_length = BN_bn2bin(val2, output); + mem_reverse(output, output_length); + if (output_length < (int) mod_size) + memset(output + output_length, 0, mod_size - output_length); + + BN_CTX_free(bn_ctx); + BN_clear_free(val1); + BN_free(val2); + BN_free(bn_mod); + BN_free(bn_exp); + +} + + +/* + * Uses MD5 and SHA1 hash functions, using 3 salts to compute a message + * digest (saved into 'output') + */ +void +hash48(uint8_t *output, uint8_t *input, uint8_t salt, uint8_t *sha_salt1, + uint8_t *sha_salt2) +{ + SHA_CTX sha1_ctx; + MD5_CTX md5_ctx; + u_char padding[4]; + u_char sig[20]; + + for (int i = 0; i < 3; i++) { + memset(padding, salt + i, i +1); + + SHA1_Init(&sha1_ctx); + MD5_Init(&md5_ctx); + + SHA1_Update(&sha1_ctx, padding, i + 1); + SHA1_Update(&sha1_ctx, input, 48); + SHA1_Update(&sha1_ctx, sha_salt1, 32); + SHA1_Update(&sha1_ctx, sha_salt2, 32); + SHA1_Final(sig, &sha1_ctx); + + MD5_Update(&md5_ctx, input, 48); + MD5_Update(&md5_ctx, sig, 20); + MD5_Final(&output[i*16], &md5_ctx); + } + +} + +/* + * MD5 crypt 'input' into 'output' by using 2 salts + */ +void +hash16(uint8_t *output, uint8_t *input, uint8_t *md5_salt1, uint8_t *md5_salt2) +{ + MD5_CTX md5_ctx; + MD5_Init(&md5_ctx); + MD5_Update(&md5_ctx, input, 16); + MD5_Update(&md5_ctx, md5_salt1, 32); + MD5_Update(&md5_ctx, md5_salt2, 32); + MD5_Final(output, &md5_ctx); +} + + +#endif /* HAVE_OPENSSL */ + + +/* + * This is D3DES (V5.09) by Richard Outerbridge with the double and + * triple-length support removed for use in VNC. Also the bytebit[] array + * has been reversed so that the most significant bit in each byte of the + * key is ignored, not the least significant. + * + * These changes are: + * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* D3DES (V5.09) - + * + * A portable, public domain, version of the Data Encryption Standard. + * + * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. + * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation + * code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis + * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, + * for humouring me on. + * + * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. + * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. + */ + +static void scrunch(unsigned char *, unsigned long *); +static void unscrun(unsigned long *, unsigned char *); +static void desfunc(unsigned long *, unsigned long *); +static void cookey(unsigned long *); + +static unsigned long KnL[32] = { 0L }; +//static unsigned long KnR[32] = { 0L }; +//static unsigned long Kn3[32] = { 0L }; +/*static unsigned char Df_Key[24] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; +*/ + +static unsigned short bytebit[8] = { + 01, 02, 04, 010, 020, 040, 0100, 0200 }; + +static unsigned long bigbyte[24] = { + 0x800000L, 0x400000L, 0x200000L, 0x100000L, + 0x80000L, 0x40000L, 0x20000L, 0x10000L, + 0x8000L, 0x4000L, 0x2000L, 0x1000L, + 0x800L, 0x400L, 0x200L, 0x100L, + 0x80L, 0x40L, 0x20L, 0x10L, + 0x8L, 0x4L, 0x2L, 0x1L }; + +/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */ + +static unsigned char pc1[56] = { + 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, + 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, + 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, + 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 }; + +static unsigned char totrot[16] = { + 1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 }; + +static unsigned char pc2[48] = { + 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, + 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, + 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, + 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 }; + +//void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ +//unsigned char *key; +//int edf; +void deskey( /* Thanks to James Gillogly & Phil Karn! */ +unsigned char *key, +int edf +) +{ + register int i, j, l, m, n; + unsigned char pc1m[56], pcr[56]; + unsigned long kn[32]; + + for ( j = 0; j < 56; j++ ) { + l = pc1[j]; + m = l & 07; + pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1 : 0; + } + for( i = 0; i < 16; i++ ) { + if( edf == DE1 ) m = (15 - i) << 1; + else m = i << 1; + n = m + 1; + kn[m] = kn[n] = 0L; + for( j = 0; j < 28; j++ ) { + l = j + totrot[i]; + if( l < 28 ) pcr[j] = pc1m[l]; + else pcr[j] = pc1m[l - 28]; + } + for( j = 28; j < 56; j++ ) { + l = j + totrot[i]; + if( l < 56 ) pcr[j] = pc1m[l]; + else pcr[j] = pc1m[l - 28]; + } + for( j = 0; j < 24; j++ ) { + if( pcr[pc2[j]] ) kn[m] |= bigbyte[j]; + if( pcr[pc2[j+24]] ) kn[n] |= bigbyte[j]; + } + } + cookey(kn); + return; + } + +//static void cookey(raw1) +//register unsigned long *raw1; +static void cookey( +register unsigned long *raw1 +) +{ + register unsigned long *cook, *raw0; + unsigned long dough[32]; + register int i; + + cook = dough; + for( i = 0; i < 16; i++, raw1++ ) { + raw0 = raw1++; + *cook = (*raw0 & 0x00fc0000L) << 6; + *cook |= (*raw0 & 0x00000fc0L) << 10; + *cook |= (*raw1 & 0x00fc0000L) >> 10; + *cook++ |= (*raw1 & 0x00000fc0L) >> 6; + *cook = (*raw0 & 0x0003f000L) << 12; + *cook |= (*raw0 & 0x0000003fL) << 16; + *cook |= (*raw1 & 0x0003f000L) >> 4; + *cook++ |= (*raw1 & 0x0000003fL); + } + usekey(dough); + return; + } + +//void cpkey(into) +//register unsigned long *into; +void cpkey( +register unsigned long *into +) +{ + register unsigned long *from, *endp; + + from = KnL, endp = &KnL[32]; + while( from < endp ) *into++ = *from++; + return; + } + +//void usekey(from) +//register unsigned long *from; +void usekey( +register unsigned long *from +) +{ + register unsigned long *to, *endp; + + to = KnL, endp = &KnL[32]; + while( to < endp ) *to++ = *from++; + return; + } + +//void des(inblock, outblock) +//unsigned char *inblock, *outblock; +void des( +unsigned char *inblock, unsigned char *outblock +) +{ + unsigned long work[2]; + + scrunch(inblock, work); + desfunc(work, KnL); + unscrun(work, outblock); + return; + } + +//static void scrunch(outof, into) +//register unsigned char *outof; +//register unsigned long *into; +static void scrunch( +register unsigned char *outof, +register unsigned long *into +) +{ + *into = (*outof++ & 0xffL) << 24; + *into |= (*outof++ & 0xffL) << 16; + *into |= (*outof++ & 0xffL) << 8; + *into++ |= (*outof++ & 0xffL); + *into = (*outof++ & 0xffL) << 24; + *into |= (*outof++ & 0xffL) << 16; + *into |= (*outof++ & 0xffL) << 8; + *into |= (*outof & 0xffL); + return; + } + +//static void unscrun(outof, into) +//register unsigned long *outof; +//register unsigned char *into; +static void unscrun( +register unsigned long *outof, +register unsigned char *into +) +{ + *into++ = (*outof >> 24) & 0xffL; + *into++ = (*outof >> 16) & 0xffL; + *into++ = (*outof >> 8) & 0xffL; + *into++ = *outof++ & 0xffL; + *into++ = (*outof >> 24) & 0xffL; + *into++ = (*outof >> 16) & 0xffL; + *into++ = (*outof >> 8) & 0xffL; + *into = *outof & 0xffL; + return; + } + +static unsigned long SP1[64] = { + 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, + 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, + 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, + 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, + 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, + 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, + 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, + 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, + 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, + 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, + 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, + 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, + 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, + 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L }; + +static unsigned long SP2[64] = { + 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, + 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, + 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, + 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, + 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, + 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, + 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, + 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, + 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, + 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, + 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, + 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, + 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, + 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, + 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, + 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L }; + +static unsigned long SP3[64] = { + 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, + 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, + 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, + 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, + 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, + 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, + 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, + 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, + 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, + 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, + 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, + 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, + 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, + 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, + 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, + 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L }; + +static unsigned long SP4[64] = { + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, + 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, + 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, + 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, + 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, + 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, + 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, + 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, + 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L }; + +static unsigned long SP5[64] = { + 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, + 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, + 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, + 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, + 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, + 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, + 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, + 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, + 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, + 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, + 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, + 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, + 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, + 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, + 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, + 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L }; + +static unsigned long SP6[64] = { + 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, + 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, + 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, + 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, + 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, + 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, + 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, + 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, + 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, + 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, + 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, + 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, + 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, + 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L }; + +static unsigned long SP7[64] = { + 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, + 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, + 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, + 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, + 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, + 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, + 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, + 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, + 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, + 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, + 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, + 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, + 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, + 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, + 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, + 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L }; + +static unsigned long SP8[64] = { + 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, + 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, + 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, + 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, + 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, + 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, + 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, + 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, + 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, + 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, + 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, + 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, + 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, + 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, + 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, + 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L }; + +//static void desfunc(block, keys) +//register unsigned long *block, *keys; +static void desfunc( +register unsigned long *block, register unsigned long *keys +) +{ + register unsigned long fval, work, right, leftt; + register int round; + + leftt = block[0]; + right = block[1]; + work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL; + right ^= work; + leftt ^= (work << 4); + work = ((leftt >> 16) ^ right) & 0x0000ffffL; + right ^= work; + leftt ^= (work << 16); + work = ((right >> 2) ^ leftt) & 0x33333333L; + leftt ^= work; + right ^= (work << 2); + work = ((right >> 8) ^ leftt) & 0x00ff00ffL; + leftt ^= work; + right ^= (work << 8); + right = ((right << 1) | ((right >> 31) & 1L)) & 0xffffffffL; + work = (leftt ^ right) & 0xaaaaaaaaL; + leftt ^= work; + right ^= work; + leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL; + + for( round = 0; round < 8; round++ ) { + work = (right << 28) | (right >> 4); + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = right ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + leftt ^= fval; + work = (leftt << 28) | (leftt >> 4); + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = leftt ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + right ^= fval; + } + + right = (right << 31) | (right >> 1); + work = (leftt ^ right) & 0xaaaaaaaaL; + leftt ^= work; + right ^= work; + leftt = (leftt << 31) | (leftt >> 1); + work = ((leftt >> 8) ^ right) & 0x00ff00ffL; + right ^= work; + leftt ^= (work << 8); + work = ((leftt >> 2) ^ right) & 0x33333333L; + right ^= work; + leftt ^= (work << 2); + work = ((right >> 16) ^ leftt) & 0x0000ffffL; + leftt ^= work; + right ^= (work << 16); + work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL; + leftt ^= work; + right ^= (work << 4); + *block++ = right; + *block = leftt; + return; + } + +/* Validation sets: + * + * Single-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef + * Plain : 0123 4567 89ab cde7 + * Cipher : c957 4425 6a5e d31d + * + * Double-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 + * Plain : 0123 4567 89ab cde7 + * Cipher : 7f1d 0a77 826b 8aff + * + * Double-length key, double-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 + * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff + * Cipher : 27a0 8440 406a df60 278f 47cf 42d6 15d7 + * + * Triple-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 + * Plain : 0123 4567 89ab cde7 + * Cipher : de0b 7c06 ae5e 0ed5 + * + * Triple-length key, double-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 + * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff + * Cipher : ad0d 1b30 ac17 cf07 0ed1 1c63 81e4 4de5 + * + * d3des V5.0a rwo 9208.07 18:44 Graven Imagery + **********************************************************************/ + diff --git a/include/crypto.h b/include/crypto.h new file mode 100644 index 00000000..c8b6fb9a --- /dev/null +++ b/include/crypto.h @@ -0,0 +1,276 @@ + +/*************************************************************************** + * crypto.h -- crypto functions like LM, NTLM etc reside here * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#ifndef CRYPTO_H +#define CRYPTO_H + +#ifdef WIN32 + #include "winfix.h" +#endif + + +/* Generate the Lanman v1 hash (LMv1). The generated hash is incredibly easy to + * reverse, because the input is padded or truncated to 14 characters, then + * split into two 7-character strings. Each of these strings are used as a key + * to encrypt the string, "KGS!@#$%" in DES. Because the keys are no longer + * than 7-characters long, it's pretty trivial to bruteforce them. + */ +void lm_create_hash(const char *password, uint8_t result[16]); + + +/* Create the Lanman response to send back to the server. To do this, the + * Lanman password is padded to 21 characters and split into three + * 7-character strings. Each of those strings is used as a key to encrypt + * the server challenge. The three encrypted strings are concatenated and + * returned. + */ +void lm_create_response(const uint8_t lanman[16], const uint8_t challenge[8], + uint8_t result[24]); + + +/* Generate the NTLMv1 hash. This hash is quite a bit better than LMv1, and is + * far easier to generate. Basically, it's the MD4 of the Unicode password. + */ +void ntlm_create_hash(const char *password, uint8_t result[16]); + + +/* Create the NTLM response to send back to the server. This is actually done + * the exact same way as the Lanman hash, so we call the Lanman function. + */ +void ntlm_create_response(const uint8_t ntlm[16], const uint8_t challenge[8], + uint8_t result[24]); + + +/* Create the LMv2 response, which can be sent back to the server. This is + * identical to the NTLMv2 function, except that it uses an 8-byte client + * challenge. The reason for LMv2 is a long and twisted story. Well, + * not really. The reason is basically that the v1 hashes are always 24-bytes, + * and some servers expect 24 bytes, but the NTLMv2 hash is more than 24 bytes. + * So, the only way to keep pass-through compatibility was to have a v2-hash + * that was guaranteed to be 24 bytes. So LMv1 was born: it has a 16-byte hash + * followed by the 8-byte client challenge, for a total of 24 bytes. + */ +void lmv2_create_response(const uint8_t ntlm[16], const char *username, + const char *domain, const uint8_t challenge[8], uint8_t *result, + uint8_t *result_size); + + +/* Create the NTLMv2 hash, which is based on the NTLMv1 hash (for easy + * upgrading), the username, and the domain. Essentially, the NTLM hash + * is used as a HMAC-MD5 key, which is used to hash the unicode domain + * concatenated with the unicode username. + */ +void ntlmv2_create_hash(const uint8_t ntlm[16], const char *username, + const char *domain, uint8_t hash[16]); + + +/* Create the NTLMv2 response, which can be sent back to the server. This is + * done by using the HMAC-MD5 algorithm with the NTLMv2 hash as a key, and + * the server challenge concatenated with the client challenge for the data. + * The resulting hash is concatenated with the client challenge and returned. + */ +void ntlmv2_create_response(const uint8_t ntlm[16], const char *username, + const char *domain, const uint8_t challenge[8], uint8_t *result, + uint8_t *result_size); + + +/* + * Uses the RSA algorithm to encrypt the input into the output. + */ +void rsa_encrypt(uint8_t *input, uint8_t *output, int length, + uint8_t *mod_bin, uint32_t mod_size, uint8_t *exp_bin); + + +/* + * Uses MD5 and SHA1 hash functions, using 3 salts to compute a message + * digest (saved into 'output') + */ +void hash48(uint8_t *output, uint8_t *input, uint8_t salt, uint8_t *sha_salt1, + uint8_t *sha_salt2); + +/* + * MD5 crypt 'input' into 'output' by using 2 salts + */ +void hash16(uint8_t *output, uint8_t *input, uint8_t *md5_salt1, + uint8_t *md5_salt2); + + +/* + * This is D3DES (V5.09) by Richard Outerbridge with the double and + * triple-length support removed for use in VNC. + * + * These changes are: + * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* d3des.h - + * + * Headers and defines for d3des.c + * Graven Imagery, 1992. + * + * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge + * (GEnie : OUTER; CIS : [71755,204]) + */ + +#define EN0 0 /* MODE == encrypt */ +#define DE1 1 /* MODE == decrypt */ + +extern void deskey(unsigned char *, int); +/* hexkey[8] MODE + * Sets the internal key register according to the hexadecimal + * key contained in the 8 bytes of hexkey, according to the DES, + * for encryption or decryption according to MODE. + */ + +extern void usekey(unsigned long *); +/* cookedkey[32] + * Loads the internal key register with the data in cookedkey. + */ + +extern void cpkey(unsigned long *); +/* cookedkey[32] + * Copies the contents of the internal key register into the storage + * located at &cookedkey[0]. + */ + +extern void des(unsigned char *, unsigned char *); +/* from[8] to[8] + * Encrypts/Decrypts (according to the key currently loaded in the + * internal key register) one block of eight bytes at address 'from' + * into the block at address 'to'. They can be the same. + */ + +/* d3des.h V5.09 rwo 9208.04 15:06 Graven Imagery + ********************************************************************/ + +#endif diff --git a/include/global_structures.h b/include/global_structures.h new file mode 100644 index 00000000..dc99dab4 --- /dev/null +++ b/include/global_structures.h @@ -0,0 +1,180 @@ + +/*************************************************************************** + * global_structures.h -- Common structure definitions used by Ncrack * + * components. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef GLOBAL_STRUCTURES_H +#define GLOBAL_STRUCTURES_H + +#include "nsock.h" +#include "nbase.h" + +#include +using namespace std; + +typedef struct service_lookup { + char *name; + u8 proto; + u16 portno; +} sevice_lookup; + + +typedef struct timing_options { + long min_connection_limit;/* minimum number of parallel connections */ + long max_connection_limit;/* maximum number of parallel connections */ + long auth_tries; /* authentication attempts per connection */ + /* number of milliseconds to wait between each connection */ + long connection_delay; + /* number of connection retries after connection failure */ + long connection_retries; + /* maximum cracking time regardless of success so far */ + long long timeout; + +} timing_options; + + +typedef struct misc_options { + bool ssl; /* use ssl */ + char *path; /* path used in http */ + char *db; /* database used in modules such as MongoDB */ + char *domain; /* domain used in domain account bruteforcing */ +} misc_options; + + +typedef struct global_service { + bool registered; /* true if user has specified this service */ + service_lookup lookup; /* name, port number and protocol */ + timing_options timing; /* timing options */ + misc_options misc; /* miscellaneous options */ + vector module_options; /* service-specific options */ +} global_service; + + + +#endif diff --git a/include/http.cc b/include/http.cc new file mode 100644 index 00000000..a5f50cfa --- /dev/null +++ b/include/http.cc @@ -0,0 +1,1631 @@ +/*************************************************************************** + * http.c -- HTTP network interaction, parsing, and construction. * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2021 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#include + +#include "http.h" +#include "errno.h" + +/* Limit the size of in-memory data structures to avoid certain denial of + service attacks (those trying to consume all available memory). */ +static const int MAX_REQUEST_LINE_LENGTH = 1024; +static const int MAX_STATUS_LINE_LENGTH = 1024; +static const int MAX_HEADER_LENGTH = 1024 * 10; + + + +/* The URI functions have a test program in test/test-uri.c. Run the test after + making any changes and add tests for any new functions. */ + +void uri_init(struct uri *uri) +{ + uri->scheme = NULL; + uri->host = NULL; + uri->port = -1; + uri->path = NULL; +} + +void uri_free(struct uri *uri) +{ + free(uri->scheme); + free(uri->host); + free(uri->path); +} + +static int hex_digit_value(char digit) +{ + const char *DIGITS = "0123456789abcdef"; + const char *p; + + if ((unsigned char) digit == '\0') + return -1; + p = strchr(DIGITS, tolower((int) (unsigned char) digit)); + if (p == NULL) + return -1; + + return p - DIGITS; +} + +/* Case-insensitive string comparison. */ +static int str_cmp_i(const char *a, const char *b) +{ + while (*a != '\0' && *b != '\0') { + int ca, cb; + + ca = tolower((int) (unsigned char) *a); + cb = tolower((int) (unsigned char) *b); + if (ca != cb) + return ca - cb; + a++; + b++; + } + + if (*a == '\0' && *b == '\0') + return 0; + else if (*a == '\0') + return -1; + else + return 1; +} + +static int str_equal_i(const char *a, const char *b) +{ + return str_cmp_i(a, b) == 0; +} + +static int lowercase(char *s) +{ + char *p; + + for (p = s; *p != '\0'; p++) + *p = tolower((int) (unsigned char) *p); + + return p - s; +} + +/* In-place percent decoding. */ +static int percent_decode(char *s) +{ + char *p, *q; + + /* Skip to the first '%'. If there are no percent escapes, this lets us + return without doing any copying. */ + q = s; + while (*q != '\0' && *q != '%') + q++; + + p = q; + while (*q != '\0') { + if (*q == '%') { + int c, d; + + q++; + c = hex_digit_value(*q); + if (c == -1) + return -1; + q++; + d = hex_digit_value(*q); + if (d == -1) + return -1; + + *p++ = c * 16 + d; + q++; + } else { + *p++ = *q++; + } + } + *p = '\0'; + + return p - s; +} + +/* Use these functions because isalpha and isdigit can change their meaning + based on the locale. */ +static int is_alpha_char(int c) +{ + return c != '\0' && strchr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c) != NULL; +} + +static int is_digit_char(int c) +{ + return c != '\0' && strchr("0123456789", c) != NULL; +} + +/* Get the default port for the given URI scheme, or -1 if unrecognized. */ +static int scheme_default_port(const char *scheme) +{ + if (str_equal_i(scheme, "http")) + return 80; + + return -1; +} + +/* Parse a URI string into a struct URI. Any parts of the URI that are absent + will become NULL entries in the structure, except for the port which will be + -1. Returns NULL on error. See RFC 3986, section 3 for syntax. */ +struct uri *uri_parse(struct uri *uri, const char *uri_s) +{ + const char *p, *q; + + uri_init(uri); + + /* Scheme, section 3.1. */ + p = uri_s; + if (!is_alpha_char(*p)) + goto fail; + for (q = p; is_alpha_char(*q) || is_digit_char(*q) || *q == '+' || *q == '-' || *q == '.'; q++) + ; + if (*q != ':') + goto fail; + uri->scheme = mkstr(p, q); + /* "An implementation should accept uppercase letters as equivalent to + lowercase in scheme names (e.g., allow "HTTP" as well as "http") for the + sake of robustness..." */ + lowercase(uri->scheme); + + /* Authority, section 3.2. */ + p = q + 1; + if (*p == '/' && *(p + 1) == '/') { + char *authority = NULL; + + p += 2; + for (q = p; !(*q == '/' || *q == '?' || *q == '#' || *q == '\0'); q++) + ; + authority = mkstr(p, q); + if (uri_parse_authority(uri, authority) == NULL) { + free(authority); + goto fail; + } + free(authority); + + p = q; + } + if (uri->port == -1) + uri->port = scheme_default_port(uri->scheme); + + /* Path, section 3.3. We include the query and fragment in the path. The + path is also not percent-decoded because we just pass it on to the origin + server. */ + q = strchr(p, '\0'); + uri->path = mkstr(p, q); + + return uri; + +fail: + uri_free(uri); + return NULL; +} + +/* Parse the authority part of a URI. userinfo (user name and password) are not + supported and will cause an error if present. See RFC 3986, section 3.2. + Returns NULL on error. */ +struct uri *uri_parse_authority(struct uri *uri, const char *authority) +{ + const char *portsep; + const char *host_start, *host_end; + char *tail; + + /* We do not support "user:pass@" userinfo. The proxy has no use for it. */ + if (strchr(authority, '@') != NULL) + return NULL; + + /* Find the beginning and end of the host. */ + host_start = authority; + if (*host_start == '[') { + /* IPv6 address in brackets. */ + host_start++; + host_end = strchr(host_start, ']'); + if (host_end == NULL) + return NULL; + portsep = host_end + 1; + if (!(*portsep == ':' || *portsep == '\0')) + return NULL; + } else { + portsep = strrchr(authority, ':'); + if (portsep == NULL) + portsep = strchr(authority, '\0'); + host_end = portsep; + } + + /* Get the port number. */ + if (*portsep == ':' && *(portsep + 1) != '\0') { + long n; + + errno = 0; + n = parse_long(portsep + 1, &tail); + if (errno != 0 || *tail != '\0' || tail == portsep + 1 || n < 1 || n > 65535) + return NULL; + uri->port = n; + } else { + uri->port = -1; + } + + /* Get the host. */ + uri->host = mkstr(host_start, host_end); + if (percent_decode(uri->host) < 0) { + free(uri->host); + uri->host = NULL; + return NULL; + } + + return uri; +} + +static void http_header_node_free(struct http_header *node) +{ + free(node->name); + free(node->value); + free(node); +} + +void http_header_free(struct http_header *header) +{ + struct http_header *p, *next; + + for (p = header; p != NULL; p = next) { + next = p->next; + http_header_node_free(p); + } +} + +/* RFC 2616, section 2.2; see LWS. */ +static int is_space_char(int c) +{ + return c == ' ' || c == '\t'; +} + +/* RFC 2616, section 2.2. */ +static int is_ctl_char(int c) +{ + return (c >= 0 && c <= 31) || c == 127; +} + +/* RFC 2616, section 2.2. */ +static int is_sep_char(int c) +{ + return c != '\0' && strchr("()<>@,;:\\\"/[]?={} \t", c) != NULL; +} + +/* RFC 2616, section 2.2. */ +static int is_token_char(char c) +{ + return !iscntrl((int) (unsigned char) c) && !is_sep_char((int) (unsigned char) c); +} + +static int is_crlf(const char *s) +{ + return *s == '\n' || (*s == '\r' && *(s + 1) == '\n'); +} + +static const char *skip_crlf(const char *s) +{ + if (*s == '\n') + return s + 1; + else if (*s == '\r' && *(s + 1) == '\n') + return s + 2; + + return NULL; +} + +static int field_name_equal(const char *a, const char *b) +{ + return str_equal_i(a, b); +} + +/* Get the value of every header with the given name, separated by commas. If + you only want the first value for header fields that should not be + concatenated in this way, use http_header_get_first. The returned string + must be freed. */ +char *http_header_get(const struct http_header *header, const char *name) +{ + const struct http_header *p; + char *buf = NULL; + size_t size = 0, offset = 0; + int count; + + count = 0; + for (p = header; p != NULL; p = p->next) { + /* RFC 2616, section 4.2: "Multiple message-header fields with the same + field-name MAY be present in a message if and only if the entire + field-value for that header field is defined as a comma-separated + list [i.e., #(values)]. It MUST be possible to combine the multiple + header fields into one "field-name: field-value" pair, without + changing the semantics of the message, by appending each subsequent + field-value to the first, each separated by a comma." */ + if (field_name_equal(p->name, name)) { + if (count > 0) + strbuf_append_str(&buf, &size, &offset, ", "); + strbuf_append_str(&buf, &size, &offset, p->value); + count++; + } + } + + return buf; +} + +const struct http_header *http_header_next(const struct http_header *header, + const struct http_header *p, const char *name) +{ + if (p == NULL) + p = header; + else + p = p->next; + + for (; p != NULL; p = p->next) { + if (field_name_equal(p->name, name)) + return p; + } + + return NULL; +} + +/* Get the value of the first header with the given name. The returned string + must be freed. */ +char *http_header_get_first(const struct http_header *header, const char *name) +{ + const struct http_header *p; + + p = http_header_next(header, NULL, name); + if (p != NULL) + return strdup(p->value); + + return NULL; +} + +struct http_header *http_header_set(struct http_header *header, const char *name, const char *value) +{ + struct http_header *node, **prev; + + header = http_header_remove(header, name); + + node = (struct http_header *) safe_malloc(sizeof(*node)); + node->name = strdup(name); + node->value = strdup(value); + node->next = NULL; + + /* Link it to the end of the list. */ + for (prev = &header; *prev != NULL; prev = &(*prev)->next) + ; + *prev = node; + + return header; +} + +/* Read a token from a space-separated string. This only recognizes space as a + separator, so the string must already have had LWS normalized. + http_header_parse does this normalization. */ +static const char *read_token(const char *s, char **token) +{ + const char *t; + + while (*s == ' ') + s++; + t = s; + while (is_token_char(*t)) + t++; + if (s == t) + return NULL; + + *token = mkstr(s, t); + + return t; +} + +static const char *read_quoted_string(const char *s, char **quoted_string) +{ + char *buf = NULL; + size_t size = 0, offset = 0; + const char *t; + + while (is_space_char(*s)) + s++; + if (*s != '"') + return NULL; + s++; + t = s; + while (*s != '"') { + /* Get a block of normal characters. */ + while (*t != '"' && *t != '\\') { + /* This is qdtext, which is TEXT except for CTL. */ + if (is_ctl_char(*t)) { + free(buf); + return NULL; + } + t++; + } + strbuf_append(&buf, &size, &offset, s, t - s); + /* Now possibly handle an escape. */ + if (*t == '\\') { + t++; + /* You can only escape a CHAR, octets 0-127. But we disallow 0. */ + if (*t <= 0) { + free(buf); + return NULL; + } + strbuf_append(&buf, &size, &offset, t, 1); + t++; + } + s = t; + } + s++; + + *quoted_string = buf; + return s; +} + +static const char *read_token_or_quoted_string(const char *s, char **token) +{ + while (is_space_char(*s)) + s++; + if (*s == '"') + return read_quoted_string(s, token); + else + return read_token(s, token); +} + +static const char *read_token_list(const char *s, char **tokens[], size_t *n) +{ + char *token; + + *tokens = NULL; + *n = 0; + + for (;;) { + s = read_token(s, &token); + if (s == NULL) { + size_t i; + + for (i = 0; i < *n; i++) + free((*tokens)[i]); + free(*tokens); + + return NULL; + } + + *tokens = (char **) safe_realloc(*tokens, (*n + 1) * sizeof((*tokens)[0])); + (*tokens)[(*n)++] = token; + if (*s != ',') + break; + s++; + } + + return s; +} + +struct http_header *http_header_remove(struct http_header *header, const char *name) +{ + struct http_header *p, *next, **prev; + + prev = &header; + for (p = header; p != NULL; p = next) { + next = p->next; + if (field_name_equal(p->name, name)) { + *prev = next; + http_header_node_free(p); + continue; + } + prev = &p->next; + } + + return header; +} + +/* Removes hop-by-hop headers listed in section 13.5.1 of RFC 2616, and + additionally removes any headers listed in the Connection header as described + in section 14.10. */ +int http_header_remove_hop_by_hop(struct http_header **header) +{ + static const char *HOP_BY_HOP_HEADERS[] = { + "Connection", + "Keep-Alive", + "Proxy-Authenticate", + "Proxy-Authorization", + "TE", + "Trailers", + "Transfer-Encoding", + "Upgrade", + }; + char *connection; + char **connection_tokens; + size_t num_connection_tokens; + unsigned int i; + + connection = http_header_get(*header, "Connection"); + if (connection != NULL) { + const char *p; + + p = read_token_list(connection, &connection_tokens, &num_connection_tokens); + if (p == NULL) { + free(connection); + return 400; + } + if (*p != '\0') { + free(connection); + for (i = 0; i < num_connection_tokens; i++) + free(connection_tokens[i]); + free(connection_tokens); + return 400; + } + free(connection); + } else { + connection_tokens = NULL; + num_connection_tokens = 0; + } + + for (i = 0; i < sizeof(HOP_BY_HOP_HEADERS) / sizeof(HOP_BY_HOP_HEADERS[0]); i++) + *header = http_header_remove(*header, HOP_BY_HOP_HEADERS[i]); + for (i = 0; i < num_connection_tokens; i++) + *header = http_header_remove(*header, connection_tokens[i]); + + for (i = 0; i < num_connection_tokens; i++) + free(connection_tokens[i]); + free(connection_tokens); + + return 0; +} + +char *http_header_to_string(const struct http_header *header, size_t *n) +{ + const struct http_header *p; + char *buf = NULL; + size_t size = 0, offset = 0; + + strbuf_append_str(&buf, &size, &offset, ""); + + for (p = header; p != NULL; p = p->next) + strbuf_sprintf(&buf, &size, &offset, "%s: %s\r\n", p->name, p->value); + + if (n != NULL) + *n = offset; + + return buf; +} + +void http_request_init(struct http_request *request) +{ + request->method = NULL; + uri_init(&request->uri); + request->version = HTTP_UNKNOWN; + request->header = NULL; + request->content_length_set = 0; + request->content_length = 0; + request->bytes_transferred = 0; +} + +void http_request_free(struct http_request *request) +{ + free(request->method); + uri_free(&request->uri); + http_header_free(request->header); +} + +char *http_request_to_string(const struct http_request *request, size_t *n) +{ + const char *path; + char *buf = NULL; + size_t size = 0, offset = 0; + + /* RFC 2616, section 5.1.2: "the absolute path cannot be empty; if none is + present in the original URI, it MUST be given as "/" (the server + root)." */ + path = request->uri.path; + if (path[0] == '\0') + path = "/"; + + if (request->version == HTTP_09) { + /* HTTP/0.9 doesn't have headers. See + http://www.w3.org/Protocols/HTTP/AsImplemented.html. */ + strbuf_sprintf(&buf, &size, &offset, "%s %s\r\n", request->method, path); + } else { + const char *version; + char *header_str; + + if (request->version == HTTP_10) + version = " HTTP/1.0"; + else + version = " HTTP/1.1"; + + header_str = http_header_to_string(request->header, NULL); + strbuf_sprintf(&buf, &size, &offset, "%s %s%s\r\n%s\r\n", + request->method, path, version, header_str); + free(header_str); + } + + if (n != NULL) + *n = offset; + + return buf; +} + +void http_response_init(struct http_response *response) +{ + response->version = HTTP_UNKNOWN; + response->code = 0; + response->phrase = NULL; + response->header = NULL; + response->content_length_set = 0; + response->content_length = 0; + response->bytes_transferred = 0; +} + +void http_response_free(struct http_response *response) +{ + free(response->phrase); + http_header_free(response->header); +} + +char *http_response_to_string(const struct http_response *response, size_t *n) +{ + char *buf = NULL; + size_t size = 0, offset = 0; + + if (response->version == HTTP_09) { + /* HTTP/0.9 doesn't have a Status-Line or headers. See + http://www.w3.org/Protocols/HTTP/AsImplemented.html. */ + return strdup(""); + } else { + const char *version; + char *header_str; + + if (response->version == HTTP_10) + version = "HTTP/1.0"; + else + version = "HTTP/1.1"; + + header_str = http_header_to_string(response->header, NULL); + strbuf_sprintf(&buf, &size, &offset, "%s %d %s\r\n%s\r\n", + version, response->code, response->phrase, header_str); + free(header_str); + } + + if (n != NULL) + *n = offset; + + return buf; +} + + + + + + + + + + +int http_read_header(char *buf, int buflen, char **result) +{ + char *line = NULL; + char *header; + size_t n = 0; + size_t count; + int blank; + header = NULL; + char *p = buf; + int remaining_len = buflen; + size_t status_len = 0; + + http_read_status_line(buf, buflen, NULL, &status_len); + + p += status_len; + + do { + + + line = (char *) memchr(p, '\n', remaining_len); + line = line + 1; + + if (line == NULL) { + free(header); + if (n >= MAX_HEADER_LENGTH) + /* Request Entity Too Large. */ + return 413; + else + return 400; + } + + remaining_len = buflen - (line - p); + count = (line - p); + + blank = is_crlf(line); + + if (n + count >= MAX_HEADER_LENGTH) { + free(header); + /* Request Entity Too Large. */ + return 413; + } + + header = (char *) safe_realloc(header, n + count + 1); + memcpy(header + n, p, count); + n += count; + p = line; + + } while (!blank); + header[n] = '\0'; + + *result = header; + + return 0; +} + + + +static const char *skip_lws(const char *s) +{ + for (;;) { + while (is_space_char(*s)) + s++; + + if (*s == '\n' && is_space_char(*(s + 1))) + s += 1; + else if (*s == '\r' && *(s + 1) == '\n' && is_space_char(*(s + 2))) + s += 2; + else + break; + } + + return s; +} + +/* See section 4.2 of RFC 2616 for header format. */ +int http_parse_header(struct http_header **result, const char *header) +{ + const char *p, *q; + size_t value_len, value_offset; + struct http_header *node, **prev; + + *result = NULL; + prev = result; + + p = header; + while (*p != '\0' && !is_crlf(p)) { + /* Get the field name. */ + q = p; + while (*q != '\0' && is_token_char(*q)) + q++; + if (*q != ':') { + http_header_free(*result); + return 400; + } + + node = (struct http_header *) safe_malloc(sizeof(*node)); + node->name = mkstr(p, q); + node->value = NULL; + node->next = NULL; + value_len = 0; + value_offset = 0; + + /* Copy the header field value until we hit a CRLF. */ + p = q + 1; + p = skip_lws(p); + for (;;) { + q = p; + while (*q != '\0' && !is_space_char(*q) && !is_crlf(q)) { + /* Section 2.2 of RFC 2616 disallows control characters. */ + if (iscntrl((int) (unsigned char) *q)) { + http_header_node_free(node); + return 400; + } + q++; + } + strbuf_append(&node->value, &value_len, &value_offset, p, q - p); + p = skip_lws(q); + if (is_crlf(p)) + break; + /* Replace LWS with a single space. */ + strbuf_append_str(&node->value, &value_len, &value_offset, " "); + } + *prev = node; + prev = &node->next; + + p = skip_crlf(p); + } + + return 0; +} + +static int http_header_get_content_length(const struct http_header *header, int *content_length_set, unsigned long *content_length) +{ + char *content_length_s; + char *tail; + int code; + + content_length_s = http_header_get_first(header, "Content-Length"); + if (content_length_s == NULL) { + *content_length_set = 0; + *content_length = 0; + return 0; + } + + code = 0; + + errno = 0; + *content_length_set = 1; + *content_length = parse_long(content_length_s, (char **) &tail); + if (errno != 0 || *tail != '\0' || tail == content_length_s) + code = 400; + free(content_length_s); + + return code; +} + +/* Parse a header and fill in any relevant fields in the request structure. */ +int http_request_parse_header(struct http_request *request, const char *header) +{ + int code; + + code = http_parse_header(&request->header, header); + if (code != 0) + return code; + code = http_header_get_content_length(request->header, &request->content_length_set, &request->content_length); + if (code != 0) + return code; + + return 0; +} + +/* Parse a header and fill in any relevant fields in the response structure. */ +int http_response_parse_header(struct http_response *response, const char *header) +{ + int code; + + code = http_parse_header(&response->header, header); + if (code != 0) + return code; + code = http_header_get_content_length(response->header, &response->content_length_set, &response->content_length); + if (code != 0) + return code; + + return 0; +} + + +/* Returns the character pointer after the HTTP version, or s if there was a + parse error. */ +static const char *parse_http_version(const char *s, enum http_version *version) +{ + const char *PREFIX = "HTTP/"; + const char *p, *q; + long major, minor; + + *version = HTTP_UNKNOWN; + + p = s; + if (memcmp(p, PREFIX, strlen(PREFIX)) != 0) + return s; + p += strlen(PREFIX); + + /* Major version. */ + errno = 0; + major = parse_long(p, (char **) &q); + if (errno != 0 || q == p) + return s; + + p = q; + if (*p != '.') + return s; + p++; + + /* Minor version. */ + errno = 0; + minor = parse_long(p, (char **) &q); + if (errno != 0 || q == p) + return s; + + if (major == 1 && minor == 0) + *version = HTTP_10; + else if (major == 1 && minor == 1) + *version = HTTP_11; + + return q; +} + + + + + +int http_parse_request_line(const char *line, struct http_request *request) +{ + const char *p, *q; + struct uri *uri; + char *uri_s; + + http_request_init(request); + + p = line; + while (*p == ' ') + p++; + + /* Method (CONNECT, GET, etc.). */ + q = p; + while (is_token_char(*q)) + q++; + if (p == q) + goto badreq; + request->method = mkstr(p, q); + + /* URI. */ + p = q; + while (*p == ' ') + p++; + q = p; + while (*q != '\0' && *q != ' ') + q++; + if (p == q) + goto badreq; + uri_s = mkstr(p, q); + + /* RFC 2616, section 5.1.1: The method is case-sensitive. + RFC 2616, section 5.1.2: + Request-URI = "*" | absoluteURI | abs_path | authority + The absoluteURI form is REQUIRED when the request is being made to a + proxy... The authority form is only used by the CONNECT method. */ + if (strcmp(request->method, "CONNECT") == 0) { + uri = uri_parse_authority(&request->uri, uri_s); + } else { + uri = uri_parse(&request->uri, uri_s); + } + free(uri_s); + if (uri == NULL) + /* The URI parsing failed. */ + goto badreq; + + /* Version number. */ + p = q; + while (*p == ' ') + p++; + if (*p == '\0') { + /* No HTTP/X.X version number indicates version 0.9. */ + request->version = HTTP_09; + } else { + q = parse_http_version(p, &request->version); + if (p == q) + goto badreq; + } + + return 0; + +badreq: + http_request_free(request); + return 400; +} + + +int http_read_status_line(char *buf, int buflen, char **line, size_t *line_length) +{ + size_t count = 0; + + /* RFC 2616, section 6.1: "The first line of a Response message is the + Status-Line... No CR or LF is allowed except in the final CRLF sequence." + Contrast that with Request-Line, which allows leading blank lines. */ + // *line = socket_buffer_readline(buf, &n, MAX_STATUS_LINE_LENGTH); + + + char *newline = (char *) memchr(buf, '\n', buflen); + + if (newline == NULL) + return 400; + + count = newline + 1 - buf; + + if (count >= MAX_STATUS_LINE_LENGTH) { + /* Line exceeds our maximum length. */ + //free(line); + return 413; + } + + //line = (char *) safe_realloc(line, n + count + 1); + //memcpy(line + n, buf, count); + *line_length = count; + +#if 0 + // these checks are redundant now: + if (newline == NULL) { + if (count >= MAX_STATUS_LINE_LENGTH) + /* Request Entity Too Large. */ + return 413; + else + return 400; + } +#endif + + return 0; +} + + +/* Returns 0 on success and nonzero on failure. */ +int http_parse_status_line(const char *line, struct http_response *response) +{ + const char *p, *q; + + http_response_init(response); + + /* Version. */ + p = parse_http_version(line, &response->version); + if (p == line) + return -1; + while (*p == ' ') + p++; + + /* Status code. */ + errno = 0; + response->code = parse_long(p, (char **) &q); + if (errno != 0 || q == p) + return -1; + p = q; + + /* Reason phrase. */ + while (*p == ' ') + p++; + q = p; + while (!is_crlf(q)) + q++; + /* We expect that the CRLF ends the string. */ + if (*skip_crlf(q) != '\0') + return -1; + response->phrase = mkstr(p, q); + + return 0; +} + +/* This is a convenience wrapper around http_parse_status_line that only returns + the status code. Returns the status code on success or -1 on failure. */ +int http_parse_status_line_code(const char *line) +{ + struct http_response resp; + int code; + + if (http_parse_status_line(line, &resp) != 0) + return -1; + code = resp.code; + http_response_free(&resp); + + return code; +} + +static const char *http_read_challenge(const char *s, struct http_challenge *challenge) +{ + const char *p; + char *scheme; + + http_challenge_init(challenge); + + scheme = NULL; + s = read_token(s, &scheme); + if (s == NULL) + goto bail; + if (str_equal_i(scheme, "Basic")) { + challenge->scheme = AUTH_BASIC; + } else if (str_equal_i(scheme, "Digest")) { + challenge->scheme = AUTH_DIGEST; + } else { + challenge->scheme = AUTH_UNKNOWN; + } + free(scheme); + scheme = NULL; + + /* RFC 2617, section 1.2, requires at least one auth-param: + challenge = auth-scheme 1*SP 1#auth-param + But there are some schemes (NTLM and Negotiate) that can be without + auth-params, so we allow that here. A comma indicates the end of this + challenge and the beginning of the next (see the comment in the loop + below). */ + while (is_space_char(*s)) + s++; + if (*s == ',') { + s++; + while (is_space_char(*s)) + s++; + if (*s == '\0') + goto bail; + return s; + } + + while (*s != '\0') { + char *name, *value; + + p = read_token(s, &name); + if (p == NULL) + goto bail; + while (is_space_char(*p)) + p++; + /* It's possible that we've hit the end of one challenge and the + beginning of another. Section 14.33 says that the header value can be + 1#challenge, in other words several challenges separated by commas. + Because the auth-params are also separated by commas, the only way we + can tell is if we find a token not followed by an equals sign. */ + if (*p != '=') + break; + p++; + while (is_space_char(*p)) + p++; + p = read_token_or_quoted_string(p, &value); + if (p == NULL) { + free(name); + goto bail; + } + if (str_equal_i(name, "realm")) + challenge->realm = strdup(value); + else if (challenge->scheme == AUTH_DIGEST) { + if (str_equal_i(name, "nonce")) { + if (challenge->digest.nonce != NULL) + goto bail; + challenge->digest.nonce = strdup(value); + } else if (str_equal_i(name, "opaque")) { + if (challenge->digest.opaque != NULL) + goto bail; + challenge->digest.opaque = strdup(value); + } else if (str_equal_i(name, "algorithm")) { + if (str_equal_i(value, "MD5")) + challenge->digest.algorithm = ALGORITHM_MD5; + else + challenge->digest.algorithm = ALGORITHM_UNKNOWN; + } else if (str_equal_i(name, "qop")) { + char **tokens; + size_t n; + size_t i; + const char *tmp; + + tmp = read_token_list(value, &tokens, &n); + if (tmp == NULL) { + free(name); + free(value); + goto bail; + } + for (i = 0; i < n; i++) { + if (str_equal_i(tokens[i], "auth")) + challenge->digest.qop |= QOP_AUTH; + else if (str_equal_i(tokens[i], "auth-int")) + challenge->digest.qop |= QOP_AUTH_INT; + } + for (i = 0; i < n; i++) + free(tokens[i]); + free(tokens); + if (*tmp != '\0') { + free(name); + free(value); + goto bail; + } + } + } + free(name); + free(value); + while (is_space_char(*p)) + p++; + if (*p == ',') { + p++; + while (is_space_char(*p)) + p++; + if (*p == '\0') + goto bail; + } + s = p; + } + + return s; + +bail: + if (scheme != NULL) + free(scheme); + http_challenge_free(challenge); + + return NULL; +} + +static const char *http_read_credentials(const char *s, + struct http_credentials *credentials) +{ + const char *p; + char *scheme; + + credentials->scheme = AUTH_UNKNOWN; + + s = read_token(s, &scheme); + if (s == NULL) + return NULL; + if (str_equal_i(scheme, "Basic")) { + http_credentials_init_basic(credentials); + } else if (str_equal_i(scheme, "Digest")) { + http_credentials_init_digest(credentials); + } else { + free(scheme); + return NULL; + } + free(scheme); + + while (is_space_char(*s)) + s++; + if (credentials->scheme == AUTH_BASIC) { + p = s; + /* Read base64. */ + while (is_alpha_char(*p) || is_digit_char(*p) || *p == '+' || *p == '/' || *p == '=') + p++; + credentials->u.basic = mkstr(s, p); + while (is_space_char(*p)) + p++; + s = p; + } else if (credentials->scheme == AUTH_DIGEST) { + char *name, *value; + + while (*s != '\0') { + p = read_token(s, &name); + if (p == NULL) + goto bail; + while (is_space_char(*p)) + p++; + /* It's not legal to combine multiple Authorization or + Proxy-Authorization values. The productions are + "Authorization" ":" credentials (section 14.8) + "Proxy-Authorization" ":" credentials (section 14.34) + Contrast this with WWW-Authenticate and Proxy-Authenticate and + their handling in http_read_challenge. */ + if (*p != '=') + goto bail; + p++; + while (is_space_char(*p)) + p++; + p = read_token_or_quoted_string(p, &value); + if (p == NULL) { + free(name); + goto bail; + } + if (str_equal_i(name, "username")) { + if (credentials->u.digest.username != NULL) + goto bail; + credentials->u.digest.username = strdup(value); + } else if (str_equal_i(name, "realm")) { + if (credentials->u.digest.realm != NULL) + goto bail; + credentials->u.digest.realm = strdup(value); + } else if (str_equal_i(name, "nonce")) { + if (credentials->u.digest.nonce != NULL) + goto bail; + credentials->u.digest.nonce = strdup(value); + } else if (str_equal_i(name, "uri")) { + if (credentials->u.digest.uri != NULL) + goto bail; + credentials->u.digest.uri = strdup(value); + } else if (str_equal_i(name, "response")) { + if (credentials->u.digest.response != NULL) + goto bail; + credentials->u.digest.response = strdup(value); + } else if (str_equal_i(name, "algorithm")) { + if (str_equal_i(value, "MD5")) + credentials->u.digest.algorithm = ALGORITHM_MD5; + else + credentials->u.digest.algorithm = ALGORITHM_MD5; + } else if (str_equal_i(name, "qop")) { + if (str_equal_i(value, "auth")) + credentials->u.digest.qop = QOP_AUTH; + else if (str_equal_i(value, "auth-int")) + credentials->u.digest.qop = QOP_AUTH_INT; + else + credentials->u.digest.qop = QOP_NONE; + } else if (str_equal_i(name, "cnonce")) { + if (credentials->u.digest.cnonce != NULL) + goto bail; + credentials->u.digest.cnonce = strdup(value); + } else if (str_equal_i(name, "nc")) { + if (credentials->u.digest.nc != NULL) + goto bail; + credentials->u.digest.nc = strdup(value); + } + free(name); + free(value); + while (is_space_char(*p)) + p++; + if (*p == ',') { + p++; + while (is_space_char(*p)) + p++; + if (*p == '\0') + goto bail; + } + s = p; + } + } + + return s; + +bail: + http_credentials_free(credentials); + + return NULL; +} + +/* Is scheme a preferred over scheme b? We prefer Digest to Basic when Digest is + supported. */ +static int auth_scheme_is_better(enum http_auth_scheme a, + enum http_auth_scheme b) +{ +//#if HAVE_HTTP_DIGEST + if (b == AUTH_DIGEST) + return 0; + if (b == AUTH_BASIC) + return a == AUTH_DIGEST; + if (b == AUTH_UNKNOWN) + return a == AUTH_BASIC || a == AUTH_DIGEST; +//#else + if (b == AUTH_BASIC) + return 0; + if (b == AUTH_UNKNOWN) + return a == AUTH_BASIC; +//#endif + + return 0; +} + +struct http_challenge *http_header_get_proxy_challenge(const struct http_header *header, struct http_challenge *challenge) +{ + const struct http_header *p; + + http_challenge_init(challenge); + + p = NULL; + while ((p = http_header_next(header, p, "Proxy-Authenticate")) != NULL) { + const char *tmp; + + tmp = p->value; + while (*tmp != '\0') { + struct http_challenge tmp_info; + + tmp = http_read_challenge(tmp, &tmp_info); + if (tmp == NULL) { + http_challenge_free(challenge); + return NULL; + } + if (auth_scheme_is_better(tmp_info.scheme, challenge->scheme)) { + http_challenge_free(challenge); + *challenge = tmp_info; + } else { + http_challenge_free(&tmp_info); + } + } + } + + return challenge; +} + +struct http_credentials *http_header_get_proxy_credentials(const struct http_header *header, struct http_credentials *credentials) +{ + const struct http_header *p; + + credentials->scheme = AUTH_UNKNOWN; + + p = NULL; + while ((p = http_header_next(header, p, "Proxy-Authorization")) != NULL) { + const char *tmp; + + tmp = p->value; + while (*tmp != '\0') { + struct http_credentials tmp_info; + + tmp = http_read_credentials(tmp, &tmp_info); + if (tmp == NULL) { + http_credentials_free(credentials); + return NULL; + } + if (auth_scheme_is_better(tmp_info.scheme, credentials->scheme)) { + http_credentials_free(credentials); + *credentials = tmp_info; + } else { + http_credentials_free(&tmp_info); + } + } + } + + return credentials; +} + +void http_challenge_init(struct http_challenge *challenge) +{ + challenge->scheme = AUTH_UNKNOWN; + challenge->realm = NULL; + challenge->digest.nonce = NULL; + challenge->digest.opaque = NULL; + challenge->digest.algorithm = ALGORITHM_MD5; + challenge->digest.qop = 0; +} + +void http_challenge_free(struct http_challenge *challenge) +{ + free(challenge->realm); + if (challenge->scheme == AUTH_DIGEST) { + free(challenge->digest.nonce); + free(challenge->digest.opaque); + } +} + +void http_credentials_init_basic(struct http_credentials *credentials) +{ + credentials->scheme = AUTH_BASIC; + credentials->u.basic = NULL; +} + +void http_credentials_init_digest(struct http_credentials *credentials) +{ + credentials->scheme = AUTH_DIGEST; + credentials->u.digest.username = NULL; + credentials->u.digest.realm = NULL; + credentials->u.digest.nonce = NULL; + credentials->u.digest.uri = NULL; + credentials->u.digest.response = NULL; + credentials->u.digest.algorithm = ALGORITHM_MD5; + credentials->u.digest.qop = QOP_NONE; + credentials->u.digest.nc = NULL; + credentials->u.digest.cnonce = NULL; +} + +void http_credentials_free(struct http_credentials *credentials) +{ + if (credentials->scheme == AUTH_BASIC) { + free(credentials->u.basic); + } else if (credentials->scheme == AUTH_DIGEST) { + free(credentials->u.digest.username); + free(credentials->u.digest.realm); + free(credentials->u.digest.nonce); + free(credentials->u.digest.uri); + free(credentials->u.digest.response); + free(credentials->u.digest.nc); + free(credentials->u.digest.cnonce); + } +} + + +struct http_challenge *http_header_get_challenge(const struct http_header *header, struct http_challenge *challenge) +{ + const struct http_header *p; + + http_challenge_init(challenge); + + p = NULL; + while ((p = http_header_next(header, p, "WWW-Authenticate")) != NULL) { + const char *tmp; + + tmp = p->value; + while (*tmp != '\0') { + struct http_challenge tmp_info; + + tmp = http_read_challenge(tmp, &tmp_info); + if (tmp == NULL) { + http_challenge_free(challenge); + return NULL; + } + if (auth_scheme_is_better(tmp_info.scheme, challenge->scheme)) { + http_challenge_free(challenge); + *challenge = tmp_info; + } else { + http_challenge_free(&tmp_info); + } + } + } + + return challenge; +} + diff --git a/include/http.h b/include/http.h new file mode 100644 index 00000000..f49e757e --- /dev/null +++ b/include/http.h @@ -0,0 +1,279 @@ +/*************************************************************************** + * http.h * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef _HTTP_H +#define _HTTP_H + +#include "utils.h" + +#include +#include + + + +/* A broken-down URI as defined in RFC 3986, except that the query and fragment + parts are included in the path. */ +struct uri { + char *scheme; + char *host; + int port; + char *path; +}; + +void uri_init(struct uri *uri); + +void uri_free(struct uri *uri); + +struct uri *uri_parse(struct uri *uri, const char *uri_s); + +struct uri *uri_parse_authority(struct uri *uri, const char *authority); + +enum http_version { + HTTP_09, + HTTP_10, + HTTP_11, + HTTP_UNKNOWN, +}; + +struct http_header { + char *name; + char *value; + struct http_header *next; +}; + +struct http_request { + char *method; + struct uri uri; + enum http_version version; + struct http_header *header; + int content_length_set; + unsigned long content_length; + unsigned long bytes_transferred; +}; + +struct http_response { + enum http_version version; + int code; + char *phrase; + struct http_header *header; + int content_length_set; + unsigned long content_length; + unsigned long bytes_transferred; +}; + +int http_read_header(char *buf, int buflen, char **result); + + +void http_header_free(struct http_header *header); +char *http_header_get(const struct http_header *header, const char *name); +const struct http_header *http_header_next(const struct http_header *header, const struct http_header *p, const char *name); +char *http_header_get_first(const struct http_header *header, const char *name); +struct http_header *http_header_set(struct http_header *header, const char *name, const char *value); +struct http_header *http_header_remove(struct http_header *header, const char *name); +int http_header_remove_hop_by_hop(struct http_header **header); +char *http_header_to_string(const struct http_header *header, size_t *n); + +void http_request_init(struct http_request *request); +void http_request_free(struct http_request *request); +char *http_request_to_string(const struct http_request *request, size_t *n); + +void http_response_init(struct http_response *response); +void http_response_free(struct http_response *response); +char *http_response_to_string(const struct http_response *response, size_t *n); + +int http_parse_header(struct http_header **result, const char *header); +int http_request_parse_header(struct http_request *request, const char *header); +int http_response_parse_header(struct http_response *response, const char *header); + +int http_parse_request_line(const char *line, struct http_request *request); + +int http_read_status_line(char *buf, int buflen, char **line, size_t *line_length); +int http_parse_status_line(const char *line, struct http_response *response); +int http_parse_status_line_code(const char *line); + +enum http_auth_scheme { AUTH_UNKNOWN, AUTH_BASIC, AUTH_DIGEST }; +enum http_digest_algorithm { ALGORITHM_MD5, ALGORITHM_UNKNOWN }; +enum http_digest_qop { QOP_NONE = 0, QOP_AUTH = 1 << 0, QOP_AUTH_INT = 1 << 1 }; + +struct http_challenge { + enum http_auth_scheme scheme; + char *realm; + struct { + char *nonce; + char *opaque; + enum http_digest_algorithm algorithm; + /* A bit mask of supported qop values ("auth", "auth-int", etc.). */ + unsigned char qop; + } digest; +}; + +struct http_credentials { + enum http_auth_scheme scheme; + union { + char *basic; + struct { + char *username; + char *realm; + char *nonce; + char *uri; + char *response; + enum http_digest_algorithm algorithm; + enum http_digest_qop qop; + char *nc; + char *cnonce; + } digest; + } u; +}; + +void http_challenge_init(struct http_challenge *challenge); +void http_challenge_free(struct http_challenge *challenge); +struct http_challenge *http_header_get_proxy_challenge(const struct http_header *header, struct http_challenge *challenge); +struct http_challenge *http_header_get_challenge(const struct http_header *header, struct http_challenge *challenge); + +void http_credentials_init_basic(struct http_credentials *credentials); +void http_credentials_init_digest(struct http_credentials *credentials); +void http_credentials_free(struct http_credentials *credentials); +struct http_credentials *http_header_get_proxy_credentials(const struct http_header *header, struct http_credentials *credentials); + +#if HAVE_OPENSSL +/* Initialize the server secret used in generating nonces. */ +int http_digest_init_secret(void); +int http_digest_nonce_time(const char *nonce, struct timeval *tv); +/* Return a Proxy-Authenticate header. */ +char *http_digest_proxy_authenticate(const char *realm, int stale); +/* Return a Proxy-Authorization header answering the given challenge. */ +char *http_digest_proxy_authorization(const struct http_challenge *challenge, + const char *username, const char *password, + const char *method, const char *uri); +int http_digest_check_credentials(const char *username, const char *realm, + const char *password, const char *method, + const struct http_credentials *credentials); +#endif + +#endif diff --git a/include/http_digest.cc b/include/http_digest.cc new file mode 100644 index 00000000..7a58fa65 --- /dev/null +++ b/include/http_digest.cc @@ -0,0 +1,441 @@ +/*************************************************************************** + * http_digest.cc -- HTTP Digest authentication handling. * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id$ */ + +/* Nonces returned by make_nonce have the form + timestamp-MD5(secret:timestamp) + using representative values, this may look like + 1263929285.015273-a8e75fae174fc0e6a5df47bf9900beb6 + Sending a timestamp in the clear allows us to compute how long ago the nonce + was issued without local state. Including microseconds reduces the chance + that the same nonce will be issued for two different requests. When a nonce + is received from a client, the time is extracted and then the nonce is + recalculated locally to make sure they match. This is similar to the strategy + recommended in section 3.2.1 of RFC 2617. +*/ + + +#include "http.h" + +#ifndef WIN32 +#include +#endif + +#if HAVE_OPENSSL + #include + #include + +/* What's a good length for this? I think it exists only to prevent us from + hashing known plaintext from the server. */ +#define CNONCE_LENGTH 8 + +#define SECRET_LENGTH 16 + +static unsigned char secret[SECRET_LENGTH]; +static int secret_initialized = 0; + +static int append_quoted_string(char **buf, size_t *size, size_t *offset, const char *s) +{ + const char *t; + + strbuf_append_str(buf, size, offset, "\""); + for (;;) { + t = s; + while (!((*t >= 0 && *t <= 31) || *t == 127 || *t == '\\')) + t++; + strbuf_append(buf, size, offset, s, t - s); + if (*t == '\0') + break; + strbuf_sprintf(buf, size, offset, "\\%c", *t); + s = t + 1; + } + strbuf_append_str(buf, size, offset, "\""); + + return *size; +} + +/* n is the size of src. dest must have at least n * 2 + 1 allocated bytes. */ +static char *enhex(char *dest, const unsigned char *src, size_t n) +{ + unsigned int i; + + for (i = 0; i < n; i++) + Snprintf(dest + i * 2, 3, "%02x", src[i]); + + return dest; +} + +/* Initialize the server secret used in generating nonces. Return -1 on + failure. */ +int http_digest_init_secret(void) +{ + if (!RAND_status()) + return -1; + if (RAND_bytes(secret, sizeof(secret)) != 1) + return -1; + secret_initialized = 1; + + return 0; +} + +static char *make_nonce(const struct timeval *tv) +{ + char *buf = NULL; + size_t size = 0, offset = 0; + MD5_CTX md5; + unsigned char hashbuf[MD5_DIGEST_LENGTH]; + char hash_hex[MD5_DIGEST_LENGTH * 2 + 1]; + char time_buf[32]; + + /* Crash if someone forgot to call http_digest_init_secret. */ + if (!secret_initialized) + return NULL; + // bye("Server secret not initialized for Digest authentication. Call http_digest_init_secret."); + + Snprintf(time_buf, sizeof(time_buf), "%lu.%06lu", + (long unsigned) tv->tv_sec, (long unsigned) tv->tv_usec); + + MD5_Init(&md5); + MD5_Update(&md5, secret, sizeof(secret)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, time_buf, strlen(time_buf)); + MD5_Final(hashbuf, &md5); + enhex(hash_hex, hashbuf, sizeof(hashbuf)); + + strbuf_sprintf(&buf, &size, &offset, "%s-%s", time_buf, hash_hex); + + return buf; +} + +/* Arguments are assumed to be non-NULL, with the exception of nc and cnonce, + which may be garbage only if qop == QOP_NONE. */ +static void make_response(char buf[MD5_DIGEST_LENGTH * 2 + 1], + const char *username, const char *realm, const char *password, + const char *method, const char *uri, const char *nonce, + enum http_digest_qop qop, const char *nc, const char *cnonce) +{ + char HA1_hex[MD5_DIGEST_LENGTH * 2 + 1], HA2_hex[MD5_DIGEST_LENGTH * 2 + 1]; + unsigned char hashbuf[MD5_DIGEST_LENGTH]; + MD5_CTX md5; + + /* Calculate H(A1). */ + MD5_Init(&md5); + MD5_Update(&md5, username, strlen(username)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, realm, strlen(realm)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, password, strlen(password)); + MD5_Final(hashbuf, &md5); + enhex(HA1_hex, hashbuf, sizeof(hashbuf)); + + /* Calculate H(A2). */ + MD5_Init(&md5); + MD5_Update(&md5, method, strlen(method)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, uri, strlen(uri)); + MD5_Final(hashbuf, &md5); + enhex(HA2_hex, hashbuf, sizeof(hashbuf)); + + /* Calculate response. */ + MD5_Init(&md5); + MD5_Update(&md5, HA1_hex, strlen(HA1_hex)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, nonce, strlen(nonce)); + if (qop == QOP_AUTH) { + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, nc, strlen(nc)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, cnonce, strlen(cnonce)); + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, "auth", strlen("auth")); + } + MD5_Update(&md5, ":", 1); + MD5_Update(&md5, HA2_hex, strlen(HA2_hex)); + MD5_Final(hashbuf, &md5); + + enhex(buf, hashbuf, sizeof(hashbuf)); +} + +/* Extract the issuance time from a nonce (without checking other aspects of + validity. If the time can't be extracted, returns -1, 0 otherwise. */ +int http_digest_nonce_time(const char *nonce, struct timeval *tv) +{ + unsigned long sec, usec; + + if (sscanf(nonce, "%lu.%lu", &sec, &usec) != 2) + return -1; + + tv->tv_sec = sec; + tv->tv_usec = usec; + + return 0; +} + +char *http_digest_proxy_authenticate(const char *realm, int stale) +{ + char *buf = NULL; + size_t size = 0, offset = 0; + struct timeval tv; + char *nonce; + + if (gettimeofday(&tv, NULL) == -1) + return NULL; + + strbuf_append_str(&buf, &size, &offset, "Digest realm="); + append_quoted_string(&buf, &size, &offset, realm); + + nonce = make_nonce(&tv); + strbuf_append_str(&buf, &size, &offset, ", nonce="); + append_quoted_string(&buf, &size, &offset, nonce); + free(nonce); + strbuf_append_str(&buf, &size, &offset, ", qop=\"auth\""); + + if (stale) + strbuf_append_str(&buf, &size, &offset, ", stale=true"); + + return buf; +} + +char *http_digest_proxy_authorization(const struct http_challenge *challenge, + const char *username, const char *password, + const char *method, const char *uri) +{ + /* For now we authenticate successfully at most once, so we don't need a + varying client nonce count. */ + static const u32 nc = 0x00000001; + + char response_hex[MD5_DIGEST_LENGTH * 2 + 1]; + unsigned char cnonce[CNONCE_LENGTH]; + char cnonce_buf[CNONCE_LENGTH * 2 + 1]; + char nc_buf[8 + 1]; + char *buf = NULL; + size_t size = 0, offset = 0; + enum http_digest_qop qop; + + if (challenge->scheme != AUTH_DIGEST || challenge->realm == NULL + || challenge->digest.nonce == NULL + || challenge->digest.algorithm != ALGORITHM_MD5) + return NULL; + + if (challenge->digest.qop & QOP_AUTH) { + Snprintf(nc_buf, sizeof(nc_buf), "%08x", nc); + if (!RAND_status()) + return NULL; + if (RAND_bytes(cnonce, sizeof(cnonce)) != 1) + return NULL; + enhex(cnonce_buf, cnonce, sizeof(cnonce)); + qop = QOP_AUTH; + } else { + qop = QOP_NONE; + } + + strbuf_append_str(&buf, &size, &offset, " Digest"); + strbuf_append_str(&buf, &size, &offset, " username="); + append_quoted_string(&buf, &size, &offset, username); + strbuf_append_str(&buf, &size, &offset, ", realm="); + append_quoted_string(&buf, &size, &offset, challenge->realm); + strbuf_append_str(&buf, &size, &offset, ", nonce="); + append_quoted_string(&buf, &size, &offset, challenge->digest.nonce); + strbuf_append_str(&buf, &size, &offset, ", uri="); + append_quoted_string(&buf, &size, &offset, uri); + + if (qop == QOP_AUTH) { + strbuf_append_str(&buf, &size, &offset, ", qop=auth"); + strbuf_append_str(&buf, &size, &offset, ", cnonce="); + append_quoted_string(&buf, &size, &offset, cnonce_buf); + strbuf_sprintf(&buf, &size, &offset, ", nc=%s", nc_buf); + } + + make_response(response_hex, username, challenge->realm, password, + method, uri, challenge->digest.nonce, qop, nc_buf, cnonce_buf); + strbuf_append_str(&buf, &size, &offset, ", response="); + append_quoted_string(&buf, &size, &offset, response_hex); + + if (challenge->digest.opaque != NULL) { + strbuf_append_str(&buf, &size, &offset, ", opaque="); + append_quoted_string(&buf, &size, &offset, challenge->digest.opaque); + } + + strbuf_append_str(&buf, &size, &offset, ", algorithm=MD5"); + + strbuf_append_str(&buf, &size, &offset, "\r\n"); + + return buf; +} + +/* Check that a nonce is one that we issued, and that the response is what is + expected. This doesn't do any checking against the lifetime of the nonce. */ +int http_digest_check_credentials(const char *username, const char *realm, + const char *password, const char *method, + const struct http_credentials *credentials) +{ + char response_hex[MD5_DIGEST_LENGTH * 2 + 1]; + struct timeval tv; + char *nonce; + + if (credentials->scheme != AUTH_DIGEST + || credentials->u.digest.username == NULL + || credentials->u.digest.realm == NULL + || credentials->u.digest.nonce == NULL + || credentials->u.digest.uri == NULL + || credentials->u.digest.response == NULL) { + return 0; + } + if (credentials->u.digest.qop != QOP_NONE && credentials->u.digest.qop != QOP_AUTH) + return 0; + if (credentials->u.digest.qop == QOP_AUTH + && (credentials->u.digest.nc == NULL + || credentials->u.digest.cnonce == NULL)) { + return 0; + } + + if (strcmp(username, credentials->u.digest.username) != 0) + return 0; + if (strcmp(realm, credentials->u.digest.realm) != 0) + return 0; + + if (http_digest_nonce_time(credentials->u.digest.nonce, &tv) == -1) + return 0; + + nonce = make_nonce(&tv); + if (strcmp(nonce, credentials->u.digest.nonce) != 0) { + /* We could not have handed out this nonce. */ + free(nonce); + return 0; + } + free(nonce); + + make_response(response_hex, credentials->u.digest.username, realm, + password, method, credentials->u.digest.uri, + credentials->u.digest.nonce, credentials->u.digest.qop, + credentials->u.digest.nc, credentials->u.digest.cnonce); + + return strcmp(response_hex, credentials->u.digest.response) == 0; +} + +#endif diff --git a/include/ncrack.cc b/include/ncrack.cc new file mode 100644 index 00000000..0e7eeecc --- /dev/null +++ b/include/ncrack.cc @@ -0,0 +1,2686 @@ + +/*************************************************************************** + * ncrack.cc -- ncrack's core engine along with all nsock callback * + * handlers reside in here. Simple options' (not host or service-options * + * specification handling) parsing also happens in main() here. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "NcrackOps.h" +#include "utils.h" +#include "services.h" +#include "targets.h" +#include "TargetGroup.h" +#include "ServiceGroup.h" +#include "nsock.h" +#include "global_structures.h" +#include "NcrackOutputTable.h" +#include "modules.h" +#include "ncrack_error.h" +#include "output.h" +#include "ncrack_tty.h" +#include "ncrack_input.h" +#include "ncrack_resume.h" +#include "xml.h" +#include +#include + +#if HAVE_SIGNAL + #include +#endif + +#if HAVE_OPENSSL + #include +#endif + +#ifdef WIN32 + #include "winfix.h" +#endif + +#define DEFAULT_CONNECT_TIMEOUT 5000 +/* includes connect() + ssl negotiation */ +#define DEFAULT_CONNECT_SSL_TIMEOUT 8000 +#define DEFAULT_USERNAME_FILE "default.usr" +#define DEFAULT_PASSWORD_FILE "default.pwd" + +/* (in milliseconds) every such interval we poll for interactive user input */ +#define KEYPRESSED_INTERVAL 500 + +/* (in milliseconds) every such interval check for pending signals */ +#define SIGNAL_CHECK_INTERVAL 1000 + +#define SERVICE_TIMEDOUT "Service timed-out as specified by user option." + +extern NcrackOps o; +using namespace std; + +/* global lookup table for available services */ +vector ServicesTable; +/* global login and pass array */ +vector UserArray; +vector PassArray; +struct tm local_time; + +/* schedule additional connections */ +static void ncrack_probes(nsock_pool nsp, ServiceGroup *SG); +/* ncrack initialization */ +static int ncrack(ServiceGroup *SG); +/* Poll for interactive user input every time this timer is called. */ +static void status_timer_handler(nsock_pool nsp, nsock_event nse, + void *mydata); +static void signal_timer_handler(nsock_pool nsp, nsock_event nse, + void *mydata); + +/* module name demultiplexor */ +static void call_module(nsock_pool nsp, Connection* con); + +static void parse_login_list(char *const arg, int mode); +static void load_login_file(const char *filename, int mode); +enum mode { USER, PASS }; + + +static void print_usage(void); +static void lookup_init(const char *const filename); +static int file_readable(const char *pathname); +static int ncrack_fetchfile(char *filename_returned, int bufferlen, + const char *file, int useroption = 0); +static char *grab_next_host_spec(FILE *inputfd, int argc, char **argv); +static void startTimeOutClocks(ServiceGroup *SG); +static void sigcatch(int signo); +static void sigcheck(ServiceGroup *SG); +static int ncrack_main(int argc, char **argv); + + +static void +print_usage(void) +{ + log_write(LOG_STDOUT, "%s %s ( %s )\n" + "Usage: ncrack [Options] {target and service specification}\n" + "TARGET SPECIFICATION:\n" + " Can pass hostnames, IP addresses, networks, etc.\n" + " Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; " + "10.0.0-255.1-254\n" + " -iX : Input from Nmap's -oX XML output format\n" + " -iN : Input from Nmap's -oN Normal output format\n" + " -iL : Input from list of hosts/networks\n" + " --exclude : Exclude hosts/networks\n" + " --excludefile : Exclude list from file\n" + "SERVICE SPECIFICATION:\n" + " Can pass target specific services in ://target (standard) " + "notation or\n" + " using -p which will be applied to all hosts in non-standard " + "notation.\n" + " Service arguments can be specified to be host-specific, type of " + "service-specific\n" + " (-m) or global (-g). Ex: ssh://10.0.0.10,at=10,cl=30 -m ssh:at=50 " + "-g cd=3000\n" + " Ex2: ncrack -p ssh,ftp:3500,25 10.0.0.10 scanme.nmap.org " + "google.com:80,ssl\n" + " -p : services will be applied to all non-standard " + "notation hosts\n" + " -m :: options will be applied to all services " + "of this type\n" + " -g : options will be applied to every service globally\n" + " Misc options:\n" + " ssl: enable SSL over this service\n" + " path : used in modules like HTTP ('=' needs escaping if " + "used)\n" + " db : used in modules like MongoDB to specify the database\n" + " domain : used in modules like WinRM to specify the domain\n" + "TIMING AND PERFORMANCE:\n" + " Options which take */ + xml_newline(); + + if ((*li)->end.reason != NULL && !strncmp((*li)->end.reason, SERVICE_TIMEDOUT, sizeof(SERVICE_TIMEDOUT))) + save_state = true; + + if ((*li)->credentials_found.size() != 0) + print_service_output(*li); + + xml_end_tag(); /* */ + xml_newline(); + } + + /* Print final output information */ + print_final_output(SG); + log_flush_all(); + + /* If any service timed out, then save a .restore file */ + if (save_state) + ncrack_save(SG); + + /* Free all of the Targets */ + while(!Targets.empty()) { + currenths = Targets.back(); + delete currenths; + Targets.pop_back(); + } + delete SG; + + log_write(LOG_STDOUT, "\nNcrack finished.\n"); + exit(EXIT_SUCCESS); +} + + +/* Start the timeout clocks of any targets that aren't already timedout */ +static void +startTimeOutClocks(ServiceGroup *SG) +{ + struct timeval tv; + list::iterator li; + + gettimeofday(&tv, NULL); + for (li = SG->services_all.begin(); li != SG->services_all.end(); li++) { + if (!(*li)->timedOut(NULL)) + (*li)->startTimeOutClock(&tv); + } +} + + +/* + * It handles module endings + */ +void +ncrack_module_end(nsock_pool nsp, void *mydata) +{ + Connection *con = (Connection *) mydata; + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + Service *serv = con->service; + nsock_iod nsi = con->niod; + struct timeval now; + int pair_ret; + const char *hostinfo = serv->HostInfo(); + + con->login_attempts++; + con->auth_complete = true; + serv->total_attempts++; + serv->finished_attempts++; + + /* First check if the module reported that it can no longer continue to + * crack the assigned service, in which case we should place it in the + * finished services. + */ + if (serv->end.orly) { + if (o.debugging) { + if (serv->end.reason) { + chomp(serv->end.reason); + log_write(LOG_STDOUT, "%s will no longer be cracked because module " + "reported that:\n %s\n", hostinfo, serv->end.reason); + } else { + log_write(LOG_STDOUT, "%s will no longer be cracked. No reason was " + "reported from module.\n", hostinfo); + } + } + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + } + + if (con->auth_success) { + serv->addCredential(con->user, con->pass); + SG->credentials_found++; + + if (o.verbose) + log_write(LOG_PLAIN, "Discovered credentials on %s '%s' '%s'\n", + hostinfo, con->user, con->pass); + + /* Quit cracking service if '-f' has been specified. */ + if (o.finish == 1) { + + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + + } else if (o.finish > 1) { + /* Quit cracking every service if '-f -f' or greater has been + * specified. + */ + list ::iterator li; + for (li = SG->services_all.begin(); li != SG->services_all.end(); li++) { + SG->pushServiceToList(*li, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + } + /* Now quit nsock_loop */ + nsock_loop_quit(nsp); + return ncrack_connection_end(nsp, con); + } + + } else { + if (!serv->more_rounds) { + if (o.debugging > 6) { + if (!strcmp(serv->name, "redis")) + log_write(LOG_STDOUT, "%s (EID %li) Login failed: '%s'\n", + hostinfo, nsock_iod_id(con->niod), con->pass); + else + log_write(LOG_STDOUT, "%s (EID %li) Login failed: '%s' '%s'\n", + hostinfo, nsock_iod_id(con->niod), con->user, con->pass); + } + } else { + serv->appendToPool(con->user, con->pass); + } + } + + if (serv->just_started && !serv->more_rounds + && con->close_reason != MODULE_ERR) { + serv->supported_attempts++; + serv->auth_rate_meter.update(1, NULL); + } + + gettimeofday(&now, NULL); + if (!serv->just_started && !serv->more_rounds + && timeval_msec_subtract(now, serv->last_auth_rate.time) >= 500) { + double current_rate = serv->auth_rate_meter.getCurrentRate(); + if (o.debugging) + log_write(LOG_STDOUT, "%s last: %.2f current %.2f parallelism %ld\n", + hostinfo, serv->last_auth_rate.rate, current_rate, + serv->ideal_parallelism); + if (current_rate < serv->last_auth_rate.rate + 3) { + if (serv->ideal_parallelism + 3 < serv->max_connection_limit) + serv->ideal_parallelism += 3; + else + serv->ideal_parallelism = serv->max_connection_limit; + if (o.debugging) + log_write(LOG_STDOUT, "%s Increasing connection limit to: %ld\n", + hostinfo, serv->ideal_parallelism); + } + serv->last_auth_rate.time = now; + serv->last_auth_rate.rate = current_rate; + } + + /* If login pair was extracted from pool, permanently remove it from it. */ + if (con->from_pool && !serv->isMirrorPoolEmpty()) { + serv->removeFromPool(con->user, con->pass); + con->from_pool = false; + } + + if (serv->isMirrorPoolEmpty() && !serv->active_connections + && serv->getListFinishing()) { + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + } + + /* + * Check if we had previously surpassed imposed connection limit so that + * we remove service from 'services_full' list + */ + if (serv->getListFull() + && serv->active_connections < serv->ideal_parallelism) + SG->popServiceFromList(serv, &SG->services_full); + + /* Initiate new connections if service gets active again */ + if (serv->getListActive()) + ncrack_probes(nsp, SG); + + /* If module itself reported an error in the connection, then mark the flag + * auth_complete as false. + */ + if (con->close_reason == MODULE_ERR) + con->auth_complete = false; + + /* If module instructed to close the connection by force, then do so + * here. + */ + if (con->force_close) + return ncrack_connection_end(nsp, con); + + /* + * If we need to check whether peer is alive or not we do the following: + * Since there is no portable way to check if the peer has closed the + * connection or not (hence we are in CLOSE_WAIT state), issue a read call + * with a very small timeout and check if nsock timed out (host hasn't closed + * connection yet) or returned an EOF (host sent FIN making active close) + * Note, however that the connection might have already indicated that the + * peer is alive (for example telnetd sends the next login prompt along with + * the authentication results, denoting that it immediately expects another + * authentication attempt), so in that case we need to get the next login + * pair only and make no additional check. + */ + if (con->peer_alive) { + if ((!serv->auth_tries + || con->login_attempts < (unsigned long)serv->auth_tries) + && (pair_ret = serv->getNextPair(&con->user, &con->pass)) != -1) { + if (pair_ret == 1) + con->from_pool = true; + nsock_timer_create(nsp, ncrack_timer_handler, 0, con); + } else + return ncrack_connection_end(nsp, con); + } else { + /* + * We need to check if host is alive only on first timing + * probe. Thereafter we can use the 'supported_attempts'. + */ + if (serv->just_started && serv->more_rounds) { + ncrack_connection_end(nsp, con); + } else if (serv->just_started) { + con->check_closed = true; + nsock_read(nsp, nsi, ncrack_read_handler, 10, con); + } else if ((!serv->auth_tries + || con->login_attempts < (unsigned long)serv->auth_tries) + && con->login_attempts < serv->supported_attempts + && (pair_ret = serv->getNextPair(&con->user, &con->pass)) != -1) { + if (pair_ret == 1) + con->from_pool = true; + + + call_module(nsp, con); + } else { + /* We end the connection if: + * (we are not the first timing probe) AND + * (we are either at the server's imposed authentication limit OR + * we are at the user's imposed authentication limit) + */ + ncrack_connection_end(nsp, con); + } + } + return; +} + + +void +ncrack_connection_end(nsock_pool nsp, void *mydata) +{ + Connection *con = (Connection *) mydata; + Service *serv = con->service; + nsock_iod nsi = con->niod; + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + list ::iterator li; + const char *hostinfo = serv->HostInfo(); + unsigned long eid = nsock_iod_id(con->niod); + + + if (con->close_reason == CON_ERR) + SG->connections_timedout++; + + if (con->close_reason == READ_TIMEOUT) { + + if (!con->auth_complete) { + serv->appendToPool(con->user, con->pass); + } + + if (serv->getListPairfini()) + SG->popServiceFromList(serv, &SG->services_pairfini); + if (o.debugging) + error("%s (EID %li) nsock READ timeout!", hostinfo, eid); + + } else if (con->close_reason == READ_EOF || con->close_reason == MODULE_ERR) { + /* + * Check if we are on the point where peer might close at any moment + * (usually we set 'peer_might_close' after writing the password on the + * network and before issuing the next read call), so that this connection + * ending was actually expected. + */ + if (con->peer_might_close) { + /* If we are the first special timing probe, then increment the number of + * server-allowed authentication attempts per connection. + */ + if (serv->just_started) + serv->supported_attempts++; + + serv->total_attempts++; + serv->finished_attempts++; + + if (o.debugging > 6) + log_write(LOG_STDOUT, "%s (EID %li) Failed '%s' '%s'\n", hostinfo, eid, + con->user, con->pass); + + } else if (serv->more_rounds) { + /* We are still checking timing of the host, so don't do anything yet. */ + + } else if (!con->auth_complete) { + serv->appendToPool(con->user, con->pass); + if (serv->getListPairfini()) + SG->popServiceFromList(serv, &SG->services_pairfini); + + /* Now this is strange: peer closed on us in the middle of + * authentication. This shouldn't happen, unless extreme network + * conditions are happening! + */ + if (!serv->just_started + && con->login_attempts < serv->supported_attempts) { + if (o.debugging > 3) + error("%s (EID %li) closed on us in the middle of authentication!", hostinfo, eid); + SG->connections_closed++; + } + } + if (o.debugging > 5) + error("%s (EID %li) Connection closed by peer", hostinfo, eid); + } + con->close_reason = -1; + + + /* + * If we are not the first timing probe and the authentication wasn't + * completed (we double check that by seeing if we are inside the supported + * -by the server- threshold of authentication attempts per connection), then + * we take drastic action and drop the connection limit. + */ + if (!serv->just_started && !serv->more_rounds && !con->auth_complete + && !con->peer_might_close + && con->login_attempts < serv->supported_attempts) { + serv->total_attempts++; + // TODO:perhaps here we might want to differentiate between the two errors: + // timeout and premature close, giving a unique drop value to each + if (serv->ideal_parallelism - 5 >= serv->min_connection_limit) + serv->ideal_parallelism -= 5; + else + serv->ideal_parallelism = serv->min_connection_limit; + + if (o.debugging) + log_write(LOG_STDOUT, "%s (EID %li) Dropping connection limit due to connection " + "error to: %ld\n", hostinfo, eid, serv->ideal_parallelism); + } + + + /* + * If that was our first connection, then calculate initial ideal_parallelism + * (which was 1 previously) based on the box of min_connection_limit, + * max_connection_limit and a default desired parallelism for each timing + * template. + */ + if (serv->just_started == true && !serv->more_rounds) { + serv->just_started = false; + long desired_par = 1; + if (o.timing_level == 0) + desired_par = 1; + else if (o.timing_level == 1) + desired_par = 1; + else if (o.timing_level == 2) + desired_par = 4; + else if (o.timing_level == 3) + desired_par = 10; + else if (o.timing_level == 4) + desired_par = 30; + else if (o.timing_level == 5) + desired_par = 50; + + serv->ideal_parallelism = box(serv->min_connection_limit, + serv->max_connection_limit, desired_par); + } + + + for (li = serv->connections.begin(); li != serv->connections.end(); li++) { + if ((*li)->niod == nsi) + break; + } + if (li == serv->connections.end()) /* this shouldn't happen */ + fatal("%s: invalid niod!", __func__); + + SG->auth_rate_meter.update(con->login_attempts, NULL); + + nsock_iod_delete(nsi, NSOCK_PENDING_SILENT); + serv->connections.erase(li); + delete con; + + serv->active_connections--; + SG->active_connections--; + + + /* + * Check if we had previously surpassed imposed connection limit so that + * we remove service from 'services_full' list + */ + if (serv->getListFull() + && serv->active_connections < serv->ideal_parallelism) + SG->popServiceFromList(serv, &SG->services_full); + + + /* + * If linear stealthy mode is enabled, then mark the corresponding state as DONE + * since the connection just ended. If all connections from all services are done, + * then the next active connection can start. + */ + if (serv->getLinearState() == LINEAR_ACTIVE) { + serv->setLinearState(LINEAR_DONE); + serv->ideal_parallelism = 1; + } + + + /* + * If service was on 'services_finishing' (credential list finished, pool + * empty but still pending connections) then: + * - if new pairs arrived into pool, remove from 'services_finishing' + * - else if no more connections are pending, move to 'services_finished' + */ + if (serv->getListFinishing()) { + if (!serv->isMirrorPoolEmpty()) + SG->popServiceFromList(serv, &SG->services_finishing); + else if (!serv->active_connections) { + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + } + } + + if (o.debugging) + log_write(LOG_STDOUT, "%s (EID %li) Attempts: total %lu completed %lu supported %lu " + "--- rate %.2f \n", hostinfo, eid, serv->total_attempts, + serv->finished_attempts, serv->supported_attempts, + SG->auth_rate_meter.getCurrentRate()); + + /* Check if service finished for good. */ + if (serv->loginlist_fini && serv->isMirrorPoolEmpty() + && !serv->active_connections && !serv->getListFinished()) { + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + } + + + /* see if we can initiate some more connections */ + if (serv->getListActive()) + return ncrack_probes(nsp, SG); + + return; +} + + +void +ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + enum nse_status status = nse_status(nse); + enum nse_type type = nse_type(nse); + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + Connection *con = (Connection *) mydata; + Service *serv = con->service; + int pair_ret; + int nbytes; + int err; + char *str; + const char *hostinfo = serv->HostInfo(); + unsigned long eid = nsock_iod_id(con->niod); + + assert(type == NSE_TYPE_READ); + + + /* If service has already finished (probably due to the -f option), then + * cancel this event and return immediately. The same happens with the rest + * of the event handlers. + */ + if (serv->getListFinished()) { + nsock_event_cancel(nsp, nse_id(nse), 0); + return; + } + + if (serv->timedOut(NULL)) { + serv->end.reason = Strndup(SERVICE_TIMEDOUT, sizeof(SERVICE_TIMEDOUT)); + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + + } else if (status == NSE_STATUS_SUCCESS) { + + str = nse_readbuf(nse, &nbytes); + + if (con->inbuf == NULL) + con->inbuf = new Buf(); + + con->inbuf->append(str, nbytes); + + return call_module(nsp, con); + + } else if (status == NSE_STATUS_TIMEOUT) { + + /* First check if we are just making sure the host hasn't closed + * on us, and so we are still in ESTABLISHED state, instead of + * CLOSE_WAIT - we do this by issuing a read call with a tiny timeout. + * If we are still connected, then we can go on checking if we can make + * another authentication attempt in this particular connection. + */ + if (con->check_closed) { + /* Make another authentication attempt only if: + * 1. we hanen't surpassed the authentication limit per connection for + * this service + * 2. we still have enough login pairs from the pool + */ + if ((!serv->auth_tries + || con->login_attempts < (unsigned long)serv->auth_tries) + && (pair_ret = serv->getNextPair(&con->user, &con->pass)) != -1) { + if (pair_ret == 1) + con->from_pool = true; + return call_module(nsp, con); + } else { + con->close_reason = READ_EOF; + } + } else { + /* This is a normal timeout */ + con->close_reason = READ_TIMEOUT; + } + + } else if (status == NSE_STATUS_EOF) { + con->close_reason = READ_EOF; + + } else if (status == NSE_STATUS_ERROR || status == NSE_STATUS_PROXYERROR) { + + err = nse_errorcode(nse); + if (o.debugging > 2) + error("%s (EID %li) nsock READ error #%d (%s)", hostinfo, eid, err, strerror(err)); + serv->appendToPool(con->user, con->pass); + if (serv->getListPairfini()) + SG->popServiceFromList(serv, &SG->services_pairfini); + + } else if (status == NSE_STATUS_KILL) { + if (o.debugging > 2) + error("%s (EID %li) nsock READ nse_status_kill", hostinfo, eid); + + } else + if (o.debugging > 2) + error("%s (EID %li) WARNING: nsock READ unexpected status %d", hostinfo, + eid, (int) status); + + return ncrack_connection_end(nsp, con); +} + + + + +void +ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + enum nse_status status = nse_status(nse); + Connection *con = (Connection *) mydata; + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + Service *serv = con->service; + const char *hostinfo = serv->HostInfo(); + int err; + unsigned long eid = nsock_iod_id(con->niod); + + if (serv->getListFinished()) { + nsock_event_cancel(nsp, nse_id(nse), 0); + return; + } + + if (serv->timedOut(NULL)) { + serv->end.reason = Strndup(SERVICE_TIMEDOUT, sizeof(SERVICE_TIMEDOUT)); + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + + } else if (status == NSE_STATUS_SUCCESS) + call_module(nsp, con); + else if (status == NSE_STATUS_ERROR || status == NSE_STATUS_PROXYERROR) { + err = nse_errorcode(nse); + if (o.debugging > 2) + error("%s (EID %li) nsock WRITE error #%d (%s)", hostinfo, eid, err, strerror(err)); + } else if (status == NSE_STATUS_KILL) { + error("%s (EID %li) nsock WRITE nse_status_kill\n", hostinfo, eid); + } else + error("%s (EID %li) WARNING: nsock WRITE unexpected status %d", + hostinfo, eid, (int) (status)); + + return; +} + + +void +ncrack_timer_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + enum nse_status status = nse_status(nse); + Connection *con = (Connection *) mydata; + Service *serv = con->service; + const char *hostinfo = serv->HostInfo(); + + if (serv->getListFinished()) { + nsock_event_cancel(nsp, nse_id(nse), 0); + return; + } + + if (status == NSE_STATUS_SUCCESS) { + call_module(nsp, con); + } + else + error("%s nsock Timer handler error!", hostinfo); + + return; +} + + + + +void +ncrack_connect_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + nsock_iod nsi = nse_iod(nse); + enum nse_status status = nse_status(nse); + enum nse_type type = nse_type(nse); + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + Connection *con = (Connection *) mydata; + Service *serv = con->service; + const char *hostinfo = serv->HostInfo(); + int err; + unsigned long eid = nsock_iod_id(con->niod); + + assert(type == NSE_TYPE_CONNECT || type == NSE_TYPE_CONNECT_SSL); + + if (serv->getListFinished()) { + nsock_event_cancel(nsp, nse_id(nse), 0); + return; + } + + if (serv->timedOut(NULL)) { + serv->end.reason = Strndup(SERVICE_TIMEDOUT, sizeof(SERVICE_TIMEDOUT)); + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + return ncrack_connection_end(nsp, con); + + } else if (status == NSE_STATUS_SUCCESS) { + + serv->failed_connections = 0; + +#if HAVE_OPENSSL + // Snag our SSL_SESSION from the nsi for use in subsequent connections. + if (nsock_iod_check_ssl(nsi)) { + if (con->ssl_session) { + if (con->ssl_session == (SSL_SESSION *)(nsock_iod_get_ssl_session(nsi, 0))) { + //nada + } else { + SSL_SESSION_free((SSL_SESSION*)con->ssl_session); + con->ssl_session = (SSL_SESSION *)(nsock_iod_get_ssl_session(nsi, 1)); + } + } else { + con->ssl_session = (SSL_SESSION *)(nsock_iod_get_ssl_session(nsi, 1)); + } + } +#endif + + return call_module(nsp, con); + + } else if (status == NSE_STATUS_TIMEOUT || status == NSE_STATUS_ERROR + || status == NSE_STATUS_PROXYERROR) { + + /* This is not good. connect() really shouldn't generally be timing out. */ + if (o.debugging > 2) { + err = nse_errorcode(nse); + error("%s (EID %li) nsock CONNECT response with status %s error: %s", hostinfo, + eid, nse_status2str(status), strerror(err)); + } + serv->failed_connections++; + serv->appendToPool(con->user, con->pass); + + if (serv->failed_connections > serv->connection_retries) { + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished. Too many failed attemps. \n", hostinfo); + } + /* Failure of connecting on first attempt means we should probably drop + * the service for good. */ + if (serv->just_started) { + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + } + if (serv->getListPairfini()) + SG->popServiceFromList(serv, &SG->services_pairfini); + + con->close_reason = CON_ERR; + + } else if (status == NSE_STATUS_KILL) { + + if (o.debugging) + error("%s (EID %li) nsock CONNECT nse_status_kill", hostinfo, eid); + serv->appendToPool(con->user, con->pass); + if (serv->getListPairfini()) + SG->popServiceFromList(serv, &SG->services_pairfini); + + } else + error("%s (EID %li) WARNING: nsock CONNECT unexpected status %d", + hostinfo, eid, (int) status); + + return ncrack_connection_end(nsp, con); +} + + +/* + * Poll for interactive user input every time this timer is called. + */ +static void +status_timer_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + int key_ret; + enum nse_status status = nse_status(nse); + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + mydata = NULL; /* nothing in there */ + + key_ret = keyWasPressed(); + if (key_ret == KEYPRESS_STATUS) + printStatusMessage(SG); + else if (key_ret == KEYPRESS_CREDS) + print_creds(SG); + + if (status != NSE_STATUS_SUCCESS) { + /* Don't reschedule timer again, since nsp seems to have been + * deleted (NSE_STATUS_KILL sent) and we are done. */ + if (status == NSE_STATUS_KILL) + return; + else + error("Nsock status timer handler error: %s\n", nse_status2str(status)); + } + + /* Reschedule timer for the next polling. */ + nsock_timer_create(nsp, status_timer_handler, KEYPRESSED_INTERVAL, NULL); + +} + +static void +signal_timer_handler(nsock_pool nsp, nsock_event nse, void *mydata) +{ + enum nse_status status = nse_status(nse); + ServiceGroup *SG = (ServiceGroup *) nsock_pool_get_udata(nsp); + mydata = NULL; /* nothing in there */ + + if (status != NSE_STATUS_SUCCESS) { + /* Don't reschedule timer again, since nsp seems to have been + * deleted (NSE_STATUS_KILL sent) and we are done. */ + if (status == NSE_STATUS_KILL) { + sigcheck(SG); + return; + } + else + error("Nsock status timer handler error: %s\n", nse_status2str(status)); + } + + /* Reschedule timer for the next polling. */ + nsock_timer_create(nsp, signal_timer_handler, SIGNAL_CHECK_INTERVAL, NULL); + + /* Check for pending signals */ + sigcheck(SG); +} + + +static void +ncrack_probes(nsock_pool nsp, ServiceGroup *SG) +{ + Service *serv; + Connection *con; + struct sockaddr_storage ss; + size_t ss_len; + list ::iterator li; + struct timeval now; + int pair_ret; + char *login, *pass; + const char *hostinfo; + size_t i = 0; + + + /* First check for every service if connection_delay time has already + * passed since its last connection and move them back to 'services_active' + * list if it has. + */ + gettimeofday(&now, NULL); + for (li = SG->services_wait.begin(); li != SG->services_wait.end(); li++) { + if (timeval_msec_subtract(now, (*li)->last) + >= (long long)(*li)->connection_delay) { + li = SG->popServiceFromList(*li, &SG->services_wait); + } + } + + if (SG->last_accessed == SG->services_active.end()) { + li = SG->services_active.begin(); + } else { + li = SG->last_accessed++; + } + + + + while (SG->active_connections < SG->connection_limit + && SG->services_finished.size() != SG->total_services + && SG->services_active.size() != 0) { + + serv = *li; + hostinfo = serv->HostInfo(); + + if (serv->timedOut(NULL)) { + serv->end.reason = Strndup(SERVICE_TIMEDOUT, sizeof(SERVICE_TIMEDOUT)); + SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + goto next; + } + + /* + * If the service's last connection was earlier than 'connection_delay' + * milliseconds ago, then temporarily move service to 'services_wait' list + */ + gettimeofday(&now, NULL); + if (timeval_msec_subtract(now, serv->last) + < (long long)serv->connection_delay) { + li = SG->pushServiceToList(serv, &SG->services_wait); + goto next; + } + + + /* If the service's active connections surpass its imposed connection limit + * then don't initiate any more connections for it and also move service in + * the services_full list so that it won't be reaccessed in this loop. + */ + if (serv->active_connections >= serv->ideal_parallelism) { + li = SG->pushServiceToList(serv, &SG->services_full); + goto next; + } + + + /* + * To mark a service as completely finished, first make sure: + * a) that the username list has finished being iterated through once + * b) that the mirror pair pool, which holds temporary login pairs which + * are currently being used, is empty + * c) that no pending connections are left + * d) that the service hasn't already finished + */ + if (serv->loginlist_fini && serv->isMirrorPoolEmpty() + && !serv->getListFinished()) { + if (!serv->active_connections) { + li = SG->pushServiceToList(serv, &SG->services_finished); + if (o.verbose) + log_write(LOG_STDOUT, "%s finished.\n", hostinfo); + goto next; + } else { + li = SG->pushServiceToList(serv, &SG->services_finishing); + goto next; + } + } + + /* + * If the username list iteration has finished, then don't initiate another + * connection until our pair_pool has at least one element to grab another + * pair from. + */ + if (serv->loginlist_fini && serv->isPoolEmpty() + && !serv->isMirrorPoolEmpty()) { + li = SG->pushServiceToList(serv, &SG->services_pairfini); + goto next; + } + + if ((pair_ret = serv->getNextPair(&login, &pass)) == -1) + goto next; + + + /* + * If service belongs to list linear, then we have to wait until all others have + * first iterated. + */ + if ((serv->getLinearState() != LINEAR_INIT) + && (serv->getLinearState() == LINEAR_ACTIVE || SG->checkLinearPending() == true)) { + goto next; + } + + /* Schedule 1 connection for this service */ + con = new Connection(serv); + SG->connections_total++; + + if (o.stealthy_linear) { + serv->setLinearState(LINEAR_ACTIVE); + } + + if (pair_ret == 1) + con->from_pool = true; + con->user = login; + con->pass = pass; + + if ((con->niod = nsock_iod_new(nsp, serv)) == NULL) { + fatal("Failed to allocate Nsock I/O descriptor in %s()", __func__); + } + + if (o.debugging > 8) + log_write(LOG_STDOUT, "%s (EID %li) Initiating new Connection\n", hostinfo, nsock_iod_id(con->niod)); + + gettimeofday(&now, NULL); + serv->last = now; + serv->connections.push_back(con); + serv->active_connections++; + SG->active_connections++; + + serv->target->TargetSockAddr(&ss, &ss_len); + if (serv->proto == IPPROTO_TCP) { + if (!serv->ssl) { + if (o.proxychain && o.socks4a) { + if (!serv->target->targetname) + fatal("Socks4a requires a hostname. Use socks4 for IPv4."); + nsock_connect_tcp_socks4a(nsp, con->niod, ncrack_connect_handler, + DEFAULT_CONNECT_TIMEOUT, con, serv->target->targetname, + serv->portno); + } else { + nsock_connect_tcp(nsp, con->niod, ncrack_connect_handler, + DEFAULT_CONNECT_TIMEOUT, con, + (struct sockaddr *)&ss, ss_len, + serv->portno); + } + } else { + nsock_connect_ssl(nsp, con->niod, ncrack_connect_handler, + DEFAULT_CONNECT_SSL_TIMEOUT, con, + (struct sockaddr *) &ss, ss_len, serv->proto, + serv->portno, con->ssl_session); + } + } else { + assert(serv->proto == IPPROTO_UDP); + nsock_connect_udp(nsp, con->niod, ncrack_connect_handler, + serv, (struct sockaddr *) &ss, ss_len, + serv->portno); + } + +next: + + /* + * this will take care of the case where the state of the services_active list + * has been modified in the meantime by any pushToList or popFromList without + * saving the state to the current li iterator thus showing to a non-valid + * service + */ + if (SG->prev_modified != li) { + li = SG->services_active.end(); + } + + SG->last_accessed = li; + if (li == SG->services_active.end() || ++li == SG->services_active.end()) { + li = SG->services_active.begin(); + } + + + i++; + if (o.stealthy_linear && i == SG->services_all.size()) + return; + + } + + return; +} + + + +static int +ncrack(ServiceGroup *SG) +{ + /* nsock variables */ + struct timeval now; + enum nsock_loopstatus loopret; + list ::iterator li; + nsock_pool nsp; + int nsock_timeout = 3000; + int err; + + /* create nsock p00l */ + if (!(nsp = nsock_pool_new(SG))) + fatal("Can't create nsock pool."); + + if (o.proxychain) { + if (nsock_pool_set_proxychain(nsp, o.proxychain) == -1) + fatal("Unable to set proxychain for nsock pool"); + } + + gettimeofday(&now, NULL); + nsock_set_loglevel(o.nsock_loglevel); + +#if HAVE_OPENSSL + /* We don't care about connection security, so cast Haste */ + nsock_pool_ssl_init(nsp, NSOCK_SSL_MAX_SPEED); +#endif + + SG->findMinDelay(); + /* We have to set the nsock_loop timeout to the minimum of the connection + * delay, since we have to check every that time period for potential new + * connection initiations. If the minimum connection delay is 0 however, we + * don't need to do it, since that would make nsock_loop return immediately + * and consume a lot of CPU. + */ + if (SG->min_connection_delay != 0) + nsock_timeout = SG->min_connection_delay; + + /* Initiate time-out clocks */ + startTimeOutClocks(SG); + + /* initiate all authentication rate meters */ + SG->auth_rate_meter.start(); + for (li = SG->services_all.begin(); li != SG->services_all.end(); li++) + (*li)->auth_rate_meter.start(); + + /* + * Since nsock can delay between each event due to the targets being really + * slow, we need a way to make sure that we always poll for interactive user + * input regardless of the above case. Thus we schedule a special timer event + * that happens every KEYPRESSED_INTERVAL milliseconds and which reschedules + * itself every time its handler is called. + */ + nsock_timer_create(nsp, status_timer_handler, KEYPRESSED_INTERVAL, NULL); + + /* + * We do the same for checking pending signals every SIGNAL_CHECK_INTERVAL + */ + nsock_timer_create(nsp, signal_timer_handler, SIGNAL_CHECK_INTERVAL, NULL); + + ncrack_probes(nsp, SG); + + /* nsock loop */ + do { + + loopret = nsock_loop(nsp, nsock_timeout); + + if (loopret == NSOCK_LOOP_ERROR) { + err = nsock_pool_get_error(nsp); + fatal("Unexpected nsock_loop error. Error code %d (%s)", + err, strerror(err)); + } + + ncrack_probes(nsp, SG); + + } while (SG->services_finished.size() != SG->total_services); + + nsock_pool_delete(nsp); + + if (o.debugging > 4) + log_write(LOG_STDOUT, "nsock_loop returned %d\n", loopret); + + return 0; +} + diff --git a/include/ncrack.h b/include/ncrack.h new file mode 100644 index 00000000..545b7e86 --- /dev/null +++ b/include/ncrack.h @@ -0,0 +1,279 @@ + +/*************************************************************************** + * ncrack.h -- ncrack's core engine along with all nsock callback * + * handlers reside in here. Simple options' (not host or service-options * + * specification handling) parsing also happens in main() here. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef NCRACK_H +#define NCRACK_H 1 + +#ifndef NCRACK_VERSION +/* Edit this definition only within the quotes, because it is read from this + file by the makefiles. */ +#define NCRACK_VERSION "0.8" +#define NCRACK_NUM_VERSION "0.8.0.0" +#endif + +#define NCRACK_XMLOUTPUTVERSION "1.00" + + +#define NCRACK_NAME "Ncrack" +#define NCRACK_URL "http://ncrack.org" + +#ifdef WIN32 +#include "mswin32\winclude.h" +#endif + +#ifdef HAVE_CONFIG_H +#include "ncrack_config.h" +#else +#ifdef WIN32 +#include "ncrack_winconfig.h" +#endif /* WIN32 */ +#endif /* HAVE_CONFIG_H */ + +#include + //#include + +#if HAVE_UNISTD_H +#include +#endif + +#ifdef STDC_HEADERS +#include +#else + void *malloc(); + void *realloc(); +#endif + +#if STDC_HEADERS || HAVE_STRING_H +#include +#if !STDC_HEADERS && HAVE_MEMORY_H +#include +#endif +#endif +#if HAVE_STRINGS_H +#include +#endif + +#ifdef HAVE_BSTRING_H +#include +#endif + +#include +#include + +#ifndef WIN32 /* from nmapNT -- seems to work */ +#include +#endif /* !WIN32 */ + +#ifdef HAVE_SYS_PARAM_H +#include /* Defines MAXHOSTNAMELEN on BSD*/ +#endif + + + +#include + +#if HAVE_RPC_TYPES_H +#include +#endif + +#if HAVE_SYS_SOCKET_H +#include +#endif + +#include + +#if HAVE_NETINET_IN_H +#include +#endif + +#include + +#if HAVE_NETDB_H +#include +#endif + +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif + +#include +#include + +#ifdef HAVE_PWD_H +#include +#endif + + + +#if HAVE_ARPA_INET_H +#include +#endif + + /* Keep assert() defined for security reasons */ +#undef NDEBUG + +#include +#include + +#if HAVE_SYS_RESOURCE_H +#include +#endif + + +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 64 +#endif + + +#define MAXLINE 255 + +#include "global_structures.h" + +/* callback handlers */ +void ncrack_read_handler(nsock_pool nsp, nsock_event nse, void *mydata); +void ncrack_write_handler(nsock_pool nsp, nsock_event nse, void *mydata); +void ncrack_connect_handler(nsock_pool nsp, nsock_event nse, void *mydata); +void ncrack_timer_handler(nsock_pool nsp, nsock_event nse, void *mydata); + +/* module ending handler */ +void ncrack_module_end(nsock_pool nsp, void *mydata); +void ncrack_connection_end(nsock_pool nsp, void *mydata); + + +#endif diff --git a/include/ncrack_config.h.in b/include/ncrack_config.h.in new file mode 100644 index 00000000..0b5eea34 --- /dev/null +++ b/include/ncrack_config.h.in @@ -0,0 +1,100 @@ +/* ncrack_config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +#undef AC_APPLE_UNIVERSAL_BUILD + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* OpenSSL is available */ +#undef HAVE_OPENSSL + +/* Define to 1 if you have the header file. */ +#undef HAVE_PWD_H + +/* Define to 1 if you have the `signal' function. */ +#undef HAVE_SIGNAL + +/* struct sockaddr has sa_len member */ +#undef HAVE_SOCKADDR_SA_LEN + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the `strerror' function. */ +#undef HAVE_STRERROR + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SOCKIO_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_TERMIOS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* struct in_addr is a whacky huge structure */ +#undef IN_ADDR_DEEPSTRUCT + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +# undef WORDS_BIGENDIAN +# endif +#endif + +/* Use __FILE__ since __FUNCTION__ is not available */ +#undef __func__ + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +#undef inline +#endif + +/* Type of 6th argument to recvfrom() */ +#undef recvfrom6_t diff --git a/include/ncrack_error.cc b/include/ncrack_error.cc new file mode 100644 index 00000000..c81ef048 --- /dev/null +++ b/include/ncrack_error.cc @@ -0,0 +1,241 @@ + +/*************************************************************************** + * ncrack_error.cc -- Some simple error handling routines. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack_error.h" +#include "output.h" +#include "NcrackOps.h" + +extern NcrackOps o; + +#ifdef WIN32 +#include +#endif /* WIN32 */ + + +void fatal(const char *fmt, ...) { + va_list ap; + va_start(ap, fmt); + log_vwrite(LOG_STDERR, fmt, ap); + va_end(ap); + if (o.log_errors) { + va_start(ap, fmt); + log_vwrite(LOG_NORMAL, fmt, ap); + va_end(ap); + } + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, "\nQUITTING!\n"); + exit(1); +} + +void error(const char *fmt, ...) { + va_list ap; + + va_start(ap, fmt); + log_vwrite(LOG_STDERR, fmt, ap); + va_end(ap); + + if (o.log_errors) { + va_start(ap, fmt); + log_vwrite(LOG_NORMAL, fmt, ap); + va_end(ap); + } + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, "\n"); + return; +} + +void pfatal(const char *err, ...) { +#ifdef WIN32 + int lasterror =0; + char *errstr = NULL; +#endif + va_list ap; + + va_start(ap, err); + log_vwrite(LOG_STDERR, err, ap); + va_end(ap); + + if (o.log_errors) { + va_start(ap, err); + log_vwrite(LOG_NORMAL, err, ap); + va_end(ap); + } + +#ifdef WIN32 + lasterror = GetLastError(); + FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM, + NULL, lasterror, MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), + (LPTSTR) &errstr, 0, NULL); + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, ": %s (%d)\n", + errstr, lasterror); + HeapFree(GetProcessHeap(), 0, errstr); +#else + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, ": %s (%d)\n", + strerror(errno), errno); +#endif /* WIN32 perror() compatability switch */ + if (o.log_errors) log_flush(LOG_NORMAL); + fflush(stderr); + exit(1); +} + +/* This function is the Ncrack version of perror. It is just copy and + pasted from pfatal(), except the exit has been replaced with a + return. */ +void gh_perror(const char *err, ...) { +#ifdef WIN32 + int lasterror =0; + char *errstr = NULL; +#endif + va_list ap; + + va_start(ap, err); + log_vwrite(LOG_STDERR, err, ap); + va_end(ap); + + if (o.log_errors) { + va_start(ap, err); + log_vwrite(LOG_NORMAL, err, ap); + va_end(ap); + } + +#ifdef WIN32 + lasterror = GetLastError(); + FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM, + NULL, lasterror, MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), + (LPTSTR) &errstr, 0, NULL); + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, ": %s (%d)\n", + errstr, lasterror); + HeapFree(GetProcessHeap(), 0, errstr); +#else + log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, ": %s (%d)\n", + strerror(errno), errno); +#endif /* WIN32 perror() compatability switch */ + if (o.log_errors) log_flush(LOG_NORMAL); + fflush(stderr); + return; +} diff --git a/include/ncrack_error.h b/include/ncrack_error.h new file mode 100644 index 00000000..bc8aace2 --- /dev/null +++ b/include/ncrack_error.h @@ -0,0 +1,177 @@ + +/*************************************************************************** + * ncrack_error.h -- Some simple error handling routines. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: nmap_error.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef NCRACK_ERROR_H +#define NCRACK_ERROR_H + +#ifdef WIN32 +#include "mswin32\winclude.h" +#endif + +#ifdef HAVE_CONFIG_H +#include "ncrack_config.h" +#else +#ifdef WIN32 +#include "ncrack_winconfig.h" +#endif /* WIN32 */ +#endif /* HAVE_CONFIG_H */ + +#include + +#ifdef STDC_HEADERS +#include +#endif + +#include +#include + +#if HAVE_UNISTD_H +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +void fatal(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); +void error(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); +void pfatal(const char *err, ...) + __attribute__ ((format (printf, 1, 2))); +void gh_perror(const char *err, ...) + __attribute__ ((format (printf, 1, 2))); + +#ifdef __cplusplus +} +#endif + +#endif /* NCRACK_ERROR_H */ diff --git a/include/ncrack_input.cc b/include/ncrack_input.cc new file mode 100644 index 00000000..5de18384 --- /dev/null +++ b/include/ncrack_input.cc @@ -0,0 +1,619 @@ + +/*************************************************************************** + * ncrack_input.cc -- Functions for parsing input from Nmap. Support for * + * Nmap's -oX and -oN output formats. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "ncrack.h" +#include "utils.h" +#include "ncrack_input.h" +#include "services.h" + + +/* + * Responsible for parsing an Nmap XML output file (with the -oX option). + * Returns 0 for success and host_spec is set with a host-service specification + * in the form ://:. + * Returns -1 upon failure - which is usually when the EOF is reached. + * This function has to be called as many times as needed until it + * returns -1 to signify the end of parsing. + */ +int +xml_input(FILE *inputfd, char *host_spec) +{ + static bool begin = true; + int ch; + char buf[4096]; + static char ip[16]; + char portnum[7]; + char service_name[64]; + char cpe[4]; + char *dynamic_service_name; + + /* check if file is indeed in Nmap's XML output format */ + if (begin) { + + /* First check if this is an XML file */ + if (!fgets(buf, 15, inputfd)) + fatal("-iX XML checking fgets failure!\n"); + if (strncmp(buf, " section searching fgets failure!\n"); + + if (!strncmp(buf, "addres", 6)) { + /* Now get the rest of the line which is in the following format: + *
*/ + unsigned int i = 0; + while ((ch = getc(inputfd)) != EOF) { + if (ch == '>') + break; + if (i < sizeof(buf) / sizeof(char) - 1) + buf[i++] = (char) ch; + else + fatal("-iX possible buffer overflow!\n"); + } + if (i < 12) + fatal("-iX corrupted Nmap XML output file!\n"); + i--; + char *addr = NULL; + if (!(addr = memsearch(buf, "addr=", i))) + fatal("-iX corrupted Nmap XML output file!\n"); + /* Now point to the actual address string */ + addr += sizeof("addr="); + + /* Now find where the IP ends by finding the ending double quote */ + i = 0; + while (addr[i] != '"') + i++; + i++; + if (i > sizeof(ip)) + i = sizeof(ip); + Strncpy(ip, addr, i); + + } else if (!strncmp(buf, "runsta", 6)) { + /* We reached the end, so that's all folks. Get out. */ + return -1; + } + + } else { + /* Search for open ports, since we already have an address */ + + if (!fgets(buf, 7, inputfd)) + fatal("-iX section searching fgets failure!\n"); + + if (!strncmp(buf, "ports>", 6)) { + /* Now, depending on Nmap invokation we can have an extra section of + * "extraports" which we ignore */ + if (!fgets(buf, 12, inputfd)) + fatal("-iX section searching fgets failure!\n"); + if (!strncmp(buf, "" in a new line, so use that */ + while ((ch = getc(inputfd)) != EOF) { + if (ch == '<') { + if (!fgets(buf, 12, inputfd)) + fatal("-iX extraports fgets failure!\n"); + if (!strncmp(buf, "/extraports", 11)) + break; + } + } + } + } + if (memsearch(buf, "port ", strlen(buf))) { + /* We are inside a + */ + memset(buf, 0, sizeof(buf)); + + unsigned int port_section_length = 0; + unsigned int subsection = 0; + /* Since the ') { + subsection++; + if (subsection > 3) + break; + } + + /* Scanning with -A produces sections at the end of the port + * section in Nmap's XML output so if you find a cpe section, + * go to next port + */ + cpe[i++] = (char) ch; + if (i == 3) + i = 0; + if (!strncmp(cpe, "cpe", 3)) { + //printf("cpe\n"); + break; + } + + if (port_section_length < sizeof(buf) / sizeof(char) - 1) + buf[port_section_length++] = (char) ch; + else + fatal("-iX possible buffer overflow inside port parsing\n"); + } + if (port_section_length < 40) + fatal("-iX corrupted Nmap XML output file: too little length in " + " section\n"); + port_section_length--; + + char *p = NULL; + if (!(p = memsearch(buf, "portid=", port_section_length))) + fatal("-iX cannot find portid inside section!\n"); + p += sizeof("portid="); + + /* Now find where the port number ends by finding the double quote */ + unsigned int i = 0; + while (p[i] != '"') + i++; + i++; + if (i > sizeof(portnum)) + i = sizeof(portnum); + + Strncpy(portnum, p, i); + //printf("\nport: %s\n", portnum); + + /* Now make sure this port is in 'state=open' since we won't bother + * grabbing ports that are not open. */ + p = NULL; + if (!(p = memsearch(buf, "state=", port_section_length))) + fatal("-iX cannot find state inside section!\n"); + p += sizeof("state="); + + /* Port is open, so now grab the service name */ + if (!strncmp(p, "open", 4)) { + + p = NULL; + if (!(p = memsearch(buf, "name", port_section_length))) { + //fatal("-iX cannot find service 'name' inside section!\n"); + + /* No service name was found, so assume default association of port */ + dynamic_service_name = port2name(portnum); + Snprintf(host_spec, 1024, "%s://%s:%s", dynamic_service_name, ip, portnum); + if (dynamic_service_name) + free(dynamic_service_name); + + memset(ip, '\0', sizeof(ip)); + return 0; + } + p += sizeof("name="); + + i = 0; + while (p[i] != '"') + i++; + i++; + if (i > sizeof(service_name)) + i = sizeof(service_name); + + Strncpy(service_name, p, i); + //printf("\nservice_name: %s\n", service_name); + + /* Now we get everything we need: IP, service name and port so + * we can return them into host_spec + */ + Snprintf(host_spec, 1024, "%s://%s:%s", service_name, ip, portnum); + return 0; + } + + } else if (!strncmp(buf, "/ports", 6)) { + + /* We reached the end of the section, so we now need a new + * IP address - let the parser know that */ + memset(ip, '\0', sizeof(ip)); + + } else if (!strncmp(buf, "runsta", 6)) { + /* We reached the end, so that's all folks. Get out. */ + return -1; + } + + + } + + } + } + + return -1; +} + + +/* + * Responsible for parsing an Nmap Normal output file (with the -oN option) + * Returns 0 for success and host_spec is set with a host-service + * specification in the form ://:. + * Returns -1 upon failure - which is usually when the EOF is reached. + * This function has to be called as many times as needed until it + * returns -1 to signify the end of parsing. Each invokation will result in a + * different host_spec being set. + */ +int +normal_input(FILE *inputfd, char *host_spec) +{ + static bool begin = true; + int ch; + char buf[256]; + static char ip[16]; + char portnum[7]; + char service_name[64]; + static bool port_parsing = false; + static bool skip_over_newline = false; + char tmp[256]; + size_t i = 0; + + /* check if file is indeed in Nmap's Normal output format */ + if (begin) { + + if (!fgets(buf, 7, inputfd)) + fatal("-iN checking fgets failure!\n"); + if (strncmp(buf, "# Nmap", 6) && strncmp(buf, "Fetchf", 6)) + fatal("-iN file doesn't seem to be a Nmap -oN file!\n"); + + begin = false; + } + + memset(buf, 0, sizeof(buf)); + memset(tmp, 0, sizeof(tmp)); + + /* Ready to search for hosts and open ports */ + if (skip_over_newline) { + skip_over_newline = false; + goto start_over; + } + + while ((ch = getc(inputfd)) != EOF) { + + /* copy each ch to tmp buffer for referencing later */ + if (i < sizeof(tmp)) + tmp[i++] = ch; + + if (ch == '\n') { + +start_over: + /* Now get the open ports and services */ + if (!strncmp(tmp, "PORT", 4)) { + port_parsing = true; + } else { + port_parsing = false; + } + i = 0; /* reset tmp */ + memset(tmp, 0, sizeof(tmp)); + + + /* If you have already got an address from a previous invokation, then + * search only for open ports, else go look for a new IP */ + if (!strncmp(ip, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", sizeof(ip))) { + + /* Search for string "Nmap scan report" */ + if (!fgets(buf, 17, inputfd)) + fatal("-iN \"Nmap scan report\" section fgets failure!\n"); + + if (memsearch(buf, "map scan report", 16)) { + /* Now get the rest of the line which is in the following format: + * 'Nmap scan report for scanme.nmap.org (64.13.134.52):' + * OR + * 'Nmap scan report for 10.0.0.100:' + */ + + unsigned int line_length = 0; + while ((ch = getc(inputfd)) != EOF) { + if (line_length < sizeof(buf) / sizeof(char) - 1) + buf[line_length++] = (char) ch; + else + fatal("-iN possible buffer overflow!\n"); + if (ch == '\n') + break; + } + if (line_length < 10) + fatal("-iN corrupted Nmap -oN output file!\n"); + + if (line_length < sizeof(buf) / sizeof(char) - 1) + buf[line_length] = '\0'; + else + fatal("-iN possible buffer overflow!\n"); + + char *addr = NULL; + if (!(addr = memsearch(buf, "for", line_length))) + fatal("-iX corrupted Nmap -oN output file!\n"); + /* Now point to the actual address string */ + addr += sizeof("for"); + + /* Check if there is a hostname as well as an IP, in which case we + * need to grab the IP only */ + unsigned int i = 0; + char *p = NULL; + if ((p = memsearch(buf, "(", line_length))) { + addr = p + 1; + + while (addr[i] != ')') + i++; + i++; + + } else { + + while (addr[i] != '\n' && i < line_length) + i++; + i++; + } + + if (i > sizeof(ip)) + i = sizeof(ip); + Strncpy(ip, addr, i); + + //printf("ip: %s\n", ip); + + } else if (memsearch(buf, "map done", 16)) { + /* We reached the end of the file, so get out. */ + return -1; + } + + } else { + + + if (port_parsing) { + + memset(buf, '\0', sizeof(buf)); + + /* Now we need to get the port, so parse until you see a '/' which + * signifies the end of the por-number and the beginning of the + * protocol string (e.g tcp, udp) + */ + unsigned int port_length = 0; + while ((ch = getc(inputfd)) != EOF) { + /* If we get an alphanumeric character instead of a number, + * then it means we are on the next host, since we were expecting + * to see a port number. The alphanumeric character will usually + * correspond to the beginning of the "Nmap scan report" line. + */ + if (isalpha(ch)) { + port_parsing = false; + memset(ip, '\0', sizeof(ip)); + goto start_over; + } + if (ch == '/') + break; + if (port_length < sizeof(buf) / sizeof(char) - 1) + buf[port_length++] = (char) ch; + else + fatal("-iN possible buffer overflow!\n"); + + } + + port_length++; + if (port_length > sizeof(portnum) / sizeof(char)) + fatal("-iN port length invalid!\n"); + Strncpy(portnum, buf, port_length); + + //printf("port: %s\n", portnum); + + /* now parse the rest of the line */ + unsigned int line_length = 0; + while ((ch = getc(inputfd)) != EOF) { + if (ch == '\n') { + skip_over_newline = true; + break; + } + if (line_length < sizeof(buf) / sizeof(char) - 1) + buf[line_length++] = (char) ch; + else + fatal("-in possible buffer overflow while parsing port line.\n"); + } + + if (line_length > sizeof(buf) / sizeof(char) - 1) + fatal("-iN port-line length too big!\n"); + buf[line_length] = '\0'; + + /* Make sure port is open */ + char *p = NULL; + if ((p = memsearch(buf, "open", line_length))) { + + p += sizeof("open"); + /* Now find the service name */ + unsigned int i = 0; + while (p[i] == ' ' && i < line_length) + i++; + + p += i; + + i = 0; + while (p[i] != '\n' && p[i] != ' ') + i++; + i++; + if (i > sizeof(service_name)) + i = sizeof(service_name); + + Strncpy(service_name, p, i); + //printf("service_name: %s\n", service_name); + + /* Now we get everything we need: IP, service name and port so + * we can return them into host_spec + */ + Snprintf(host_spec, 1024, "%s://%s:%s", service_name, ip, portnum); + //printf("%s\n", host_spec); + return 0; + + } + + goto start_over; + + } + + } + + } + + + } + + return -1; + +} diff --git a/include/ncrack_input.h b/include/ncrack_input.h new file mode 100644 index 00000000..491a514c --- /dev/null +++ b/include/ncrack_input.h @@ -0,0 +1,157 @@ + +/*************************************************************************** + * ncrack_input.h -- Functions for parsing input from Nmap. Support for * + * Nmap's -oX and -oN output formats. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#ifndef NCRACK_INPUT_H +#define NCRACK_INPUT_H 1 + + +/* + * Responsible for parsing an Nmap XML output file (with the -oX option). + * Returns 0 for success and host_spec is set with a host-service specification + * in the form ://:. + * Returns -1 upon failure - which is usually when the EOF is reached. + * This function has to be called as many times as needed until it + * returns -1 to signify the end of parsing. Each invokation will result in a + * different host_spec being set. + */ +int xml_input(FILE *inputfd, char *host_spec); + +/* + * Responsible for parsing an Nmap Normal output file (with the -oN option) + * Returns 0 for success and host_spec is set with a host-service specification + * in the form ://:. + * Returns -1 upon failure - which is usually when the EOF is reached. + * This function has to be called as many times as needed until it + * returns -1 to signify the end of parsing. Each invokation will result in a + * different host_spec being set. + */ +int normal_input(FILE *inputfd, char *host_spec); + +#endif diff --git a/include/ncrack_resume.cc b/include/ncrack_resume.cc new file mode 100644 index 00000000..f27a042d --- /dev/null +++ b/include/ncrack_resume.cc @@ -0,0 +1,565 @@ + +/*************************************************************************** + * ncrack_resume.cc -- functions that implement the --resume option, which * + * needs to save the current state of Ncrack into a file and then recall * + * it. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#include "ncrack_resume.h" +#include "NcrackOps.h" + +#define BLANK_ENTRY "" + +extern NcrackOps o; + + +/* This function takes a command and the address of an uninitialized + char ** . It parses the command (by separating out whitespace) + into an argv[] style char **, which it sets the argv parameter to. + The function returns the number of items filled up in the array + (argc), or -1 in the case of an error. This function allocates + memory for argv and thus it must be freed -- use argv_parse_free() + for that. If arg_parse returns <1, then argv does not need to be freed. + The returned arrays are always terminated with a NULL pointer */ +int +arg_parse(const char *command, char ***argv) +{ + char **myargv = NULL; + int argc = 0; + char mycommand[4096]; + char *start, *end; + char oldend; + + *argv = NULL; + if (Strncpy(mycommand, command, 4096) == -1) { + return -1; + } + myargv = (char **) safe_malloc((MAX_PARSE_ARGS + 2) * sizeof(char *)); + memset(myargv, 0, (MAX_PARSE_ARGS+2) * sizeof(char *)); + myargv[0] = (char *) 0x123456; /* Integrity checker */ + myargv++; + start = mycommand; + while (start && *start) { + while (*start && isspace((int) (unsigned char) *start)) + start++; + if (*start == '"') { + start++; + end = strchr(start, '"'); + } else if (*start == '\'') { + start++; + end = strchr(start, '\''); + } else if (!*start) { + continue; + } else { + end = start+1; + while (*end && !isspace((int) (unsigned char) *end)) { + end++; + } + } + if (!end) { + arg_parse_free(myargv); + return -1; + } + if (argc >= MAX_PARSE_ARGS) { + arg_parse_free(myargv); + return -1; + } + oldend = *end; + *end = '\0'; + myargv[argc++] = strdup(start); + if (oldend) + start = end + 1; + else start = end; + } + myargv[argc+1] = 0; + *argv = myargv; + return argc; +} + +/* Free an argv allocated inside arg_parse */ +void +arg_parse_free(char **argv) +{ + char **current; + /* Integrity check */ + argv--; + assert(argv[0] == (char *) 0x123456); + current = argv + 1; + while (*current) { + free(*current); + current++; + } + free(argv); +} + + +int +ncrack_save(ServiceGroup *SG) +{ + FILE *outfile = NULL; + int argiter; + uint32_t magic = MAGIC_NUM; /* a bell that doesn't ring */ + list ::iterator li; + vector ::iterator vi; + uint32_t index = 0; + uint32_t credlist_size = 0; + struct passwd *pw; + int res, err; + time_t now; + struct tm local_time; + char path[MAXPATHLEN]; + char filename[MAXPATHLEN]; + bool cmd_user_pass = false; /* boolean used for handling the blank username/password + in the --user or --pass option */ + + + /* First find user home directory to save current session file + * in there (if he hasn't already specified his own filename, in which case + * we don't need to do all this work) + */ + if (!o.save_file) { + +#ifndef WIN32 + /* Unix systems -> use getpwuid of real or effective uid */ + pw = getpwuid(getuid()); + if (!pw && getuid() != geteuid()) + pw = getpwuid(geteuid()); + if (!pw) + fatal("%s: couldn't get current user's home directory to save restoration" + " file", __func__); + + res = Snprintf(path, sizeof(path), "%s/.ncrack", pw->pw_dir); + if (res < 0 || res > (int)sizeof(path)) + fatal("%s: possibly not enough buffer space for home path!\n", __func__); + +#else + /* Windows systems -> use the environmental variables */ + ExpandEnvironmentStrings("%userprofile%", path, sizeof(path)); + strncpy(&path[strlen(path)], "\\.ncrack", sizeof(path) - strlen(path)); + +#endif + + /* Check if /.ncrack directory exists and has proper permissions. + * If it doesn't exist, create it */ + if (access(path, F_OK)) { + /* dir doesn't exist, so mkdir it */ +#ifdef WIN32 + if (mkdir(path)) +#else + if (mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR)) +#endif + fatal("%s: can't create %s in user's home directory!\n", __func__, path); + } else { +#ifdef WIN32 + if (access(path, R_OK | W_OK)) +#else + if (access(path, R_OK | W_OK | X_OK)) +#endif + fatal("%s: %s doesn't have proper permissions!\n", __func__, path); + } + + } + + /* If user has specified a specific filename, then store saved state into + * that, rather than in the normal restore. format */ + if (!o.save_file) { + + /* Now create restoration file name based on the current date and time */ + Strncpy(filename, "restore.", 9); + + now = time(NULL); + err = n_localtime(&now, &local_time); + if (err) { + fatal("n_localtime failed: %s", strerror(err)); + } + + if (strftime(&filename[8], sizeof(filename), "%Y-%m-%d_%H-%M", &local_time) <= 0) + fatal("%s: Unable to properly format time", __func__); + + if (chdir(path) < 0) { + /* check for race condition */ + fatal("%s: unable to chdir to %s", __func__, path); + } + + } else { + + Strncpy(filename, o.save_file, sizeof(filename) - 1); + + } + + if (!(outfile = fopen(filename, "w"))) + fatal("%s: couldn't open file to save current state!\n", __func__); + + + /* First write magic number */ + if (fwrite(&magic, sizeof(magic), 1, outfile) != 1) + fatal("%s: couldn't write magic number to file!\n", __func__); + + /* Store the exact way Ncrack was invoked by writing the argv array */ + for (argiter = 0; argiter < o.saved_argc; argiter++) { + + /* Special handling in case the user has passed a blank password to either + * --user "" or --pass "" (or both). We are going to write a placeholder + * when saving this particular argument, so that the .restore file can be + * properly parsed in this case. + */ + if (cmd_user_pass + && (!strlen(o.saved_argv[argiter]) + || ((strlen(o.saved_argv[argiter]) == 1) + && !strncmp(o.saved_argv[argiter], ",", 1)))) { + /* If --user or --pass option argument is blank or a plain ",", then + * write BLANK_ENTRY magic keyword to indicate this special case */ + if (fwrite(BLANK_ENTRY, strlen(BLANK_ENTRY), 1, outfile) != 1) + fatal("%s: couldn't write %s to file!\n", __func__, BLANK_ENTRY); + cmd_user_pass = false; + } else { + if (fwrite(o.saved_argv[argiter], strlen(o.saved_argv[argiter]), 1, + outfile) != 1) + fatal("%s: couldn't write argv array to file!\n", __func__); + } + if (fwrite(" ", 1, 1, outfile) != 1) + fatal("%s: can't even write space!\n", __func__); + + if (cmd_user_pass) + cmd_user_pass = false; + + if (!strncmp(o.saved_argv[argiter], "--user", strlen(o.saved_argv[argiter])) + || !strncmp(o.saved_argv[argiter], "--pass", strlen(o.saved_argv[argiter]))) + cmd_user_pass = true; /* prepare for next iteration parsing */ + + } + + if (fwrite("\n", 1, 1, outfile) != 1) + fatal("%s: can't write newline!\n", __func__); + + /* Now iterate through all services and write for each of them: + * 1) the unique id + * 2) the username/password lists's iterators + * 3) any credentials found so far + */ + for (li = SG->services_all.begin(); li != SG->services_all.end(); li++) { + + /* First write the unique id */ + if (fwrite(&(*li)->uid, sizeof((*li)->uid), 1, outfile) != 1) + fatal("%s: couldn't write unique id to file!\n", __func__); + + //printf("---------id: %u-----------\n", (*li)->uid); + /* Write the list iterators but first convert them to 'indexes' of the + * vectors they are pointing to. Indexes are uint32_t which helps + * for portability, since it is a standard size of 32 bits everywhere. + */ + + index = (*li)->getUserlistIndex(); + if (fwrite(&index, sizeof(index), 1, outfile) != 1) + fatal("%s: couldn't write userlist index to file!\n", __func__); + + index = (*li)->getPasslistIndex(); + if (fwrite(&index, sizeof(index), 1, outfile) != 1) + fatal("%s: couldn't write passlist index to file!\n", __func__); + + + /* + * Now store any credentials found for this service. First store a 32bit + * number that denotes the number of credentials (pairs of + * username/password) that will follow. + */ + credlist_size = (*li)->credentials_found.size(); + if (fwrite(&credlist_size, sizeof(credlist_size), 1, outfile) != 1) + fatal("%s: couldn't write credential list size to file!\n", __func__); + + for (vi = (*li)->credentials_found.begin(); + vi != (*li)->credentials_found.end(); vi++) { + if (fwrite(vi->user, strlen(vi->user), 1, outfile) != 1) + fatal("%s: couldn't write credential username to file!\n", __func__); + if (fwrite("\0", 1, 1, outfile) != 1) + fatal("%s: couldn't even write \'\\0\' to file!\n", __func__); + if (fwrite(vi->pass, strlen(vi->pass), 1, outfile) != 1) + fatal("%s: couldn't write credential password to file!\n", __func__); + if (fwrite("\0", 1, 1, outfile) != 1) + fatal("%s: couldn't even write \'\\0\' to file!\n", __func__); + } + + } + + log_write(LOG_STDOUT, "Saved current session state at: "); + + if (!o.save_file) { + + log_write(LOG_STDOUT, "%s", path); +#ifdef WIN32 + log_write(LOG_STDOUT, "\\"); +#else + log_write(LOG_STDOUT, "/"); +#endif + + } + log_write(LOG_STDOUT, "%s\n", filename); + + fclose(outfile); + + return 0; +} + + +/* Reads in the special restore file that has everything Ncrack needs to know + * to resume the saved session. The important things it must gather are: + * 1) The command arguments + * 2) The unique id of each service + * 3) The username/password lists's indexes + * 4) Any credentials found so far + */ +int +ncrack_resume(char *fname, int *myargc, char ***myargv) +{ + char *filestr; + int filelen; + uint32_t magic, uid, cred_num; + struct saved_info tmp_info; + vector ::iterator vi; + char ncrack_arg_buffer[1024]; + char buf[1024]; + loginpair tmp_pair; + char *p, *q; /* I love C! Oh yes indeed. */ + + //memset(&tmp_info, 0, sizeof(tmp_info)); + + filestr = mmapfile(fname, &filelen, O_RDONLY); + if (!filestr) { + fatal("Could not mmap() %s read", fname); + } + + if (filelen < 20) { + fatal("Output file %s is too short -- no use resuming", fname); + } + + /* First check magic number */ + p = filestr; + memcpy(&magic, p, sizeof(magic)); + if (magic != MAGIC_NUM) + fatal("Corrupted log file %s . Magic number isn't correct. Are you sure " + "this is a Ncrack restore file?\n", fname); + + /* Now find the ncrack args */ + p += sizeof(magic); + + while (*p && !isspace((int) (unsigned char) *p)) + p++; + if (!*p) + fatal("Unable to parse supposed restore file %s . Sorry", fname); + p++; /* Skip the space between program name and first arg */ + if (*p == '\n' || !*p) + fatal("Unable to parse supposed restore file %s . Sorry", fname); + + q = strchr(p, '\n'); + if (!q || ((unsigned int) (q - p) >= sizeof(ncrack_arg_buffer) - 32)) + fatal("Unable to parse supposed restore file %s .", fname); + + strncpy(ncrack_arg_buffer, "ncrack ", 7); + if ((q-p) + 7 + 1 >= (int) sizeof(ncrack_arg_buffer)) + fatal("0verfl0w"); + memcpy(ncrack_arg_buffer + 7, p, q - p); + ncrack_arg_buffer[7 + q - p] = '\0'; + + *myargc = arg_parse(ncrack_arg_buffer, myargv); + if (*myargc == -1) { + fatal("Unable to parse supposed restore file %s . Sorry", fname); + } + + /* Now if there is a BLANK_ENTRY placeholder in the .restore file, just place + * '\0' over it, so that it seems as if the user had typed --user "" or + * --pass "". + */ + for (int i = 0; i < *myargc; i++) { + if (!strncmp(*(*myargv+i), BLANK_ENTRY, strlen(BLANK_ENTRY))) { + memset(*(*myargv+i), '\0', strlen(BLANK_ENTRY)); + } + } + + q++; + /* Now start reading in the services info. */ + while (q - filestr < filelen) { + + uid = (uint32_t)*q; + q += sizeof(uint32_t); + if (q - filestr >= filelen) + fatal("Corrupted file! Error 1\n"); + + memcpy(&tmp_info.user_index, q, sizeof(uint32_t)); + + q += sizeof(uint32_t); + if (q - filestr >= filelen) + fatal("Corrupted file! Error 2\n"); + + memcpy(&tmp_info.pass_index, q, sizeof(uint32_t)); + q += sizeof(uint32_t); + if (q - filestr >= filelen) + fatal("Corrupted file! Error 3\n"); + + memcpy(&cred_num, q, sizeof(uint32_t)); + q += sizeof(uint32_t); + if (cred_num > 0 && (q - filestr >= filelen)) + fatal("Corrupted file! Error 4\n"); + + uint32_t i; + size_t j; + bool user = true; + for (i = 0; i < cred_num * 2; i++) { + + j = 0; + buf[j++] = *q; + while (*q != '\0' && j < sizeof(buf)) { + q++; + if (q - filestr >= filelen) + fatal("Corrupted file! Error 5\n"); + buf[j++] = *q; + } + + q++; + + if (user) { + user = false; + tmp_pair.user = Strndup(buf, j - 1); + if (q - filestr >= filelen) + fatal("Corrupted file! Error 6\n"); + } else { + user = true; + tmp_pair.pass = Strndup(buf, j - 1); + tmp_info.credentials_found.push_back(tmp_pair); + if ((i != (cred_num * 2) - 1) && (q - filestr >= filelen)) + fatal("Corrupted file! Error 7\n"); + } + + } + + /* Now save the service info inside the map */ + o.resume_map[uid] = tmp_info; + } + + munmap(filestr, filelen); + return 0; +} + diff --git a/include/ncrack_resume.h b/include/ncrack_resume.h new file mode 100644 index 00000000..efe8217b --- /dev/null +++ b/include/ncrack_resume.h @@ -0,0 +1,174 @@ + +/*************************************************************************** + * ncrack_resume.h -- functions that implement the --resume option, which * + * needs to save the current state of Ncrack into a file and then recall * + * it. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#ifndef NCRACK_RESUME +#define NCRACK_RESUME 1 + +#include "ncrack.h" +#include "ncrack_error.h" +#include "utils.h" +#include "ServiceGroup.h" + +#ifdef WIN32 +#include +#endif + + +#define MAGIC_NUM 0xdeadbe11 /* a bell that doesn't ring */ +#define MAX_PARSE_ARGS 254 /* +1 for integrity checking + 1 for null term */ + + +/* This function takes a command and the address of an uninitialized + char ** . It parses the command (by separating out whitespace) + into an argv[] style char **, which it sets the argv parameter to. + The function returns the number of items filled up in the array + (argc), or -1 in the case of an error. This function allocates + memory for argv and thus it must be freed -- use argv_parse_free() + for that. If arg_parse returns <1, then argv does not need to be freed. + The returned arrays are always terminated with a NULL pointer */ +int arg_parse(const char *command, char ***argv); + +/* Free an argv allocated inside arg_parse */ +void arg_parse_free(char **argv); + +int ncrack_save(ServiceGroup *SG); + +/* Reads in the special restore file that has everything Ncrack needs to know + * to resume the saved session. The important things it must gather are: + * 1) The command arguments + * 2) The unique id of each service + * 3) The username/password lists's indexes + * 4) Any credentials found so far + */ +int ncrack_resume(char *fname, int *myargc, char ***myargv); + + +#endif diff --git a/include/ncrack_tty.cc b/include/ncrack_tty.cc new file mode 100644 index 00000000..268ddf0f --- /dev/null +++ b/include/ncrack_tty.cc @@ -0,0 +1,336 @@ +/*************************************************************************** + * ncrack_tty.cc -- Handles runtime interaction with Ncrack, so you can * + * increase verbosity/debugging or obtain a status line upon request. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#ifndef WIN32 +#include "ncrack_config.h" +#endif + +#include +#if HAVE_SYS_STAT_H +#include +#endif +#if HAVE_FCNTL_H +#include +#endif +#if HAVE_TERMIOS_H +#include +#endif +#if HAVE_UNISTD_H +#include +#endif +#include + +#include "ncrack_tty.h" +#include "utils.h" +#include "NcrackOps.h" + +extern NcrackOps o; + +#ifdef WIN32 +#include + +// Microsoft's runtime makes this fairly simple. :) +void tty_init() { return; } +static int tty_getchar() { return _kbhit() ? _getch() : -1; } +static void tty_done() { return; } + +static void tty_flush(void) +{ + static HANDLE stdinput = GetStdHandle(STD_INPUT_HANDLE); + + FlushConsoleInputBuffer(stdinput); +} + +#else +#if !defined(O_NONBLOCK) && defined(O_NDELAY) +#define O_NONBLOCK O_NDELAY +#endif + +#ifdef __CYGWIN32__ +#include +#include +#ifndef __CYGWIN__ +extern int tcgetattr(int fd, struct termios *termios_p); +extern int tcsetattr(int fd, int actions, struct termios *termios_p); +#endif +#endif + +static int tty_fd = 0; +static struct termios saved_ti; + +static int tty_getchar() +{ + int c, numChars; +#ifdef __CYGWIN32__ + fd_set set; + struct timeval tv; +#endif + + if (tty_fd && tcgetpgrp(tty_fd) == getpid()) { + + /* This is so that when the terminal has been disconnected, + * it will be reconnected when possible. If it slows things down, + * just remove it + */ + // tty_init(); + +#ifdef __CYGWIN32__ + FD_ZERO(&set); FD_SET(tty_fd, &set); + tv.tv_sec = 0; tv.tv_usec = 0; + if (select(tty_fd + 1, &set, NULL, NULL, &tv) <= 0) + return -1; +#endif + c = 0; + numChars = read(tty_fd, &c, 1); + if (numChars > 0) return c; + } + + return -1; +} + +static void tty_done() +{ + if (!tty_fd) return; + + tcsetattr(tty_fd, TCSANOW, &saved_ti); + + close(tty_fd); + tty_fd = 0; +} + +static void tty_flush(void) +{ + /* we don't need to test for tty_fd==0 here because + * this isn't called unless we succeeded + */ + + tcflush(tty_fd, TCIFLUSH); +} + +/* + * Initializes the terminal for unbuffered non-blocking input. Also + * registers tty_done() via atexit(). You need to call this before + * you ever call keyWasPressed(). + */ +void tty_init() +{ + struct termios ti; + + if (tty_fd) + return; + + if ((tty_fd = open("/dev/tty", O_RDONLY | O_NONBLOCK)) < 0) return; + +#ifndef __CYGWIN32__ + if (tcgetpgrp(tty_fd) != getpid()) { + close(tty_fd); return; + } +#endif + + tcgetattr(tty_fd, &ti); + saved_ti = ti; + ti.c_lflag &= ~(ICANON | ECHO); + ti.c_cc[VMIN] = 1; + ti.c_cc[VTIME] = 0; + tcsetattr(tty_fd, TCSANOW, &ti); + + atexit(tty_done); +} + +#endif //!win32 + +/* Catches all of the predefined + keypresses and interpret them, and it will also tell you if you + should print anything. A value of KEYPRESS_STATUS being returned means a + nonstandard key has been pressed and the calling method should + print a status message. A value of KEYPRESS_CREDS means that the + credentials found so far should be printed */ +int keyWasPressed() +{ + /* Where we keep the automatic stats printing schedule. */ + static struct timeval stats_time = { 0, 0 }; + int c; + + if ((c = tty_getchar()) >= 0) { + tty_flush(); /* flush input queue */ + + if (c == 'v') { + o.verbose++; + log_write(LOG_STDOUT, "Verbosity Increased to %d.\n", o.verbose); + } else if (c == 'V') { + if (o.verbose > 0) + o.verbose--; + log_write(LOG_STDOUT, "Verbosity Decreased to %d.\n", o.verbose); + } else if (c == 'd') { + o.debugging++; + log_write(LOG_STDOUT, "Debugging Increased to %d.\n", o.debugging); + } else if (c == 'D') { + if (o.debugging > 0) + o.debugging--; + log_write(LOG_STDOUT, "Debugging Decreased to %d.\n", o.debugging); + } else if (c == 'p' || c == 'P') { + return KEYPRESS_CREDS; + } else if (c == '?') { + log_write(LOG_STDOUT, + "Interactive keyboard commands:\n" + "? Display this information\n" + "v/V Increase/decrease verbosity\n" + "d/D Increase/decrease debugging\n" + "p/P Display found credentials\n" + "anything else Print status\n"); + } else { + return KEYPRESS_STATUS; + } + } + + /* Check if we need to print a status update according to the --stats-every + option. */ + if (o.stats_interval != 0.0) { + struct timeval now; + + gettimeofday(&now, NULL); + if (stats_time.tv_sec == 0) { + /* Initialize the scheduled stats time. */ + stats_time = *o.getStartTime(); + TIMEVAL_ADD(stats_time, stats_time, (time_t)(o.stats_interval * 1000000)); + } + + if (TIMEVAL_AFTER(now, stats_time)) { + /* Advance to the next print time. */ + TIMEVAL_ADD(stats_time, stats_time, (time_t)(o.stats_interval * 1000000)); + /* If it's still in the past, catch it up to the present. */ + if (TIMEVAL_AFTER(now, stats_time)) + stats_time = now; + /* Instruct the caller to print status too. */ + return KEYPRESS_STATUS; + } + } + + return 0; +} diff --git a/include/ncrack_tty.h b/include/ncrack_tty.h new file mode 100644 index 00000000..9fffaaa6 --- /dev/null +++ b/include/ncrack_tty.h @@ -0,0 +1,149 @@ +/*************************************************************************** + * ncrack_tty.h -- Handles runtime interaction with Ncrack, so you can * + * increase verbosity/debugging or obtain a status line upon request. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +#ifndef NCRACK_TTY +#define NCRACK_TTY 1 + +#define KEYPRESS_STATUS 1 +#define KEYPRESS_CREDS 2 + +/* + * Initializes the terminal for unbuffered non-blocking input. Also + * registers tty_done() via atexit(). You need to call this before + * you ever call keyWasPressed(). + */ +void tty_init(); + +/* Catches all of the predefined keypresses and interpret them, and it + will also tell you if you should print anything. A value of true + being returned means a nonstandard key has been pressed and the + calling method should print a status message */ +int keyWasPressed(); + +#endif diff --git a/include/ncrack_winconfig.h b/include/ncrack_winconfig.h new file mode 100644 index 00000000..5d509a8a --- /dev/null +++ b/include/ncrack_winconfig.h @@ -0,0 +1,17 @@ +#ifndef NCRACK_WINCONFIG_H +#define NCRACK_WINCONFIG_H +/* Without this, Windows will give us all sorts of crap about using functions + like strcpy() even if they are done safely */ +#define _CRT_SECURE_NO_DEPRECATE 1 + +#define NCRACK_NAME "Ncrack" +#define NCRACK_URL "http://ncrack.org" +#define NCRACK_PLATFORM "i686-pc-windows-windows" +#define NCRACKDATADIR "C:\\Program Files\\Ncrack" /* FIXME: I really need to make this dynamic */ + +#define HAVE_OPENSSL 1 +#define HAVE_SIGNAL 1 +/* Apparently __func__ isn't yet supported */ +#define __func__ __FUNCTION__ + +#endif /* NCRACK_WINCONFIG_H */ diff --git a/include/ntlmssp.cc b/include/ntlmssp.cc new file mode 100644 index 00000000..84c50818 --- /dev/null +++ b/include/ntlmssp.cc @@ -0,0 +1,666 @@ +/* -*- mode:c; tab-width:8; c-basic-offset:8; indent-tabs-mode:nil; -*- */ +/*************************************************************************** + * ntlmssp.cc -- ntlmssp auth method * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* + Proudly stolen and adapted from libsmb2 -- https://github.com/sahlberg/libsmb2 + - lazily converted original C code to C++ (mostly casted malloc) + - replaced custom crypto with openssl (hmac md5) + - replaced custom unicode conv to ncrack routine (unicode_alloc) + - replaced custom ntlmv1 routine to ncrack routine (ntlm_create_hash) + + Copyright (C) 2018 by Ronnie Sahlberg + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program; if not, see . +*/ +#include +#include +#include +#include +#include +#include +#ifndef WIN32 +#include +#endif +#include +#include +#include +#include "portable_endian.h" + +#include "ncrack.h" +#include "ntlmssp.h" + +#if HAVE_OPENSSL + +#include +#include +#include + + +#include "crypto.h" // ntlm_create_hash +#include "utils.h" // unicode_alloc + +#define SMB2_KEY_SIZE 16 + +struct auth_data { + unsigned char *buf; + size_t len; + size_t allocated; + + int neg_result; + unsigned char *ntlm_buf; + size_t ntlm_len; + + const char *user; + const char *password; + const char *domain; + const char *workstation; + const char *client_challenge; + + uint8_t exported_session_key[SMB2_KEY_SIZE]; + }; + +#define NEGOTIATE_MESSAGE 0x00000001 +#define CHALLENGE_MESSAGE 0x00000002 +#define AUTHENTICATION_MESSAGE 0x00000003 + +#define NTLMSSP_NEGOTIATE_56 0x80000000 +#define NTLMSSP_NEGOTIATE_128 0x20000000 +#define NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0x00080000 +#define NTLMSSP_TARGET_TYPE_SERVER 0x00020000 +#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000 +#define NTLMSSP_NEGOTIATE_NTLM 0x00000200 +#define NTLMSSP_NEGOTIATE_SIGN 0x00000010 +#define NTLMSSP_REQUEST_TARGET 0x00000004 +#define NTLMSSP_NEGOTIATE_OEM 0x00000002 +#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001 +#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 + +static uint64_t +timeval_to_win(struct timeval *tv) +{ + return ((uint64_t)tv->tv_sec * 10000000) + + 116444736000000000 + tv->tv_usec * 10; +} + +void +ntlmssp_destroy_context(struct auth_data *auth) +{ + free(auth->ntlm_buf); + free(auth->buf); + free(auth); +} + +struct auth_data * +ntlmssp_init_context(const char *user, + const char *password, + const char *domain, + const char *workstation, + const char *client_challenge) +{ + struct auth_data *auth_data = NULL; + + auth_data = (struct auth_data*)malloc(sizeof(struct auth_data)); + if (auth_data == NULL) { + return NULL; + } + memset(auth_data, 0, sizeof(struct auth_data)); + + auth_data->user = user; + auth_data->password = password; + auth_data->domain = domain; + auth_data->workstation = workstation; + auth_data->client_challenge = client_challenge; + + memset(auth_data->exported_session_key, 0, SMB2_KEY_SIZE); + + return auth_data; +} + +static int +encoder(const void *buffer, size_t size, void *ptr) +{ + struct auth_data *auth_data = (struct auth_data*)ptr; + + if (size + auth_data->len > auth_data->allocated) { + unsigned char *tmp = auth_data->buf; + + auth_data->allocated = 2 * ((size + auth_data->allocated + 256) & ~0xff); + auth_data->buf = (unsigned char*)malloc(auth_data->allocated); + if (auth_data->buf == NULL) { + free(tmp); + return -1; + } + memcpy(auth_data->buf, tmp, auth_data->len); + free(tmp); + } + + memcpy(auth_data->buf + auth_data->len, buffer, size); + auth_data->len += size; + + return 0; +} + +static int +ntlm_negotiate_message(struct auth_data *auth_data) +{ + unsigned char ntlm[32]; + uint32_t u32; + + memset(ntlm, 0, 32); + memcpy(ntlm, "NTLMSSP", 8); + + u32 = htole32(NEGOTIATE_MESSAGE); + memcpy(&ntlm[8], &u32, 4); + + u32 = htole32(NTLMSSP_NEGOTIATE_56|NTLMSSP_NEGOTIATE_128| + NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY| + //NTLMSSP_NEGOTIATE_ALWAYS_SIGN| + NTLMSSP_NEGOTIATE_NTLM| + //NTLMSSP_NEGOTIATE_SIGN| + NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_OEM| + NTLMSSP_NEGOTIATE_UNICODE); + memcpy(&ntlm[12], &u32, 4); + + if (encoder(&ntlm[0], 32, auth_data) < 0) { + return -1; + } + + return 0; +} + +static int +ntlm_challenge_message(struct auth_data *auth_data, unsigned char *buf, + int len) +{ + free(auth_data->ntlm_buf); + auth_data->ntlm_len = len; + auth_data->ntlm_buf = (unsigned char*)malloc(auth_data->ntlm_len); + if (auth_data->ntlm_buf == NULL) { + return -1; + } + memcpy(auth_data->ntlm_buf, buf, auth_data->ntlm_len); + + return 0; +} + +static int +NTOWFv2(const char *user, const char *password, const char *domain, + unsigned char ntlmv2_hash[16]) +{ + size_t i, len, userdomain_len; + char *userdomain; + char *ucs2_userdomain = NULL; + unsigned char ntlm_hash[16]; + + ntlm_create_hash(password, ntlm_hash); + + len = strlen(user) + 1; + if (domain) { + len += strlen(domain); + } + userdomain = (char*)malloc(len); + if (userdomain == NULL) { + return -1; + } + + strcpy(userdomain, user); + for (i = strlen(userdomain) - 1; i > 0; i--) { + if (islower(userdomain[i])) { + userdomain[i] = toupper(userdomain[i]); + } + } + if (domain) { + strcat(userdomain, domain); + } + + ucs2_userdomain = unicode_alloc(userdomain); + if (ucs2_userdomain == NULL) { + return -1; + } + + userdomain_len = strlen(userdomain); + HMAC(EVP_md5(), ntlm_hash, 16, + (unsigned char *)ucs2_userdomain, userdomain_len * 2, + ntlmv2_hash, NULL); + free(userdomain); + free(ucs2_userdomain); + + return 0; +} + +/* This is not the same temp as in MS-NLMP. This temp has an additional + * 16 bytes at the start of the buffer. + * Use &auth_data->val[16] if you want the temp from MS-NLMP + */ +static int +encode_temp(struct auth_data *auth_data, uint64_t t, char *client_challenge, + char *server_challenge, char *server_name, int server_name_len) +{ + unsigned char sign[8] = {0x01, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}; + unsigned char zero[8] = {0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}; + + if (encoder(&zero, 8, auth_data) < 0) { + return -1; + } + if (encoder(server_challenge, 8, auth_data) < 0) { + return -1; + } + if (encoder(sign, 8, auth_data) < 0) { + return -1; + } + if (encoder(&t, 8, auth_data) < 0) { + return -1; + } + if (encoder(client_challenge, 8, auth_data) < 0) { + return -1; + } + if (encoder(&zero, 4, auth_data) < 0) { + return -1; + } + if (encoder(server_name, server_name_len, auth_data) < 0) { + return -1; + } + if (encoder(&zero, 4, auth_data) < 0) { + return -1; + } + + return 0; +} + +static int +encode_ntlm_auth(struct auth_data *auth_data, + char *server_challenge) +{ + int ret = -1; + unsigned char lm_buf[16]; + unsigned char *NTChallengeResponse_buf = NULL; + unsigned char ResponseKeyNT[16]; + char *ucs2_domain = NULL; + int domain_len; + char *ucs2_user = NULL; + int user_len; + char *ucs2_workstation = NULL; + int workstation_len; + int NTChallengeResponse_len; + unsigned char NTProofStr[16]; + unsigned char LMStr[16]; + uint64_t t; + struct timeval tv; + char *server_name_buf; + int server_name_len; + uint32_t u32; + uint32_t server_neg_flags; + unsigned char key_exch[SMB2_KEY_SIZE]; + + tv.tv_sec = time(NULL); + tv.tv_usec = 0; + t = timeval_to_win(&tv); + + /* + if (auth_data->password == NULL) { + goto finished; + } + */ + + /* + * Generate Concatenation of(NTProofStr, temp) + */ + if (NTOWFv2(auth_data->user, auth_data->password, + auth_data->domain, ResponseKeyNT) + < 0) { + goto finished; + } + + /* get the server neg flags */ + memcpy(&server_neg_flags, &auth_data->ntlm_buf[20], 4); + server_neg_flags = le32toh(server_neg_flags); + + memcpy(&u32, &auth_data->ntlm_buf[40], 4); + u32 = le32toh(u32); + server_name_len = u32 >> 16; + + memcpy(&u32, &auth_data->ntlm_buf[44], 4); + u32 = le32toh(u32); + server_name_buf = (char *)&auth_data->ntlm_buf[u32]; + + if (encode_temp(auth_data, t, (char *)auth_data->client_challenge, + server_challenge, server_name_buf, + server_name_len) < 0) { + return -1; + } + + HMAC(EVP_md5(), ResponseKeyNT, 16, &auth_data->buf[8], auth_data->len-8, NTProofStr, NULL); + memcpy(auth_data->buf, NTProofStr, 16); + + NTChallengeResponse_buf = auth_data->buf; + NTChallengeResponse_len = auth_data->len; + auth_data->buf = NULL; + auth_data->len = 0; + auth_data->allocated = 0; + + /* get the NTLMv2 Key-Exchange Key + For NTLMv2 - Key Exchange Key is the Session Base Key + */ + HMAC(EVP_md5(), ResponseKeyNT, 16, NTProofStr, 16, key_exch, NULL); + memcpy(auth_data->exported_session_key, key_exch, 16); + + /* + * Generate AUTHENTICATE_MESSAGE + */ + encoder("NTLMSSP", 8, auth_data); + + /* message type */ + u32 = htole32(AUTHENTICATION_MESSAGE); + encoder(&u32, 4, auth_data); + + /* lm challenge response fields */ + memcpy(&lm_buf[0], server_challenge, 8); + memcpy(&lm_buf[8], auth_data->client_challenge, 8); + HMAC(EVP_md5(), ResponseKeyNT, 16, &lm_buf[0], 16, LMStr, NULL); + u32 = htole32(0x00180018); + encoder(&u32, 4, auth_data); + u32 = 0; + encoder(&u32, 4, auth_data); + + /* nt challenge response fields */ + u32 = htole32((NTChallengeResponse_len<<16)| + NTChallengeResponse_len); + encoder(&u32, 4, auth_data); + u32 = 0; + encoder(&u32, 4, auth_data); + + /* domain name fields */ + if (auth_data->domain) { + domain_len = strlen(auth_data->domain); + ucs2_domain = unicode_alloc(auth_data->domain); + if (ucs2_domain == NULL) { + goto finished; + } + u32 = domain_len * 2; + u32 = htole32((u32 << 16) | u32); + encoder(&u32, 4, auth_data); + u32 = 0; + encoder(&u32, 4, auth_data); + } else { + u32 = 0; + encoder(&u32, 4, auth_data); + encoder(&u32, 4, auth_data); + } + + /* user name fields */ + user_len = strlen(auth_data->user); + ucs2_user = unicode_alloc(auth_data->user); + if (ucs2_user == NULL) { + goto finished; + } + u32 = user_len * 2; + u32 = htole32((u32 << 16) | u32); + encoder(&u32, 4, auth_data); + u32 = 0; + encoder(&u32, 4, auth_data); + + /* workstation name fields */ + if (auth_data->workstation) { + workstation_len = strlen(auth_data->workstation); + ucs2_workstation = unicode_alloc(auth_data->workstation); + if (ucs2_workstation == NULL) { + goto finished; + } + u32 = workstation_len * 2; + u32 = htole32((u32 << 16) | u32); + encoder(&u32, 4, auth_data); + u32 = 0; + encoder(&u32, 4, auth_data); + } else { + u32 = 0; + encoder(&u32, 4, auth_data); + encoder(&u32, 4, auth_data); + } + + /* encrypted random session key */ + u32 = 0; + encoder(&u32, 4, auth_data); + encoder(&u32, 4, auth_data); + + /* negotiate flags */ + u32 = htole32(NTLMSSP_NEGOTIATE_56|NTLMSSP_NEGOTIATE_128| + NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY| + //NTLMSSP_NEGOTIATE_ALWAYS_SIGN| + NTLMSSP_NEGOTIATE_NTLM| + //NTLMSSP_NEGOTIATE_SIGN| + NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_OEM| + NTLMSSP_NEGOTIATE_UNICODE); + encoder(&u32, 4, auth_data); + + /* append domain */ + u32 = htole32(auth_data->len); + memcpy(&auth_data->buf[32], &u32, 4); + if (ucs2_domain) { + encoder(ucs2_domain, domain_len * 2, auth_data); + } + + /* append user */ + u32 = htole32(auth_data->len); + memcpy(&auth_data->buf[40], &u32, 4); + encoder(ucs2_user, user_len * 2, auth_data); + + /* append workstation */ + u32 = htole32(auth_data->len); + memcpy(&auth_data->buf[48], &u32, 4); + if (ucs2_workstation) { + encoder(ucs2_workstation, workstation_len * 2, auth_data); + } + + /* append LMChallengeResponse */ + u32 = htole32(auth_data->len); + memcpy(&auth_data->buf[16], &u32, 4); + encoder(LMStr, 16, auth_data); + encoder(auth_data->client_challenge, 8, auth_data); + + /* append NTChallengeResponse */ + u32 = htole32(auth_data->len); + memcpy(&auth_data->buf[24], &u32, 4); + encoder(NTChallengeResponse_buf, NTChallengeResponse_len, auth_data); + + ret = 0; +finished: + free(ucs2_domain); + free(ucs2_user); + free(ucs2_workstation); + free(NTChallengeResponse_buf); + + return ret; +} + +int +ntlmssp_generate_blob(struct auth_data *auth_data, + unsigned char *input_buf, int input_len, + unsigned char **output_buf, uint16_t *output_len) +{ + free(auth_data->buf); + auth_data->buf = NULL; + auth_data->len = 0; + auth_data->allocated = 0; + + if (input_buf == NULL) { + ntlm_negotiate_message(auth_data); + } else { + if (ntlm_challenge_message(auth_data, input_buf, + input_len) < 0) { + return -1; + } + if (encode_ntlm_auth(auth_data, + (char *)&auth_data->ntlm_buf[24]) < 0) { + return -1; + } + } + + *output_buf = auth_data->buf; + *output_len = auth_data->len; + + return 0; +} + +int +ntlmssp_get_session_key(struct auth_data *auth, + uint8_t **key, + uint8_t *key_size) +{ + uint8_t *mkey = NULL; + + if (auth == NULL || key == NULL || key_size == NULL) { + return -1; + } + + mkey = (uint8_t *) malloc(SMB2_KEY_SIZE); + if (mkey == NULL) { + return -1; + } + memcpy(mkey, auth->exported_session_key, SMB2_KEY_SIZE); + + *key = mkey; + *key_size = SMB2_KEY_SIZE; + + return 0; +} + +#endif /* if HAVE_OPENSSL */ diff --git a/include/ntlmssp.h b/include/ntlmssp.h new file mode 100644 index 00000000..a6998e37 --- /dev/null +++ b/include/ntlmssp.h @@ -0,0 +1,23 @@ +#ifndef NTLMSSP_H +#define NTLMSSP_H + +struct auth_data; + +struct auth_data * +ntlmssp_init_context(const char *user, + const char *password, + const char *domain, + const char *workstation, + const char *client_challenge); + +int +ntlmssp_generate_blob(struct auth_data *auth_data, + unsigned char *input_buf, int input_len, + unsigned char **output_buf, uint16_t *output_len); + +void +ntlmssp_destroy_context(struct auth_data *auth); + +int ntlmssp_get_session_key(struct auth_data *auth, uint8_t **key, uint8_t *key_size); + +#endif diff --git a/include/output.cc b/include/output.cc new file mode 100644 index 00000000..70e212b8 --- /dev/null +++ b/include/output.cc @@ -0,0 +1,555 @@ + +/*************************************************************************** + * output.cc -- Handles the Ncrack output system. This currently involves * + * console-style human readable output and XML output * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "output.h" +#include "NcrackOps.h" +#include "ncrack_error.h" +#include "xml.h" + +extern NcrackOps o; +static const char *logtypes[LOG_NUM_FILES]=LOG_NAMES; + + +void +memprint(const char *addr, size_t bytes) +{ + size_t i; + for (i = 0; i < bytes; i++) { + log_write(LOG_STDOUT, "%c", addr[i]); + } + fflush(stdout); +} + + + +/* Write some information (printf style args) to the given log stream(s). + Remember to watch out for format string bugs. */ +void +log_write(int logt, const char *fmt, ...) +{ + va_list ap; + assert(logt > 0); + + if (!fmt || !*fmt) + return; + + for (int l = 1; l <= LOG_MAX; l <<= 1) { + if (logt & l) { + va_start(ap, fmt); + log_vwrite(l, fmt, ap); + va_end(ap); + } + } + return; +} + + + +/* This is the workhorse of the logging functions. Usually it is + called through log_write(), but it can be called directly if you + are dealing with a vfprintf-style va_list. Unlike log_write, YOU + CAN ONLY CALL THIS WITH ONE LOG TYPE (not a bitmask full of them). + In addition, YOU MUST SANDWHICH EACH EXECUTION IF THIS CALL BETWEEN + va_start() AND va_end() calls. */ +void +log_vwrite(int logt, const char *fmt, va_list ap) { + static char *writebuf = NULL; + static int writebuflen = 8192; + int rc = 0; + int len; + int fileidx = 0; + int l; + va_list apcopy; + + + if (!writebuf) + writebuf = (char *) safe_malloc(writebuflen); + + + switch(logt) { + case LOG_STDOUT: + vfprintf(o.ncrack_stdout, fmt, ap); + break; + + case LOG_STDERR: + fflush(stdout); // Otherwise some systems will print stderr out of order + vfprintf(stderr, fmt, ap); + break; + + case LOG_NORMAL: + case LOG_XML: +#ifdef WIN32 + apcopy = ap; +#else + va_copy(apcopy, ap); /* Needed in case we need to do a second vsnprintf */ +#endif + l = logt; + fileidx = 0; + while ((l&1)==0) { fileidx++; l>>=1; } + assert(fileidx < LOG_NUM_FILES); + if (o.logfd[fileidx]) { + len = Vsnprintf(writebuf, writebuflen, fmt, ap); + if (len == 0) { + va_end(apcopy); + return; + } else if (len < 0 || len >= writebuflen) { + /* Didn't have enough space. Expand writebuf and try again */ + if (len >= writebuflen) { + writebuflen = len + 1024; + } else { + /* Windows seems to just give -1 rather than the amount of space we + would need. So lets just gulp up a huge amount in the hope it + will be enough */ + writebuflen *= 150; + } + writebuf = (char *) safe_realloc(writebuf, writebuflen); + len = Vsnprintf(writebuf, writebuflen, fmt, apcopy); + if (len <= 0 || len >= writebuflen) { + fatal("%s: vsnprintf failed. Even after increasing bufferlen " + "to %d, Vsnprintf returned %d (logt == %d). " + "Please email this message to fyodor@insecure.org.", + __func__, writebuflen, len, logt); + } + } + rc = fwrite(writebuf,len,1,o.logfd[fileidx]); + if (rc != 1) { + fatal("Failed to write %d bytes of data to (logt==%d) stream. " + "fwrite returned %d.", len, logt, rc); + } + va_end(apcopy); + } + break; + + default: + fatal("%s(): Passed unknown log type (%d). Note that this function, " + "unlike log_write, can only " + "handle one log type at a time (no bitmasks)", __func__, logt); + } + + return; +} + + +/* Close the given log stream(s) */ +void +log_close(int logt) +{ + int i; + if (logt<0 || logt>LOG_FILE_MASK) return; + for (i=0;logt;logt>>=1,i++) if (o.logfd[i] && (logt&1)) fclose(o.logfd[i]); +} + +/* Flush the given log stream(s). In other words, all buffered output + is written to the log immediately */ +void +log_flush(int logt) { + int i; + + if (logt & LOG_STDOUT) { + fflush(o.ncrack_stdout); + logt -= LOG_STDOUT; + } + + if (logt & LOG_STDERR) { + fflush(stderr); + logt -= LOG_STDERR; + } + + + if (logt<0 || logt>LOG_FILE_MASK) return; + + for (i=0;logt;logt>>=1,i++) + { + if (!o.logfd[i] || !(logt&1)) continue; + fflush(o.logfd[i]); + } + +} + +/* Flush every single log stream -- all buffered output is written to the + corresponding logs immediately */ +void +log_flush_all() { + int fileno; + + for(fileno = 0; fileno < LOG_NUM_FILES; fileno++) { + if (o.logfd[fileno]) fflush(o.logfd[fileno]); + } + fflush(stdout); + fflush(stderr); +} + + +/* Open a log descriptor of the type given to the filename given. If + o.append_output is nonzero, the file will be appended instead of clobbered if + it already exists. If the file does not exist, it will be created */ +int +log_open(int logt, char *filename) +{ + int i=0; + if (logt<=0 || logt>LOG_FILE_MASK) return -1; + while ((logt&1)==0) { i++; logt>>=1; } + if (o.logfd[i]) fatal("Only one %s output filename allowed",logtypes[i]); + if (*filename == '-' && *(filename + 1) == '\0') + { + o.logfd[i]=stdout; + o.ncrack_stdout = fopen(DEVNULL, "w"); + if (!o.ncrack_stdout) + fatal("Could not assign %s to stdout for writing", DEVNULL); + } + else + { + if (o.append_output) + o.logfd[i] = fopen(filename, "a"); + else + o.logfd[i] = fopen(filename, "w"); + if (!o.logfd[i]) + fatal("Failed to open %s output file %s for writing", logtypes[i], + filename); + } + return 1; +} + + +char * +logfilename(const char *str, struct tm *tm) +{ + char *ret, *end, *p; + char tbuf[10]; + int retlen = strlen(str) * 6 + 1; + + ret = (char *) safe_malloc(retlen); + end = ret + retlen; + + for (p = ret; *str; str++) { + if (*str == '%') { + str++; + + if (!*str) + break; + + switch (*str) { + case 'H': + strftime(tbuf, sizeof tbuf, "%H", tm); + break; + case 'M': + strftime(tbuf, sizeof tbuf, "%M", tm); + break; + case 'S': + strftime(tbuf, sizeof tbuf, "%S", tm); + break; + case 'T': + strftime(tbuf, sizeof tbuf, "%H%M%S", tm); + break; + case 'R': + strftime(tbuf, sizeof tbuf, "%H%M", tm); + break; + case 'm': + strftime(tbuf, sizeof tbuf, "%m", tm); + break; + case 'd': + strftime(tbuf, sizeof tbuf, "%d", tm); + break; + case 'y': + strftime(tbuf, sizeof tbuf, "%y", tm); + break; + case 'Y': + strftime(tbuf, sizeof tbuf, "%Y", tm); + break; + case 'D': + strftime(tbuf, sizeof tbuf, "%m%d%y", tm); + break; + default: + *p++ = *str; + continue; + } + + assert(end - p > 1); + Strncpy(p, tbuf, end - p - 1); + p += strlen(tbuf); + } else { + *p++ = *str; + } + } + + *p = 0; + + return (char *) safe_realloc(ret, strlen(ret) + 1); +} + + +static std::string quote(const char *s) { + std::string result(""); + const char *p; + bool space; + + space = false; + for (p = s; *p != '\0'; p++) { + if (isspace(*p)) + space = true; + if (*p == '"' || *p == '\\') + result += "\\"; + result += *p; + } + + if (space) + result = "\"" + result + "\""; + + return result; +} + + +/* Return a std::string containing all n strings separated by whitespace, and + individually quoted if needed. */ +std::string join_quoted(const char * const strings[], unsigned int n) { + std::string result(""); + unsigned int i; + + for (i = 0; i < n; i++) { + if (i > 0) + result += " "; + result += quote(strings[i]); + } + + return result; +} + + +/* prints current status */ +void +printStatusMessage(ServiceGroup *SG) +{ + struct timeval tv; + gettimeofday(&tv, NULL); + long long time = (long long) (o.TimeSinceStartMS(&tv) / 1000.0); + + log_write(LOG_STDOUT, + "Stats: %lld:%02lld:%02lld elapsed; %lu services completed " + "(%lu total)\n", + time/60/60, time/60 % 60, time % 60, + (long unsigned) SG->services_finished.size(), SG->total_services); + log_write(LOG_STDOUT, "Rate: %.2f; Found: %lu; ", + SG->auth_rate_meter.getCurrentRate(), SG->credentials_found); + SG->SPM->printStats(SG->getCompletionFraction(), &tv); + if (SG->credentials_found) + log_write(LOG_STDOUT, "(press 'p' to list discovered credentials)\n"); +} + + +/* Prints all credentials found so far */ +void +print_creds(ServiceGroup *SG) +{ + list ::iterator li; + + for (li = SG->services_all.begin(); li != SG->services_all.end(); li++) { + if ((*li)->credentials_found.size() != 0) + print_service_output(*li); + } +} + + +void +print_service_output(Service *serv) +{ + vector ::iterator vi; + const char *ip = serv->target->NameIP(); + + log_write(LOG_PLAIN, "Discovered credentials for %s on %s ", + serv->name, ip); + if (strncmp(serv->target->HostName(), "", 1)) + log_write(LOG_PLAIN, "(%s) ", serv->target->HostName()); + log_write(LOG_PLAIN, "%hu/%s:\n", serv->portno, proto2str(serv->proto)); + for (vi = serv->credentials_found.begin(); + vi != serv->credentials_found.end(); vi++) { + log_write(LOG_PLAIN, "%s %hu/%s %s: '%s' '%s'\n", + ip, serv->portno, proto2str(serv->proto), serv->name, + vi->user, vi->pass); + xml_open_start_tag("credentials"); + xml_attribute("username", "%s", vi->user); + xml_attribute("password", "%s", vi->pass); + xml_close_start_tag(); + xml_end_tag(); + xml_newline(); + } +} + + +void +print_final_output(ServiceGroup *SG) +{ + time_t now; + char mytime[128]; + long long whole_t = 0, dec_t = 0; + int err; + + /* Workaround for default rounding-up that is done when printing a .2f float. + * Previously with a variable e.g 20999, printf (".2f", var/1000.0) would + * show it as 21.00, something which isn't right. + */ + dec_t = whole_t = o.TimeSinceStartMS(NULL); + if (whole_t) + whole_t /= 1000; + dec_t %= 1000; + if (dec_t) + dec_t /= 10; + + now = time(NULL); + err = n_ctime(mytime, sizeof(mytime), &now); + if (err) { + fatal("n_ctime failed: %s", strerror(err)); + } + chomp(mytime); + + if (o.list_only) + log_write(LOG_STDOUT, "\nNcrack done: %lu %s would be scanned.\n", + SG->total_services, (SG->total_services == 1)? "service" : "services"); + else { + log_write(LOG_STDOUT, "\nNcrack done: %lu %s scanned in %lld.%02lld " + "seconds.\n", SG->total_services, (SG->total_services == 1)? "service" + : "services", whole_t, dec_t); + log_write(LOG_NORMAL, "\n# Ncrack done at %s -- %lu %s scanned in " + "%lld.%02lld seconds.\n", mytime, SG->total_services, + (SG->total_services == 1)? "service" : "services", whole_t, dec_t); + } + + + if (o.verbose) + log_write(LOG_PLAIN, "Probes sent: %lu | timed-out: %lu |" + " prematurely-closed: %lu\n", SG->connections_total, + SG->connections_timedout, SG->connections_closed); + + xml_end_tag(); /* ncrackrun */ + xml_newline(); + log_flush_all(); +} + + diff --git a/include/output.h b/include/output.h new file mode 100644 index 00000000..ab47d84d --- /dev/null +++ b/include/output.h @@ -0,0 +1,213 @@ + +/*************************************************************************** + * output.h -- Handles the Ncrack output system. This currently involves * + * console-style human readable output, XML output and greppable output. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef OUTPUT_H +#define OUTPUT_H + +#include +#include +#include +#include "ServiceGroup.h" + +#define LOG_NUM_FILES 2 /* # of values that actual files(they must come first)*/ +#define LOG_FILE_MASK 3 /* The mask for log typs in the file array */ +#define LOG_NORMAL 1 +#define LOG_XML 2 +#define LOG_STDOUT 1024 +#define LOG_STDERR 2048 +#define LOG_MAX LOG_STDERR /* The maximum log type value */ + +#define LOG_PLAIN LOG_NORMAL|LOG_STDOUT + +#define LOG_NAMES {"normal", "XML"} + +#define MAX_IPPROTOSTRLEN 4 +#define IPPROTO2STR(p) \ + ((p)==IPPROTO_TCP ? "tcp" : \ + (p)==IPPROTO_UDP ? "udp" : \ + (p)==IPPROTO_SCTP ? "sctp" : \ + "n/a") +#define IPPROTO2STR_UC(p) \ + ((p)==IPPROTO_TCP ? "TCP" : \ + (p)==IPPROTO_UDP ? "UDP" : \ + (p)==IPPROTO_SCTP ? "SCTP" : \ + "N/A") + + +void memprint(const char *addr, size_t bytes); + +/* Write some information (printf style args) to the given log stream(s). + Remember to watch out for format string bugs. */ +void log_write(int logt, const char *fmt, ...) + __attribute__ ((format (printf, 2, 3))); + +/* This is the workhorse of the logging functions. Usually it is + called through log_write(), but it can be called directly if you + are dealing with a vfprintf-style va_list. Unlike log_write, YOU + CAN ONLY CALL THIS WITH ONE LOG TYPE (not a bitmask full of them). + In addition, YOU MUST SANDWHICH EACH EXECUTION IF THIS CALL BETWEEN + va_start() AND va_end() calls. */ +void log_vwrite(int logt, const char *fmt, va_list ap); + +/* Close the given log stream(s) */ +void log_close(int logt); + +/* Flush the given log stream(s). In other words, all buffered output + is written to the log immediately */ +void log_flush(int logt); + +/* Flush every single log stream -- all buffered output is written to the + corresponding logs immediately */ +void log_flush_all(); + +/* Open a log descriptor of the type given to the filename given. If + o.append_output is nonzero, the file will be appended instead of clobbered if + it already exists. If the file does not exist, it will be created */ +int log_open(int logt, char *filename); + +char *logfilename(const char *str, struct tm *tm); + +/* Return a std::string containing all n strings separated by whitespace, and + individually quoted if needed. */ +std::string join_quoted(const char * const strings[], unsigned int n); + +/* prints current status */ +void printStatusMessage(ServiceGroup *SG); + +/* Prints all credentials found so far */ +void print_creds(ServiceGroup *SG); + +void print_final_output(ServiceGroup *SG); + +void print_service_output(Service *serv); + + +#endif /* OUTPUT_H */ diff --git a/include/portable_endian.h b/include/portable_endian.h new file mode 100644 index 00000000..8434faff --- /dev/null +++ b/include/portable_endian.h @@ -0,0 +1,207 @@ + + +#ifndef PORTABLE_ENDIAN_H__ +#define PORTABLE_ENDIAN_H__ + +#if (defined(_WIN16) || defined(_WIN32) || defined(_WIN64)) && !defined(__WINDOWS__) + +# define __WINDOWS__ + +#endif + +#if defined(__linux__) || defined(__CYGWIN__) +/* Define necessary macros for the header to expose all fields. */ +# define _BSD_SOURCE +# define __USE_BSD +//# define _DEFAULT_SOURCE +# include +# include +/* See http://linux.die.net/man/3/endian */ +# if !defined(__GLIBC__) || !defined(__GLIBC_MINOR__) || ((__GLIBC__ < 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ < 9))) +# include +# if defined(__BYTE_ORDER) && (__BYTE_ORDER == __LITTLE_ENDIAN) +# if !defined(htobe16) +# define htobe16(x) htons(x) +# endif +# if !defined(htole16) +# define htole16(x) (x) +# endif +# if !defined(be16toh) +# define be16toh(x) ntohs(x) +# endif +# if !defined(le16toh) +# define le16toh(x) (x) +# endif +# if !defined(htobe32) +# define htobe32(x) htonl(x) +# endif +# if !defined(htole32) +# define htole32(x) (x) +# endif +# if !defined(be32toh) +# define be32toh(x) ntohl(x) +# endif +# if !defined(le32toh) +# define le32toh(x) (x) +# endif + +# if !defined(htobe64) +# define htobe64(x) (((uint64_t)htonl(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)htonl(((uint32_t)(x)))) << 32)) +# endif +# if !defined(htole64) +# define htole64(x) (x) +# endif +# if !defined(be64toh) +# define be64toh(x) (((uint64_t)ntohl(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)ntohl(((uint32_t)(x)))) << 32)) +# endif +# if !defined(le64toh) +# define le64toh(x) (x) +# endif + +# elif defined(__BYTE_ORDER) && (__BYTE_ORDER == __BIG_ENDIAN) +# if !defined(htobe16) +# define htobe16(x) (x) +# endif +# if !defined(htole16) +# define htole16(x) ((((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) +# endif +# if !defined(be16toh) +# define be16toh(x) (x) +# endif +# if !defined(le16toh) +# define le16toh(x) ((((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) +# endif + +# if !defined(htobe32) +# define htobe32(x) (x) +# endif +# if !defined(htole32) +# define htole32(x) (((uint32_t)htole16(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)htole16(((uint16_t)(x)))) << 16)) +# endif +# if !defined(be32toh) +# define be32toh(x) (x) +# endif +# if !defined(le32toh) +# define le32toh(x) (((uint32_t)le16toh(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)le16toh(((uint16_t)(x)))) << 16)) +# endif + +# if !defined(htobe64) +# define htobe64(x) (x) +# endif +# if !defined(htole64) +# define htole64(x) (((uint64_t)htole32(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)htole32(((uint32_t)(x)))) << 32)) +# endif +# if !defined(be64toh) +# define be64toh(x) (x) +# endif + +# if !defined(__BYTE_ORDER) +# define le64toh(x) (((uint64_t)le32toh(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)le32toh(((uint32_t)(x)))) << 32)) +# endif +# else +# error Byte Order not supported or not defined. +# endif +# endif + + + + +#elif defined(__APPLE__) + +# include + +# define htobe16(x) OSSwapHostToBigInt16(x) +# define htole16(x) OSSwapHostToLittleInt16(x) +# define be16toh(x) OSSwapBigToHostInt16(x) +# define le16toh(x) OSSwapLittleToHostInt16(x) + +# define htobe32(x) OSSwapHostToBigInt32(x) +# define htole32(x) OSSwapHostToLittleInt32(x) +# define be32toh(x) OSSwapBigToHostInt32(x) +# define le32toh(x) OSSwapLittleToHostInt32(x) + +# define htobe64(x) OSSwapHostToBigInt64(x) +# define htole64(x) OSSwapHostToLittleInt64(x) +# define be64toh(x) OSSwapBigToHostInt64(x) +# define le64toh(x) OSSwapLittleToHostInt64(x) + +# define __BYTE_ORDER BYTE_ORDER +# define __BIG_ENDIAN BIG_ENDIAN +# define __LITTLE_ENDIAN LITTLE_ENDIAN +# define __PDP_ENDIAN PDP_ENDIAN + +#elif defined(__NetBSD__) || defined(__OpenBSD__) + +# include + +#elif defined(__FreeBSD__) || defined(__DragonFly__) + +# include + +# define be16toh(x) betoh16(x) +# define le16toh(x) letoh16(x) + +# define be32toh(x) betoh32(x) +# define le32toh(x) letoh32(x) + +# define be64toh(x) betoh64(x) +# define le64toh(x) letoh64(x) + +#elif defined(__WINDOWS__) + +# include + + +# if BYTE_ORDER == LITTLE_ENDIAN + +# define htobe16(x) htons(x) +# define htole16(x) (x) +# define be16toh(x) ntohs(x) +# define le16toh(x) (x) + +# define htobe32(x) htonl(x) +# define htole32(x) (x) +# define be32toh(x) ntohl(x) +# define le32toh(x) (x) + +# define htobe64(x) htonll(x) +# define htole64(x) (x) +# define be64toh(x) ntohll(x) +# define le64toh(x) (x) + +# elif BYTE_ORDER == BIG_ENDIAN + + /* that would be xbox 360 */ +# define htobe16(x) (x) +# define htole16(x) __builtin_bswap16(x) +# define be16toh(x) (x) +# define le16toh(x) __builtin_bswap16(x) + +# define htobe32(x) (x) +# define htole32(x) __builtin_bswap32(x) +# define be32toh(x) (x) +# define le32toh(x) __builtin_bswap32(x) + +# define htobe64(x) (x) +# define htole64(x) __builtin_bswap64(x) +# define be64toh(x) (x) +# define le64toh(x) __builtin_bswap64(x) + +# else + +# error byte order not supported + +# endif + +# define __BYTE_ORDER BYTE_ORDER +# define __BIG_ENDIAN BIG_ENDIAN +# define __LITTLE_ENDIAN LITTLE_ENDIAN +# define __PDP_ENDIAN PDP_ENDIAN + +#else + +# error platform not supported + +#endif + +#endif diff --git a/include/services.cc b/include/services.cc new file mode 100644 index 00000000..39ccf070 --- /dev/null +++ b/include/services.cc @@ -0,0 +1,801 @@ + +/*************************************************************************** + * services.cc -- parsing functions for command-line service and option * + * specification. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#include "services.h" +#include "global_structures.h" +#include "Service.h" +#include "utils.h" +#include "NcrackOps.h" +#include + +/* global supported services' lookup table from ncrak-services file */ +extern vector ServicesTable; +extern NcrackOps o; +using namespace std; + +static int check_duplicate_services(vector services, + service_lookup *serv); +static void check_service_option(global_service *temp, char *argname, + char *argval); +static int parse_service_argument(char *const arg, char **argname, + char **argval); +static int check_duplicate_services(vector services, + service_lookup *serv); +static global_service parse_services_options(char *const exp); +static int check_supported_services(service_lookup *serv); +char *port2name(char *portno); + + +/* + * Parse service/host/port/options information from target specification + */ +ts_spec +parse_services_target(char *const exp) +{ + ts_spec temp; + char *s, *h, *p, *o; + size_t host_len; + int num_colons = 0, lbrackets = 0, rbrackets = 0; + + memset(&temp, 0, sizeof(temp)); + + /* Extract the service name */ + if ((s = strstr(exp, "://"))) { + temp.service_name = Strndup(exp, s-exp); + s += sizeof("://") - 1; + } else { + s = exp; /* no service name */ + } + + /* Determine if it's an IPv6 or not */ + for (h = s; *s && *s != ','; ++s) { + if (*s == ':') + ++num_colons; + else if (*s == '[') + ++lbrackets; + else if (*s == ']') + ++rbrackets; + } + if (!(lbrackets == rbrackets && lbrackets <= 1)) + fatal("Invalid number of brackets:%s", exp); + + /* Extract the host */ + if (lbrackets) { /* IPv6, potentially with a port */ + p = strchr(h, ']') + 1; + h++; + host_len = p-h-1; + } else if (num_colons >= 2) { /* IPv6, no port */ + p = strchrnul(h, ','); + host_len = p-h; + } else { /* IPv4 or hostname, potentially with a port */ + p = strchr(h, ':'); + if (!p) + p = strchrnul(h, ','); + host_len = p-h; + } + temp.host_expr = Strndup(h, host_len); + + /* Extract the port */ + o = strchrnul(s, ','); + if (*p == ':') + temp.portno = Strndup(p+1, o-p-1); + + /* Extract the options */ + if (*o == ',') + temp.service_options = strdup(o+1); + + if (!temp.service_name && !temp.portno && temp.service_options) + fatal("You must specify either a service name or a port (or both): %s", + exp); + if (!temp.service_name && temp.portno) { + if (!(temp.service_name = port2name(temp.portno))) + temp.error = true; + } + + return temp; +} + + +/* + * Parsing for -p option + */ +void +parse_services(char *const exp, vector &services) +{ + unsigned int nports; + char *temp, *s; + service_lookup *serv; + + nports = 0; + while (1) { + if (nports == 0) + temp = strtok(exp, ","); + else + temp = strtok(NULL, ","); + + if (temp == NULL) + break; + + serv = (service_lookup *)safe_zalloc(sizeof(service_lookup)); + + if (isdigit(temp[0])) { /* just port number */ + serv->portno = str2port(temp); + } else { /* service name and/or port number */ + if ((s = strchr(temp, ':'))) { /* service name and port number */ + *s = '\0'; + serv->name = strdup(temp); + serv->portno = str2port(++s); + } else /* service name only */ + serv->name = strdup(temp); + } + nports++; + + /* check if service is supported */ + if (check_supported_services(serv)) + continue; + + /* check for duplicate services */ + if (check_duplicate_services(services, serv)) + continue; + + services.push_back(serv); + } +} + + +/* + * Parsing for -m option + */ +void +parse_module_options(char *const exp) +{ + char *name, *options; + global_service temp; + vector ::iterator vi; + + if (!(name = strtok(exp, ":"))) { + error("No service name specified for option: -m %s . Ignoring...", exp); + return; + } + if (!(options = strtok(NULL, ":"))) { + error("No options specified for module: %s . Ignoring...", name); + return; + } + + /* retrieve struct with options specified for this module */ + temp = parse_services_options(options); + + for (vi = ServicesTable.begin(); vi != ServicesTable.end(); vi++) { + if (!strcmp(vi->lookup.name, name)) + break; + } + if (vi == ServicesTable.end()) { + error("Service with name '%s' not supported! Ignoring...", name); + return; + } + + /* apply any options (non-zero) to global ServicesTable */ + if (temp.timing.min_connection_limit) + vi->timing.min_connection_limit = temp.timing.min_connection_limit; + if (temp.timing.max_connection_limit) + vi->timing.max_connection_limit = temp.timing.max_connection_limit; + if (temp.timing.auth_tries) + vi->timing.auth_tries = temp.timing.auth_tries; + if (temp.timing.connection_delay) + vi->timing.connection_delay = temp.timing.connection_delay; + if (temp.timing.connection_retries) + vi->timing.connection_retries = temp.timing.connection_retries; + if (temp.timing.timeout) + vi->timing.timeout = temp.timing.timeout; + if (temp.misc.path) { + vi->misc.path = Strndup(temp.misc.path, strlen(temp.misc.path)+1); + free(temp.misc.path); + } + if (temp.misc.db) { + vi->misc.db = Strndup(temp.misc.db, strlen(temp.misc.db)+1); + free(temp.misc.db); + } + if (temp.misc.domain) { + vi->misc.domain = Strndup(temp.misc.domain, strlen(temp.misc.domain)+1); + free(temp.misc.domain); + } + if (temp.misc.ssl) + vi->misc.ssl = temp.misc.ssl; +} + + + +void +apply_host_options(Service *service, char *const options) +{ + global_service temp; + + /* retrieve struct with options specified for this service */ + temp = parse_services_options(options); + + /* apply any valid options to this service */ + if (temp.timing.min_connection_limit != NOT_ASSIGNED) { + if (temp.timing.min_connection_limit > service->max_connection_limit) + service->max_connection_limit = temp.timing.min_connection_limit; + service->min_connection_limit = temp.timing.min_connection_limit; + } + if (temp.timing.max_connection_limit != NOT_ASSIGNED) { + if (temp.timing.max_connection_limit < service->min_connection_limit) + service->min_connection_limit = temp.timing.max_connection_limit; + service->max_connection_limit = temp.timing.max_connection_limit; + } + if (temp.timing.auth_tries != NOT_ASSIGNED) + service->auth_tries = temp.timing.auth_tries; + if (temp.timing.connection_delay != NOT_ASSIGNED) + service->connection_delay = temp.timing.connection_delay; + if (temp.timing.connection_retries != NOT_ASSIGNED) + service->connection_retries = temp.timing.connection_retries; + if (temp.timing.timeout != NOT_ASSIGNED) + service->timeout = temp.timing.timeout; + if (temp.misc.path) { + if (service->path) + free(service->path); + service->path = Strndup(temp.misc.path, strlen(temp.misc.path)+1); + free(temp.misc.path); + } + if (temp.misc.db) { + if (service->db) + free(service->db); + service->db = Strndup(temp.misc.db, strlen(temp.misc.db)+1); + free(temp.misc.db); + } + if (temp.misc.domain) { + if (service->domain) + free(service->domain); + service->domain = Strndup(temp.misc.domain, strlen(temp.misc.domain)+1); + free(temp.misc.domain); + } + if (temp.misc.ssl) + service->ssl = temp.misc.ssl; + +} + + +int +apply_service_options(Service *service) +{ + vector ::iterator vi; + + for (vi = ServicesTable.begin(); vi != ServicesTable.end(); vi++) { + if (!strcmp(vi->lookup.name, service->name)) + break; + } + if (vi == ServicesTable.end()) { + error("Service with name '%s' not supported! Ignoring...", service->name); + return -1; + } + + if (!service->portno) + service->portno = vi->lookup.portno; + if (vi->timing.min_connection_limit != NOT_ASSIGNED) + service->min_connection_limit = vi->timing.min_connection_limit; + if (vi->timing.max_connection_limit != NOT_ASSIGNED) + service->max_connection_limit = vi->timing.max_connection_limit; + if (vi->timing.auth_tries != NOT_ASSIGNED) + service->auth_tries = vi->timing.auth_tries; + if (vi->timing.connection_delay != NOT_ASSIGNED) + service->connection_delay = vi->timing.connection_delay; + if (vi->timing.connection_retries != NOT_ASSIGNED) + service->connection_retries = vi->timing.connection_retries; + if (vi->timing.timeout != NOT_ASSIGNED) + service->timeout = vi->timing.timeout; + if (vi->misc.path) { + if (service->path) + free(service->path); + service->path = Strndup(vi->misc.path, strlen(vi->misc.path)); + } + if (vi->misc.db) { + if (service->db) + free(service->db); + service->db = Strndup(vi->misc.db, strlen(vi->misc.db)); + } + if (vi->misc.domain) { + if (service->domain) + free(service->domain); + service->domain = Strndup(vi->misc.domain, strlen(vi->misc.domain)); + } + if (vi->misc.ssl) + service->ssl = vi->misc.ssl; + + return 0; +} + + +void +clean_spec(ts_spec *spec) +{ + if (spec->service_name) { + free(spec->service_name); + spec->service_name = NULL; + } + if (spec->host_expr) { + free(spec->host_expr); + spec->host_expr = NULL; + } + if (spec->service_options) { + free(spec->service_options); + spec->service_options = NULL; + } + if (spec->portno) { + free(spec->portno); + spec->portno = NULL; + } +} + + +void +prepare_timing_template(timing_options *timing) +{ + if (!timing) + fatal("%s invalid pointer!", __func__); + + /* Default timeout is 0 - which means no timeout */ + timing->timeout = 0; + + if (o.timing_level == 0) { /* Paranoid */ + timing->min_connection_limit = 1; + timing->max_connection_limit = 1; + timing->auth_tries = 1; + timing->connection_delay = 10000; /* 10 secs */ + timing->connection_retries = 20; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 50; + } else if (o.timing_level == 1) { /* Sneaky */ + timing->min_connection_limit = 1; + timing->max_connection_limit = 2; + timing->auth_tries = 2; + timing->connection_delay = 7500; + timing->connection_retries = 30; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 150; + } else if (o.timing_level == 2) { /* Polite */ + timing->min_connection_limit = 3; + timing->max_connection_limit = 5; + timing->auth_tries = 5; + timing->connection_delay = 5000; + timing->connection_retries = 30; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 500; + } else if (o.timing_level == 4) { /* Aggressive */ + timing->min_connection_limit = 10; + timing->max_connection_limit = 150; + timing->auth_tries = 0; + timing->connection_delay = 0; + timing->connection_retries = 40; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 3000; + } else if (o.timing_level == 5) { /* Insane */ + timing->min_connection_limit = 15; + timing->max_connection_limit = 1000; + timing->auth_tries = 0; + timing->connection_delay = 0; + timing->connection_retries = 50; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 10000; + } else { /* Normal */ + timing->min_connection_limit = 7; + timing->max_connection_limit = 80; + timing->auth_tries = 0; + timing->connection_delay = 0; + timing->connection_retries = 30; + if (o.connection_limit == NOT_ASSIGNED) + o.connection_limit = 1500; + } +} + + +void +apply_timing_template(Service *service, timing_options *timing) +{ + service->min_connection_limit = timing->min_connection_limit; + service->max_connection_limit = timing->max_connection_limit; + service->auth_tries = timing->auth_tries; + service->connection_delay = timing->connection_delay; + service->connection_retries = timing->connection_retries; + service->timeout = timing->timeout; +} + + + + +/**** Helper functions ****/ + + +/* + * Checks for duplicate services by looking at port number. + */ +static int +check_duplicate_services(vector services, + service_lookup *serv) +{ + vector ::iterator vi; + + for (vi = services.begin(); vi != services.end(); vi++) { + if ((*vi)->portno == serv->portno) { + error("Ignoring duplicate service: '%s:%hu' . Collides with " + "'%s:%hu'", serv->name, serv->portno, + (*vi)->name, (*vi)->portno); + return -1; + } + } + return 0; +} + + +/* + * Checks if current service is supported by looking at + * the global lookup table ServicesTable. + * If a service name has no port, then a default is assigned. + * If a port has no service name, then the corresponding service + * name is assigned. Returns -1 if service is not supported. + */ +static int +check_supported_services(service_lookup *serv) +{ + vector ::iterator vi; + /* + * If only port is specified make search based on port. + * If only service OR if service:port is specified then + * lookup based on service name. + */ + if (!serv->name && serv->portno) { + for (vi = ServicesTable.begin(); vi != ServicesTable.end(); vi++) { + if (vi->lookup.portno == serv->portno) { + serv->name = strdup(vi->lookup.name); /* assign service name */ + break; + } + } + if (vi == ServicesTable.end()) { + error("Service with default port '%hu' not supported! Ignoring..." + "For non-default ports specify :", + serv->portno); + return -1; + } + } else if (serv->name) { + for (vi = ServicesTable.begin(); vi != ServicesTable.end(); vi++) { + if (!strcmp(vi->lookup.name, serv->name)) { + if (!serv->portno) /* assign default port number */ + serv->portno = vi->lookup.portno; + break; + } + } + if (vi == ServicesTable.end()) { + error("Service with name '%s' not supported! Ignoring...", + serv->name); + return -1; + } + } else + fatal("%s failed due to invalid parsing", __func__); + + serv->proto = vi->lookup.proto; // TODO: check for UDP (duplicate etc) + return 0; +} + + +/* + * Returns service name corresponding to the given port. It will first + * check ServicesTable for the availability of support for the service with + * that default port number. + */ +char * +port2name(char *port) +{ + vector ::iterator vi; + u16 portno; + char *name = NULL; + + if (!port) + fatal("%s NULL port given!", __func__); + + portno = str2port(port); + for (vi = ServicesTable.begin(); vi != ServicesTable.end(); vi++) { + if (vi->lookup.portno == portno) { + name = strdup(vi->lookup.name); + break; + } + } + if (vi == ServicesTable.end()) + error("Service with default port '%hu' not supported! Ignoring...", portno); + return name; +} + + +/* + * Goes through the available options comparing them with 'argname' + * and if it finds a match, it applies its value ('argval') into + * the struct 'temp' + */ +static void +check_service_option(global_service *temp, char *argname, char *argval) +{ + /* Timing options */ + if (!strcmp("cl", argname)) { + long limit = Strtoul(argval, 1); + if (limit < 0) + fatal("Minimum connection limit (cl) '%ld' cannot be a negative number!", + limit); + if (temp->timing.max_connection_limit != NOT_ASSIGNED + && temp->timing.max_connection_limit < limit) + fatal("Minimum connection limit (cl) '%ld' cannot be larger than " + "maximum connection limit (CL) '%ld'!", + limit, temp->timing.max_connection_limit); + temp->timing.min_connection_limit = limit; + } else if (!strcmp("CL", argname)) { + long limit = Strtoul(argval, 1); + if (limit < 0) + fatal("Maximum connection limit (CL) '%ld' cannot be a negative number!", + limit); + if (temp->timing.min_connection_limit != NOT_ASSIGNED + && temp->timing.min_connection_limit > limit) + fatal("Maximum connection limit (CL) '%ld' cannot be smaller than " + "minimum connection limit (cl) '%ld'!", + limit, temp->timing.min_connection_limit); + temp->timing.max_connection_limit = limit; + } else if (!strcmp("at", argname)) { + long tries = Strtoul(argval, 1); + if (tries < 0) + fatal("Authentication tries (at) '%ld' cannot be a negative number!", + tries); + temp->timing.auth_tries = tries; + } else if (!strcmp("cd", argname)) { + if ((temp->timing.connection_delay = tval2msecs(argval)) < 0) + fatal("Connection delay (cd) '%s' cannot be parsed correctly!", + argval); + } else if (!strcmp("cr", argname)) { + long retries = Strtoul(argval, 1); + if (retries < 0) + fatal("Connection retries (cr) '%ld' cannot be a negative number!", + retries); + temp->timing.connection_retries = retries; + } else if (!strcmp("to", argname)) { + if ((temp->timing.timeout = tval2msecs(argval)) < 0) + fatal("Timeout (to) '%s' cannot be parsed correctly!", argval); + /* Miscalleneous options */ + } else if (!strcmp("path", argname)) { + temp->misc.path = Strndup(argval, strlen(argval)); + } else if (!strcmp("ssl", argname)) { + temp->misc.ssl = true; + } else if (!strcmp("db", argname)) { + temp->misc.db = Strndup(argval, strlen(argval)); + } else if (!strcmp("domain", argname)) { + temp->misc.domain = Strndup(argval, strlen(argval)); + } else + error("Unknown service option: %s", argname); +} + + + +static global_service +parse_services_options(char *const exp) +{ + char *arg, *argname, *argval; + global_service temp; + + memset(&temp, 0, sizeof(temp)); + temp.timing.min_connection_limit = NOT_ASSIGNED; + temp.timing.max_connection_limit = NOT_ASSIGNED; + temp.timing.auth_tries = NOT_ASSIGNED; + temp.timing.connection_delay = NOT_ASSIGNED; + temp.timing.connection_retries = NOT_ASSIGNED; + temp.timing.timeout = NOT_ASSIGNED; + + arg = argval = argname = NULL; + + /* check if we have only one option */ + if ((arg = strtok(exp, ","))) { + if (!parse_service_argument(arg, &argname, &argval)) { + check_service_option(&temp, argname, argval); + if (argname) { + free(argname); + argname = NULL; + } + if (argval) { + free(argval); + argval = NULL; + } + } + } + + while ((arg = strtok(NULL, ","))) { + /* Tokenize it on our own since we can't use strtok on 2 different + * strings at the same time and strtok_r is unportable + */ + if (!parse_service_argument(arg, &argname, &argval)) { + check_service_option(&temp, argname, argval); + if (argname) { + free(argname); + argname = NULL; + } + if (argval) { + free(argval); + argval = NULL; + } + } + } + return temp; +} + + + +/* + * Helper parsing function. Will parse 'arg' which should be in form: + * argname=argval and store strings into 'argname' and 'argval'. + * Returns 0 for success. + */ +static int +parse_service_argument(char *const arg, char **argname, char **argval) +{ + size_t i, arg_len, argname_len, argval_len; + + i = 0; + arg_len = strlen(arg); + while (i < arg_len) { + if (arg[i] == '=') + break; + i++; + } + if (i == arg_len) { + /* Special case for ssl */ + if (!strcmp(arg, "ssl")) { + *argname = Strndup(arg, i); + *argval = NULL; + return 0; + } + error("Invalid option argument (missing '='): %s", arg); + return -1; + } + argname_len = i; + *argname = Strndup(arg, argname_len); + + i++; /* arg[i] now points to '=' */ + while (i < arg_len) { + if (arg[i] == '\0') + break; + i++; + } + if (i == argname_len + 1) { + error("No value specified for option %s", *argname); + free(*argname); + argname = NULL; + return -1; + } + /* allocate i - name_len - 1('=') */ + argval_len = i - argname_len - 1; + *argval = Strndup(&arg[i - argval_len], argval_len); + + return 0; +} + diff --git a/include/services.h b/include/services.h new file mode 100644 index 00000000..d78188c3 --- /dev/null +++ b/include/services.h @@ -0,0 +1,163 @@ + +/*************************************************************************** + * services.h -- parsing functions for command-line service and option * + * specification. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef SERVICES_H +#define SERVICES_H 1 + +#include "global_structures.h" +#include "Service.h" +#include +using namespace std; + +#define NOT_ASSIGNED -1 + +/* target-service specification */ +typedef struct ts_spec { + char *service_name; + char *host_expr; + char *service_options; + char *portno; + bool error; +} ts_spec; + + +/* parse service/port information for Ncrack */ +ts_spec parse_services_target(char *const exp); +void parse_module_options(char *const exp); +int apply_service_options(Service *service); +void apply_host_options(Service *service, char *const options); +void parse_services(char *const exp, vector &services); +void prepare_timing_template(timing_options *timing); +void apply_timing_template(Service *service, timing_options *timing); +void clean_spec(ts_spec *spec); +char *port2name(char *portno); + +#endif diff --git a/include/shtool b/include/shtool new file mode 100644 index 00000000..aa4a2d4d --- /dev/null +++ b/include/shtool @@ -0,0 +1,686 @@ +#!/bin/sh +## +## GNU shtool -- The GNU Portable Shell Tool +## Copyright (c) 1994-2008 Ralf S. Engelschall +## +## See http://www.gnu.org/software/shtool/ for more information. +## See ftp://ftp.gnu.org/gnu/shtool/ for latest version. +## +## Version: 2.0.8 (18-Jul-2008) +## Contents: 2/19 available modules +## + +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +## General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +## USA, or contact Ralf S. Engelschall . +## +## NOTICE: Given that you include this file verbatim into your own +## source tree, you are justified in saying that it remains separate +## from your package, and that this way you are simply just using GNU +## shtool. So, in this situation, there is no requirement that your +## package itself is licensed under the GNU General Public License in +## order to take advantage of GNU shtool. +## + +## +## Usage: shtool [] [ [] []] +## +## Available commands: +## install Install a program, script or datafile +## mkdir Make one or more directories +## +## Not available commands (because module was not built-in): +## echo Print string with optional construct expansion +## mdate Pretty-print modification time of a file or dir +## table Pretty-print a field-separated list as a table +## prop Display progress with a running propeller +## move Move files with simultaneous substitution +## mkln Make link with calculation of relative paths +## mkshadow Make a shadow tree through symbolic links +## fixperm Fix file permissions inside a source tree +## rotate Logfile rotation +## tarball Roll distribution tarballs +## subst Apply sed(1) substitution operations +## platform Platform Identification Utility +## arx Extended archive command +## slo Separate linker options by library class +## scpp Sharing C Pre-Processor +## version Maintain a version information file +## path Deal with program paths +## + +# maximum Bourne-Shell compatibility +if [ ".$ZSH_VERSION" != . ] && (emulate sh) >/dev/null 2>&1; then + # reconfigure zsh(1) + emulate sh + NULLCMD=: + alias -g '${1+"$@"}'='"$@"' +elif [ ".$BASH_VERSION" != . ] && (set -o posix) >/dev/null 2>&1; then + # reconfigure bash(1) + set -o posix +fi + +# maximum independence of NLS nuisances +for var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $var=C; export $var) 2>&1`"); then + eval $var=C; export $var + else + unset $var + fi +done + +# initial command line handling +if [ $# -eq 0 ]; then + echo "$0:Error: invalid command line" 1>&2 + echo "$0:Hint: run \`$0 -h' for usage" 1>&2 + exit 1 +fi +if [ ".$1" = ".-h" ] || [ ".$1" = ".--help" ]; then + echo "This is GNU shtool, version 2.0.8 (18-Jul-2008)" + echo 'Copyright (c) 1994-2008 Ralf S. Engelschall ' + echo 'Report bugs to ' + echo '' + echo 'Usage: shtool [] [ [] []]' + echo '' + echo 'Available global :' + echo ' -v, --version display shtool version information' + echo ' -h, --help display shtool usage help page (this one)' + echo ' -d, --debug display shell trace information' + echo ' -r, --recreate recreate this shtool script via shtoolize' + echo '' + echo 'Available [] []:' + echo ' install [-v|--verbose] [-t|--trace] [-d|--mkdir] [-c|--copy]' + echo ' [-C|--compare-copy] [-s|--strip] [-m|--mode ]' + echo ' [-o|--owner ] [-g|--group ] [-e|--exec' + echo ' ] [ ...] ' + echo ' mkdir [-t|--trace] [-f|--force] [-p|--parents] [-m|--mode' + echo ' ] [-o|--owner ] [-g|--group ] ' + echo ' [ ...]' + echo '' + echo 'Not available (because module was not built-in):' + echo ' echo [-n|--newline] [-e|--expand] [ ...]' + echo ' mdate [-n|--newline] [-z|--zero] [-s|--shorten] [-d|--digits]' + echo ' [-f|--field-sep ] [-o|--order ] ' + echo ' table [-F|--field-sep ] [-w|--width ] [-c|--columns' + echo ' ] [-s|--strip ] ...' + echo ' prop [-p|--prefix ]' + echo ' move [-v|--verbose] [-t|--trace] [-e|--expand] [-p|--preserve]' + echo ' ' + echo ' mkln [-t|--trace] [-f|--force] [-s|--symbolic] ' + echo ' [ ...] ' + echo ' mkshadow [-v|--verbose] [-t|--trace] [-a|--all] ' + echo ' fixperm [-v|--verbose] [-t|--trace] [ ...]' + echo ' rotate [-v|--verbose] [-t|--trace] [-f|--force] [-n|--num-files' + echo ' ] [-s|--size ] [-c|--copy] [-r|--remove]' + echo ' [-a|--archive-dir ] [-z|--compress [:]]' + echo ' [-b|--background] [-d|--delay] [-p|--pad ] [-m|--mode' + echo ' ] [-o|--owner ] [-g|--group ] [-M|--migrate' + echo ' ] [-P|--prolog ] [-E|--epilog ] [...]' + echo ' tarball [-t|--trace] [-v|--verbose] [-o|--output ]' + echo ' [-c|--compress ] [-d|--directory ] [-u|--user' + echo ' ] [-g|--group ] [-e|--exclude ]' + echo ' [ ...]' + echo ' subst [-v|--verbose] [-t|--trace] [-n|--nop] [-w|--warning]' + echo ' [-q|--quiet] [-s|--stealth] [-i|--interactive] [-b|--backup' + echo ' ] [-e|--exec ] [-f|--file ] []' + echo ' [...]' + echo ' platform [-F|--format ] [-S|--sep ] [-C|--conc' + echo ' ] [-L|--lower] [-U|--upper] [-v|--verbose]' + echo ' [-c|--concise] [-n|--no-newline] [-t|--type ]' + echo ' [-V|--version] [-h|--help]' + echo ' arx [-t|--trace] [-C|--command ] [' + echo ' ...]' + echo ' slo [-p|--prefix ] -- -L -l [-L -l' + echo ' ...]' + echo ' scpp [-v|--verbose] [-p|--preserve] [-f|--filter ]' + echo ' [-o|--output ] [-t|--template ] [-M|--mark' + echo ' ] [-D|--define ] [-C|--class ]' + echo ' [ ...]' + echo ' version [-l|--language ] [-n|--name ] [-p|--prefix' + echo ' ] [-s|--set ] [-e|--edit] [-i|--increase' + echo ' ] [-d|--display ] ' + echo ' path [-s|--suppress] [-r|--reverse] [-d|--dirname] [-b|--basename]' + echo ' [-m|--magic] [-p|--path ] [ ...]' + echo '' + exit 0 +fi +if [ ".$1" = ".-v" ] || [ ".$1" = ".--version" ]; then + echo "GNU shtool 2.0.8 (18-Jul-2008)" + exit 0 +fi +if [ ".$1" = ".-r" ] || [ ".$1" = ".--recreate" ]; then + shtoolize -oshtool install mkdir + exit 0 +fi +if [ ".$1" = ".-d" ] || [ ".$1" = ".--debug" ]; then + shift + set -x +fi +name=`echo "$0" | sed -e 's;.*/\([^/]*\)$;\1;' -e 's;-sh$;;' -e 's;\.sh$;;'` +case "$name" in + install|mkdir ) + # implicit tool command selection + tool="$name" + ;; + * ) + # explicit tool command selection + tool="$1" + shift + ;; +esac +arg_spec="" +opt_spec="" +gen_tmpfile=no + +## +## DISPATCH INTO SCRIPT PROLOG +## + +case $tool in + install ) + str_tool="install" + str_usage="[-v|--verbose] [-t|--trace] [-d|--mkdir] [-c|--copy] [-C|--compare-copy] [-s|--strip] [-m|--mode ] [-o|--owner ] [-g|--group ] [-e|--exec ] [ ...] " + arg_spec="1+" + opt_spec="v.t.d.c.C.s.m:o:g:e+" + opt_alias="v:verbose,t:trace,d:mkdir,c:copy,C:compare-copy,s:strip,m:mode,o:owner,g:group,e:exec" + opt_v=no + opt_t=no + opt_d=no + opt_c=no + opt_C=no + opt_s=no + opt_m="0755" + opt_o="" + opt_g="" + opt_e="" + ;; + mkdir ) + str_tool="mkdir" + str_usage="[-t|--trace] [-f|--force] [-p|--parents] [-m|--mode ] [-o|--owner ] [-g|--group ] [ ...]" + arg_spec="1+" + opt_spec="t.f.p.m:o:g:" + opt_alias="t:trace,f:force,p:parents,m:mode,o:owner,g:group" + opt_t=no + opt_f=no + opt_p=no + opt_m="" + opt_o="" + opt_g="" + ;; + -* ) + echo "$0:Error: unknown option \`$tool'" 2>&1 + echo "$0:Hint: run \`$0 -h' for usage" 2>&1 + exit 1 + ;; + * ) + echo "$0:Error: unknown command \`$tool'" 2>&1 + echo "$0:Hint: run \`$0 -h' for usage" 2>&1 + exit 1 + ;; +esac + +## +## COMMON UTILITY CODE +## + +# commonly used ASCII values +ASC_TAB=" " +ASC_NL=" +" + +# determine name of tool +if [ ".$tool" != . ]; then + # used inside shtool script + toolcmd="$0 $tool" + toolcmdhelp="shtool $tool" + msgprefix="shtool:$tool" +else + # used as standalone script + toolcmd="$0" + toolcmdhelp="sh $0" + msgprefix="$str_tool" +fi + +# parse argument specification string +eval `echo $arg_spec |\ + sed -e 's/^\([0-9]*\)\([+=]\)/arg_NUMS=\1; arg_MODE=\2/'` + +# parse option specification string +eval `echo h.$opt_spec |\ + sed -e 's/\([a-zA-Z0-9]\)\([.:+]\)/opt_MODE_\1=\2;/g'` + +# parse option alias string +eval `echo h:help,$opt_alias |\ + sed -e 's/-/_/g' -e 's/\([a-zA-Z0-9]\):\([^,]*\),*/opt_ALIAS_\2=\1;/g'` + +# interate over argument line +opt_PREV='' +while [ $# -gt 0 ]; do + # special option stops processing + if [ ".$1" = ".--" ]; then + shift + break + fi + + # determine option and argument + opt_ARG_OK=no + if [ ".$opt_PREV" != . ]; then + # merge previous seen option with argument + opt_OPT="$opt_PREV" + opt_ARG="$1" + opt_ARG_OK=yes + opt_PREV='' + else + # split argument into option and argument + case "$1" in + --[a-zA-Z0-9]*=*) + eval `echo "x$1" |\ + sed -e 's/^x--\([a-zA-Z0-9-]*\)=\(.*\)$/opt_OPT="\1";opt_ARG="\2"/'` + opt_STR=`echo $opt_OPT | sed -e 's/-/_/g'` + eval "opt_OPT=\${opt_ALIAS_${opt_STR}-${opt_OPT}}" + ;; + --[a-zA-Z0-9]*) + opt_OPT=`echo "x$1" | cut -c4-` + opt_STR=`echo $opt_OPT | sed -e 's/-/_/g'` + eval "opt_OPT=\${opt_ALIAS_${opt_STR}-${opt_OPT}}" + opt_ARG='' + ;; + -[a-zA-Z0-9]*) + eval `echo "x$1" |\ + sed -e 's/^x-\([a-zA-Z0-9]\)/opt_OPT="\1";/' \ + -e 's/";\(.*\)$/"; opt_ARG="\1"/'` + ;; + -[a-zA-Z0-9]) + opt_OPT=`echo "x$1" | cut -c3-` + opt_ARG='' + ;; + *) + break + ;; + esac + fi + + # eat up option + shift + + # determine whether option needs an argument + eval "opt_MODE=\$opt_MODE_${opt_OPT}" + if [ ".$opt_ARG" = . ] && [ ".$opt_ARG_OK" != .yes ]; then + if [ ".$opt_MODE" = ".:" ] || [ ".$opt_MODE" = ".+" ]; then + opt_PREV="$opt_OPT" + continue + fi + fi + + # process option + case $opt_MODE in + '.' ) + # boolean option + eval "opt_${opt_OPT}=yes" + ;; + ':' ) + # option with argument (multiple occurances override) + eval "opt_${opt_OPT}=\"\$opt_ARG\"" + ;; + '+' ) + # option with argument (multiple occurances append) + eval "opt_${opt_OPT}=\"\$opt_${opt_OPT}\${ASC_NL}\$opt_ARG\"" + ;; + * ) + echo "$msgprefix:Error: unknown option: \`$opt_OPT'" 1>&2 + echo "$msgprefix:Hint: run \`$toolcmdhelp -h' or \`man shtool' for details" 1>&2 + exit 1 + ;; + esac +done +if [ ".$opt_PREV" != . ]; then + echo "$msgprefix:Error: missing argument to option \`$opt_PREV'" 1>&2 + echo "$msgprefix:Hint: run \`$toolcmdhelp -h' or \`man shtool' for details" 1>&2 + exit 1 +fi + +# process help option +if [ ".$opt_h" = .yes ]; then + echo "Usage: $toolcmdhelp $str_usage" + exit 0 +fi + +# complain about incorrect number of arguments +case $arg_MODE in + '=' ) + if [ $# -ne $arg_NUMS ]; then + echo "$msgprefix:Error: invalid number of arguments (exactly $arg_NUMS expected)" 1>&2 + echo "$msgprefix:Hint: run \`$toolcmd -h' or \`man shtool' for details" 1>&2 + exit 1 + fi + ;; + '+' ) + if [ $# -lt $arg_NUMS ]; then + echo "$msgprefix:Error: invalid number of arguments (at least $arg_NUMS expected)" 1>&2 + echo "$msgprefix:Hint: run \`$toolcmd -h' or \`man shtool' for details" 1>&2 + exit 1 + fi + ;; +esac + +# establish a temporary file on request +if [ ".$gen_tmpfile" = .yes ]; then + # create (explicitly) secure temporary directory + if [ ".$TMPDIR" != . ]; then + tmpdir="$TMPDIR" + elif [ ".$TEMPDIR" != . ]; then + tmpdir="$TEMPDIR" + else + tmpdir="/tmp" + fi + tmpdir="$tmpdir/.shtool.$$" + ( umask 077 + rm -rf "$tmpdir" >/dev/null 2>&1 || true + mkdir "$tmpdir" >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "$msgprefix:Error: failed to create temporary directory \`$tmpdir'" 1>&2 + exit 1 + fi + ) + + # create (implicitly) secure temporary file + tmpfile="$tmpdir/shtool.tmp" + touch "$tmpfile" +fi + +# utility function: map string to lower case +util_lower () { + echo "$1" | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' +} + +# utility function: map string to upper case +util_upper () { + echo "$1" | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' +} + +# cleanup procedure +shtool_exit () { + rc="$1" + if [ ".$gen_tmpfile" = .yes ]; then + rm -rf "$tmpdir" >/dev/null 2>&1 || true + fi + exit $rc +} + +## +## DISPATCH INTO SCRIPT BODY +## + +case $tool in + +install ) + ## + ## install -- Install a program, script or datafile + ## Copyright (c) 1997-2008 Ralf S. Engelschall + ## + + # special case: "shtool install -d [...]" internally + # maps to "shtool mkdir -f -p -m 755 [...]" + if [ "$opt_d" = yes ]; then + cmd="$0 mkdir -f -p -m 755" + if [ ".$opt_o" != . ]; then + cmd="$cmd -o '$opt_o'" + fi + if [ ".$opt_g" != . ]; then + cmd="$cmd -g '$opt_g'" + fi + if [ ".$opt_v" = .yes ]; then + cmd="$cmd -v" + fi + if [ ".$opt_t" = .yes ]; then + cmd="$cmd -t" + fi + for dir in "$@"; do + eval "$cmd $dir" || shtool_exit $? + done + shtool_exit 0 + fi + + # determine source(s) and destination + argc=$# + srcs="" + while [ $# -gt 1 ]; do + srcs="$srcs $1" + shift + done + dstpath="$1" + + # type check for destination + dstisdir=0 + if [ -d $dstpath ]; then + dstpath=`echo "$dstpath" | sed -e 's:/$::'` + dstisdir=1 + fi + + # consistency check for destination + if [ $argc -gt 2 ] && [ $dstisdir = 0 ]; then + echo "$msgprefix:Error: multiple sources require destination to be directory" 1>&2 + shtool_exit 1 + fi + + # iterate over all source(s) + for src in $srcs; do + dst=$dstpath + + # if destination is a directory, append the input filename + if [ $dstisdir = 1 ]; then + dstfile=`echo "$src" | sed -e 's;.*/\([^/]*\)$;\1;'` + dst="$dst/$dstfile" + fi + + # check for correct arguments + if [ ".$src" = ".$dst" ]; then + echo "$msgprefix:Warning: source and destination are the same - skipped" 1>&2 + continue + fi + if [ -d "$src" ]; then + echo "$msgprefix:Warning: source \`$src' is a directory - skipped" 1>&2 + continue + fi + + # make a temp file name in the destination directory + dsttmp=`echo $dst |\ + sed -e 's;[^/]*$;;' -e 's;\(.\)/$;\1;' -e 's;^$;.;' \ + -e "s;\$;/#INST@$$#;"` + + # verbosity + if [ ".$opt_v" = .yes ]; then + echo "$src -> $dst" 1>&2 + fi + + # copy or move the file name to the temp name + # (because we might be not allowed to change the source) + if [ ".$opt_C" = .yes ]; then + opt_c=yes + fi + if [ ".$opt_c" = .yes ]; then + if [ ".$opt_t" = .yes ]; then + echo "cp $src $dsttmp" 1>&2 + fi + cp "$src" "$dsttmp" || shtool_exit $? + else + if [ ".$opt_t" = .yes ]; then + echo "mv $src $dsttmp" 1>&2 + fi + mv "$src" "$dsttmp" || shtool_exit $? + fi + + # adjust the target file + if [ ".$opt_e" != . ]; then + sed='sed' + OIFS="$IFS"; IFS="$ASC_NL"; set -- $opt_e; IFS="$OIFS" + for e + do + sed="$sed -e '$e'" + done + cp "$dsttmp" "$dsttmp.old" + chmod u+w $dsttmp + eval "$sed <$dsttmp.old >$dsttmp" || shtool_exit $? + rm -f $dsttmp.old + fi + if [ ".$opt_s" = .yes ]; then + if [ ".$opt_t" = .yes ]; then + echo "strip $dsttmp" 1>&2 + fi + strip $dsttmp || shtool_exit $? + fi + if [ ".$opt_o" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chown $opt_o $dsttmp" 1>&2 + fi + chown $opt_o $dsttmp || shtool_exit $? + fi + if [ ".$opt_g" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chgrp $opt_g $dsttmp" 1>&2 + fi + chgrp $opt_g $dsttmp || shtool_exit $? + fi + if [ ".$opt_m" != ".-" ]; then + if [ ".$opt_t" = .yes ]; then + echo "chmod $opt_m $dsttmp" 1>&2 + fi + chmod $opt_m $dsttmp || shtool_exit $? + fi + + # determine whether to do a quick install + # (has to be done _after_ the strip was already done) + quick=no + if [ ".$opt_C" = .yes ]; then + if [ -r $dst ]; then + if cmp -s "$src" "$dst"; then + quick=yes + fi + fi + fi + + # finally, install the file to the real destination + if [ $quick = yes ]; then + if [ ".$opt_t" = .yes ]; then + echo "rm -f $dsttmp" 1>&2 + fi + rm -f $dsttmp + else + if [ ".$opt_t" = .yes ]; then + echo "rm -f $dst && mv $dsttmp $dst" 1>&2 + fi + rm -f $dst && mv $dsttmp $dst + fi + done + + shtool_exit 0 + ;; + +mkdir ) + ## + ## mkdir -- Make one or more directories + ## Copyright (c) 1996-2008 Ralf S. Engelschall + ## + + errstatus=0 + for p in ${1+"$@"}; do + # if the directory already exists... + if [ -d "$p" ]; then + if [ ".$opt_f" = .no ] && [ ".$opt_p" = .no ]; then + echo "$msgprefix:Error: directory already exists: $p" 1>&2 + errstatus=1 + break + else + continue + fi + fi + # if the directory has to be created... + if [ ".$opt_p" = .no ]; then + if [ ".$opt_t" = .yes ]; then + echo "mkdir $p" 1>&2 + fi + mkdir $p || errstatus=$? + if [ ".$opt_o" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chown $opt_o $p" 1>&2 + fi + chown $opt_o $p || errstatus=$? + fi + if [ ".$opt_g" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chgrp $opt_g $p" 1>&2 + fi + chgrp $opt_g $p || errstatus=$? + fi + if [ ".$opt_m" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chmod $opt_m $p" 1>&2 + fi + chmod $opt_m $p || errstatus=$? + fi + else + # the smart situation + set fnord `echo ":$p" |\ + sed -e 's/^:\//%/' \ + -e 's/^://' \ + -e 's/\// /g' \ + -e 's/^%/\//'` + shift + pathcomp='' + for d in ${1+"$@"}; do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp="./$pathcomp" ;; + esac + if [ ! -d "$pathcomp" ]; then + if [ ".$opt_t" = .yes ]; then + echo "mkdir $pathcomp" 1>&2 + fi + mkdir $pathcomp || errstatus=$? + if [ ".$opt_o" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chown $opt_o $pathcomp" 1>&2 + fi + chown $opt_o $pathcomp || errstatus=$? + fi + if [ ".$opt_g" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chgrp $opt_g $pathcomp" 1>&2 + fi + chgrp $opt_g $pathcomp || errstatus=$? + fi + if [ ".$opt_m" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chmod $opt_m $pathcomp" 1>&2 + fi + chmod $opt_m $pathcomp || errstatus=$? + fi + fi + pathcomp="$pathcomp/" + done + fi + done + + shtool_exit $errstatus + ;; + +esac + +shtool_exit 0 + diff --git a/include/targets.cc b/include/targets.cc new file mode 100644 index 00000000..473044b1 --- /dev/null +++ b/include/targets.cc @@ -0,0 +1,435 @@ + +/*************************************************************************** + * targets.cc -- Functions related to determining the exact IPs to hit * + * based on CIDR and other input formats and handling the exclude-file * + * option. nexthost function is tailored to Ncrack's needs that avoids * + * using HostGroups. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: targets.cc 12955 2009-04-15 00:37:03Z fyodor $ */ + + +#include "ncrack.h" +#include "targets.h" +#include "TargetGroup.h" +#include "Service.h" +#include "Target.h" +#include "NcrackOps.h" +#include "utils.h" + +extern NcrackOps o; +using namespace std; + +/* Gets the host number (index) of target in the hostbatch array of + pointers. Note that the target MUST EXIST in the array or all + heck will break loose. */ +static inline int gethostnum(Target *hostbatch[], Target *target) { + int i = 0; + do { + if (hostbatch[i] == target) + return i; + } while(++i); + + fatal("fluxx0red"); + return 0; // Unreached +} + + + +/* Is the host passed as Target to be excluded, much of this logic had (mdmcl) + * to be rewritten from wam's original code to allow for the objects */ +static int hostInExclude(struct sockaddr *checksock, size_t checksocklen, + TargetGroup *exclude_group) { + unsigned long tmpTarget; /* ip we examine */ + int i=0; /* a simple index */ + char targets_type; /* what is the address type of the Target Group */ + struct sockaddr_storage ss; + struct sockaddr_in *sin = (struct sockaddr_in *) &ss; + size_t slen; /* needed for funct but not used */ + unsigned long mask = 0; /* our trusty netmask, which we convert to nbo */ + struct sockaddr_in *checkhost; + + if ((TargetGroup *)0 == exclude_group) + return 0; + + assert(checksocklen >= sizeof(struct sockaddr_in)); + checkhost = (struct sockaddr_in *) checksock; + if (checkhost->sin_family != AF_INET) + checkhost = NULL; + + /* First find out what type of addresses are in the target group */ + targets_type = exclude_group[i].get_targets_type(); + + /* Lets go through the targets until we reach our uninitialized placeholder */ + while (exclude_group[i].get_targets_type() != TargetGroup::TYPE_NONE) + { + /* while there are still hosts in the target group */ + while (exclude_group[i].get_next_host(&ss, &slen) == 0) { + tmpTarget = sin->sin_addr.s_addr; + + /* For Netmasks simply compare the network bits and move to the next + * group if it does not compare, we don't care about the individual addrs */ + if (targets_type == TargetGroup::IPV4_NETMASK) { + mask = htonl((unsigned long) (0-1) << (32-exclude_group[i].get_mask())); + if ((tmpTarget & mask) == (checkhost->sin_addr.s_addr & mask)) { + exclude_group[i].rewind(); + return 1; + } + else { + break; + } + } + /* For ranges we need to be a little more slick, if we don't find a match + * we should skip the rest of the addrs in the octet, thank wam for this + * optimization */ + else if (targets_type == TargetGroup::IPV4_RANGES) { + if (tmpTarget == checkhost->sin_addr.s_addr) { + exclude_group[i].rewind(); + return 1; + } + else { /* note these are in network byte order */ + if ((tmpTarget & 0x000000ff) != (checkhost->sin_addr.s_addr & 0x000000ff)) + exclude_group[i].skip_range(TargetGroup::FIRST_OCTET); + else if ((tmpTarget & 0x0000ff00) != (checkhost->sin_addr.s_addr & 0x0000ff00)) + exclude_group[i].skip_range(TargetGroup::SECOND_OCTET); + else if ((tmpTarget & 0x00ff0000) != (checkhost->sin_addr.s_addr & 0x00ff0000)) + exclude_group[i].skip_range(TargetGroup::THIRD_OCTET); + + continue; + } + } +#if HAVE_IPV6 + else if (targets_type == TargetGroup::IPV6_ADDRESS) { + fatal("exclude file not supported for IPV6 -- If it is important to you, send a mail to fyodor@insecure.org so I can gauge support\n"); + } +#endif + } + exclude_group[i++].rewind(); + } + + /* we did not find the host */ + return 0; +} + +/* loads an exclude file into an exclude target list (mdmcl) */ +TargetGroup* load_exclude(FILE *fExclude, char *szExclude) { + int i=0; /* loop counter */ + int iLine=0; /* line count */ + int iListSz=0; /* size of our exclude target list. + * It doubles in size as it gets + * close to filling up + */ + char acBuf[512]; + char *p_acBuf; + TargetGroup *excludelist; /* list of ptrs to excluded targets */ + char *pc; /* the split out exclude expressions */ + char b_file = (char)0; /* flag to indicate if we are using a file */ + + /* If there are no params return now with a NULL list */ + if (((FILE *)0 == fExclude) && ((char *)0 == szExclude)) { + excludelist=NULL; + return excludelist; + } + + if ((FILE *)0 != fExclude) + b_file = (char)1; + + /* Since I don't know of a realloc equiv in C++, we will just count + * the number of elements here. */ + + /* If the input was given to us in a file, count the number of elements + * in the file, and reset the file */ + if (1 == b_file) { + while ((char *)0 != fgets(acBuf,sizeof(acBuf), fExclude)) { + /* the last line can contain no newline, then we have to check for EOF */ + if ((char *)0 == strchr(acBuf, '\n') && !feof(fExclude)) { + fatal("Exclude file line %d was too long to read. Exiting.", iLine); + } + pc=strtok(acBuf, "\t\n "); + while (NULL != pc) { + iListSz++; + pc=strtok(NULL, "\t\n "); + } + } + rewind(fExclude); + } /* If the exclude file was provided via command line, count the elements here */ + else { + p_acBuf=strdup(szExclude); + pc=strtok(p_acBuf, ","); + while (NULL != pc) { + iListSz++; + pc=strtok(NULL, ","); + } + free(p_acBuf); + p_acBuf = NULL; + } + + /* allocate enough TargetGroups to cover our entries, plus one that + * remains uninitialized so we know we reached the end */ + excludelist = new TargetGroup[iListSz + 1]; + + /* don't use a for loop since the counter isn't incremented if the + * exclude entry isn't parsed + */ + i=0; + if (1 == b_file) { + /* If we are parsing a file load the exclude list from that */ + while ((char *)0 != fgets(acBuf, sizeof(acBuf), fExclude)) { + ++iLine; + if ((char *)0 == strchr(acBuf, '\n') && !feof(fExclude)) { + fatal("Exclude file line %d was too long to read. Exiting.", iLine); + } + + pc=strtok(acBuf, "\t\n "); + + while ((char *)0 != pc) { + if(excludelist[i].parse_expr(pc,o.af()) == 0) { + if (o.debugging > 1) + error("Loaded exclude target of: %s", pc); + ++i; + } + pc=strtok(NULL, "\t\n "); + } + } + } + else { + /* If we are parsing command line, load the exclude file from the string */ + p_acBuf=strdup(szExclude); + pc=strtok(p_acBuf, ","); + + while (NULL != pc) { + if(excludelist[i].parse_expr(pc,o.af()) == 0) { + if (o.debugging >1) + error("Loaded exclude target of: %s", pc); + ++i; + } + + /* This is a totally cheezy hack, but since I can't use strtok_r... + * If you can think of a better way to do this, feel free to change. + * As for now, we will reset strtok each time we leave parse_expr */ + { + int hack_i; + char *hack_c = strdup(szExclude); + + pc=strtok(hack_c, ","); + + for (hack_i = 0; hack_i < i; hack_i++) + pc=strtok(NULL, ","); + + free(hack_c); + } + } + } + return excludelist; +} + +/* A debug routine to dump some information to stdout. (mdmcl) + * Invoked if debugging is set to 3 or higher + * I had to make signigicant changes from wam's code. Although wam + * displayed much more detail, alot of this is now hidden inside + * of the Target Group Object. Rather than writing a bunch of methods + * to return private attributes, which would only be used for + * debugging, I went for the method below. + */ +int dumpExclude(TargetGroup *exclude_group) { + int i=0, debug_save=0, type=TargetGroup::TYPE_NONE; + unsigned int mask = 0; + struct sockaddr_storage ss; + struct sockaddr_in *sin = (struct sockaddr_in *) &ss; + size_t slen; + + /* shut off debugging for now, this is a debug routine in itself, + * we don't want to see all the debug messages inside of the object */ + debug_save = o.debugging; + o.debugging = 0; + + while ((type = exclude_group[i].get_targets_type()) != TargetGroup::TYPE_NONE) + { + switch (type) { + case TargetGroup::IPV4_NETMASK: + exclude_group[i].get_next_host(&ss, &slen); + mask = exclude_group[i].get_mask(); + error("exclude host group %d is %s/%d\n", i, inet_ntoa(sin->sin_addr), mask); + break; + + case TargetGroup::IPV4_RANGES: + while (exclude_group[i].get_next_host(&ss, &slen) == 0) + error("exclude host group %d is %s\n", i, inet_ntoa(sin->sin_addr)); + break; + + case TargetGroup::IPV6_ADDRESS: + fatal("IPV6 addresses are not supported in the exclude file\n"); + break; + + default: + fatal("Unknown target type in exclude file.\n"); + } + exclude_group[i++].rewind(); + } + + /* return debugging to what it was */ + o.debugging = debug_save; + return 1; +} + + + +Target * +nexthost(const char *expr, TargetGroup *exclude_group) +{ + struct sockaddr_storage ss; + size_t sslen; + Target *host; + static TargetGroup group; + static bool newexp = true; /* true for new expression */ + + if (newexp) { + group = TargetGroup(); + group.parse_expr(expr, o.af()); + newexp = false; + } + + /* Skip any hosts the user asked to exclude */ + do { + if (group.get_next_host(&ss, &sslen)) { /* no more targets */ + newexp = true; + return NULL; + } + } while (hostInExclude((struct sockaddr *)&ss, sslen, exclude_group)); + + host = new Target(); + host->setTargetSockAddr(&ss, sslen); + + /* put target expression in target if we have a named host without netmask */ + if (group.get_targets_type() == TargetGroup::IPV4_NETMASK && + group.get_namedhost() && !strchr(expr, '/' )) { + host->setTargetName(expr); + } + + return host; +} + diff --git a/include/targets.h b/include/targets.h new file mode 100644 index 00000000..9b2681c1 --- /dev/null +++ b/include/targets.h @@ -0,0 +1,173 @@ + +/*************************************************************************** + * targets.h -- Functions related to determining the exact IPs to hit * + * based on CIDR and other input formats and handling the exclude-file * + * option. nexthost function is tailored to Ncrack's needs that avoids * + * using HostGroups. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +/* $Id: targets.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef TARGETS_H +#define TARGETS_H + +#include "Target.h" +#include "TargetGroup.h" +#include "Service.h" +#include "ncrack.h" + +/* This contains pretty much everything we need ... */ +#if HAVE_SYS_TIME_H +#include +#endif + +#if HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_SYS_PARAM_H +#include /* Defines MAXHOSTNAMELEN on BSD*/ +#endif + + +#include +using namespace std; + +/* creates and returns next host from current expression + * and also takes care of exclusion of user-specified hosts + */ +Target *nexthost(const char *expr, TargetGroup *exclude_group); + +/* loads an exclude file into a excluded target list */ +TargetGroup* load_exclude(FILE *fExclude, char *szExclude); + +/* a debugging routine to dump an exclude list to stdout. */ +int dumpExclude(TargetGroup*exclude_group); + +#endif /* TARGETS_H */ + diff --git a/include/timing.cc b/include/timing.cc new file mode 100644 index 00000000..249b8d39 --- /dev/null +++ b/include/timing.cc @@ -0,0 +1,568 @@ + +/*************************************************************************** + * timing.cc -- Functions related to computing crack timing and keeping * + * track of rates. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: timing.cc 12955 2009-04-15 00:37:03Z fyodor $ */ + +#include "timing.h" +#include "NcrackOps.h" +#include "utils.h" +#include "time.h" + +extern NcrackOps o; + + +/* current_rate_history defines how far back (in seconds) we look when + calculating the current rate. */ +RateMeter::RateMeter(double current_rate_history) { + this->current_rate_history = current_rate_history; + start_tv.tv_sec = 0; + start_tv.tv_usec = 0; + stop_tv.tv_sec = 0; + stop_tv.tv_usec = 0; + last_update_tv.tv_sec = 0; + last_update_tv.tv_usec = 0; + total = 0.0; + current_rate = 0.0; + assert(!isSet(&start_tv)); + assert(!isSet(&stop_tv)); +} + +void RateMeter::start(const struct timeval *now) { + assert(!isSet(&start_tv)); + assert(!isSet(&stop_tv)); + if (now == NULL) + gettimeofday(&start_tv, NULL); + else + start_tv = *now; +} + +void RateMeter::stop(const struct timeval *now) { + assert(isSet(&start_tv)); + assert(!isSet(&stop_tv)); + if (now == NULL) + gettimeofday(&stop_tv, NULL); + else + stop_tv = *now; +} + +/* Update the rates to reflect the given amount added to the total at the time + now. If now is NULL, get the current time with gettimeofday. */ +void RateMeter::update(double amount, const struct timeval *now) { + struct timeval tv; + double diff; + double interval; + double count; + + assert(isSet(&start_tv)); + assert(!isSet(&stop_tv)); + + /* Update the total. */ + total += amount; + + if (now == NULL) { + gettimeofday(&tv, NULL); + now = &tv; + } + if (!isSet(&last_update_tv)) + last_update_tv = start_tv; + + /* Calculate the approximate moving average of how much was recorded in the + last current_rate_history seconds. This average is what is returned as the + "current" rate. */ + + /* How long since the last update? */ + diff = TIMEVAL_SUBTRACT(*now, last_update_tv) / 1000000.0; + + if (diff < -current_rate_history) + /* This happened farther in the past than we care about. */ + return; + + if (diff < 0.0) { + /* If the event happened in the past, just add it into the total and don't + change last_update_tv, as if it had happened at the same time as the most + recent event. */ + now = &last_update_tv; + diff = 0.0; + } + + /* Find out how far back in time to look. We want to look back + current_rate_history seconds, or to when the last update occurred, + whichever is longer. However, we never look past the start. */ + struct timeval tmp; + /* Find the time current_rate_history seconds after the start. That's our + threshold for deciding how far back to look. */ + TIMEVAL_ADD(tmp, start_tv, (time_t) (current_rate_history * 1000000.0)); + if (TIMEVAL_AFTER(*now, tmp)) + interval = MAX(current_rate_history, diff); + else + interval = TIMEVAL_SUBTRACT(*now, start_tv) / 1000000.0; + assert(diff <= interval); + /* If we record an amount in the very same instant that the timer is started, + there's no way to calculate meaningful rates. Ignore it. */ + if (interval == 0.0) + return; + + /* To calculate the approximate average of the rate over the last + interval seconds, we assume that the rate was constant over that interval. + We calculate how much would have been received in that interval, ignoring + the first diff seconds' worth: + (interval - diff) * current_rate. + Then we add how much was received in the most recent diff seconds. Divide + by the width of the interval to get the average. */ + count = (interval - diff) * current_rate + amount; + current_rate = count / interval; + + last_update_tv = *now; +} + +double RateMeter::getOverallRate(const struct timeval *now) const { + double elapsed; + + elapsed = elapsedTime(now); + if (elapsed <= 0.0) + return 0.0; + else + return total / elapsed; +} + +/* Get the "current" rate (actually a moving average of the last + current_rate_history seconds). If update is true (its default value), lower + the rate to account for the time since the last record. */ +double RateMeter::getCurrentRate(const struct timeval *now, bool update) { + if (update) + this->update(0.0, now); + + return current_rate; +} + +double RateMeter::getTotal(void) const { + return total; +} + +/* Get the number of seconds the meter has been running: if it has been stopped, + the amount of time between start and stop, or if it is still running, the + amount of time between start and now. */ +double RateMeter::elapsedTime(const struct timeval *now) const { + struct timeval tv; + const struct timeval *end_tv; + + assert(isSet(&start_tv)); + + if (isSet(&stop_tv)) { + end_tv = &stop_tv; + } else if (now == NULL) { + gettimeofday(&tv, NULL); + end_tv = &tv; + } else { + end_tv = now; + } + + return TIMEVAL_SUBTRACT(*end_tv, start_tv) / 1000000.0; +} + +/* Returns true if tv has been initialized; i.e., its members are not all + zero. */ +bool RateMeter::isSet(const struct timeval *tv) { + return tv->tv_sec != 0 || tv->tv_usec != 0; +} + +PacketRateMeter::PacketRateMeter(double current_rate_history) { + packet_rate_meter = RateMeter(current_rate_history); + byte_rate_meter = RateMeter(current_rate_history); +} + +void PacketRateMeter::start(const struct timeval *now) { + packet_rate_meter.start(now); + byte_rate_meter.start(now); +} + +void PacketRateMeter::stop(const struct timeval *now) { + packet_rate_meter.stop(now); + byte_rate_meter.stop(now); +} + +/* Record one packet of length len. */ +void PacketRateMeter::update(u32 len, const struct timeval *now) { + packet_rate_meter.update(1, now); + byte_rate_meter.update(len, now); +} + +double PacketRateMeter::getOverallPacketRate(const struct timeval *now) const { + return packet_rate_meter.getOverallRate(now); +} + +double PacketRateMeter::getCurrentPacketRate(const struct timeval *now, + bool update) { + return packet_rate_meter.getCurrentRate(now, update); +} + +double PacketRateMeter::getOverallByteRate(const struct timeval *now) const { + return byte_rate_meter.getOverallRate(now); +} + +double PacketRateMeter::getCurrentByteRate(const struct timeval *now, + bool update) { + return byte_rate_meter.getCurrentRate(now, update); +} + +unsigned long long PacketRateMeter::getNumPackets(void) const { + return (unsigned long long) packet_rate_meter.getTotal(); +} + +unsigned long long PacketRateMeter::getNumBytes(void) const { + return (unsigned long long) byte_rate_meter.getTotal(); +} + +ScanProgressMeter::ScanProgressMeter() +{ + gettimeofday(&begin, NULL); + last_print_test = begin; + memset(&last_print, 0, sizeof(last_print)); + memset(&last_est, 0, sizeof(last_est)); + beginOrEndTask(&begin, NULL, true); +} + +ScanProgressMeter::~ScanProgressMeter() { + ; +} + +/* Decides whether a timing report is likely to even be + printed. There are stringent limitations on how often they are + printed, as well as the verbosity level that must exist. So you + might as well check this before spending much time computing + progress info. now can be NULL if caller doesn't have the current + time handy. Just because this function returns true does not mean + that the next printStatsIfNecessary will always print something. + It depends on whether time estimates have changed, which this func + doesn't even know about. */ +bool ScanProgressMeter::mayBePrinted(const struct timeval *now) { + struct timeval tv; + + if (!o.verbose) + return false; + + if (!now) { + gettimeofday(&tv, NULL); + now = (const struct timeval *) &tv; + } + + if (last_print.tv_sec == 0) { + /* We've never printed before -- the rules are less stringent */ + if (difftime(now->tv_sec, begin.tv_sec) > 30) + return true; + else + return false; + } + + if (difftime(now->tv_sec, last_print_test.tv_sec) < 3) + return false; /* No point even checking too often */ + + /* We'd never want to print more than once per 30 seconds */ + if (difftime(now->tv_sec, last_print.tv_sec) < 30) + return false; + + return true; +} + +/* Return an estimate of the time remaining if a process was started at begin + and is perc_done of the way finished. Returns inf if perc_done == 0.0. */ +static double estimate_time_left(double perc_done, + const struct timeval *begin, + const struct timeval *now) { + double time_used_s; + double time_needed_s; + + time_used_s = difftime(now->tv_sec, begin->tv_sec); + time_needed_s = time_used_s / perc_done; + + return time_needed_s - time_used_s; +} + +/* Prints an estimate of when this scan will complete. It only does + so if mayBePrinted() is true, and it seems reasonable to do so + because the estimate has changed significantly. Returns whether + or not a line was printed.*/ +bool ScanProgressMeter::printStatsIfNecessary(double perc_done, + const struct timeval *now) { + struct timeval tvtmp; + double time_left_s; + bool printit = false; + + if (!now) { + gettimeofday(&tvtmp, NULL); + now = (const struct timeval *) &tvtmp; + } + + if (!mayBePrinted(now)) + return false; + + last_print_test = *now; + + if (perc_done <= 0.003) + return false; /* Need more info first */ + + assert(perc_done <= 1.0); + + time_left_s = estimate_time_left(perc_done, &begin, now); + + if (time_left_s < 30) + return false; /* No point in updating when it is virtually finished. */ + + if (last_est.tv_sec == 0) { + /* We don't have an estimate yet (probably means a low completion). */ + printit = true; + } else if (TIMEVAL_AFTER(*now, last_est)) { + /* The last estimate we printed has passed. Print a new one. */ + printit = true; + } else { + /* If the estimate changed by more than 3 minutes, and if that change + represents at least 5% of the total time, print it. */ + double prev_est_total_time_s = difftime(last_est.tv_sec, begin.tv_sec); + double prev_est_time_left_s = difftime(last_est.tv_sec, last_print.tv_sec); + double change_abs_s = ABS(prev_est_time_left_s - time_left_s); + if (o.debugging || (change_abs_s > 15 + && change_abs_s > .05 * prev_est_total_time_s)) + printit = true; + } + + if (printit) { + return printStats(perc_done, now); + } + + return false; +} + + +/* Prints an estimate of when this scan will complete. */ +bool ScanProgressMeter::printStats(double perc_done, + const struct timeval *now) { + struct timeval tvtmp; + double time_left_s; + time_t timet; + struct tm ltime; + int err; + + if (!now) { + gettimeofday(&tvtmp, NULL); + now = (const struct timeval *) &tvtmp; + } + + last_print = *now; + // If we're less than 1% done we probably don't have enough + // data for decent timing estimates. Also with perc_done == 0 + // these elements will be nonsensical. + if (perc_done < 0.01) { + log_write(LOG_STDOUT, "About %.2f%% done\n", + perc_done * 100); + log_flush(LOG_STDOUT); + return true; + } + + /* Add 0.5 to get the effect of rounding in integer calculations. */ + time_left_s = estimate_time_left(perc_done, &begin, now) + 0.5; + + last_est = *now; + last_est.tv_sec += (time_t)time_left_s; + + /* Get the estimated time of day at completion */ + timet = last_est.tv_sec; + err = n_localtime(&timet, <ime); + + if (!err) { + log_write(LOG_STDOUT, "About %.2f%% done; ETC: %02d:%02d " + "(%.f:%02.f:%02.f remaining)\n", + perc_done * 100, ltime.tm_hour, ltime.tm_min, + floor(time_left_s / 60.0 / 60.0), + floor(fmod(time_left_s / 60.0, 60.0)), + floor(fmod(time_left_s, 60.0))); + /*log_write(LOG_XML, "\n", + scantypestr, (unsigned long) now->tv_sec, + perc_done * 100, time_left_s, (unsigned long) last_est.tv_sec); */ + } else { + log_write(LOG_STDERR, "Timing error: n_localtime(%f): %s\n", (double) timet, strerror(err)); + log_write(LOG_STDOUT, "Timing: About %.2f%% done; ETC: Unknown (%.f:%02.f:%02.f remaining)\n", + perc_done * 100, + floor(time_left_s / 60.0 / 60.0), + floor(fmod(time_left_s / 60.0, 60.0)), + floor(fmod(time_left_s, 60.0))); + } + + log_flush(LOG_STDOUT|LOG_XML); + + return true; +} + + + + +/* Indicates that the task is beginning or ending, and that a message should + be generated if appropriate. Returns whether a message was printed. + now may be NULL, if the caller doesn't have the current time handy. + additional_info may be NULL if no additional information is necessary. */ +bool ScanProgressMeter::beginOrEndTask(const struct timeval *now, const char *additional_info, bool beginning) { + struct timeval tvtmp; + //struct tm *tm; + //time_t tv_sec; + + if (!o.verbose) { + return false; + } + + if (!now) { + gettimeofday(&tvtmp, NULL); + now = (const struct timeval *) &tvtmp; + } + + //tv_sec = now->tv_sec; + //tm = localtime(&tv_sec); + + if (beginning) { + // log_write(LOG_STDOUT, "Initiating %s at %02d:%02d", scantypestr, tm->tm_hour, tm->tm_min); + // log_write(LOG_XML, "tv_sec); + if (additional_info) { + log_write(LOG_STDOUT, " (%s)", additional_info); + //log_write(LOG_XML, " extrainfo=\"%s\"", additional_info); + } + log_write(LOG_STDOUT, "\n"); + //log_write(LOG_XML, " />\n"); + } else { + //log_write(LOG_STDOUT, "Completed %s at %02d:%02d, %.2fs elapsed", scantypestr, tm->tm_hour, tm->tm_min, TIMEVAL_MSEC_SUBTRACT(*now, begin) / 1000.0); + // log_write(LOG_XML, "tv_sec); + if (additional_info) { + log_write(LOG_STDOUT, " (%s)", additional_info); + //log_write(LOG_XML, " extrainfo=\"%s\"", additional_info); + } + log_write(LOG_STDOUT, "\n"); + //log_write(LOG_XML, " />\n"); + } + log_flush(LOG_STDOUT|LOG_XML); + + return true; +} diff --git a/include/timing.h b/include/timing.h new file mode 100644 index 00000000..227f1987 --- /dev/null +++ b/include/timing.h @@ -0,0 +1,233 @@ + +/*************************************************************************** + * timing.h -- Functions related to computing crack timing and keeping * + * track of rates. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: timing.h 12955 2009-04-15 00:37:03Z fyodor $ */ + +#ifndef NCRACK_TIMING_H +#define NCRACK_TIMING_H + +#include "ncrack.h" +#include "global_structures.h" + + +#define DEFAULT_CURRENT_RATE_HISTORY 5.0 + + + +/* This class measures current and lifetime average rates for some quantity. */ +class RateMeter { + public: + RateMeter(double current_rate_history = DEFAULT_CURRENT_RATE_HISTORY); + + void start(const struct timeval *now = NULL); + void stop(const struct timeval *now = NULL); + void update(double amount, const struct timeval *now = NULL); + double getOverallRate(const struct timeval *now = NULL) const; + double getCurrentRate(const struct timeval *now = NULL, bool update = true); + double getTotal(void) const; + double elapsedTime(const struct timeval *now = NULL) const; + + private: + /* How many seconds to look back when calculating the "current" rates. */ + double current_rate_history; + + /* When this meter started recording. */ + struct timeval start_tv; + /* When this meter stopped recording. */ + struct timeval stop_tv; + /* The last time the current sample rates were updated. */ + struct timeval last_update_tv; + + double total; + double current_rate; + + static bool isSet(const struct timeval *tv); +}; + +/* A specialization of RateMeter that measures packet and byte rates. */ +class PacketRateMeter { + public: + PacketRateMeter(double current_rate_history = DEFAULT_CURRENT_RATE_HISTORY); + + void start(const struct timeval *now = NULL); + void stop(const struct timeval *now = NULL); + void update(u32 len, const struct timeval *now = NULL); + double getOverallPacketRate(const struct timeval *now = NULL) const; + double getCurrentPacketRate(const struct timeval *now = NULL, bool update = true); + double getOverallByteRate(const struct timeval *now = NULL) const; + double getCurrentByteRate(const struct timeval *now = NULL, bool update =true); + unsigned long long getNumPackets(void) const; + unsigned long long getNumBytes(void) const; + + private: + RateMeter packet_rate_meter; + RateMeter byte_rate_meter; +}; + +class ScanProgressMeter { + public: + /* A COPY of stypestr is made and saved for when stats are printed */ + ScanProgressMeter(); + ~ScanProgressMeter(); +/* Decides whether a timing report is likely to even be + printed. There are stringent limitations on how often they are + printed, as well as the verbosity level that must exist. So you + might as well check this before spending much time computing + progress info. now can be NULL if caller doesn't have the current + time handy. Just because this function returns true does not mean + that the next printStatsIfNecessary will always print something. + It depends on whether time estimates have changed, which this func + doesn't even know about. */ + bool mayBePrinted(const struct timeval *now); + +/* Prints an estimate of when this scan will complete. It only does + so if mayBePrinted() is true, and it seems reasonable to do so + because the estimate has changed significantly. Returns whether + or not a line was printed.*/ + bool printStatsIfNecessary(double perc_done, const struct timeval *now); + + /* Prints an estimate of when this scan will complete. */ + bool printStats(double perc_done, const struct timeval *now); + + /* Prints that this task is complete. */ + bool endTask(const struct timeval *now, const char *additional_info) { return beginOrEndTask(now, additional_info, false); } + + struct timeval begin; /* When this ScanProgressMeter was instantiated */ + private: + struct timeval last_print_test; /* Last time printStatsIfNecessary was called */ + struct timeval last_print; /* The most recent time the ETC was printed */ + char *scantypestr; + struct timeval last_est; /* The latest PRINTED estimate */ + + bool beginOrEndTask(const struct timeval *now, const char *additional_info, bool beginning); +}; + +#endif /* NMAP_TIMING_H */ + diff --git a/include/utils.cc b/include/utils.cc new file mode 100644 index 00000000..85344fa7 --- /dev/null +++ b/include/utils.cc @@ -0,0 +1,715 @@ + +/*************************************************************************** + * utils.cc -- Various miscellaneous utility functions which defy * + * categorization :) * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + + +#include "utils.h" +#include "Service.h" +#include "NcrackOps.h" + +extern NcrackOps o; + +/* + * Case insensitive memory search - a combination of memmem and strcasestr + * Will search for a particular string 'pneedle' in the first 'bytes' of + * memory starting at 'haystack' + */ +char * +memsearch(const char *haystack, const char *pneedle, size_t bytes) { + char buf[512]; + unsigned int needlelen; + const char *p; + char *needle, *q, *foundto; + size_t i; + + /* Should crash if !pneedle -- this is OK */ + if (!*pneedle) return (char *) haystack; + if (!haystack) return NULL; + + needlelen = (unsigned int) strlen(pneedle); + if (needlelen >= sizeof(buf)) { + needle = (char *) safe_malloc(needlelen + 1); + } else needle = buf; + p = pneedle; q = needle; + while((*q++ = tolower(*p++))) + ; + p = haystack - 1; foundto = needle; + + i = 0; + while(i < bytes) { + ++p; + if(tolower(*p) == *foundto) { + if(!*++foundto) { + /* Yeah, we found it */ + if (needlelen >= sizeof(buf)) + free(needle); + return (char *) (p - needlelen + 1); + } + } else + foundto = needle; + i++; + } + if (needlelen >= sizeof(buf)) + free(needle); + return NULL; +} + + +/* Like the perl equivalent -- It removes the terminating newline from string + IF one exists. It then returns the POSSIBLY MODIFIED string */ +char * +chomp(char *string) { + + int len = strlen(string); + if (len && string[len - 1] == '\n') { + if (len > 1 && string[len - 2] == '\r') + string[len - 2] = '\0'; + else + string[len - 1] = '\0'; + } + return string; +} + + +/* strtoul with error checking: + * fatality should be 0 if error will be handled by caller, or else Strtoul + * will exit + */ +unsigned long int +Strtoul(const char *nptr, int fatality) +{ + unsigned long value; + char *endp = NULL; + + errno = 0; + value = strtoul(nptr, &endp, 0); + if (errno != 0 || *endp != '\0') { + if (fatality) + fatal("Invalid value for number: %s", nptr); + else { + if (o.debugging) + error("Invalid value for number: %s", nptr); + } + } + + return value; +} + +/* + * Return a copy of 'size' characters from 'src' string. + * Will always null terminate by allocating 1 additional char. + */ +char * +Strndup(const char *src, size_t size) +{ + char *ret; + ret = (char *)safe_malloc(size + 1); + strncpy(ret, src, size); + ret[size] = '\0'; + return ret; +} + +/* + * Convert string to port (in host-byte order) + */ +u16 +str2port(char *exp) +{ + unsigned long pvalue; + char *endp = NULL; + + errno = 0; + pvalue = strtoul(exp, &endp, 0); + if (errno != 0 || *endp != '\0') + fatal("Invalid port number: %s", exp); + if (pvalue > 65535) + fatal("Port number too large: %s", exp); + + return (u16)pvalue; +} + + + +/* convert string to protocol number */ +u8 +str2proto(char *str) +{ + if (!strcasecmp(str, "tcp")) + return IPPROTO_TCP; + else if (!strcasecmp(str, "udp")) + return IPPROTO_UDP; + else + return 0; +} + + +/* convert protocol number to string */ +const char * +proto2str(u8 proto) +{ + if (proto == IPPROTO_TCP) + return "tcp"; + else if (proto == IPPROTO_UDP) + return "udp"; + else + return NULL; +} + + +/* + * This is an update from the old macro TIMEVAL_MSEC_SUBTRACT + * which now uses a long long variable which can hold all the intermediate + * operations. This was made after a wrap-around bug was born due to the + * fact that gettimeofday() can return a pretty large number of seconds + * and microseconds today and usually one of the two arguments are timeval + * structs returned by gettimeofday(). Add to that the fact that we are making + * a multiplication with 1000 and the chances of a wrap-around increase. + */ +long long +timeval_msec_subtract(struct timeval x, struct timeval y) +{ + long long ret; + struct timeval result; + + /* Perform the carry for the later subtraction by updating y. */ + if (x.tv_usec < y.tv_usec) { + int nsec = (y.tv_usec - x.tv_usec) / 1000000 + 1; + y.tv_usec -= 1000000 * nsec; + y.tv_sec += nsec; + } + if (x.tv_usec - y.tv_usec > 1000000) { + int nsec = (x.tv_usec - y.tv_usec) / 1000000; + y.tv_usec += 1000000 * nsec; + y.tv_sec -= nsec; + } + + /* Compute the time remaining to wait. + tv_usec is certainly positive. */ + result.tv_sec = x.tv_sec - y.tv_sec; + result.tv_usec = x.tv_usec - y.tv_usec; + + ret = (long long)result.tv_sec * 1000; + ret += (long long)result.tv_usec / 1000; + + return ret; +} + + + +/* Take in plain text and encode into base64. */ +char * +b64enc(const unsigned char *data, int len) +{ + char *dest, *buf; + /* base64 alphabet, taken from rfc3548 */ + const char *b64alpha = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + + /* malloc enough space to do something useful */ + dest = (char*)safe_malloc(4 * len / 3 + 4); + dest[0] = '\0'; + + buf = dest; + + /* Encode three bytes per iteration ala rfc3548. */ + while (len >= 3) { + buf[0] = b64alpha[(data[0] >> 2) & 0x3f]; + buf[1] = b64alpha[((data[0] << 4) & 0x30) | ((data[1] >> 4) & 0xf)]; + buf[2] = b64alpha[((data[1] << 2) & 0x3c) | ((data[2] >> 6) & 0x3)]; + buf[3] = b64alpha[data[2] & 0x3f]; + data += 3; + buf += 4; + len -= 3; + } + + /* Pad the remaining bytes. len is 0, 1, or 2 here. */ + if (len > 0) { + buf[0] = b64alpha[(data[0] >> 2) & 0x3f]; + if (len > 1) { + buf[1] = b64alpha[((data[0] << 4) & 0x30) | ((data[1] >> 4) & 0xf)]; + buf[2] = b64alpha[(data[1] << 2) & 0x3c]; + } else { + buf[1] = b64alpha[(data[0] << 4) & 0x30]; + buf[2] = '='; + } + buf[3] = '='; + buf += 4; + } + + /* + * As mentioned in rfc3548, we need to be careful about + * how we null terminate and handle embedded null-termination. + */ + *buf = '\0'; + + return (dest); +} + +int base64_encode(const char *str, int length, char *b64store) +{ + /* Conversion table. */ + static char tbl[64] = { + 'A','B','C','D','E','F','G','H', + 'I','J','K','L','M','N','O','P', + 'Q','R','S','T','U','V','W','X', + 'Y','Z','a','b','c','d','e','f', + 'g','h','i','j','k','l','m','n', + 'o','p','q','r','s','t','u','v', + 'w','x','y','z','0','1','2','3', + '4','5','6','7','8','9','+','/' + }; + int i; + const unsigned char *s = (const unsigned char *) str; + char *p = b64store; + + /* Transform the 3x8 bits to 4x6 bits, as required by base64. */ + for (i = 0; i < length; i += 3) + { + *p++ = tbl[s[0] >> 2]; + *p++ = tbl[((s[0] & 3) << 4) + (s[1] >> 4)]; + *p++ = tbl[((s[1] & 0xf) << 2) + (s[2] >> 6)]; + *p++ = tbl[s[2] & 0x3f]; + s += 3; + } + + /* Pad the result if necessary... */ + if (i == length + 1) + *(p - 1) = '='; + else if (i == length + 2) + *(p - 1) = *(p - 2) = '='; + + /* ...and zero-terminate it. */ + *p = '\0'; + + return p - b64store; +} + +int +base64_decode(const char *base64, size_t length, char *to) +{ + /* Table of base64 values for first 128 characters. Note that this + assumes ASCII (but so does Wget in other places). */ + static short base64_char_to_value[256] = + { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 62, 63, 62, 62, 63, 52, 53, 54, 55, + 56, 57, 58, 59, 60, 61, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, + 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 0, + 0, 0, 0, 63, 0, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 + }; + size_t i; + unsigned char* p = (unsigned char*) base64; + char *q = to; + int pad = length > 0 && (length % 4 || p[length - 1] == '='); + const size_t L = ((length + 3) / 4 - pad) * 4; + + for (i = 0; i < length; i += 4) { + //unsigned char c; + //unsigned long value; + + int n = base64_char_to_value[p[i]] << 18 | base64_char_to_value[p[i + 1]] << 12 | base64_char_to_value[p[i + 2]] << 6 | base64_char_to_value[p[i + 3]]; + *q++ = n >> 16; + *q++ = n >> 8 & 0xFF; + *q++ = n & 0xFF; + + } + if (pad) { + int n = base64_char_to_value[p[L]] << 18 | base64_char_to_value[p[L + 1]] << 12; + *q++ = n >> 16; + + if (length > L + 2 && p[L + 2] != '=') + { + n |= base64_char_to_value[p[L + 2]] << 6; + *q++ = n >> 8 & 0xFF; + } + } + return q - to; +} + +/* mmap() an entire file into the address space. Returns a pointer + to the beginning of the file. The mmap'ed length is returned + inside the length parameter. If there is a problem, NULL is + returned, the value of length is undefined, and errno is set to + something appropriate. The user is responsible for doing + an munmap(ptr, length) when finished with it. openflags should + be O_RDONLY or O_RDWR, or O_WRONLY + */ +#ifndef WIN32 +char *mmapfile(char *fname, int *length, int openflags) { + struct stat st; + int fd; + char *fileptr; + + if (!length || !fname) { + errno = EINVAL; + return NULL; + } + + *length = -1; + + if (stat(fname, &st) == -1) { + errno = ENOENT; + return NULL; + } + + fd = open(fname, openflags); + if (fd == -1) { + return NULL; + } + + fileptr = (char *)mmap(0, st.st_size, (openflags == O_RDONLY)? PROT_READ : + (openflags == O_RDWR)? (PROT_READ|PROT_WRITE) + : PROT_WRITE, MAP_SHARED, fd, 0); + + close(fd); + +#ifdef MAP_FAILED + if (fileptr == (void *)MAP_FAILED) return NULL; +#else + if (fileptr == (char *) -1) return NULL; +#endif + + *length = st.st_size; + return fileptr; +} +#else /* WIN32 */ +/* FIXME: From the looks of it, this function can only handle one mmaped + file at a time (note how gmap is used).*/ +/* I believe this was written by Ryan Permeh ( ryan@eeye.com) */ + +static HANDLE gmap = NULL; + +char *mmapfile(char *fname, int *length, int openflags) +{ + HANDLE fd; + DWORD mflags, oflags; + char *fileptr; + + if (!length || !fname) { + WSASetLastError(EINVAL); + return NULL; + } + + if (openflags == O_RDONLY) { + oflags = GENERIC_READ; + mflags = PAGE_READONLY; + } + else { + oflags = GENERIC_READ | GENERIC_WRITE; + mflags = PAGE_READWRITE; + } + + fd = CreateFile ( + fname, + oflags, // open flags + 0, // do not share + NULL, // no security + OPEN_EXISTING, // open existing + FILE_ATTRIBUTE_NORMAL, + NULL); // no attr. template + if (!fd) + pfatal ("%s(%u): CreateFile()", __FILE__, __LINE__); + + *length = (int) GetFileSize (fd, NULL); + + gmap = CreateFileMapping (fd, NULL, mflags, 0, 0, NULL); + if (!gmap) + pfatal ("%s(%u): CreateFileMapping(), file '%s', length %d, mflags %08lX", + __FILE__, __LINE__, fname, *length, mflags); + + fileptr = (char*) MapViewOfFile (gmap, oflags == GENERIC_READ ? FILE_MAP_READ : FILE_MAP_WRITE, + 0, 0, 0); + if (!fileptr) + pfatal ("%s(%u): MapViewOfFile()", __FILE__, __LINE__); + + if (o.debugging > 2) + log_write(LOG_PLAIN, "%s(): fd %08lX, gmap %08lX, fileptr %08lX, length %d\n", + __func__, (DWORD)fd, (DWORD)gmap, (DWORD)fileptr, *length); + + CloseHandle (fd); + + return fileptr; +} + + +/* FIXME: This only works if the file was mapped by mmapfile (and only + works if the file is the most recently mapped one */ +int win32_munmap(char *filestr, int filelen) +{ + if (gmap == 0) + fatal("%s: no current mapping !\n", __func__); + + FlushViewOfFile(filestr, filelen); + UnmapViewOfFile(filestr); + CloseHandle(gmap); + gmap = NULL; + return 0; +} + +#endif + + +/* Create a UNICODE string based on an ASCII one. Be sure to free the memory! */ + char * +unicode_alloc(const char *string) +{ + size_t i; + char *unicode; + size_t unicode_length = (strlen(string) + 1) * 2; + + if(unicode_length < strlen(string)) + fatal("%s Overflow.", __func__); + + unicode = (char *)safe_malloc(unicode_length); + + memset(unicode, 0, unicode_length); + for(i = 0; i < strlen(string); i++) + { + unicode[(i * 2)] = string[i]; + } + + return unicode; +} + + +/* Same as unicode_alloc(), except convert the string to uppercase first. */ + char * +unicode_alloc_upper(const char *string) +{ + size_t i; + char *unicode; + size_t unicode_length = (strlen(string) + 1) * 2; + + if(unicode_length < strlen(string)) + fatal("%s Overflow.", __func__); + + unicode = (char *)safe_malloc(unicode_length); + + memset(unicode, 0, unicode_length); + for(i = 0; i < strlen(string); i++) + { + unicode[(i * 2)] = toupper(string[i]); + } + + return unicode; +} + + +/* Reverses the order of the bytes in the memory pointed for the designated + * length. + */ + void +mem_reverse(uint8_t *p, unsigned int len) +{ + unsigned int i, j; + uint8_t temp; + + if (len < 1) + return; + + for (i = 0, j = len - 1; i < j; i++, j--) { + temp = p[i]; + p[i] = p[j]; + p[j] = temp; + } + +} + +/* Ncat's buffering functions */ + +/* Append n bytes starting at s to a malloc-allocated buffer. Reallocates the + buffer and updates the variables to make room if necessary. */ +int strbuf_append(char **buf, size_t *size, size_t *offset, const char *s, size_t n) +{ + //ncat_assert(*offset <= *size); + + if (n >= *size - *offset) { + *size += n + 1; + *buf = (char *) safe_realloc(*buf, *size); + } + + memcpy(*buf + *offset, s, n); + *offset += n; + (*buf)[*offset] = '\0'; + + return n; +} + +/* Append a '\0'-terminated string as with strbuf_append. */ +int strbuf_append_str(char **buf, size_t *size, size_t *offset, const char *s) +{ + return strbuf_append(buf, size, offset, s, strlen(s)); +} + +/* Do a sprintf at the given offset into a malloc-allocated buffer. Reallocates + the buffer and updates the variables to make room if necessary. */ +int strbuf_sprintf(char **buf, size_t *size, size_t *offset, const char *fmt, ...) +{ + va_list va; + int n; + + //ncat_assert(*offset <= *size); + + if (*buf == NULL) { + *size = 1; + *buf = (char *) safe_malloc(*size); + } + + for (;;) { + va_start(va, fmt); + n = Vsnprintf(*buf + *offset, *size - *offset, fmt, va); + va_end(va); + if (n < 0) + *size = MAX(*size, 1) * 2; + else if ((size_t)n >= *size - *offset) + *size += n + 1; + else + break; + *buf = (char *) safe_realloc(*buf, *size); + } + *offset += n; + + return n; +} + + +uint32_t le_to_be32(uint32_t x) +{ + return (((x>>24) & 0x000000ff) | ((x>>8) & 0x0000ff00) | ((x<<8) & 0x00ff0000) | ((x<<24) & 0xff000000)); +} + + +uint16_t le_to_be16(uint16_t x) +{ + return ((x>>8) | (x<<8)); +} + diff --git a/include/utils.h b/include/utils.h new file mode 100644 index 00000000..769e1f65 --- /dev/null +++ b/include/utils.h @@ -0,0 +1,275 @@ + +/*************************************************************************** + * utils.h -- Various miscellaneous utility functions which defy * + * categorization :) * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + + +#ifndef UTILS_H +#define UTILS_H 1 + + +#include + +#include +#include + +#ifdef WIN32 +#include "mswin32\winclude.h" +#else +#include +#include "ncrack_config.h" +#endif + + +#if HAVE_UNISTD_H +#include +#endif + +#include "nbase.h" +#include "ncrack_error.h" + +/* Timeval subtraction in microseconds */ +#define TIMEVAL_SUBTRACT(a,b) (((a).tv_sec - (b).tv_sec) * 1000000 + (a).tv_usec - (b).tv_usec) +/* Timeval subtract in milliseconds */ +#define TIMEVAL_MSEC_SUBTRACT(a,b) ((((a).tv_sec - (b).tv_sec) * 1000) + ((a).tv_usec - (b).tv_usec) / 1000) +/* Timeval subtract in seconds; truncate towards zero */ +#define TIMEVAL_SEC_SUBTRACT(a,b) ((a).tv_sec - (b).tv_sec + (((a).tv_usec < (b).tv_usec) ? - 1 : 0)) + +/* assign one timeval to another timeval plus some msecs: a = b + msecs */ +#define TIMEVAL_MSEC_ADD(a, b, msecs) { (a).tv_sec = (b).tv_sec + ((msecs) / 1000); (a).tv_usec = (b).tv_usec + ((msecs) % 1000) * 1000; (a).tv_sec += (a).tv_usec / 1000000; (a).tv_usec %= 1000000; } +#define TIMEVAL_ADD(a, b, usecs) { (a).tv_sec = (b).tv_sec + ((usecs) / 1000000); (a).tv_usec = (b).tv_usec + ((usecs) % 1000000); (a).tv_sec += (a).tv_usec / 1000000; (a).tv_usec %= 1000000; } + +/* Find our if one timeval is before or after another, avoiding the integer + overflow that can result when doing a TIMEVAL_SUBTRACT on two widely spaced + timevals. */ +#define TIMEVAL_BEFORE(a, b) (((a).tv_sec < (b).tv_sec) || ((a).tv_sec == (b).tv_sec && (a).tv_usec < (b).tv_usec)) +#define TIMEVAL_AFTER(a, b) (((a).tv_sec > (b).tv_sec) || ((a).tv_sec == (b).tv_sec && (a).tv_usec > (b).tv_usec)) + +#ifndef roundup + #define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) +#endif + +/* Return num if it is between min and max. Otherwise return min or + max (whichever is closest to num), */ +template T box(T bmin, T bmax, T bnum) { + if (bmin > bmax) + fatal("box(%d, %d, %d) called (min,max,num)", (int) bmin, (int) bmax, (int) bnum); + // assert(bmin <= bmax); + if (bnum >= bmax) + return bmax; + if (bnum <= bmin) + return bmin; + return bnum; +} + + +/* Like the perl equivalent -- It removes the terminating newline from string + IF one exists. It then returns the POSSIBLY MODIFIED string */ +char *chomp(char *string); + +/* + * Case insensitive memory search - a combination of memmem and strcasestr + * Will search for a particular string 'pneedle' in the first 'bytes' of + * memory starting at 'haystack' + */ +char *memsearch(const char *haystack, const char *pneedle, size_t bytes); + + +/* convert string to protocol number */ +u8 str2proto(char *str); + +/* convert protocol number to string */ +const char *proto2str(u8 proto); + +/* strtoul with error checking */ +unsigned long int Strtoul(const char *nptr, int fatality); + +/* + * Return a copy of 'size' characters from 'src' string. + * Will always null terminate by allocating 1 additional char. + */ +char *Strndup(const char *src, size_t size); + +/* Convert string to port (in host-byte order) */ +u16 str2port(char *exp); + +/* + * This is an update from the old macro TIMEVAL_MSEC_SUBTRACT + * which now uses a long long variable which can hold all the intermediate + * operations. This was made after a wrap-around bug was born due to the + * fact that gettimeofday() can return a pretty large number of seconds + * and microseconds today and usually one of the two arguments are timeval + * structs returned by gettimeofday(). Add to that the fact that we are making + * a multiplication with 1000 and the chances of a wrap-around increase. + */ +long long timeval_msec_subtract(struct timeval a, struct timeval b); + +/* Take in plain text and encode into base64. */ +char *b64enc(const unsigned char *data, int len); + + + +#define BASE64_LENGTH(len) (4 * (((len) + 2) / 3)) +int base64_encode(const char *str, int length, char *b64store); + +int base64_decode (const char *base64, size_t length, char *to); +/* mmap() an entire file into the address space. Returns a pointer + to the beginning of the file. The mmap'ed length is returned + inside the length parameter. If there is a problem, NULL is + returned, the value of length is undefined, and errno is set to + something appropriate. The user is responsible for doing + an munmap(ptr, length) when finished with it. openflags should + be O_RDONLY or O_RDWR, or O_WRONLY +*/ +char *mmapfile(char *fname, int *length, int openflags); + +#ifdef WIN32 +int win32_munmap(char *filestr, int filelen); +#endif /* WIN32 */ + + +/* Create a UNICODE string based on an ASCII one. Be sure to free the memory! */ +char *unicode_alloc(const char *string); +/* Same as unicode_alloc(), except convert the string to uppercase first. */ +char *unicode_alloc_upper(const char *string); + +/* Reverses the order of the bytes in the memory pointed for the designated + * length. + */ +void mem_reverse(uint8_t *p, unsigned int len); + +/* Ncat's buffering functions */ +int strbuf_append(char **buf, size_t *size, size_t *offset, const char *s, size_t n); +int strbuf_append_str(char **buf, size_t *size, size_t *offset, const char *s); +int strbuf_sprintf(char **buf, size_t *size, size_t *offset, const char *fmt, ...); + +uint32_t le_to_be32(uint32_t x); +uint16_t le_to_be16(uint16_t x); + + +#endif /* UTILS_H */ diff --git a/include/xml.cc b/include/xml.cc new file mode 100644 index 00000000..429bba3c --- /dev/null +++ b/include/xml.cc @@ -0,0 +1,533 @@ +/*************************************************************************** + * xml.cc -- Simple library to emit XML. * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: xml.cc 15135 2009-08-19 21:05:21Z david $ */ + +/* +This is a simple library for writing XML. It handles two main things: +keeping track of the element stack, and escaping text where necessary. +If you wanted to write this XML: + + + +these are the functions you would call. Each one is followed by the text +it prints enclosed in ||. + +xml_start_document("elem") |\n| +xml_newline(); |\n| +xml_open_start_tag("elem"); || +xml_end_tag(); || + +The typical use is to call xml_open_start_tag, then call xml_attribute a +number of times. That is followed by xml_close_empty_tag, or else +xml_close_start_tag followed by xml_end_tag later on. You can call +xml_start_tag if there are no attributes. Whenever a start tag is opened +with xml_open_start_tag or xml_start_tag, the element name is pushed on +the tag stack. xml_end_tag pops the element stack and closes the element +it finds. + +Here is a summary of all the elementary writing functions. The functions +return 0 on success and -1 on error. The terms "start" and "end" refer +to start and end tags and the start and end of comments. The terms +"open" and "close" refer only to start tags and processing instructions. + +xml_start_comment() || +xml_open_pi("elem") || +xml_open_start_tag("elem") || +xml_close_empty_tag() |/>| +xml_start_tag("elem") || +xml_end_tag() || +xml_attribute("name", "val") | name="val"| +xml_newline() |\n| + +Additional functions are + +xml_write_raw Raw unescaped output. +xml_write_escaped XML-escaped output. +xml_write_escaped_v XML-escaped output, with a va_list. +xml_start_document Writes \n. +xml_depth Returns the size of the element stack. + +The library makes it harder but not impossible to make non-well-formed +XML. For example, you can call xml_start_tag, xml_end_tag, +xml_start_tag, xml_end_tag to create a document with two root elements. +Things like element names aren't checked to be sure they're legal. Text +given to these functions should be ASCII or UTF-8. + +All writing is done with log_write(LOG_XML), so if LOG_XML hasn't been +opened, calling these functions has no effect. +*/ + +#include "output.h" +#include "xml.h" +#include + +#include +#include +#include +#include + +struct xml_writer { + /* Sanity checking: Don't open a new tag while still defining + attributes for another, like " element_stack; +}; + +static struct xml_writer xml; + +char *xml_unescape(const char *str) { + char *result = NULL; + size_t n = 0, len; + const char *p; + int i; + + i = 0; + for (p = str; *p != '\0'; p++) { + const char *repl; + char buf[32]; + + if (*p != '&') { + /* Based on the asumption that ampersand is only used for escaping. */ + buf[0] = *p; + buf[1] = '\0'; + repl = buf; + } else if (strncmp(p, "<", 4) == 0) { + repl = "<"; + p += 3; + } else if (strncmp(p, ">", 4) == 0) { + repl = ">"; + p += 3; + } else if (strncmp(p, "&", 5) == 0) { + repl = "&"; + p += 4; + } else if (strncmp(p, """, 6) == 0) { + repl = "\""; + p += 5; + } else if (strncmp(p, "'", 6) == 0) { + repl = "\'"; + p += 5; + } else if (strncmp(p, "-", 5) == 0) { + repl = "-"; + p += 4; + } else { + /* Escaped control characters and anything outside of ASCII. */ + Strncpy(buf, p + 3, sizeof(buf)); + char *q; + q = strchr(buf, ';'); + if(!q) + buf[0] = '\0'; + else + *q = '\0'; + repl = buf; + } + + len = strlen(repl); + /* Double the size of the result buffer if necessary. */ + if (i == 0 || i + len > n) { + n = (i + len) * 2; + result = (char *) safe_realloc(result, n + 1); + } + memcpy(result + i, repl, len); + i += len; + } + /* Trim to length. (Also does initial allocation when str is empty.) */ + result = (char *) safe_realloc(result, i + 1); + result[i] = '\0'; + + return result; +} + +/* Escape a string for inclusion in XML. This gets <>&, "' for attribute + values, -- for inside comments, and characters with value > 0x7F. It + also gets control characters with value < 0x20 to avoid parser + normalization of \r\n\t in attribute values. If this is not desired + in some cases, we'll have to add a parameter to control this. */ +static char *escape(const char *str) { + /* result is the result buffer; n + 1 is the allocated size. Double the + allocation when space runs out. */ + char *result = NULL; + size_t n = 0, len; + const char *p; + int i; + + i = 0; + for (p = str; *p != '\0'; p++) { + const char *repl; + char buf[32]; + + if (*p == '<') + repl = "<"; + else if (*p == '>') + repl = ">"; + else if (*p == '&') + repl = "&"; + else if (*p == '"') + repl = """; + else if (*p == '\'') + repl = "'"; + else if (*p == '-' && p > str && *(p - 1) == '-') { + /* Escape -- for comments. */ + repl = "-"; + } else if (*p < 0x20 || (unsigned char) *p > 0x7F) { + /* Escape control characters and anything outside of ASCII. We have to + emit UTF-8 and an easy way to do that is to emit ASCII. */ + Snprintf(buf, sizeof(buf), "&#x%x;", (unsigned char) *p); + repl = buf; + } else { + /* Unescaped character. */ + buf[0] = *p; + buf[1] = '\0'; + repl = buf; + } + + len = strlen(repl); + /* Double the size of the result buffer if necessary. */ + if (i == 0 || i + len > n) { + n = (i + len) * 2; + result = (char *) safe_realloc(result, n + 1); + } + memcpy(result + i, repl, len); + i += len; + } + /* Trim to length. (Also does initial allocation when str is empty.) */ + result = (char *) safe_realloc(result, i + 1); + result[i] = '\0'; + + return result; +} + +/* Write data directly to the XML file with no escaping. Make sure you + know what you're doing. */ +int xml_write_raw(const char *fmt, ...) { + va_list va; + char *s; + + va_start(va, fmt); + alloc_vsprintf(&s, fmt, va); + va_end(va); + if (s == NULL) + return -1; + + log_write(LOG_XML, "%s", s); + free(s); + + return 0; +} + +/* Write data directly to the XML file after escaping it. */ +int xml_write_escaped(const char *fmt, ...) { + va_list va; + int n; + + va_start(va, fmt); + n = xml_write_escaped_v(fmt, va); + va_end(va); + + return n; +} + +/* Write data directly to the XML file after escaping it. This version takes a + va_list like vprintf. */ +int xml_write_escaped_v(const char *fmt, va_list va) { + char *s, *esc_s; + + alloc_vsprintf(&s, fmt, va); + if (s == NULL) + return -1; + esc_s = escape(s); + free(s); + if (esc_s == NULL) + return -1; + + log_write(LOG_XML, "%s", esc_s); + free(esc_s); + + return 0; +} + +/* Write the XML declaration: + * and the DOCTYPE declaration: + */ +int xml_start_document(const char *rootnode) { + if (xml_open_pi("xml") < 0) + return -1; + if (xml_attribute("version", "1.0") < 0) + return -1; + /* Practically, Nmap only uses ASCII, but UTF-8 encompasses ASCII and allows + * for future expansion */ + if (xml_attribute("encoding", "UTF-8") < 0) + return -1; + if (xml_close_pi() < 0) + return -1; + if (xml_newline() < 0) + return -1; + + log_write(LOG_XML, "\n", rootnode); + + return 0; +} + +int xml_start_comment() { + log_write(LOG_XML, ""); + + return 0; +} + +int xml_open_pi(const char *name) { + assert(!xml.tag_open); + log_write(LOG_XML, ""); + xml.tag_open = false; + + return 0; +} + +/* Open a start tag, like ""); + xml.tag_open = false; + + return 0; +} + +/* Close an empty-element tag. It should have been opened with + xml_open_start_tag. */ +int xml_close_empty_tag() { + assert(xml.tag_open); + assert(!xml.element_stack.empty()); + xml.element_stack.pop_back(); + log_write(LOG_XML, "/>"); + xml.tag_open = false; + + return 0; +} + +int xml_start_tag(const char *name, const bool write) { + if (xml_open_start_tag(name, write) < 0) + return -1; + if (xml_close_start_tag(write) < 0) + return -1; + + return 0; +} + +/* Write an end tag for the element at the top of the element stack. */ +int xml_end_tag() { + const char *name; + + assert(!xml.tag_open); + assert(!xml.element_stack.empty()); + name = xml.element_stack.back(); + xml.element_stack.pop_back(); + + log_write(LOG_XML, "", name); + + return 0; +} + +/* Write an attribute. The only place this makes sense is between + xml_open_start_tag and either xml_close_start_tag or + xml_close_empty_tag. */ +int xml_attribute(const char *name, const char *fmt, ...) { + va_list va; + char *val, *esc_val; + + assert(xml.tag_open); + + va_start(va, fmt); + alloc_vsprintf(&val, fmt, va); + va_end(va); + if (val == NULL) + return -1; + esc_val = escape(val); + free(val); + if (esc_val == NULL) + return -1; + + log_write(LOG_XML, " %s=\"%s\"", name, esc_val); + free(esc_val); + + return 0; +} + +int xml_newline() { + log_write(LOG_XML, "\n"); + + return 0; +} + +/* Return the size of the element stack. */ +int xml_depth() { + return xml.element_stack.size(); +} + +/* Return true iff a root element has been started. */ +bool xml_tag_open() { + return xml.tag_open; +} + +/* Return true iff a root element has been started. */ +bool xml_root_written() { + return xml.root_written; +} diff --git a/include/xml.h b/include/xml.h new file mode 100644 index 00000000..dd0e9165 --- /dev/null +++ b/include/xml.h @@ -0,0 +1,165 @@ +/*************************************************************************** + * xml.h * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * * + * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap * + * Project"). Nmap is also a registered trademark of the Nmap Project. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed Nmap technology into proprietary * + * software, we sell alternative licenses (contact sales@nmap.com). * + * Dozens of software vendors already license Nmap technology such as * + * host discovery, port scanning, OS detection, version detection, and * + * the Nmap Scripting Engine. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db * + * or nmap-service-probes. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * Nmap with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * As another special exception to the GPL terms, the Nmap Project grants * + * permission to link the code of this program with any version of the * + * OpenSSL library which is distributed under a license identical to that * + * listed in the included docs/licenses/OpenSSL.txt file, and distribute * + * linked combinations including the two. * + * * + * The Nmap Project has permission to redistribute Npcap, a packet * + * capturing driver and library for the Microsoft Windows platform. * + * Npcap is a separate work with it's own license rather than this Nmap * + * license. Since the Npcap license does not permit redistribution * + * without special permission, our Nmap Windows binary packages which * + * contain Npcap may not be redistributed without special permission. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * Nmap or grant special permissions to use it in other open source * + * software. Please contact fyodor@nmap.org with any such requests. * + * Similarly, we don't incorporate incompatible open source software into * + * Covered Software without special permission from the copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * Nmap in other works, we are happy to help. As mentioned above, we also * + * offer an alternative license to integrate Nmap into proprietary * + * applications and appliances. These contracts have been sold to dozens * + * of software vendors, and generally include a perpetual license as well * + * as providing support and updates. They also fund the continued * + * development of Nmap. Please email sales@nmap.com for further * + * information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port Nmap to new platforms, fix bugs, * + * and add new features. You are highly encouraged to send your changes * + * to the dev@nmap.org mailing list for possible incorporation into the * + * main distribution. By sending these changes to Fyodor or one of the * + * Insecure.Org development mailing lists, or checking them into the Nmap * + * source code repository, it is understood (unless you specify * + * otherwise) that you are offering the Nmap Project the unlimited, * + * non-exclusive right to reuse, modify, and relicense the code. Nmap * + * will always be available Open Source, but this is important because * + * the inability to relicense code has caused devastating problems for * + * other Free Software projects (such as KDE and NASM). We also * + * occasionally relicense the code to third parties as discussed above. * + * If you wish to specify special license conditions of your * + * contributions, just say so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Nmap * + * license file for more details (it's in a COPYING file included with * + * Nmap, and also available from https://svn.nmap.org/nmap/COPYING) * + * * + ***************************************************************************/ + +/* $Id: xml.h 15135 2009-08-19 21:05:21Z david $ */ + +#ifndef _XML_H +#define _XML_H + +#include + +int xml_write_raw(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); +int xml_write_escaped(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); +int xml_write_escaped_v(const char *fmt, va_list va) __attribute__ ((format (printf, 1, 0))); + +int xml_start_document(const char *rootnode); + +int xml_start_comment(); +int xml_end_comment(); + +int xml_open_pi(const char *name); +int xml_close_pi(); + +int xml_open_start_tag(const char *name, const bool write = true); +int xml_close_start_tag(const bool write = true); +int xml_close_empty_tag(); +int xml_start_tag(const char *name, const bool write = true); +int xml_end_tag(); + +int xml_attribute(const char *name, const char *fmt, ...) __attribute__ ((format (printf, 2, 3))); + +int xml_newline(); + +int xml_depth(); +bool xml_tag_open(); +bool xml_root_written(); + + +char *xml_unescape(const char *str); + +#endif +